[packages/screen.git] / screen-debian.patch

--- screen-3.9.9.orig/doc/screen.texinfo
+++ screen-3.9.9/doc/screen.texinfo
@@ -2912,7 +2912,7 @@
 
 @noindent
 @kbd{>} sets the (second) mark and writes the contents of the paste buffer
-to the screen-exchange file (@file{/tmp/screen-exchange} per default)
+to the screen-exchange file (@file{$HOME/.screen-exchange} per default)
 once copy-mode is finished.  @xref{Screen-Exchange}.@*
 This example demonstrates how to dump the
 whole scrollback buffer to that file: @*@kbd{C-a [ g SPACE G $ >}.
@@ -3034,7 +3034,7 @@
 (none)@*
 Change the filename used for reading and writing with the paste buffer.
 If the @var{exchange-file} parameter is omitted, @code{screen} reverts
-to the default of @file{/tmp/screen-exchange}.  The following example
+to the default of @file{$HOME/.screen-exchange}.  The following example
 will paste the system's password file into the screen window (using the 
 paste buffer, where a copy remains):
 
--- screen-3.9.9.orig/doc/screen.1
+++ screen-3.9.9/doc/screen.1
@@ -1010,7 +1011,7 @@
 .PP
 Change the filename used for reading and writing with the paste buffer.
 If the optional argument to the \*Qbufferfile\*U command is omitted, 
-the default setting (\*Q/tmp/screen-exchange\*U) is reactivated.
+the default setting (\*Q$HOME/.screen-exchange\*U) is reactivated.
 The following example will paste the system's password file into 
 the
 .I screen
@@ -1275,7 +1276,7 @@
 .br
 .ti -2n
 \fB>\fP sets the (second) mark and writes the contents of the paste buffer to
-the screen-exchange file (/tmp/screen-exchange per default) once copy-mode is 
+the screen-exchange file ($HOME/.screen-exchange per default) once copy-mode is 
 finished. 
 .br
 This example demonstrates how to dump the whole scrollback buffer 
@@ -2805,7 +2806,7 @@
 file if no filename is given. This is thought of as a primitive means of communication between
 .I screen
 users on the same host. The filename can be set with the \fIbufferfile\fP
-command and defaults to \*Q/tmp/screen-exchange\*U.
+command and defaults to \*Q$HOME/.screen-exchange\*U.
 .sp
 .ne 3
 .BR "writelock " [ on | "off\fR|\fBauto\fR]"
--- screen-3.9.9.orig/etc/etcscreenrc
+++ screen-3.9.9/etc/etcscreenrc
@@ -1,6 +1,6 @@
 #
 # This is an example for the global screenrc file.
-# You may want to install this file as /usr/local/etc/screenrc.
+# You may want to install this file as /etc/screenrc.
 # Check config.h for the exact location.
 #
 # Flaws of termcap and standard settings are done here.
@@ -92,3 +92,5 @@
 bind 'O' login off
 bind '}' history
 
+# On Debian GNU/Linux, `<--' (Backspace key) should send char `\177':
+bindkey -k kb stuff "\177"
--- screen-3.9.9.orig/pty.c
+++ screen-3.9.9/pty.c
@@ -243,11 +243,15 @@
 {
   register int f;
   char *m, *ptsname();
-  int unlockpt __P((int)), grantpt __P((int));
+  int unlockpt __P((int)), grantpt __P((int)), getpt __P((void));
   sigret_t (*sigcld)__P(SIGPROTOARG);
 
+#ifdef HAVE_GETPT
+  if ((f = getpt()) == -1)
+#else
   strcpy(PtyName, "/dev/ptmx");
   if ((f = open(PtyName, O_RDWR | O_NOCTTY)) == -1)
+#endif /* HAVE_GETPT */
     return -1;
 
   /*
--- screen-3.9.9.orig/README
+++ screen-3.9.9/README
@@ -54,8 +54,8 @@
 
   C-a C-]	(paste)		Output copy buffer to current window's stdin.
 
-  C-a <		(readbuf) 	Read the copy buffer from /tmp/screen-exchange.
-  C-a >		(writebuf)	Write the copy buffer to /tmp/screen-exchange.
+  C-a <		(readbuf) 	Read the copy buffer from $HOME/.screen-exchange.
+  C-a >		(writebuf)	Write the copy buffer to $HOME/.screen-exchange.
 
