- removed %config from xdm rc script,

[packages/XFree86.git] / XFree86-pam.patch

--- XFree86-3.3.2/xc/programs/xdm/greeter/verify.c.nopam        Tue May 27 02:22:28 1997
+++ XFree86-3.3.2/xc/programs/xdm/greeter/verify.c      Tue Mar  3 17:15:17 1998
@@ -41,6 +41,9 @@
 
 # include      "dm.h"
 # include      <pwd.h>
+#ifdef USE_PAM
+# include      <security/pam_appl.h>
+#else /* ! USE_PAM */
 #ifdef USESHADOW
 # include      <shadow.h>
 #if defined(SHADOWSUITE) && defined(linux)
@@ -51,6 +54,7 @@
 extern int errno;
 #endif
 #endif
+#endif /* USE_PAM */
 
 # include      "greet.h"
 
@@ -104,6 +108,49 @@
     return env;
 }
 
+#ifdef USE_PAM
+static char *PAM_password;
+
+static int PAM_conv (int num_msg,
+                    const struct pam_message **msg,
+                    struct pam_response **resp,
+                    void *appdata_ptr) {
+       int replies = 0;
+       struct pam_response *reply = NULL;
+
+       reply = malloc(sizeof(struct pam_response));
+       if (!reply) return PAM_CONV_ERR;
+       #define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+       for (replies = 0; replies < num_msg; replies++) {
+               switch (msg[replies]->msg_style) {
+               case PAM_PROMPT_ECHO_OFF:
+                       /* wants password */
+                       reply[replies].resp_retcode = PAM_SUCCESS;
+                       reply[replies].resp = COPY_STRING(PAM_password);
+                       break;
+               case PAM_TEXT_INFO:
+                       /* ignore the informational mesage */
+                       break;
+               case PAM_PROMPT_ECHO_ON:
+                       /* user name given to PAM already */
+                       /* fall through */
+               default:
+                       /* unknown or PAM_ERROR_MSG */
+                       free (reply);
+                       return PAM_CONV_ERR;
+               }
+       }
+       *resp = reply;
+       return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+       &PAM_conv,
+       NULL
+};
+#endif
+
 int
 Verify (d, greet, verify)
 struct display         *d;
@@ -121,6 +168,10 @@
 #endif
        char            *shell, *home;
        char            **argv;
+#ifdef USE_PAM
+       pam_handle_t *pamh;
+       int pam_error;
+#endif
 
        Debug ("Verify %s ...\n", greet->name);
        p = getpwnam (greet->name);
@@ -131,6 +182,7 @@
        } else {
            user_pass = p->pw_passwd;
        }
+#ifndef USE_PAM
 #ifdef USESHADOW
        errno = 0;
        sp = getspnam(greet->name);
@@ -153,6 +205,28 @@
                        return 0;
                } /* else: null passwd okay */
        }
+#else /* USE_PAM */
+       #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+          pam_end(pamh, 0); return 0; \
+        }
+       PAM_password = greet->password;
+       pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+       PAM_BAIL;
+       pam_error = pam_set_item(pamh, PAM_TTY, d->name);
+       PAM_BAIL;
+       pam_error = pam_authenticate(pamh, 0);
+       PAM_BAIL;
+       pam_error = pam_acct_mgmt(pamh, 0);
+       /* really should do password changing, but it doesn't fit well */
+       PAM_BAIL;
+       pam_error = pam_setcred(pamh, 0);
+       PAM_BAIL;
+       /* unfortunately, it's not clear at the moment how to do session
+        * management; it's possible, since xdm hangs around, but I don't
+        * see yet how to tear the sessions down.
+        */
+       pam_end(pamh, PAM_SUCCESS);
+#endif /* USE_PAM */
        Debug ("verify succeeded\n");
        bzero(user_pass, strlen(user_pass)); /* in case shadow password */
        /* The password is passed to StartClient() for use by user-based
--- XFree86-3.3.2/xc/programs/xdm/Imakefile.nopam       Tue Mar  3 17:15:13 1998
+++ XFree86-3.3.2/xc/programs/xdm/Imakefile     Wed Mar  4 10:14:36 1998
@@ -18,6 +18,8 @@
  * but not all NetBSD/Alpha systems have shared libraries, and
  * it can't be shared on those which do not.
  */
+
+/* Don't use this with PAM 
 #ifndef SharedLibXdmGreet
 #define SharedLibXdmGreet                                              \
     ((defined(AlphaArchitecture) &&                                    \
@@ -29,11 +31,23 @@
 #ifndef BuildBoth
 #define BuildBoth (defined(LinuxArchitecture) && !SharedLibXdmGreet && !UseElfFormat)
 #endif
+*/
+
+/* this is a hack */
 
 #ifndef LinuxShadowSuite
 #define LinuxShadowSuite NO
 #endif
 
+#ifdef BuildBoth
+#undef BuildBoth
+#define BuildBoth 0
+#endif
+
+#ifdef SharedLibXdmGreet
+#undef SharedLibXdmGreet
+#endif
+
 #if HasXdmAuth
 XDMAUTH_DEFINES = -DHASXDMAUTH
 XDMAUTHOBJS = xdmauth.o
@@ -133,7 +147,7 @@
 
 INCLUDES = $(KRB5_INCLUDE)
 DEPLIBS = $(DEPXMULIB) $(DEPXTOOLLIB) $(DEPXLIB) $(DEPXAUTHLIB) $(DEPXDMCPLIB)
-LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) $(DLLIBRARY) $(CRYPT_LIBRARIES)
+LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) -lpam -ldl $(CRYPT_LIBRARIES)
 
           SRCS1 = auth.c daemon.c server.c dpylist.c dm.c error.c file.c \
                  netaddr.c reset.c resource.c protodpy.c policy.c \
@@ -182,6 +196,7 @@
  OSMAJORVERSION = OSMajorVersion
  OSMINORVERSION = OSMinorVersion
    CONN_DEFINES = $(CONNECTION_FLAGS)
+  EXTRA_DEFINES = -DUSE_PAM
         DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
                $(SIGNAL_DEFINES) \
                $(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \