diff options
Diffstat (limited to 'community-testing/dbmail/dbmail-2.2.10-pam-support.patch')
| -rw-r--r-- | community-testing/dbmail/dbmail-2.2.10-pam-support.patch | 251 |
1 files changed, 0 insertions, 251 deletions
diff --git a/community-testing/dbmail/dbmail-2.2.10-pam-support.patch b/community-testing/dbmail/dbmail-2.2.10-pam-support.patch deleted file mode 100644 index 805a7f609..000000000 --- a/community-testing/dbmail/dbmail-2.2.10-pam-support.patch +++ /dev/null @@ -1,251 +0,0 @@ -diff -wbBur dbmail-2.2.10/configure.in dbmail-2.2.10.pam/configure.in ---- dbmail-2.2.10/configure.in 2008-03-24 17:49:33.000000000 +0300 -+++ dbmail-2.2.10.pam/configure.in 2008-09-18 16:43:04.000000000 +0400 -@@ -78,6 +78,13 @@ - - AC_SUBST(CRYPTLIB) - -+dnl Check for PAM -+AC_SUBST(PAMLIBS,"") -+AC_CHECK_HEADERS(security/pam_appl.h, -+ [AC_CHECK_LIB(pam,pam_start, -+ [AC_DEFINE(HAVE_PAM,1,[Define if you have PAN including devel headers]) -+ PAMLIBS="-lpam"],,)]) -+ - AC_SUBST(MYSQLLIB) - AC_SUBST(MYSQLALIB) - AC_SUBST(MYSQLLTLIB) -diff -wbBur dbmail-2.2.10/dbmail-user.c dbmail-2.2.10.pam/dbmail-user.c ---- dbmail-2.2.10/dbmail-user.c 2008-03-24 17:49:33.000000000 +0300 -+++ dbmail-2.2.10.pam/dbmail-user.c 2008-09-18 16:43:04.000000000 +0400 -@@ -157,7 +157,7 @@ - "md5", "md5-raw", "md5sum", "md5sum-raw", - "md5-hash", "md5-hash-raw", "md5-digest", "md5-digest-raw", - "md5-base64", "md5-base64-raw", "md5base64", "md5base64-raw", -- "shadow", "", NULL -+ "shadow", "pam", "", NULL - }; - - /* These must correspond to the easy text names. */ -@@ -166,7 +166,7 @@ - MD5_HASH, MD5_HASH_RAW, MD5_DIGEST, MD5_DIGEST_RAW, - MD5_HASH, MD5_HASH_RAW, MD5_DIGEST, MD5_DIGEST_RAW, - MD5_BASE64, MD5_BASE64_RAW, MD5_BASE64, MD5_BASE64_RAW, -- SHADOW, PLAINTEXT, PWTYPE_NULL -+ SHADOW, PWTYPE_PAM, PLAINTEXT, PWTYPE_NULL - }; - - memset(pw, 0, 50); -@@ -251,6 +251,12 @@ - *enctype = "crypt"; - } - break; -+#ifdef HAVE_PAM -+ case PWTYPE_PAM: -+ null_strncpy(pw, passwd, 49); -+ *enctype = "pam"; -+ break; -+#endif - default: - qerrorf("Error: password type not supported [%s].\n", - passwdtype); -diff -wbBur dbmail-2.2.10/dbmail-user.h dbmail-2.2.10.pam/dbmail-user.h ---- dbmail-2.2.10/dbmail-user.h 2008-03-24 17:49:33.000000000 +0300 -+++ dbmail-2.2.10.pam/dbmail-user.h 2008-09-18 16:43:04.000000000 +0400 -@@ -34,7 +34,7 @@ - typedef enum { - PLAINTEXT = 0, PLAINTEXT_RAW, CRYPT, CRYPT_RAW, - MD5_HASH, MD5_HASH_RAW, MD5_DIGEST, MD5_DIGEST_RAW, -- MD5_BASE64, MD5_BASE64_RAW, SHADOW, PWTYPE_NULL -+ MD5_BASE64, MD5_BASE64_RAW, SHADOW, PWTYPE_PAM, PWTYPE_NULL - } pwtype_t; - - int mkpassword(const char * const user, const char * const passwd, -diff -wbBur dbmail-2.2.10/modules/authsql.c dbmail-2.2.10.pam/modules/authsql.c ---- dbmail-2.2.10/modules/authsql.c 2008-03-24 17:49:33.000000000 +0300 -+++ dbmail-2.2.10.pam/modules/authsql.c 2008-09-18 16:43:04.000000000 +0400 -@@ -27,6 +27,19 @@ - #include "dbmail.h" - #define THIS_MODULE "auth" - -+#ifdef HAVE_PAM -+#include <security/pam_appl.h> -+ -+#ifndef DEFAULT_DBMAIL_PAM_SERVICE -+#define DEFAULT_DBMAIL_PAM_SERVICE "dbmail" -+#endif -+ -+#ifndef DEFAULT_DBMAIL_PAM_TTL -+#define DEFAULT_DBMAIL_PAM_TTL 60 -+#endif -+ -+#endif -+ - extern db_param_t _db_params; - #define DBPFX _db_params.pfx - -@@ -49,17 +62,80 @@ - */ - static int __auth_query(const char *thequery); - -+#ifdef HAVE_PAM -+ -+static char *pam_password = NULL; /* Workaround for Solaris 2.6 brokenness */ -+static pam_handle_t *pamh = NULL; -+static int pam_ttl = DEFAULT_DBMAIL_PAM_TTL; -+static char *pam_service = DEFAULT_DBMAIL_PAM_SERVICE; -+static time_t pamh_created = 0; -+/* -+ * A simple "conversation" function returning the supplied password. -+ * Has a bit to much error control, but this is my first PAM application -+ * so I'd rather check everything than make any mistakes. The function -+ * expects a single converstation message of type PAM_PROMPT_ECHO_OFF. -+ */ -+static int -+password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) -+{ -+ if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) { -+ TRACE(TRACE_ERROR, "Unexpected PAM converstaion '%d/%s'", msg[0]->msg_style, msg[0]->msg); -+ return PAM_CONV_ERR; -+ } -+ if (!appdata_ptr) { -+ /* Workaround for Solaris 2.6 where the PAM library is broken -+ * and does not pass appdata_ptr to the conversation routine -+ */ -+ appdata_ptr = pam_password; -+ } -+ if (!appdata_ptr) { -+ TRACE(TRACE_ERROR, "ERROR: No password available to password_converstation!"); -+ return PAM_CONV_ERR; -+ } -+ *resp = calloc(num_msg, sizeof(struct pam_response)); -+ if (!