   C-a d		(detach)	Detach screen. All processes continue and may
 				spool output to their pty's, but screen
--- screen-3.9.9.orig/configure.in
+++ screen-3.9.9/configure.in
@@ -28,6 +28,8 @@
 [echo "$1" 1>&AC_FD_MSG
 ])dnl
 
+AC_ARG_WITH(libpam, [  --with-libpam           use libpam for PAM support])
+
 dnl
 dnl Extract version from patchlevel.h
 dnl
@@ -626,7 +628,10 @@
 AC_MSG_ERROR(!!! no tgetent - no screen))))))
 
 AC_TRY_RUN([
-main()
+#include <stdlib.h>
+#include <string.h>
+#include <termcap.h>
+int main(int argc, char *argv[])
 {
  exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
 }], AC_NOTE(- you use the termcap database),
@@ -646,6 +651,7 @@
 if test -c /dev/ptmx ; then
 AC_TRY_LINK([],[ptsname(0);grantpt(0);unlockpt(0);],AC_DEFINE(HAVE_SVR4_PTYS))
 fi
+AC_CHECK_FUNCS(getpt)
 
 AC_CHECKING(for ptyranges)
 if test -d /dev/ptym ; then
@@ -1080,6 +1086,30 @@
 )
 fi
 
+AC_SUBST(LIBPAM)
+AC_SUBST(USEPAM)
+if test "$with_libpam" = "yes"; then
+	dnl AC_CHECK_LIB(pam, pam_start, AC_DEFINE(PAM) LIBPAM=-lpam)
+	dnl the above doesn't work as there is no libpam.a (only .so)
+	dnl XXX - libpam_misc is probably Linux-PAM specific
+	LIBPAM="-lpam -lpam_misc -ldl"
+	USEPAM="-DUSE_PAM"
+	AC_DEFINE(PAM)
+#	AC_CACHE_CHECK(whether pam_strerror needs two arguments,
+#		ac_cv_pam_strerror_needs_two_args,
+#		AC_TRY_COMPILE(
+#				[#include <security/pam_appl.h>],
+#				[ pam_handle_t *pamh; pam_strerror(pamh, PAM_SUCCESS);
+#	],
+#				ac_cv_pam_strerror_needs_two_args=yes,
+#				ac_cv_pam_strerror_needs_two_args=no
+#		)
+#	)
+#	if test "$ac_cv_pam_strerror_needs_two_args" = "yes"; then
+#			AC_DEFINE(PAM_STRERROR_NEEDS_TWO_ARGS)
+#	fi
+fi
+
 dnl AC_CHECK_HEADER(shadow.h, AC_DEFINE(SHADOWPW))
 AC_CHECKING(getspnam)
 AC_TRY_LINK([#include <shadow.h>], [getspnam("x");],AC_DEFINE(SHADOWPW))
@@ -1178,7 +1208,7 @@
 
 ETCSCREENRC="\"/usr/local/etc/screenrc\""
 if test -n "$prefix"; then
-ETCSCREENRC="\"$prefix/etc/screenrc\""
+ETCSCREENRC="\"/etc/screenrc\""
 fi
 AC_MSG_CHECKING(for the global screenrc file)
 AC_ARG_WITH(sys-screenrc, [  --with-sys-screenrc=path  where to put the global screenrc file], [ ETCSCREENRC="\"${withval}\"" ])
--- screen-3.9.9.orig/ansi.c
+++ screen-3.9.9/ansi.c
@@ -2220,7 +2220,7 @@
 int n, ys, ye, bce;
 {
   int i, cnt1, cnt2;
-  struct mline *tmp[256];
+  struct mline tmp[256];
   struct mline *ml;
 
   if (n == 0)
--- screen-3.9.9.orig/screen.c
+++ screen-3.9.9/screen.c
@@ -107,6 +107,7 @@
 FILE *dfp;
 #endif
 
+char bufferfile[MAXPATHLEN];
 
 extern char *blank, *null, Term[], screenterm[], **environ, Termcap[];
 int force_vt = 1;
@@ -265,7 +266,7 @@
 char *name;
 struct passwd *ppp;
 {
-  int n;
+  int n, len;
 #ifdef SHADOWPW
   struct spwd *sss = NULL;
   static char *spw = NULL;
@@ -279,13 +280,18 @@
 pw_try_again:
 #endif
   n = 0;
+  len = 13;
   if (ppp->pw_passwd[0] == '#' && ppp->pw_passwd[1] == '#' &&
       strcmp(ppp->pw_passwd + 2, ppp->pw_name) == 0)
     n = 13;
-  for (; n < 13; n++)
+  else if (!strncmp(ppp->pw_passwd, "$1$", 3)) {	/* MD5-based passwords */
+    n = 13;
+    len = 34;
+  }
+  for (; n < len; n++)
     {
       char c = ppp->pw_passwd[n];
-      if (!(c == '.' || c == '/' || c == '$' ||
+      if (!(c == '.' || c == '/' || (len == 34 && c == '$') ||
 	    (c >= '0' && c <= '9') || 
 	    (c >= 'a' && c <= 'z') || 
 	    (c >= 'A' && c <= 'Z'))) 
@@ -426,9 +432,6 @@
   logtstamp_string = SaveStr("-- %n:%t -- time-stamp -- %M/%d/%y %c:%s --\n");
   hstatusstring = SaveStr("%h");
   captionstring = SaveStr("%3n %t");
-#ifdef COPY_PASTE
-  BufferFile = SaveStr(DEFAULT_BUFFERFILE);
-#endif
   ShellProg = NULL;
 #ifdef POW_DETACH
   PowDetachString = 0;
@@ -879,6 +882,8 @@
 #endif /* DEBUG */
     }
 
+  snprintf(bufferfile,sizeof(bufferfile),"%s/.screen-exchange", home);
+  BufferFile = SaveStr(bufferfile);
 #ifdef _MODE_T
   oumask = umask(0);		/* well, unsigned never fails? jw. */
 #else
@@ -939,8 +944,8 @@
 	  SockDir = SOCKDIR;
 	  if (lstat(SockDir, &st))
 	    {
-	      n = (eff_uid == 0) ? 0755 :
-	          (eff_gid != real_gid) ? 0775 :
+	      n = (eff_gid != real_gid) ? 0775 :
+	          (eff_uid == 0) ? 0755 :
 #ifdef S_ISVTX
 		  0777|S_ISVTX;
 #else
--- screen-3.9.9.orig/screen.h
+++ screen-3.9.9/screen.h
@@ -44,6 +44,7 @@
 #include "layer.h"
 #include "term.h"
 
+extern char bufferfile[MAXPATHLEN];
 
 #ifdef DEBUG
 # define STATIC		/* a function that the debugger should see */
--- screen-3.9.9.orig/debian/pam.d-screen
+++ screen-3.9.9/debian/pam.d-screen
@@ -0,0 +1 @@
+auth	required	pam_unix.so
--- screen-3.9.9.orig/Makefile.in
+++ screen-3.9.9/Makefile.in
@@ -23,10 +23,10 @@
 ETCSCREENRC = `sed < config.h -n -e '/define ETCSCREENRC/s/^.*"\([^"]*\)"/\1/p'`
 
 CC = @CC@
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ @USEPAM@
 CPPFLAGS = @CPPFLAGS@
 LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
+LIBS = @LIBS@ @LIBPAM@
 
 CPP=@CPP@
 CPP_DEPEND=$(CC) -MM
--- screen-3.9.9.orig/config.h.in
+++ screen-3.9.9/config.h.in
@@ -582,6 +582,11 @@
  */
 #undef HAVE_SVR4_PTYS
 
+/*
+ * define HAVE_GETPT if you have the getpt() function.
+ */
+#undef HAVE_GETPT
+
 /* 
  * define PTYRANGE0 and or PTYRANGE1 if you want to adapt screen
  * to unusual environments. E.g. For SunOs the defaults are "qpr" and 
--- screen-3.9.9.orig/window.c
+++ screen-3.9.9/window.c
@@ -1524,6 +1524,12 @@
 	FreePseudowin(w);
 	return -1;
       }
+    if (ioctl(w->w_ptyfd, TIOCPKT, (char *)&flag))
+      {
+	Msg(errno, "TIOCPKT ioctl on parent");
+	FreePseudowin(w);
+	return -1;
+      }
   }
 #endif /* TIOCPKT */
   
@@ -1560,6 +1566,14 @@
   evdeq(&pwin->p_writeev);
   free((char *)pwin);
   w->w_pwin = NULL;
+#ifdef TIOCPKT
+  {
+    int flag = 1;
+
+    if (ioctl(w->w_ptyfd, TIOCPKT, (char *)&flag))
+      Msg(errno, "TIOCPKT reset on parent failed");
+  }
+#endif /* TIOCPKT */
 }
 
 #endif /* PSEUDOS */
--- screen-3.9.9.orig/tty.sh
+++ screen-3.9.9/tty.sh
@@ -788,7 +788,7 @@
 {
 #if defined(POSIX) && !defined(ultrix)
   setsid();		/* will break terminal affiliation */
-# if defined(BSD) && defined(TIOCSCTTY)
+# if defined(BSD) && defined(TIOCSCTTY) && !defined(__GNU__)
   ioctl(fd, TIOCSCTTY, (char *)0);
 # endif /* BSD && TIOCSCTTY */
 #else /* POSIX */
--- screen-3.9.9.orig/process.c
+++ screen-3.9.9/process.c
@@ -2019,7 +2019,7 @@
 #ifdef COPY_PASTE
     case RC_BUFFERFILE:
       if (*args == 0)
-	BufferFile = SaveStr(DEFAULT_BUFFERFILE);
+	BufferFile = SaveStr(bufferfile);
       else if (ParseSaveStr(act, &BufferFile))
         break;
       if (msgok)
--- screen-3.9.9.orig/attacher.c
+++ screen-3.9.9/attacher.c
@@ -33,6 +33,10 @@
 #include "screen.h"
 #include "extern.h"
 
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+#endif /* USE_PAM */
+
 #include <pwd.h>
 
 static sigret_t AttacherSigInt __P(SIGPROTOARG);
@@ -70,6 +74,10 @@
 # endif
 #endif
 
+#ifdef USE_PAM
+static char *PAM_password;
+static char *PAM_name;
+#endif
 
 #ifdef MULTIUSER
 static int ContinuePlease;
@@ -720,14 +728,67 @@
     }
 }				/* LockTerminal */
 
