Submitted By: DJ Lucas Date: 2006-04-23 Initial Package Version: 1.1rc4 Origin: Thorsten Happel See http://archive.linuxfromscratch.org/mail-archives/blfs-dev/2005-November/012106.html Description: This patch removes the need for PAM headers by removing the functions that use PAM. Updated for 2.0.2. Upstream Status: Not Required --- OOB680_m5-orig/sal/osl/unx/security.c 2005-09-08 17:00:23.000000000 +0200 +++ OOB680_m5/sal/osl/unx/security.c 2005-10-16 22:34:49.000000000 +0200 @@ -111,8 +111,6 @@ * */ -#include - typedef struct { char* name; char* password; @@ -121,10 +119,10 @@ typedef struct { int (*pam_start)(const char *service_name, const char *user, const struct pam_conv *pam_conversation, - pam_handle_t **pamh); - int (*pam_end) (pam_handle_t *pamh, int pam_status); - int (*pam_authenticate) (pam_handle_t *pamh, int flags); - int (*pam_acct_mgmt) (pam_handle_t *pamh, int flags); + void **pamh); + int (*pam_end) (void *pamh, int pam_status); + int (*pam_authenticate) (void *pamh, int flags); + int (*pam_acct_mgmt) (void *pamh, int flags); } sal_PamModule; /* @@ -142,69 +140,7 @@ osl_PamConversation (int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr) { - int i; - sal_Bool error; - sal_PamData *pam_data; - struct pam_response *p_reply; - - /* resource initialization */ - pam_data = (sal_PamData*) appdata_ptr; - p_reply = (struct pam_response *) calloc( num_msg, - sizeof(struct pam_response)); - if ( p_reply == NULL || pam_data == NULL ) - { - if ( p_reply != NULL ) - free ( p_reply ); - *response = NULL; - return PAM_CONV_ERR; - } - - /* pseudo dialog */ - error = sal_False; - for ( i = 0; i < num_msg ; i++ ) - { - switch ( msgm[ i ]->msg_style ) - { - case PAM_PROMPT_ECHO_OFF: - p_reply[ i ].resp_retcode = 0; - p_reply[ i ].resp = strdup( pam_data->password ); - break; - case PAM_PROMPT_ECHO_ON: - p_reply[ i ].resp_retcode = 0; - p_reply[ i ].resp = strdup( pam_data->name ); - break; - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - case PAM_BINARY_PROMPT: - case PAM_BINARY_MSG: - p_reply[ i ].resp_retcode = 0; - p_reply[ i ].resp = NULL; - break; - default: - error = sal_True; - break; - } - } - - /* free resources on error */ - if ( error ) - { - for ( i = 0; i < num_msg ; i++ ) - if ( p_reply[ i ].resp ) - { - memset ( p_reply[ i ].resp, 0, - strlen( p_reply[ i ].resp ) ); - free ( p_reply[ i ].resp ); - } - free ( p_reply ); - - *response = NULL; - return PAM_CONV_ERR; - } - - /* well done */ - *response = p_reply; - return PAM_SUCCESS; + return -1; } #ifndef PAM_LINK @@ -218,45 +154,6 @@ static sal_PamModule* osl_getPAM() { static sal_PamModule *pam_module = NULL; - static sal_Bool load_once = sal_False; - - if ( !load_once ) - { - /* get library-handle. cannot use osl-module, since - RTLD_GLOBAL is required for PAM-0.64 RH 5.2 - (but not for PAM-0.66 RH 6.0) */ - void *pam_hdl; - - pam_hdl = dlopen( "libpam.so.0", RTLD_GLOBAL | RTLD_LAZY ); - - if ( pam_hdl != NULL ) - pam_module = (sal_PamModule*)calloc( 1, sizeof(sal_PamModule) ); - - /* load functions */ - if ( pam_module != NULL ) - { - pam_module->pam_acct_mgmt = (int (*)(pam_handle_t *, int)) dlsym ( pam_hdl, "pam_acct_mgmt" ); - pam_module->pam_authenticate - = (int (*)(pam_handle_t *, int)) dlsym ( pam_hdl, "pam_authenticate" ); - pam_module->pam_end = (int (*)(pam_handle_t *, int)) dlsym ( pam_hdl, "pam_end" ); - pam_module->pam_start = (int (*)(const char *, const char *, const struct pam_conv *, pam_handle_t **)) dlsym ( pam_hdl, "pam_start" ); - - /* free resources, if not completely successful */ - if ( (pam_module->pam_start == NULL) - || (pam_module->pam_end == NULL) - || (pam_module->pam_authenticate == NULL) - || (pam_module->pam_acct_mgmt == NULL) ) - { - free( pam_module ); - pam_module = NULL; - dlclose( pam_hdl ); - } - } - - /* never try again */ - load_once = sal_True; - } - return pam_module; } #endif @@ -269,53 +166,6 @@ osl_PamAuthentification( const sal_Char* name, const sal_Char* password ) { sal_Bool success = sal_False; - -#ifndef PAM_LINK - sal_PamModule* pam_module; - - pam_module = osl_getPAM(); - if ( pam_module != NULL ) - { -#endif - pam_handle_t *pam_handle = NULL; - struct pam_conv pam_conversation; - sal_PamData pam_data; - - int return_value; - - pam_data.name = (char*) name; - pam_data.password = (char*) password; - - pam_conversation.conv = osl_PamConversation; - pam_conversation.appdata_ptr = (void*)(&pam_data); - -#ifndef PAM_LINK - return_value = pam_module->pam_start( "su", name, - &pam_conversation, &pam_handle); -#else - return_value = pam_start( "su", name, - &pam_conversation, &pam_handle); -#endif - if (return_value == PAM_SUCCESS ) -#ifndef PAM_LINK - return_value = pam_module->pam_authenticate(pam_handle, 0); -#else - return_value = pam_authenticate(pam_handle, 0); -#endif - if (return_value == PAM_SUCCESS ) -#ifndef PAM_LINK - return_value = pam_module->pam_acct_mgmt(pam_handle, 0); - pam_module->pam_end( pam_handle, return_value ); -#else - return_value = pam_acct_mgmt(pam_handle, 0); - pam_end( pam_handle, return_value ); -#endif - - success = (sal_Bool)(return_value == PAM_SUCCESS); -#ifndef PAM_LINK - } -#endif - return success; } --- OOB680_m5-orig/config_office/configure.in 2006-04-23 09:59:31.000000000 -0500 +++ OOB680_m5/config_office/configure.in 2006-04-23 10:01:28.000000000 -0500 @@ -1377,23 +1377,6 @@ [AC_MSG_ERROR([cups/cups.h could not be found. libcupsys2-dev or cups???-devel missing?])], []) fi -dnl =================================================================== -dnl Check if PAM/pam_appl.h is available on Linux or FreeBSD -dnl =================================================================== -if test "$_os" = "Linux" -o "$_os" = "FreeBSD" -o "$_os" = "GNU"; then - AC_CHECK_HEADER(security/pam_appl.h, [], - [AC_MSG_ERROR([pam_appl.h could not be found. libpam-dev or pam-devel missing?])], []) - AC_MSG_CHECKING([whether to link to libpam]) - if test -n "$enable_pam_link"; then - AC_MSG_RESULT([yes]) - PAM_LINK=YES - AC_CHECK_LIB(pam, pam_start, [], - [AC_MSG_ERROR(libpam not found or functional)], []) - else - AC_MSG_RESULT([no, dynamically open it]) - PAM_LINK=NO - fi -fi AC_SUBST(PAM_LINK) if test "$_os" = "Linux"; then