*resp) { -+ TRACE(TRACE_ERROR, "Out of memory!"); -+ return PAM_CONV_ERR; -+ } -+ (*resp)[0].resp = strdup((char *) appdata_ptr); -+ (*resp)[0].resp_retcode = 0; -+ -+ return ((*resp)[0].resp ? PAM_SUCCESS : PAM_CONV_ERR); -+} -+ -+static struct pam_conv conv = -+{ -+ &password_conversation, -+ NULL -+}; -+ -+#endif -+ -+ - int auth_connect() - { - /* this function is only called after a connection has been made - * if, in the future this is not the case, db.h should export a - * function that enables checking for the database connection - */ -+#ifdef HAVE_PAM -+ -+#endif - return 0; - } - - int auth_disconnect() - { -+#ifdef HAVE_PAM -+ int retval=PAM_SUCCESS; -+ if (pamh) { -+ retval = pam_end(pamh, retval); -+ if (retval != PAM_SUCCESS) { -+ pamh = NULL; -+ TRACE(TRACE_ERROR, "failed to release PAM authenticator"); -+ } -+ } -+#endif - return 0; - } - -@@ -458,7 +534,71 @@ - is_validated = (strncmp(md5str, query_result, 32) == 0) ? 1 : 0; - g_free(md5str); - } -+#ifdef HAVE_PAM -+ else if (strcasecmp(query_result, "pam") == 0) { -+ int retval=0; -+ TRACE(TRACE_DEBUG, "validating using pam for user [%s] pass:[%s]",real_username,password); -+ conv.appdata_ptr = (char *) password; -+ pam_password= password; -+ if (pam_ttl == 0) { -+ /* Create PAM connection */ -+ retval = pam_start(pam_service, real_username, &conv, &pamh); -+ if (retval != PAM_SUCCESS) { -+ TRACE(TRACE_ERROR, "failed to create PAM authenticator"); -+ goto pam_error; -+ } -+ } else if (!pamh || (time(NULL) - pamh_created) >= pam_ttl || pamh_created > time(NULL)) { -+ /* Close previous PAM connection */ -+ if (pamh) { -+ retval = pam_end(pamh, retval); -+ if (retval != PAM_SUCCESS) { -+ TRACE(TRACE_WARNING, "failed to release PAM authenticator"); -+ } -+ pamh = NULL; -+ } -+ /* Initialize persistent PAM connection */ -+ retval = pam_start(pam_service, "dbmail@", &conv, &pamh); -+ if (retval != PAM_SUCCESS) { -+ TRACE(TRACE_ERROR, "failed to create PAM authenticator"); -+ goto pam_error; -+ } -+ pamh_created = time(NULL); -+ } -+ retval = PAM_SUCCESS; -+ if (pam_ttl != 0) { -+ if (retval == PAM_SUCCESS) -+ retval = pam_set_item(pamh, PAM_USER, real_username); -+ if (retval == PAM_SUCCESS) -+ retval = pam_set_item(pamh, PAM_CONV, &conv); -+ } -+ if (retval == PAM_SUCCESS) -+ retval = pam_authenticate(pamh, 0); -+ if (retval == PAM_SUCCESS ) //&& !no_acct_mgmt -+ retval = pam_acct_mgmt(pamh, 0); -+ if (retval == PAM_SUCCESS) { -+ is_validated=1; -+ } else { -+pam_error: -+ is_validated=0; -+ } -+ /* cleanup */ -+ retval = PAM_SUCCESS; -+#ifdef PAM_AUTHTOK -+ if (pam_ttl != 0) { -+ if (retval == PAM_SUCCESS) -+ retval = pam_set_item(pamh, PAM_AUTHTOK, NULL); -+ } -+#endif -+ if (pam_ttl == 0 || retval != PAM_SUCCESS) { -+ retval = pam_end(pamh, retval); -+ if (retval != PAM_SUCCESS) { -+ TRACE(TRACE_WARNING, "failed to release PAM authenticator\n"); -+ } -+ pamh = NULL; -+ } - -+ } -+#endif - if (is_validated) { - db_user_log_login(*user_idnr); - } else { -diff -wbBur dbmail-2.2.10/modules/Makefile.am dbmail-2.2.10.pam/modules/Makefile.am ---- dbmail-2.2.10/modules/Makefile.am 2008-03-24 17:49:33.000000000 +0300 -+++ dbmail-2.2.10.pam/modules/Makefile.am 2008-09-18 16:44:53.000000000 +0400 -@@ -60,7 +60,7 @@ - - # This one is always built. - libauth_sql_la_SOURCES = authsql.c --libauth_sql_la_LIBADD = @CRYPTLIB@ -+libauth_sql_la_LIBADD = @CRYPTLIB@ @PAMLIBS@ - - if LDAP - libauth_ldap_la_SOURCES = authldap.c |