+#ifdef USE_PAM
+static int PAM_conv (int num_msg,
+             const struct pam_message **msg,
+             struct pam_response **resp,
+             void *appdata_ptr) {
+    int replies = 0;
+    struct pam_response *reply = NULL;
+
+    reply = malloc(sizeof(struct pam_response)*num_msg);
+    if (!reply) return PAM_CONV_ERR;
+    #define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+    for (replies = 0; replies < num_msg; replies++) {
+        switch (msg[replies]->msg_style) {
+        case PAM_PROMPT_ECHO_OFF:
+            /* wants password */
+            reply[replies].resp_retcode = PAM_SUCCESS;
+            reply[replies].resp = COPY_STRING(PAM_password);
+            break;
+        case PAM_TEXT_INFO:
+            /* ignore the informational mesage */
+            /* but first clear out any drek left by malloc */
+            reply[replies].resp = NULL;
+            break;
+        case PAM_PROMPT_ECHO_ON:
+            /* user name given to PAM already */
+            /* fall through */
+        default:
+            /* unknown or PAM_ERROR_MSG */
+            free (reply);
+            return PAM_CONV_ERR;
+        }
+    }
+    *resp = reply;
+    return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+    &PAM_conv,
+    NULL
+};
+#endif
+
+
 /* -- original copyright by Luigi Cannelloni 1985 (luigi@faui70.UUCP) -- */
 static void
 screen_builtin_lck()
 {
   char fullname[100], *cp1, message[100 + 100];
-  char *pass, mypass[9];
+  char *pass;
+#ifdef USE_PAM
+  int pam_error;
+  pam_handle_t *pamh = NULL;
+#else
+  char mypass[9];
+#endif /* USE_PAM */
 
   pass = ppp->pw_passwd;
+
+#ifndef USE_PAM
+  /* if we're using PAM this will evaluate to true. which we don't want. */
   if (pass == 0 || *pass == 0)
     {
       if ((pass = getpass("Key:   ")))
@@ -754,6 +815,7 @@
         }
       pass = 0;
     }
+#endif /* USE_PAM */
 
