Date: Thursday, September 5, 2013 @ 19:24:38
Author: spupykin
Revision: 96800
clean up
Deleted:
dbmail/trunk/dbmail-2.2.10-pam-support.patch
---------------------------------+
dbmail-2.2.10-pam-support.patch | 251 --------------------------------------
1 file changed, 251 deletions(-)
Deleted: dbmail-2.2.10-pam-support.patch
===================================================================
--- dbmail-2.2.10-pam-support.patch 2013-09-05 17:24:24 UTC (rev 96799)
+++ dbmail-2.2.10-pam-support.patch 2013-09-05 17:24:38 UTC (rev 96800)
@@ -1,251 +0,0 @@
-diff -wbBur dbmail-2.2.10/configure.in dbmail-2.2.10.pam/configure.in
---- dbmail-2.2.10/configure.in 2008-03-24 17:49:33.000000000 +0300
-+++ dbmail-2.2.10.pam/configure.in 2008-09-18 16:43:04.000000000 +0400
-@@ -78,6 +78,13 @@
-
- AC_SUBST(CRYPTLIB)
-
-+dnl Check for PAM
-+AC_SUBST(PAMLIBS,"")
-+AC_CHECK_HEADERS(security/pam_appl.h,
-+ [AC_CHECK_LIB(pam,pam_start,
-+ [AC_DEFINE(HAVE_PAM,1,[Define if you have PAN including devel headers])
-+ PAMLIBS="-lpam"],,)])
-+
- AC_SUBST(MYSQLLIB)
- AC_SUBST(MYSQLALIB)
- AC_SUBST(MYSQLLTLIB)
-diff -wbBur dbmail-2.2.10/dbmail-user.c dbmail-2.2.10.pam/dbmail-user.c
---- dbmail-2.2.10/dbmail-user.c 2008-03-24 17:49:33.000000000 +0300
-+++ dbmail-2.2.10.pam/dbmail-user.c 2008-09-18 16:43:04.000000000 +0400
-@@ -157,7 +157,7 @@
- "md5", "md5-raw", "md5sum",
"md5sum-raw",
- "md5-hash", "md5-hash-raw", "md5-digest",
"md5-digest-raw",
- "md5-base64", "md5-base64-raw", "md5base64",
"md5base64-raw",
-- "shadow", "", NULL
-+ "shadow", "pam", "", NULL
- };
-
- /* These must correspond to the easy text names. */
-@@ -166,7 +166,7 @@
- MD5_HASH, MD5_HASH_RAW, MD5_DIGEST,
MD5_DIGEST_RAW,
- MD5_HASH, MD5_HASH_RAW, MD5_DIGEST,
MD5_DIGEST_RAW,
- MD5_BASE64, MD5_BASE64_RAW, MD5_BASE64,
MD5_BASE64_RAW,
-- SHADOW, PLAINTEXT, PWTYPE_NULL
-+ SHADOW, PWTYPE_PAM, PLAINTEXT,
PWTYPE_NULL
- };
-
- memset(pw, 0, 50);
-@@ -251,6 +251,12 @@
- *enctype = "crypt";
- }
- break;
-+#ifdef HAVE_PAM
-+ case PWTYPE_PAM:
-+ null_strncpy(pw, passwd, 49);
-+ *enctype = "pam";
-+ break;
-+#endif
- default:
- qerrorf("Error: password type not supported [%s].\n",
- passwdtype);
-diff -wbBur dbmail-2.2.10/dbmail-user.h dbmail-2.2.10.pam/dbmail-user.h
---- dbmail-2.2.10/dbmail-user.h 2008-03-24 17:49:33.000000000 +0300
-+++ dbmail-2.2.10.pam/dbmail-user.h 2008-09-18 16:43:04.000000000 +0400
-@@ -34,7 +34,7 @@
- typedef enum {
- PLAINTEXT = 0, PLAINTEXT_RAW, CRYPT, CRYPT_RAW,
- MD5_HASH, MD5_HASH_RAW, MD5_DIGEST, MD5_DIGEST_RAW,
-- MD5_BASE64, MD5_BASE64_RAW, SHADOW, PWTYPE_NULL
-+ MD5_BASE64, MD5_BASE64_RAW, SHADOW, PWTYPE_PAM, PWTYPE_NULL
- } pwtype_t;
-
- int mkpassword(const char * const user, const char * const passwd,
