* [gentoo-commits] gentoo-x86 commit in sys-libs/pam/files: Linux-PAM-1.1.3-nis.patch
@ 2011-06-13 23:40 Diego Petteno (flameeyes)
0 siblings, 0 replies; 3+ messages in thread
From: Diego Petteno (flameeyes) @ 2011-06-13 23:40 UTC (permalink / raw
To: gentoo-commits
flameeyes 11/06/13 23:40:02
Added: Linux-PAM-1.1.3-nis.patch
Log:
Patch Linux-PAM to implement --disable-nis; wire it to the nis USE flag (disabled by default), and make sure that if using glibc, either libtirpc (preferred) or an older glibc is used with that USE flag; note that selinux support seems to require rpc support as well (needs to be tested, forcing the requirement to avoid breaking setup for now).
(Portage version: 2.2.0_alpha40/cvs/Linux x86_64)
Revision Changes Path
1.1 sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch?rev=1.1&content-type=text/plain
Index: Linux-PAM-1.1.3-nis.patch
===================================================================
Index: Linux-PAM-1.1.3/configure.in
===================================================================
--- Linux-PAM-1.1.3.orig/configure.in
+++ Linux-PAM-1.1.3/configure.in
@@ -441,12 +441,39 @@ fi
AC_SUBST(LIBDB)
AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
-AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
-BACKUP_LIBS=$LIBS
-LIBS="$LIBS $LIBNSL"
-AC_CHECK_FUNCS(yp_get_default_domain getdomainname innetgr yperr_string yp_master yp_bind yp_match yp_unbind)
-LIBS=$BACKUP_LIBS
-AC_SUBST(LIBNSL)
+AC_ARG_ENABLE([nis],
+ AS_HELP_STRING([-disable-nis], [Disable building NIS/YP support in pam_unix and pam_access]))
+
+AS_IF([test "x$enable_nis" != "xno"], [
+ CFLAGS=$old_CFLAGS
+ LIBS=$old_LIBS
+
+ dnl if there's libtirpc available, prefer that over the system
+ dnl implementation.
+ PKG_CHECK_MODULES([libtirpc], [libtirpc], [
+ CFLAGS="$CFLAGS $libtirpc_CFLAGS"
+ LIBS="$LIBS $libtirpc_LIBS"
+ ], [:;])
+
+ AC_SEARCH_LIBS([yp_get_default_domain], [nsl])
+
+ AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind])
+ AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h])
+ AC_CHECK_DECLS([getrpcport], , , [
+ #if HAVE_RPC_RPC_H
+ # include <rpc/rpc.h>
+ #endif
+ ])
+
+ NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}"
+ NIS_LIBS="${LIBS%${old_LIBS}}"
+
+ CFLAGS="$old_CFLAGS"
+ LIBS="$old_LIBS"
+])
+
+AC_SUBST([NIS_CFLAGS])
+AC_SUBST([NIS_LIBS])
AC_ARG_ENABLE([selinux],
AS_HELP_STRING([--disable-selinux],[do not use SELinux]),
@@ -471,7 +498,7 @@ dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h)
+AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
dnl For module/pam_lastlog
AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
@@ -491,11 +518,11 @@ AC_TYPE_GETGROUPS
AC_PROG_GCC_TRADITIONAL
AC_FUNC_MEMCMP
AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select)
+AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir select)
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
AC_CHECK_FUNCS(getgrouplist getline getdelim)
-AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
+AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
Index: Linux-PAM-1.1.3/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- Linux-PAM-1.1.3.orig/modules/pam_unix/pam_unix_passwd.c
+++ Linux-PAM-1.1.3/modules/pam_unix/pam_unix_passwd.c
@@ -54,13 +54,6 @@
#include <ctype.h>
#include <sys/time.h>
#include <sys/stat.h>
-#include <rpc/rpc.h>
-#ifdef HAVE_RPCSVC_YP_PROT_H
-#include <rpcsvc/yp_prot.h>
-#endif
-#ifdef HAVE_RPCSVC_YPCLNT_H
-#include <rpcsvc/ypclnt.h>
-#endif
#include <signal.h>
#include <errno.h>
@@ -76,16 +69,33 @@
#include <security/pam_ext.h>
#include <security/pam_modutil.h>
-#include "yppasswd.h"
#include "md5.h"
#include "support.h"
#include "passverify.h"
#include "bigcrypt.h"
-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
+#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER
+# define HAVE_NIS
+#endif
+
+#ifdef HAVE_NIS
+# include "yppasswd.h"
+
+# include <rpc/rpc.h>
+
+# if HAVE_RPCSVC_YP_PROT_H
+# include <rpcsvc/yp_prot.h>
+# endif
+
+# if HAVE_RPCSVC_YPCLNT_H
+# include <rpcsvc/ypclnt.h>
+# endif
+
+# if !HAVE_DECL_GETRPCPORT
extern int getrpcport(const char *host, unsigned long prognum,
unsigned long versnum, unsigned int proto);
-#endif /* GNU libc 2.1 */
+# endif /* GNU libc 2.1 */
+#endif
/*
How it works:
@@ -102,9 +112,9 @@ extern int getrpcport(const char *host,
#define MAX_PASSWD_TRIES 3
+#if HAVE_NIS
static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
{
-#if (defined(HAVE_YP_GET_DEFAULT_DOMAIN) || defined(HAVE_GETDOMAINNAME)) && defined(HAVE_YP_MASTER)
char *master;
char *domainname;
int port, err;
@@ -151,14 +161,8 @@ static char *getNISserver(pam_handle_t *
master, port);
}
return master;
-#else
- if (on(UNIX_DEBUG, ctrl)) {
- pam_syslog(pamh, LOG_DEBUG, "getNISserver: No NIS support available");
- }
-
- return NULL;
-#endif
}
+#endif
#ifdef WITH_SELINUX
@@ -326,6 +330,7 @@ static int _do_setpass(pam_handle_t* pam
}
if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
+#if HAVE_NIS
if ((master=getNISserver(pamh, ctrl)) != NULL) {
struct timeval timeout;
struct yppasswd yppwd;
@@ -391,6 +396,13 @@ static int _do_setpass(pam_handle_t* pam
} else {
retval = PAM_TRY_AGAIN;
}
+#else
+ if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_DEBUG, "No NIS support available");
+ }
+
+ retval = PAM_TRY_AGAIN;
+#endif
}
if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
Index: Linux-PAM-1.1.3/modules/pam_unix/yppasswd_xdr.c
===================================================================
--- Linux-PAM-1.1.3.orig/modules/pam_unix/yppasswd_xdr.c
+++ Linux-PAM-1.1.3/modules/pam_unix/yppasswd_xdr.c
@@ -12,6 +12,8 @@
#include "config.h"
+#ifdef HAVE_RPC_RPC_H
+
#include <rpc/rpc.h>
#include "yppasswd.h"
@@ -34,3 +36,5 @@ xdr_yppasswd(XDR * xdrs, yppasswd * objp
return xdr_string(xdrs, &objp->oldpass, ~0)
&& xdr_xpasswd(xdrs, &objp->newpw);
}
+
+#endif
Index: Linux-PAM-1.1.3/libpam/Makefile.am
===================================================================
--- Linux-PAM-1.1.3.orig/libpam/Makefile.am
+++ Linux-PAM-1.1.3/libpam/Makefile.am
@@ -25,7 +25,8 @@ libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELU
if STATIC_MODULES
libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \
- @LIBDB@ @LIBCRYPT@ @LIBNSL@ @LIBCRACK@ -lutil
+ @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil
+ AM_CFLAGS += $(NIS_CFLAGS)
endif
if HAVE_VERSIONING
libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map
Index: Linux-PAM-1.1.3/modules/pam_access/Makefile.am
===================================================================
--- Linux-PAM-1.1.3.orig/modules/pam_access/Makefile.am
+++ Linux-PAM-1.1.3/modules/pam_access/Makefile.am
@@ -15,14 +15,14 @@ securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\"
+ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
securelib_LTLIBRARIES = pam_access.la
-pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBNSL@
+pam_access_la_LIBADD = -L$(top_builddir)/libpam -lpam $(NIS_LIBS)
secureconf_DATA = access.conf
Index: Linux-PAM-1.1.3/modules/pam_unix/Makefile.am
===================================================================
--- Linux-PAM-1.1.3.orig/modules/pam_unix/Makefile.am
+++ Linux-PAM-1.1.3/modules/pam_unix/Makefile.am
@@ -18,7 +18,8 @@ secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
- -DUPDATE_HELPER=\"$(sbindir)/unix_update\"
+ -DUPDATE_HELPER=\"$(sbindir)/unix_update\" \
+ $(NIS_CFLAGS)
if HAVE_LIBSELINUX
AM_CFLAGS += -D"WITH_SELINUX"
@@ -28,7 +29,7 @@ pam_unix_la_LDFLAGS = -no-undefined -avo
if HAVE_VERSIONING
pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
-pam_unix_la_LIBADD = @LIBNSL@ -L$(top_builddir)/libpam -lpam \
+pam_unix_la_LIBADD = $(NIS_LIBS) -L$(top_builddir)/libpam -lpam \
@LIBCRYPT@ @LIBSELINUX@
securelib_LTLIBRARIES = pam_unix.la
^ permalink raw reply [flat|nested] 3+ messages in thread
* [gentoo-commits] gentoo-x86 commit in sys-libs/pam/files: Linux-PAM-1.1.3-nis.patch
@ 2011-06-14 8:24 Diego Petteno (flameeyes)
0 siblings, 0 replies; 3+ messages in thread
From: Diego Petteno (flameeyes) @ 2011-06-14 8:24 UTC (permalink / raw
To: gentoo-commits
flameeyes 11/06/14 08:24:15
Modified: Linux-PAM-1.1.3-nis.patch
Log:
Improve patch to avoid warnings and build failures with USE=nis; thanks to Justin in bug #371555.
(Portage version: 2.2.0_alpha40/cvs/Linux x86_64)
Revision Changes Path
1.2 sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch?r1=1.1&r2=1.2
Index: Linux-PAM-1.1.3-nis.patch
===================================================================
RCS file: /var/cvsroot/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.1.3-nis.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Linux-PAM-1.1.3-nis.patch 13 Jun 2011 23:40:02 -0000 1.1
+++ Linux-PAM-1.1.3-nis.patch 14 Jun 2011 08:24:14 -0000 1.2
@@ -101,12 +101,10 @@
-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
+#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER
-+# define HAVE_NIS
++# define HAVE_NIS 1
+#endif
+
+#ifdef HAVE_NIS
-+# include "yppasswd.h"
-+
+# include <rpc/rpc.h>
+
+# if HAVE_RPCSVC_YP_PROT_H
@@ -122,6 +120,8 @@
unsigned long versnum, unsigned int proto);
-#endif /* GNU libc 2.1 */
+# endif /* GNU libc 2.1 */
++
++# include "yppasswd.h"
+#endif
/*
^ permalink raw reply [flat|nested] 3+ messages in thread
* [gentoo-commits] gentoo-x86 commit in sys-libs/pam/files: Linux-PAM-1.1.3-nis.patch
@ 2011-09-02 17:20 Diego Petteno (flameeyes)
0 siblings, 0 replies; 3+ messages in thread
From: Diego Petteno (flameeyes) @ 2011-09-02 17:20 UTC (permalink / raw
To: gentoo-commits
flameeyes 11/09/02 17:20:34
Removed: Linux-PAM-1.1.3-nis.patch
Log:
Version bump; remove 1.1.3-r1 since the patch is integrated with .4 and that is going to be the stable candidate. Closes bug #381485.
(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-09-02 17:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-14 8:24 [gentoo-commits] gentoo-x86 commit in sys-libs/pam/files: Linux-PAM-1.1.3-nis.patch Diego Petteno (flameeyes)
-- strict thread matches above, loose matches on Subject: below --
2011-09-02 17:20 Diego Petteno (flameeyes)
2011-06-13 23:40 Diego Petteno (flameeyes)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox