[packages/XFree86.git] / XFree86-pam.patch

--- XFree86-3.3.2/xc/programs/xdm/greeter/verify.c.nopam	Tue May 27 02:22:28 1997
+++ XFree86-3.3.2/xc/programs/xdm/greeter/verify.c	Tue Mar  3 17:15:17 1998
@@ -41,6 +41,9 @@
 
 # include	"dm.h"
 # include	<pwd.h>
+#ifdef USE_PAM
+# include	<security/pam_appl.h>
+#else /* ! USE_PAM */
 #ifdef USESHADOW
 # include	<shadow.h>
 #if defined(SHADOWSUITE) && defined(linux)
@@ -51,6 +54,7 @@
 extern int errno;
 #endif
 #endif
+#endif /* USE_PAM */
 
 # include	"greet.h"
 
@@ -104,6 +108,49 @@
     return env;
 }
 
+#ifdef USE_PAM
+static char *PAM_password;
+
+static int PAM_conv (int num_msg,
+		     const struct pam_message **msg,
+		     struct pam_response **resp,
+		     void *appdata_ptr) {
+	int replies = 0;
+	struct pam_response *reply = NULL;
+
+	reply = malloc(sizeof(struct pam_response));
+	if (!reply) return PAM_CONV_ERR;
+	#define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+	for (replies = 0; replies < num_msg; replies++) {
+		switch (msg[replies]->msg_style) {
+		case PAM_PROMPT_ECHO_OFF:
+			/* wants password */
+			reply[replies].resp_retcode = PAM_SUCCESS;
+			reply[replies].resp = COPY_STRING(PAM_password);
+			break;
+		case PAM_TEXT_INFO:
+			/* ignore the informational mesage */
+			break;
+		case PAM_PROMPT_ECHO_ON:
+			/* user name given to PAM already */
+			/* fall through */
+		default:
+			/* unknown or PAM_ERROR_MSG */
+			free (reply);
+			return PAM_CONV_ERR;
+		}
+	}
+	*resp = reply;
+	return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+	&PAM_conv,
+	NULL
+};
+#endif
+
 int
 Verify (d, greet, verify)
 struct display		*d;
@@ -121,6 +168,10 @@
 #endif
 	char		*shell, *home;
 	char		**argv;
+#ifdef USE_PAM
+	pam_handle_t *pamh;
+	int pam_error;
+#endif
 
 	Debug ("Verify %s ...\n", greet->name);
 	p = getpwnam (greet->name);
@@ -131,6 +182,7 @@
 	} else {
 	    user_pass = p->pw_passwd;
 	}
+#ifndef USE_PAM
 #ifdef USESHADOW
 	errno = 0;
 	sp = getspnam(greet->name);
@@ -153,6 +205,28 @@
 			return 0;
 		} /* else: null passwd okay */
 	}
+#else /* USE_PAM */
+	#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+	   pam_end(pamh, 0); return 0; \
+	 }
+	PAM_password = greet->password;
+	pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+	PAM_BAIL;
+	pam_error = pam_set_item(pamh, PAM_TTY, d->name);
+	PAM_BAIL;
+	pam_error = pam_authenticate(pamh, 0);
+	PAM_BAIL;
+	pam_error = pam_acct_mgmt(pamh, 0);
+	/* really should do password changing, but it doesn't fit well */
+	PAM_BAIL;
+	pam_error = pam_setcred(pamh, 0);
+	PAM_BAIL;
+	/* unfortunately, it's not clear at the moment how to do session
+	 * management; it's possible, since xdm hangs around, but I don't
+	 * see yet how to tear the sessions down.
+	 */
+	pam_end(pamh, PAM_SUCCESS);
+#endif /* USE_PAM */
 	Debug ("verify succeeded\n");
 	bzero(user_pass, strlen(user_pass)); /* in case shadow password */
 	/* The password is passed to StartClient() for use by user-based
--- XFree86-3.3.2/xc/programs/xdm/Imakefile.nopam	Tue Mar  3 17:15:13 1998
+++ XFree86-3.3.2/xc/programs/xdm/Imakefile	Wed Mar  4 10:14:36 1998
@@ -18,6 +18,8 @@
  * but not all NetBSD/Alpha systems have shared libraries, and
  * it can't be shared on those which do not.
  */
+
+/* Don't use this with PAM 
 #ifndef SharedLibXdmGreet
 #define SharedLibXdmGreet						\
     ((defined(AlphaArchitecture) &&					\
@@ -29,11 +31,23 @@
 #ifndef BuildBoth
 #define BuildBoth (defined(LinuxArchitecture) && !SharedLibXdmGreet && !UseElfFormat)
 #endif
+*/
+
+/* this is a hack */
 
