head 1.4; access; symbols pkgsrc-2014Q1:1.3.0.90 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.88 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.86 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.84 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.82 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.80 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.78 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.76 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.74 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.72 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.70 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.68 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.66 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.64 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.62 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.60 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.58 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.56 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.54 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.52 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.50 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.48 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.46 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.44 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.42 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.40 pkgsrc-2008Q1:1.3.0.38 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.36 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.34 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.32 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.30 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.28 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.26 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.24 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.22 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.20 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.18 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.16 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.14 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.12 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.10 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.8 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.6 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.4 pkgsrc-2003Q4-base:1.3 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.2.0.8 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.2 netbsd-1-5-PATCH001:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2014.06.10.13.54.30; author joerg; state dead; branches; next 1.3; commitid Bfz6AmAQXMitTYDx; 1.3 date 2002.12.23.21.23.59; author jlam; state Exp; branches; next 1.2; 1.2 date 2002.01.29.17.10.11; author jlam; state Exp; branches; next 1.1; 1.1 date 2000.10.21.18.41.54; author rh; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.10.21.18.41.54; author rh; state Exp; branches; next ; desc @@ 1.4 log @Remove outdated security/PAM. @ text @$NetBSD: patch-ao,v 1.3 2002/12/23 21:23:59 jlam Exp $ --- modules/pam_time/Makefile.orig Sun Nov 19 18:54:05 2000 +++ modules/pam_time/Makefile @@@@ -14,8 +14,4 @@@@ INSTALLED_CONFILE=$(SCONFIGD)/time.conf DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" CFLAGS += $(DEFS) -MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" -MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) -MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age - include ../Simple.Rules @ 1.3 log @Update security/PAM to 0.77. Changes from version 0.75 include: * Numerous bug fixes for most of the PAM modules, including several string length checks and fixes (update recommended!). * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been called * pam_unix: - don't zero out password strings during password changing function * pam_wheel: - feature: can use the module to provide wheel access to non-root accounts. * pam_limits: - added '%' domain for maxlogins limiting, now '*' and @@group have the old meaning (every) and '%' the new one (all) - handle negative priority limits (which can apply to the superuser too). * pam_userdb: - require that all of typed password matches that in database * pam_access: - added the 'fieldsep=' argument, made a PAM_RHOST of "" equivalent to NULL Incidentally, cups-1.1.18 will once again do PAM authentication using pam_unix.so if built against PAM-0.77. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update security/PAM to 0.75. Note that this release contains backwardly incompatible changes to libpam.so; prior versions were buggy so upgrading is highly recommended. Pkgsrc changes from version 0.72 include: * Honor ${PKG_SYSCONFDIR}: the config files are now found in /etc/pam.conf and /etc/pam/*.conf, or in the appropriate ${PKG_SYSCONFBASE} directory. * Convert to use the general INSTALL/DEINSTALL scripts. Changes from version 0.72 include: * bug fixes to almost every PAM module * pam_pwdb replaced with pam_unix * fixed a small security hole (more of a user confusion issue) with the unix and pwdb password helper binaries. * improved handling of the setcred/close_session and update chauthtok stack. *Warning* This is a backwardly incompatible change, but 'more sane' than before. (Bug 129775 - agmorgan) * added support for '/' symbols in pam_time and pam_group config files (support for modern terminal devices). Fixed infinite loop problem with '\\[^\n]' in these files. * added accessconf= feature to pam_access @ text @d3 11 a13 98 --- modules/pam_unix/pam_unix_passwd.c.orig Sun Feb 11 01:33:53 2001 +++ modules/pam_unix/pam_unix_passwd.c @@@@ -47,7 +47,10 @@@@ #include #include #include +#include +#ifndef BSD #include +#endif #include /* for time() */ #include #include @@@@ -77,7 +80,7 @@@@ #include "md5.h" #include "support.h" -#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) +#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) extern int getrpcport(const char *host, unsigned long prognum, unsigned long versnum, unsigned int proto); #endif /* GNU libc 2.1 */ @@@@ -330,6 +333,9 @@@@ static int _update_passwd(const char *forwho, const char *towhat) { +#ifdef BSD + return PAM_AUTHTOK_ERR; +#else struct passwd *tmpent = NULL; FILE *pwfile, *opwfile; int retval = 0; @@@@ -372,10 +378,14 @@@@ unlink(PW_TMPFILE); return retval; +#endif } static int _update_shadow(const char *forwho, char *towhat) { +#ifdef BSD + return PAM_AUTHTOK_ERR; +#else struct spwd *spwdent = NULL, *stmpent = NULL; FILE *pwfile, *opwfile; int retval = 0; @@@@ -424,6 +434,7 @@@@ unlink(SH_TMPFILE); return retval; +#endif } static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, @@@@ -531,15 +542,18 @@@@ return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ if (strcmp(pwd->pw_passwd, "x") == 0) { +#ifndef BSD /* ...and shadow password file entry for this user, if shadowing is enabled */ setspent(); spwdent = getspnam(user); endspent(); +#endif if (spwdent == NULL) return PAM_AUTHINFO_UNAVAIL; } else { +#ifndef BSD if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */ uid_t save_uid; @@@@ -552,8 +566,15 @@@@ return PAM_AUTHINFO_UNAVAIL; } else spwdent = NULL; +#endif } +#ifdef BSD + if (off(UNIX__IAMROOT, ctrl)) { + if (time(NULL) > pwd->pw_expire) + retval = PAM_ACCT_EXPIRED; + } +#else if (spwdent != NULL) { /* We have the user's information, now let's check if their account has expired (60 * 60 * 24 = number of seconds in a day) */ @@@@ -579,6 +600,7 @@@@ retval = PAM_ACCT_EXPIRED; } } +#endif return retval; } @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- modules/pam_unix/pam_unix_passwd.c.orig Sat Oct 21 13:10:07 2000 d5 2 a6 2 @@@@ -52,7 +52,10 @@@@ #include d16 1 a16 1 @@@@ -83,7 +86,7 @@@@ d25 1 a25 1 @@@@ -334,6 +337,9 @@@@ d27 1 a27 1 static int _update_passwd(const char *forwho, char *towhat) d35 1 a35 1 @@@@ -376,10 +382,14 @@@@ d50 1 a50 1 @@@@ -428,6 +438,7 @@@@ d57 2 a58 2 static int _do_setpass(const char *forwho, char *fromwhat, char *towhat, @@@@ -535,15 +546,18 @@@@ d77 1 a77 1 @@@@ -556,8 +570,15 @@@@ d93 1 a93 1 @@@@ -583,6 +604,7 @@@@ @ 1.1.1.1 log @Initial import of PAM-0.72, a pluggable authentication module mechanism @ text @@