   debug("screen_builtin_lck looking in gcos field\n");
   strncpy(fullname, ppp->pw_gecos, sizeof(fullname) - 9);
@@ -782,6 +844,22 @@
           AttacherFinit(SIGARG);
           /* NOTREACHED */
         }
+#ifdef USE_PAM
+      PAM_password=cp1;
+      PAM_name=ppp->pw_name;
+
+      pam_error = pam_start("screen", PAM_name, &PAM_conversation, &pamh);
+
+      if (pam_error == PAM_SUCCESS) {
+	pam_error = pam_authenticate(pamh, 0);
+	pam_end(pamh, PAM_SUCCESS);
+	if (pam_error == PAM_SUCCESS) {
+	  memset(cp1,0,strlen(cp1));
+	  PAM_password = NULL; 
+	  break;
+	}
+      }
+#else
       if (pass)
         {
           if (!strncmp(crypt(cp1, pass), pass, strlen(pass)))
@@ -792,6 +870,7 @@
           if (!strcmp(cp1, mypass))
             break;
         }
+#endif /* USE_PAM */
       debug("screen_builtin_lck: NO!!!!!\n");
     }
   debug("password ok.\n");
Commit	Line	Data
80ed737a	1	--- screen-3.9.9.orig/doc/screen.texinfo
	2	+++ screen-3.9.9/doc/screen.texinfo
	3	@@ -2912,7 +2912,7 @@
4d02b44a	4
80ed737a	5	@noindent
	6	@kbd{>} sets the (second) mark and writes the contents of the paste buffer
	7	-to the screen-exchange file (@file{/tmp/screen-exchange} per default)
	8	+to the screen-exchange file (@file{$HOME/.screen-exchange} per default)
	9	once copy-mode is finished. @xref{Screen-Exchange}.@*
	10	This example demonstrates how to dump the
	11	whole scrollback buffer to that file: @*@kbd{C-a [ g SPACE G $ >}.
	12	@@ -3034,7 +3034,7 @@
	13	(none)@*
	14	Change the filename used for reading and writing with the paste buffer.
	15	If the @var{exchange-file} parameter is omitted, @code{screen} reverts
	16	-to the default of @file{/tmp/screen-exchange}. The following example
	17	+to the default of @file{$HOME/.screen-exchange}. The following example
	18	will paste the system's password file into the screen window (using the
	19	paste buffer, where a copy remains):
4d02b44a	20
80ed737a	21	--- screen-3.9.9.orig/doc/screen.1
	22	+++ screen-3.9.9/doc/screen.1
	23	@@ -1010,7 +1011,7 @@
	24	.PP
	25	Change the filename used for reading and writing with the paste buffer.
	26	If the optional argument to the \Qbufferfile\U command is omitted,
	27	-the default setting (\Q/tmp/screen-exchange\U) is reactivated.
	28	+the default setting (\Q$HOME/.screen-exchange\U) is reactivated.
	29	The following example will paste the system's password file into
	30	the
	31	.I screen
	32	@@ -1275,7 +1276,7 @@
	33	.br
	34	.ti -2n
	35	\fB>\fP sets the (second) mark and writes the contents of the paste buffer to
	36	-the screen-exchange file (/tmp/screen-exchange per default) once copy-mode is
	37	+the screen-exchange file ($HOME/.screen-exchange per default) once copy-mode is
	38	finished.
	39	.br
	40	This example demonstrates how to dump the whole scrollback buffer
	41	@@ -2805,7 +2806,7 @@
	42	file if no filename is given. This is thought of as a primitive means of communication between
	43	.I screen
	44	users on the same host. The filename can be set with the \fIbufferfile\fP
	45	-command and defaults to \Q/tmp/screen-exchange\U.
	46	+command and defaults to \Q$HOME/.screen-exchange\U.
	47	.sp
	48	.ne 3
	49	.BR "writelock " [ on \| "off\fR\|\fBauto\fR]"
	50	--- screen-3.9.9.orig/etc/etcscreenrc
	51	+++ screen-3.9.9/etc/etcscreenrc
	52	@@ -1,6 +1,6 @@
	53	#
	54	# This is an example for the global screenrc file.
	55	-# You may want to install this file as /usr/local/etc/screenrc.
	56	+# You may want to install this file as /etc/screenrc.
	57	# Check config.h for the exact location.
	58	#
	59	# Flaws of termcap and standard settings are done here.
	60	@@ -92,3 +92,5 @@
	61	bind 'O' login off
	62	bind '}' history
4d02b44a	63
80ed737a	64	+# On Debian GNU/Linux, `<--' (Backspace key) should send char `\177':
	65	+bindkey -k kb stuff "\177"
	66	--- screen-3.9.9.orig/pty.c
	67	+++ screen-3.9.9/pty.c
	68	@@ -243,11 +243,15 @@
4d02b44a	69	{
80ed737a	70	register int f;
	71	char m, ptsname();
	72	- int unlockpt __P((int)), grantpt __P((int));
	73	+ int unlockpt __P((int)), grantpt __P((int)), getpt __P((void));
	74	sigret_t (*sigcld)__P(SIGPROTOARG);
	75
	76	+#ifdef HAVE_GETPT
	77	+ if ((f = getpt()) == -1)
4d02b44a	78	+#else
80ed737a	79	strcpy(PtyName, "/dev/ptmx");
	80	if ((f = open(PtyName, O_RDWR \| O_NOCTTY)) == -1)
	81	+#endif /* HAVE_GETPT */
	82	return -1;
4d02b44a	83
80ed737a	84	/*
	85	--- screen-3.9.9.orig/README
	86	+++ screen-3.9.9/README
	87	@@ -54,8 +54,8 @@
4d02b44a	88
80ed737a	89	C-a C-] (paste) Output copy buffer to current window's stdin.
4d02b44a	90
80ed737a	91	- C-a < (readbuf) Read the copy buffer from /tmp/screen-exchange.
	92	- C-a > (writebuf) Write the copy buffer to /tmp/screen-exchange.
	93	+ C-a < (readbuf) Read the copy buffer from $HOME/.screen-exchange.
	94	+ C-a > (writebuf) Write the copy buffer to $HOME/.screen-exchange.
	95
	96	C-a d (detach) Detach screen. All processes continue and may
	97	spool output to their pty's, but screen
	98	--- screen-3.9.9.orig/configure.in
	99	+++ screen-3.9.9/configure.in
4d02b44a AM	100	@@ -28,6 +28,8 @@
	101	[echo "$1" 1>&AC_FD_MSG
	102	])dnl
	103
	104	+AC_ARG_WITH(libpam, [ --with-libpam use libpam for PAM support])
	105	+
	106	dnl
	107	dnl Extract version from patchlevel.h
	108	dnl
80ed737a	109	@@ -626,7 +628,10 @@
	110	AC_MSG_ERROR(!!! no tgetent - no screen))))))
	111
	112	AC_TRY_RUN([
	113	-main()
	114	+#include <stdlib.h>
	115	+#include <string.h>
	116	+#include <termcap.h>
	117	+int main(int argc, char *argv[])
	118	{
	119	exit(strcmp(tgoto("%p1%d", 0, 1), "1") ? 0 : 1);
	120	}], AC_NOTE(- you use the termcap database),
	121	@@ -646,6 +651,7 @@
4d02b44a AM	122	if test -c /dev/ptmx ; then
	123	AC_TRY_LINK([],[ptsname(0);grantpt(0);unlockpt(0);],AC_DEFINE(HAVE_SVR4_PTYS))
	124	fi
	125	+AC_CHECK_FUNCS(getpt)
	126
	127	AC_CHECKING(for ptyranges)
	128	if test -d /dev/ptym ; then
80ed737a	129	@@ -1080,6 +1086,30 @@
4d02b44a AM	130	)
4d02b44a AM	131	fi
80ed737a	132
4d02b44a AM	133	+AC_SUBST(LIBPAM)
	134	+AC_SUBST(USEPAM)
	135	+if test "$with_libpam" = "yes"; then
	136	+ dnl AC_CHECK_LIB(pam, pam_start, AC_DEFINE(PAM) LIBPAM=-lpam)
	137	+ dnl the above doesn't work as there is no libpam.a (only .so)
	138	+ dnl XXX - libpam_misc is probably Linux-PAM specific
	139	+ LIBPAM="-lpam -lpam_misc -ldl"
	140	+ USEPAM="-DUSE_PAM"
	141	+ AC_DEFINE(PAM)
	142	+# AC_CACHE_CHECK(whether pam_strerror needs two arguments,
	143	+# ac_cv_pam_strerror_needs_two_args,
	144	+# AC_TRY_COMPILE(
	145	+# [#include <security/pam_appl.h>],
	146	+# [ pam_handle_t *pamh; pam_strerror(pamh, PAM_SUCCESS);
	147	+# ],
	148	+# ac_cv_pam_strerror_needs_two_args=yes,
	149	+# ac_cv_pam_strerror_needs_two_args=no
	150	+# )
	151	+# )
	152	+# if test "$ac_cv_pam_strerror_needs_two_args" = "yes"; then
	153	+# AC_DEFINE(PAM_STRERROR_NEEDS_TWO_ARGS)
	154	+# fi
	155	+fi
	156	+
4d02b44a AM	157	dnl AC_CHECK_HEADER(shadow.h, AC_DEFINE(SHADOWPW))
4d02b44a AM	158	AC_CHECKING(getspnam)
80ed737a	159	AC_TRY_LINK([#include <shadow.h>], [getspnam("x");],AC_DEFINE(SHADOWPW))
80ed737a	160	@@ -1178,7 +1208,7 @@
4d02b44a	161
80ed737a	162	ETCSCREENRC="\"/usr/local/etc/screenrc\""
	163	if test -n "$prefix"; then
	164	-ETCSCREENRC="\"$prefix/etc/screenrc\""
	165	+ETCSCREENRC="\"/etc/screenrc\""
	166	fi
	167	AC_MSG_CHECKING(for the global screenrc file)
	168	AC_ARG_WITH(sys-screenrc, [ --with-sys-screenrc=path where to put the global screenrc file], [ ETCSCREENRC="\"${withval}\"" ])
	169	--- screen-3.9.9.orig/ansi.c
	170	+++ screen-3.9.9/ansi.c
	171	@@ -2220,7 +2220,7 @@
	172	int n, ys, ye, bce;
	173	{
	174	int i, cnt1, cnt2;
	175	- struct mline *tmp[256];
	176	+ struct mline tmp[256];
	177	struct mline *ml;
4d02b44a	178
80ed737a	179	if (n == 0)
	180	--- screen-3.9.9.orig/screen.c
	181	+++ screen-3.9.9/screen.c
	182	@@ -107,6 +107,7 @@
4d02b44a AM	183	FILE *dfp;
	184	#endif
	185
	186	+char bufferfile[MAXPATHLEN];
	187
	188	extern char blank, null, Term[], screenterm[], **environ, Termcap[];
	189	int force_vt = 1;
80ed737a	190	@@ -265,7 +266,7 @@
4d02b44a AM	191	char *name;
	192	struct passwd *ppp;
	193	{
	194	- int n;
	195	+ int n, len;
	196	#ifdef SHADOWPW
	197	struct spwd *sss = NULL;
	198	static char *spw = NULL;
80ed737a	199	@@ -279,13 +280,18 @@
4d02b44a AM	200	pw_try_again:
	201	#endif
	202	n = 0;
	203	+ len = 13;
	204	if (ppp->pw_passwd[0] == '#' && ppp->pw_passwd[1] == '#' &&
	205	strcmp(ppp->pw_passwd + 2, ppp->pw_name) == 0)
	206	n = 13;
	207	- for (; n < 13; n++)
80ed737a	208	+ else if (!strncmp(ppp->pw_passwd, "$1$", 3)) { /* MD5-based passwords */
4d02b44a AM	209	+ n = 13;
	210	+ len = 34;
	211	+ }
	212	+ for (; n < len; n++)
	213	{
	214	char c = ppp->pw_passwd[n];
80ed737a	215	- if (!(c == '.' \|\| c == '/' \|\| c == '$' \|\|
80ed737a	216	+ if (!(c == '.' \|\| c == '/' \|\| (len == 34 && c == '$') \|\|
4d02b44a AM	217	(c >= '0' && c <= '9') \|\|
	218	(c >= 'a' && c <= 'z') \|\|
	219	(c >= 'A' && c <= 'Z')))
80ed737a	220	@@ -426,9 +432,6 @@
4d02b44a AM	221	logtstamp_string = SaveStr("-- %n:%t -- time-stamp -- %M/%d/%y %c:%s --\n");
	222	hstatusstring = SaveStr("%h");
	223	captionstring = SaveStr("%3n %t");
	224	-#ifdef COPY_PASTE
	225	- BufferFile = SaveStr(DEFAULT_BUFFERFILE);
	226	-#endif
	227	ShellProg = NULL;
	228	#ifdef POW_DETACH
	229	PowDetachString = 0;
80ed737a	230	@@ -879,6 +882,8 @@
4d02b44a AM	231	#endif /* DEBUG */
4d02b44a AM	232	}
80ed737a	233
4d02b44a	234	+ snprintf(bufferfile,sizeof(bufferfile),"%s/.screen-exchange", home);
80ed737a	235	+ BufferFile = SaveStr(bufferfile);
4d02b44a AM	236	#ifdef _MODE_T
	237	oumask = umask(0); /* well, unsigned never fails? jw. */
	238	#else
80ed737a	239	@@ -939,8 +944,8 @@
	240	SockDir = SOCKDIR;
	241	if (lstat(SockDir, &st))
	242	{
	243	- n = (eff_uid == 0) ? 0755 :
	244	- (eff_gid != real_gid) ? 0775 :
	245	+ n = (eff_gid != real_gid) ? 0775 :
	246	+ (eff_uid == 0) ? 0755 :
	247	#ifdef S_ISVTX
	248	0777\|S_ISVTX;
	249	#else
	250	--- screen-3.9.9.orig/screen.h
	251	+++ screen-3.9.9/screen.h
4d02b44a AM	252	@@ -44,6 +44,7 @@
	253	#include "layer.h"
	254	#include "term.h"
	255
	256	+extern char bufferfile[MAXPATHLEN];
	257
	258	#ifdef DEBUG
	259	# define STATIC /* a function that the debugger should see */
80ed737a	260	--- screen-3.9.9.orig/debian/pam.d-screen
	261	+++ screen-3.9.9/debian/pam.d-screen
	262	@@ -0,0 +1 @@
	263	+auth required pam_unix.so
	264	--- screen-3.9.9.orig/Makefile.in
	265	+++ screen-3.9.9/Makefile.in
	266	@@ -23,10 +23,10 @@
	267	ETCSCREENRC = `sed < config.h -n -e '/define ETCSCREENRC/s/^."\([^"]\)"/\1/p'`
	268
	269	CC = @CC@
	270	-CFLAGS = @CFLAGS@
	271	+CFLAGS = @CFLAGS@ @USEPAM@
	272	CPPFLAGS = @CPPFLAGS@
	273	LDFLAGS = @LDFLAGS@
	274	-LIBS = @LIBS@
	275	+LIBS = @LIBS@ @LIBPAM@
	276
	277	CPP=@CPP@
	278	CPP_DEPEND=$(CC) -MM
	279	--- screen-3.9.9.orig/config.h.in
	280	+++ screen-3.9.9/config.h.in
	281	@@ -582,6 +582,11 @@
	282	*/
	283	#undef HAVE_SVR4_PTYS
	284
	285	+/*
	286	+ * define HAVE_GETPT if you have the getpt() function.
	287	+ */
	288	+#undef HAVE_GETPT
	289	+
	290	/*
	291	* define PTYRANGE0 and or PTYRANGE1 if you want to adapt screen
	292	* to unusual environments. E.g. For SunOs the defaults are "qpr" and
	293	--- screen-3.9.9.orig/window.c
	294	+++ screen-3.9.9/window.c
	295	@@ -1524,6 +1524,12 @@
4d02b44a AM	296	FreePseudowin(w);
	297	return -1;
	298	}
	299	+ if (ioctl(w->w_ptyfd, TIOCPKT, (char *)&flag))
	300	+ {
	301	+ Msg(errno, "TIOCPKT ioctl on parent");
	302	+ FreePseudowin(w);
	303	+ return -1;
	304	+ }
	305	}
	306	#endif /* TIOCPKT */
	307
80ed737a	308	@@ -1560,6 +1566,14 @@
4d02b44a AM	309	evdeq(&pwin->p_writeev);
	310	free((char *)pwin);
	311	w->w_pwin = NULL;
	312	+#ifdef TIOCPKT
	313	+ {
	314	+ int flag = 1;
	315	+
	316	+ if (ioctl(w->w_ptyfd, TIOCPKT, (char *)&flag))
	317	+ Msg(errno, "TIOCPKT reset on parent failed");
	318	+ }
	319	+#endif /* TIOCPKT */
	320	}
	321
	322	#endif /* PSEUDOS */
80ed737a	323	--- screen-3.9.9.orig/tty.sh
	324	+++ screen-3.9.9/tty.sh
	325	@@ -788,7 +788,7 @@
	326	{