 #ifndef LinuxShadowSuite
 #define LinuxShadowSuite NO
 #endif
 
+#ifdef BuildBoth
+#undef BuildBoth
+#define BuildBoth 0
+#endif
+
+#ifdef SharedLibXdmGreet
+#undef SharedLibXdmGreet
+#endif
+
 #if HasXdmAuth
 XDMAUTH_DEFINES = -DHASXDMAUTH
 XDMAUTHOBJS = xdmauth.o
@@ -133,7 +147,7 @@
 
 INCLUDES = $(KRB5_INCLUDE)
 DEPLIBS = $(DEPXMULIB) $(DEPXTOOLLIB) $(DEPXLIB) $(DEPXAUTHLIB) $(DEPXDMCPLIB)
-LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) $(DLLIBRARY) $(CRYPT_LIBRARIES)
+LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) -lpam -ldl $(CRYPT_LIBRARIES)
 
           SRCS1 = auth.c daemon.c server.c dpylist.c dm.c error.c file.c \
 		  netaddr.c reset.c resource.c protodpy.c policy.c \
@@ -182,6 +196,7 @@
  OSMAJORVERSION = OSMajorVersion
  OSMINORVERSION = OSMinorVersion
    CONN_DEFINES = $(CONNECTION_FLAGS)
+  EXTRA_DEFINES = -DUSE_PAM
         DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
 		$(SIGNAL_DEFINES) \
 		$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \
Commit	Line	Data
505397d5	1	--- XFree86-3.3.2/xc/programs/xdm/greeter/verify.c.nopam Tue May 27 02:22:28 1997
	2	+++ XFree86-3.3.2/xc/programs/xdm/greeter/verify.c Tue Mar 3 17:15:17 1998
	3	@@ -41,6 +41,9 @@
	4
	5	# include "dm.h"
	6	# include <pwd.h>
	7	+#ifdef USE_PAM
	8	+# include <security/pam_appl.h>
	9	+#else /* ! USE_PAM */
	10	#ifdef USESHADOW
	11	# include <shadow.h>
	12	#if defined(SHADOWSUITE) && defined(linux)
	13	@@ -51,6 +54,7 @@
	14	extern int errno;
	15	#endif
	16	#endif
	17	+#endif /* USE_PAM */
	18
	19	# include "greet.h"
	20
	21	@@ -104,6 +108,49 @@
	22	return env;
	23	}
	24
	25	+#ifdef USE_PAM
	26	+static char *PAM_password;
	27	+
	28	+static int PAM_conv (int num_msg,
	29	+ const struct pam_message **msg,
	30	+ struct pam_response **resp,
	31	+ void *appdata_ptr) {
	32	+ int replies = 0;
	33	+ struct pam_response *reply = NULL;
	34	+
	35	+ reply = malloc(sizeof(struct pam_response));
	36	+ if (!reply) return PAM_CONV_ERR;
	37	+ #define COPY_STRING(s) (s) ? strdup(s) : NULL
	38	+
	39	+ for (replies = 0; replies < num_msg; replies++) {
	40	+ switch (msg[replies]->msg_style) {
	41	+ case PAM_PROMPT_ECHO_OFF:
	42	+ /* wants password */
	43	+ reply[replies].resp_retcode = PAM_SUCCESS;
	44	+ reply[replies].resp = COPY_STRING(PAM_password);
	45	+ break;
	46	+ case PAM_TEXT_INFO:
	47	+ /* ignore the informational mesage */
	48	+ break;
	49	+ case PAM_PROMPT_ECHO_ON:
	50	+ /* user name given to PAM already */
	51	+ /* fall through */
	52	+ default:
	53	+ /* unknown or PAM_ERROR_MSG */
	54	+ free (reply);
	55	+ return PAM_CONV_ERR;
	56	+ }
	57	+ }
	58	+ *resp = reply;
	59	+ return PAM_SUCCESS;
	60	+}
	61	+
	62	+static struct pam_conv PAM_conversation = {
	63	+ &PAM_conv,
	64	+ NULL
65	+};
66	+#endif
67	+
68	int
69	Verify (d, greet, verify)
70	struct display *d;
71	@@ -121,6 +168,10 @@
72	#endif
73	char shell, home;
74	char **argv;
75	+#ifdef USE_PAM
76	+ pam_handle_t *pamh;
77	+ int pam_error;
78	+#endif
79
80	Debug ("Verify %s ...\n", greet->name);
81	p = getpwnam (greet->name);
82	@@ -131,6 +182,7 @@
83	} else {
84	user_pass = p->pw_passwd;
85	}
86	+#ifndef USE_PAM
87	#ifdef USESHADOW
88	errno = 0;
89	sp = getspnam(greet->name);
90	@@ -153,6 +205,28 @@
91	return 0;
92	} /* else: null passwd okay */
93	}
94	+#else /* USE_PAM */
95	+ #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
96	+ pam_end(pamh, 0); return 0; \
97	+ }
98	+ PAM_password = greet->password;
99	+ pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
100	+ PAM_BAIL;
101	+ pam_error = pam_set_item(pamh, PAM_TTY, d->name);
102	+ PAM_BAIL;
103	+ pam_error = pam_authenticate(pamh, 0);
104	+ PAM_BAIL;
105	+ pam_error = pam_acct_mgmt(pamh, 0);
106	+ /* really should do password changing, but it doesn't fit well */
107	+ PAM_BAIL;
108	+ pam_error = pam_setcred(pamh, 0);
109	+ PAM_BAIL;
110	+ /* unfortunately, it's not clear at the moment how to do session
111	+ * management; it's possible, since xdm hangs around, but I don't
112	+ * see yet how to tear the sessions down.
113	+ */
114	+ pam_end(pamh, PAM_SUCCESS);
115	+#endif /* USE_PAM */
116	Debug ("verify succeeded\n");
117	bzero(user_pass, strlen(user_pass)); /* in case shadow password */
118	/* The password is passed to StartClient() for use by user-based
119	--- XFree86-3.3.2/xc/programs/xdm/Imakefile.nopam Tue Mar 3 17:15:13 1998
120	+++ XFree86-3.3.2/xc/programs/xdm/Imakefile Wed Mar 4 10:14:36 1998
121	@@ -18,6 +18,8 @@
122	* but not all NetBSD/Alpha systems have shared libraries, and
123	* it can't be shared on those which do not.
124	*/
125	+
126	+/* Don't use this with PAM
127	#ifndef SharedLibXdmGreet
128	#define SharedLibXdmGreet \
129	((defined(AlphaArchitecture) && \
130	@@ -29,11 +31,23 @@
131	#ifndef BuildBoth
132	#define BuildBoth (defined(LinuxArchitecture) && !SharedLibXdmGreet && !UseElfFormat)
133	#endif
134	+*/
135	+
136	+/* this is a hack */
137
138	#ifndef LinuxShadowSuite
139	#define LinuxShadowSuite NO
140	#endif
141
142	+#ifdef BuildBoth
143	+#undef BuildBoth
144	+#define BuildBoth 0
145	+#endif
146	+
147	+#ifdef SharedLibXdmGreet
148	+#undef SharedLibXdmGreet
149	+#endif
150	+
151	#if HasXdmAuth
152	XDMAUTH_DEFINES = -DHASXDMAUTH
153	XDMAUTHOBJS = xdmauth.o
154	@@ -133,7 +147,7 @@
155
156	INCLUDES = $(KRB5_INCLUDE)
157	DEPLIBS = $(DEPXMULIB) $(DEPXTOOLLIB) $(DEPXLIB) $(DEPXAUTHLIB) $(DEPXDMCPLIB)
158	-LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) $(DLLIBRARY) $(CRYPT_LIBRARIES)
159	+LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) -lpam -ldl $(CRYPT_LIBRARIES)
160
161	SRCS1 = auth.c daemon.c server.c dpylist.c dm.c error.c file.c \
162	netaddr.c reset.c resource.c protodpy.c policy.c \
163	@@ -182,6 +196,7 @@
164	OSMAJORVERSION = OSMajorVersion
165	OSMINORVERSION = OSMinorVersion
166	CONN_DEFINES = $(CONNECTION_FLAGS)
167	+ EXTRA_DEFINES = -DUSE_PAM
168	DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
169	$(SIGNAL_DEFINES) \
170	$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \