head 1.5; access; symbols pkgsrc-2014Q1:1.3.0.90 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.88 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.86 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.84 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.82 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.80 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.78 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.76 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.74 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.72 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.70 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.68 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.66 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.64 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.62 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.60 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.58 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.56 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.54 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.52 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.50 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.48 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.46 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.44 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.42 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.40 pkgsrc-2008Q1:1.3.0.38 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.36 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.34 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.32 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.30 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.28 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.26 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.24 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.22 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.20 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.18 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.16 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.14 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.12 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.10 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.8 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.6 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.4 pkgsrc-2003Q4-base:1.3 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.2.0.8 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.2 netbsd-1-5-PATCH001:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.5 date 2014.06.10.13.54.30; author joerg; state dead; branches; next 1.4; commitid Bfz6AmAQXMitTYDx; 1.4 date 2014.05.04.09.30.26; author ryoon; state Exp; branches; next 1.3; commitid oesJrEWUCiUBCczx; 1.3 date 2002.12.23.21.23.59; author jlam; state Exp; branches; next 1.2; 1.2 date 2002.01.29.17.10.11; author jlam; state Exp; branches; next 1.1; 1.1 date 2000.10.21.18.41.54; author rh; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.10.21.18.41.54; author rh; state Exp; branches; next ; desc @@ 1.5 log @Remove outdated security/PAM. @ text @$NetBSD: patch-ap,v 1.4 2014/05/04 09:30:26 ryoon Exp $ --- modules/pam_unix/pam_unix_acct.c.orig 2000-12-20 05:15:05.000000000 +0000 +++ modules/pam_unix/pam_unix_acct.c @@@@ -43,7 +43,9 @@@@ #include #include #include +#ifdef HAVE_SHADOW_H #include +#endif #include /* for time() */ #include @@@@ -60,6 +62,10 @@@@ #include "support.h" +#ifndef _PASSWORD_WARNDAYS +#define _PASSWORD_WARNDAYS 14 +#endif + /* * PAM framework looks for this entry-point to pass control to the * account management module. @@@@ -71,8 +77,10 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand unsigned int ctrl; const char *uname; int retval, daysleft; - time_t curdays; + time_t now, curdays; +#ifdef HAVE_GETSPNAM struct spwd *spent; +#endif struct passwd *pwent; char buf[80]; @@@@ -113,7 +121,9 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand return PAM_CRED_INSUFFICIENT; } } +#ifdef HAVE_GETSPNAM spent = getspnam( uname ); +#endif if (save_uid == pwent->pw_uid) setreuid( save_uid, save_euid ); else { @@@@ -123,15 +133,21 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand } } else if (!strcmp( pwent->pw_passwd, "x" )) { +#ifdef HAVE_GETSPNAM spent = getspnam(uname); +#endif } else { return PAM_SUCCESS; } +#ifdef HAVE_GETSPNAM if (!spent) return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ +#endif - curdays = time(NULL) / (60 * 60 * 24); + now = time(NULL); + curdays = now / (60 * 60 * 24); +#ifdef HAVE_GETSPNAM D(("today is %d, last change %d", curdays, spent->sp_lstchg)); if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) && (spent->sp_lstchg != 0)) { @@@@ -143,6 +159,29 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand D(("account expired")); return PAM_ACCT_EXPIRED; } +#else + if ((now > pwent->pw_expire) && (pwent->pw_expire != 0)) { + _log_err(LOG_NOTICE, pamh + ,"account %s has expired (account expired)" + ,uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + "Your account has expired; please contact your system administrator"); + D(("account expired")); + return PAM_ACCT_EXPIRED; + } + if ((now + _PASSWORD_WARNDAYS * 60 * 60 * 24 > pwent->pw_expire) + && (pwent->pw_expire != 0)) { + daysleft = (pwent->pw_expire - now) / (60 * 60 * 24); + _log_err(LOG_DEBUG, pamh + ,"account for user %s will expire in %d days" + ,uname, daysleft); + snprintf(buf, 80, "Warning: your account will expire in %d day%.2s", + daysleft, daysleft == 1 ? "" : "s"); + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); + } +#endif + +#ifdef HAVE_GETSPNAM if ((curdays > (spent->sp_lstchg + spent->sp_max + spent->sp_inact)) && (spent->sp_max != -1) && (spent->sp_inact != -1) && (spent->sp_lstchg != 0)) { @@@@ -154,7 +193,9 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand D(("account expired 2")); return PAM_ACCT_EXPIRED; } +#endif D(("when was the last change")); +#ifdef HAVE_GETSPNAM if (spent->sp_lstchg == 0) { _log_err(LOG_NOTICE, pamh ,"expired password for user %s (root enforced)" @@@@ -173,6 +214,19 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand D(("need a new password 2")); return PAM_NEW_AUTHTOK_REQD; } +#else + if (pwent->pw_change == -1) { + _log_err(LOG_NOTICE, pamh + ,"expired password for user %s (root enforced)" + ,uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + "You are required to change your password immediately (root enforced)"); + D(("need a new password")); + return PAM_NEW_AUTHTOK_REQD; + } +#endif + +#ifdef HAVE_GETSPNAM if ((curdays > (spent->sp_lstchg + spent->sp_max - spent->sp_warn)) && (spent->sp_max != -1) && (spent->sp_warn != -1)) { daysleft = (spent->sp_lstchg + spent->sp_max) - curdays; @@@@ -183,6 +237,18 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand daysleft, daysleft == 1 ? "" : "s"); _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); } +#else + if ((now + _PASSWORD_WARNDAYS * 60 * 60 * 24 > pwent->pw_change) + && (pwent->pw_change != 0) && (pwent->pw_change != -1)) { + daysleft = (pwent->pw_change - now) / (60 * 60 * 24); + _log_err(LOG_DEBUG, pamh + ,"password for user %s will expire in %d days" + ,uname, daysleft); + snprintf(buf, 80, "Warning: your password will expire in %d day%.2s", + daysleft, daysleft == 1 ? "" : "s"); + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); + } +#endif D(("all done")); @ 1.4 log @Fix build under OpenBSD 5.5 * OpenBSD 5.5 has no _PASSWORD_WARNDAYS definition in its header files Declare _PASSWORD_WARNDAYS as 14 if _PASSWORD_WARNDAYS is not defined. Move the definition above its use. @ text @d1 1 a1 1 $NetBSD: patch-ap,v 1.3 2002/12/23 21:23:59 jlam Exp $ @ 1.3 log @Update security/PAM to 0.77. Changes from version 0.75 include: * Numerous bug fixes for most of the PAM modules, including several string length checks and fixes (update recommended!). * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been called * pam_unix: - don't zero out password strings during password changing function * pam_wheel: - feature: can use the module to provide wheel access to non-root accounts. * pam_limits: - added '%' domain for maxlogins limiting, now '*' and @@group have the old meaning (every) and '%' the new one (all) - handle negative priority limits (which can apply to the superuser too). * pam_userdb: - require that all of typed password matches that in database * pam_access: - added the 'fieldsep=' argument, made a PAM_RHOST of "" equivalent to NULL Incidentally, cups-1.1.18 will once again do PAM authentication using pam_unix.so if built against PAM-0.77. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- modules/pam_unix/pam_unix_acct.c.orig Wed Dec 20 00:15:05 2000 d15 12 a26 1 @@@@ -71,8 +73,10 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand d38 1 a38 1 @@@@ -113,7 +117,9 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand d48 1 a48 1 @@@@ -123,15 +129,21 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand d71 1 a71 1 @@@@ -143,6 +155,29 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand d101 1 a101 1 @@@@ -154,7 +189,9 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand d111 1 a111 1 @@@@ -173,6 +210,19 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand d131 1 a131 1 @@@@ -183,6 +233,21 @@@@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand a135 3 +#ifndef _PASSWORD_WARNDAYS +#define _PASSWORD_WARNDAYS 14 +#endif @ 1.2 log @Update security/PAM to 0.75. Note that this release contains backwardly incompatible changes to libpam.so; prior versions were buggy so upgrading is highly recommended. Pkgsrc changes from version 0.72 include: * Honor ${PKG_SYSCONFDIR}: the config files are now found in /etc/pam.conf and /etc/pam/*.conf, or in the appropriate ${PKG_SYSCONFBASE} directory. * Convert to use the general INSTALL/DEINSTALL scripts. Changes from version 0.72 include: * bug fixes to almost every PAM module * pam_pwdb replaced with pam_unix * fixed a small security hole (more of a user confusion issue) with the unix and pwdb password helper binaries. * improved handling of the setcred/close_session and update chauthtok stack. *Warning* This is a backwardly incompatible change, but 'more sane' than before. (Bug 129775 - agmorgan) * added support for '/' symbols in pam_time and pam_group config files (support for modern terminal devices). Fixed infinite loop problem with '\\[^\n]' in these files. * added accessconf= feature to pam_access @ text @d3 5 a7 5 --- modules/pam_unix/support.c.orig Sun Feb 11 01:33:53 2001 +++ modules/pam_unix/support.c @@@@ -12,7 +12,10 @@@@ #include #include d9 1 a9 2 +#include +#ifndef BSD d12 1 a12 2 #include #include d14 50 a63 6 @@@@ -111,6 +114,9 @@@@ */ char *PAM_getlogin(void) { +#ifdef BSD + return getlogin(); d65 19 a83 23 struct utmp *ut, line; char *curr_tty, *retval; static char curr_user[sizeof(ut->ut_user) + 4]; @@@@ -132,6 +138,7 @@@@ D(("PAM_getlogin retval: %s", retval)); return retval; +#endif } /* @@@@ -330,6 +337,7 @@@@ pwd = getpwnam(name); /* Get password file entry... */ if (pwd != NULL) { +#ifndef BSD if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) { /* NIS+ */ uid_t save_euid, save_uid; @@@@ -367,6 +375,7 @@@@ if (spwdent) salt = x_strdup(spwdent->sp_pwdp); else d85 18 a102 1 salt = x_strdup(pwd->pw_passwd); d104 11 a114 14 /* Does this user have a password? */ @@@@ -481,6 +490,7 @@@@ pwd = getpwnam(name); /* Get password file entry... */ if (pwd != NULL) { +#ifndef BSD if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) { /* NIS+ */ uid_t save_euid, save_uid; @@@@ -498,7 +508,7 @@@@ return PAM_CRED_INSUFFICIENT; } } - d116 22 a137 7 spwdent = getspnam( name ); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); @@@@ -517,6 +527,7 @@@@ if (spwdent) salt = x_strdup(spwdent->sp_pwdp); else d139 2 a140 2 salt = x_strdup(pwd->pw_passwd); } @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- modules/pam_unix/support.c.orig Sat Oct 21 14:21:48 2000 d16 1 a16 1 @@@@ -99,6 +102,9 @@@@ d25 2 a26 2 static char curr_user[UT_NAMESIZE + 4]; @@@@ -120,6 +126,7 @@@@ d34 1 a34 1 @@@@ -302,6 +309,7 @@@@ d42 1 a42 1 @@@@ -339,6 +347,7 @@@@ d50 1 a50 1 @@@@ -450,6 +459,7 @@@@ d58 1 a58 1 @@@@ -467,7 +477,7 @@@@ d67 1 a67 1 @@@@ -486,6 +496,7 @@@@ @ 1.1.1.1 log @Initial import of PAM-0.72, a pluggable authentication module mechanism @ text @@