-diff -wbBur dbmail-2.2.10/modules/authsql.c dbmail-2.2.10.pam/modules/authsql.c
---- dbmail-2.2.10/modules/authsql.c 2008-03-24 17:49:33.000000000 +0300
-+++ dbmail-2.2.10.pam/modules/authsql.c 2008-09-18 16:43:04.000000000
+0400
-@@ -27,6 +27,19 @@
- #include "dbmail.h"
- #define THIS_MODULE "auth"
-
-+#ifdef HAVE_PAM
-+#include <security/pam_appl.h>
-+
-+#ifndef DEFAULT_DBMAIL_PAM_SERVICE
-+#define DEFAULT_DBMAIL_PAM_SERVICE "dbmail"
-+#endif
-+
-+#ifndef DEFAULT_DBMAIL_PAM_TTL
-+#define DEFAULT_DBMAIL_PAM_TTL 60
-+#endif
-+
-+#endif
-+
- extern db_param_t _db_params;
- #define DBPFX _db_params.pfx
-
-@@ -49,17 +62,80 @@
- */
- static int __auth_query(const char *thequery);
-
-+#ifdef HAVE_PAM
-+
-+static char *pam_password = NULL; /* Workaround for Solaris 2.6
brokenness */
-+static pam_handle_t *pamh = NULL;
-+static int pam_ttl = DEFAULT_DBMAIL_PAM_TTL;
-+static char *pam_service = DEFAULT_DBMAIL_PAM_SERVICE;
-+static time_t pamh_created = 0;
-+/*
-+ * A simple "conversation" function returning the supplied password.
-+ * Has a bit to much error control, but this is my first PAM application
-+ * so I'd rather check everything than make any mistakes. The function
-+ * expects a single converstation message of type PAM_PROMPT_ECHO_OFF.
-+ */
-+static int
-+password_conversation(int num_msg, const struct pam_message **msg, struct
pam_response **resp, void *appdata_ptr)
-+{
-+ if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) {
-+ TRACE(TRACE_ERROR, "Unexpected PAM converstaion '%d/%s'",
msg[0]->msg_style, msg[0]->msg);
-+ return PAM_CONV_ERR;
-+ }
-+ if (!appdata_ptr) {
-+ /* Workaround for Solaris 2.6 where the PAM library is broken
-+ * and does not pass appdata_ptr to the conversation routine
-+ */
-+ appdata_ptr = pam_password;
-+ }
-+ if (!appdata_ptr) {
-+ TRACE(TRACE_ERROR, "ERROR: No password available to
password_converstation!");
-+ return PAM_CONV_ERR;
-+ }
-+ *resp = calloc(num_msg, sizeof(struct pam_response));
-+ if (!*resp) {
-+ TRACE(TRACE_ERROR, "Out of memory!");
-+ return PAM_CONV_ERR;
-+ }
-+ (*resp)[0].resp = strdup((char *) appdata_ptr);
-+ (*resp)[0].resp_retcode = 0;
-+
-+ return ((*resp)[0].resp ? PAM_SUCCESS : PAM_CONV_ERR);
-+}
-+
-+static struct pam_conv conv =
-+{
-+ &password_conversation,
-+ NULL
-+};
-+
-+#endif
-+
-+
- int auth_connect()
- {
- /* this function is only called after a connection has been made
- * if, in the future this is not the case, db.h should export a
- * function that enables checking for the database connection
- */
-+#ifdef HAVE_PAM
-+
-+#endif
- return 0;
- }
-
- int auth_disconnect()
- {
-+#ifdef HAVE_PAM
-+ int retval=PAM_SUCCESS;
-+ if (pamh) {
-+ retval = pam_end(pamh, retval);
-+ if (retval != PAM_SUCCESS) {
-+ pamh = NULL;
-+ TRACE(TRACE_ERROR, "failed to release PAM authenticator");
-+ }
-+ }
-+#endif
- return 0;
- }
-
-@@ -458,7 +534,71 @@
- is_validated = (strncmp(md5str, query_result, 32) == 0) ? 1 : 0;
- g_free(md5str);
- }
-+#ifdef HAVE_PAM
-+ else if (strcasecmp(query_result, "pam") == 0) {
-+ int retval=0;
-+ TRACE(TRACE_DEBUG, "validating using pam for user [%s]
pass:[%s]",real_username,password);
-+ conv.appdata_ptr = (char *) password;
-+ pam_password= password;
-+ if (pam_ttl == 0) {
-+ /* Create PAM connection */
-+ retval = pam_start(pam_service, real_username, &conv, &pamh);
-+ if (retval != PAM_SUCCESS) {
-+ TRACE(TRACE_ERROR, "failed to create PAM
authenticator");
-+ goto pam_error;
-+ }
-+ } else if (!pamh || (time(NULL) - pamh_created) >= pam_ttl ||
pamh_created > time(NULL)) {
-+ /* Close previous PAM connection */
-+ if (pamh) {
-+ retval = pam_end(pamh, retval);
-+ if (retval != PAM_SUCCESS) {
-+ TRACE(TRACE_WARNING, "failed to release PAM
authenticator");
-+ }
-+ pamh = NULL;
-+ }
-+ /* Initialize persistent PAM connection */
-+ retval = pam_start(pam_service, "dbmail@", &conv, &pamh);
-+ if (retval != PAM_SUCCESS) {
-+ TRACE(TRACE_ERROR, "failed to create PAM
authenticator");
-+ goto pam_error;
-+ }
-+ pamh_created = time(NULL);
-+ }
-+ retval = PAM_SUCCESS;
-+ if (pam_ttl != 0) {
-+ if (retval == PAM_SUCCESS)
-+ retval = pam_set_item(pamh, PAM_USER,
real_username);
-+ if (retval == PAM_SUCCESS)
-+ retval = pam_set_item(pamh, PAM_CONV, &conv);
-+ }
-+ if (retval == PAM_SUCCESS)
-+ retval = pam_authenticate(pamh, 0);
-+ if (retval == PAM_SUCCESS ) //&& !no_acct_mgmt
-+ retval = pam_acct_mgmt(pamh, 0);
-+ if (retval == PAM_SUCCESS) {
-+ is_validated=1;
-+ } else {
-+pam_error:
-+ is_validated=0;
-+ }
-+ /* cleanup */
-+ retval = PAM_SUCCESS;
-+#ifdef PAM_AUTHTOK
-+ if (pam_ttl != 0) {
-+ if (retval == PAM_SUCCESS)
-+ retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
-+ }
-+#endif
-+ if (pam_ttl == 0 || retval != PAM_SUCCESS) {
-+ retval = pam_end(pamh, retval);
-+ if (retval != PAM_SUCCESS) {
-+ TRACE(TRACE_WARNING, "failed to release PAM
authenticator\n");
-+ }
-+ pamh = NULL;
-+ }
-
-+ }
-+#endif
- if (is_validated) {
- db_user_log_login(*user_idnr);
- } else {
-diff -wbBur dbmail-2.2.10/modules/Makefile.am
dbmail-2.2.10.pam/modules/Makefile.am
---- dbmail-2.2.10/modules/Makefile.am 2008-03-24 17:49:33.000000000 +0300
-+++ dbmail-2.2.10.pam/modules/Makefile.am 2008-09-18 16:44:53.000000000
+0400
-@@ -60,7 +60,7 @@
-
- # This one is always built.
- libauth_sql_la_SOURCES = authsql.c
--libauth_sql_la_LIBADD = @CRYPTLIB@
-+libauth_sql_la_LIBADD = @CRYPTLIB@ @PAMLIBS@
-
- if LDAP
- libauth_ldap_la_SOURCES = authldap.c