	327	#if defined(POSIX) && !defined(ultrix)
	328	setsid(); /* will break terminal affiliation */
	329	-# if defined(BSD) && defined(TIOCSCTTY)
	330	+# if defined(BSD) && defined(TIOCSCTTY) && !defined(__GNU__)
	331	ioctl(fd, TIOCSCTTY, (char *)0);
	332	# endif /* BSD && TIOCSCTTY */
	333	#else /* POSIX */
	334	--- screen-3.9.9.orig/process.c
	335	+++ screen-3.9.9/process.c
	336	@@ -2019,7 +2019,7 @@
	337	#ifdef COPY_PASTE
	338	case RC_BUFFERFILE:
	339	if (*args == 0)
	340	- BufferFile = SaveStr(DEFAULT_BUFFERFILE);
	341	+ BufferFile = SaveStr(bufferfile);
	342	else if (ParseSaveStr(act, &BufferFile))
	343	break;
	344	if (msgok)
	345	--- screen-3.9.9.orig/attacher.c
	346	+++ screen-3.9.9/attacher.c
	347	@@ -33,6 +33,10 @@
	348	#include "screen.h"
	349	#include "extern.h"
	350
	351	+#ifdef USE_PAM
	352	+#include <security/pam_appl.h>
	353	+#endif /* USE_PAM */
	354	+
	355	#include <pwd.h>
	356
	357	static sigret_t AttacherSigInt __P(SIGPROTOARG);
	358	@@ -70,6 +74,10 @@
	359	# endif
	360	#endif
	361
	362	+#ifdef USE_PAM
	363	+static char *PAM_password;
	364	+static char *PAM_name;
	365	+#endif
	366
	367	#ifdef MULTIUSER
	368	static int ContinuePlease;
	369	@@ -720,14 +728,67 @@
	370	}
	371	} /* LockTerminal */
	372
	373	+#ifdef USE_PAM
	374	+static int PAM_conv (int num_msg,
	375	+ const struct pam_message **msg,
	376	+ struct pam_response **resp,
	377	+ void *appdata_ptr) {
	378	+ int replies = 0;
	379	+ struct pam_response *reply = NULL;
	380	+
	381	+ reply = malloc(sizeof(struct pam_response)*num_msg);
	382	+ if (!reply) return PAM_CONV_ERR;
	383	+ #define COPY_STRING(s) (s) ? strdup(s) : NULL
	384	+
	385	+ for (replies = 0; replies < num_msg; replies++) {
	386	+ switch (msg[replies]->msg_style) {
387	+ case PAM_PROMPT_ECHO_OFF:
388	+ /* wants password */
389	+ reply[replies].resp_retcode = PAM_SUCCESS;
390	+ reply[replies].resp = COPY_STRING(PAM_password);
391	+ break;
392	+ case PAM_TEXT_INFO:
393	+ /* ignore the informational mesage */
394	+ /* but first clear out any drek left by malloc */
395	+ reply[replies].resp = NULL;
396	+ break;
397	+ case PAM_PROMPT_ECHO_ON:
398	+ /* user name given to PAM already */
399	+ /* fall through */
400	+ default:
401	+ /* unknown or PAM_ERROR_MSG */
402	+ free (reply);
403	+ return PAM_CONV_ERR;
404	+ }
405	+ }
406	+ *resp = reply;
407	+ return PAM_SUCCESS;
408	+}
409	+
410	+static struct pam_conv PAM_conversation = {
411	+ &PAM_conv,
412	+ NULL
413	+};
414	+#endif
415	+
416	+
417	/* -- original copyright by Luigi Cannelloni 1985 (luigi@faui70.UUCP) -- */
418	static void
419	screen_builtin_lck()
420	{
421	char fullname[100], *cp1, message[100 + 100];
422	- char *pass, mypass[9];
423	+ char *pass;
424	+#ifdef USE_PAM
425	+ int pam_error;
426	+ pam_handle_t *pamh = NULL;
427	+#else
428	+ char mypass[9];
429	+#endif /* USE_PAM */
430
431	pass = ppp->pw_passwd;
432	+
433	+#ifndef USE_PAM
434	+ /* if we're using PAM this will evaluate to true. which we don't want. */
435	if (pass == 0 \|\| *pass == 0)
436	{
437	if ((pass = getpass("Key: ")))
438	@@ -754,6 +815,7 @@
439	}
440	pass = 0;
441	}
442	+#endif /* USE_PAM */
443
444	debug("screen_builtin_lck looking in gcos field\n");
445	strncpy(fullname, ppp->pw_gecos, sizeof(fullname) - 9);
446	@@ -782,6 +844,22 @@
447	AttacherFinit(SIGARG);
448	/* NOTREACHED */
449	}
450	+#ifdef USE_PAM
451	+ PAM_password=cp1;
452	+ PAM_name=ppp->pw_name;
453	+
454	+ pam_error = pam_start("screen", PAM_name, &PAM_conversation, &pamh);
455	+
456	+ if (pam_error == PAM_SUCCESS) {
457	+ pam_error = pam_authenticate(pamh, 0);
458	+ pam_end(pamh, PAM_SUCCESS);
459	+ if (pam_error == PAM_SUCCESS) {
460	+ memset(cp1,0,strlen(cp1));
461	+ PAM_password = NULL;
462	+ break;
463	+ }
464	+ }
465	+#else
466	if (pass)
467	{
468	if (!strncmp(crypt(cp1, pass), pass, strlen(pass)))
469	@@ -792,6 +870,7 @@
470	if (!strcmp(cp1, mypass))
471	break;
472	}
473	+#endif /* USE_PAM */
474	debug("screen_builtin_lck: NO!!!!!\n");
475	}
476	debug("password ok.\n");