From 09cf8097c6bdf0011cf78c6000c6dcbdb7618cf0 Mon Sep 17 00:00:00 2001 From: Timo Weingärtner Date: Fri, 22 Jun 2012 10:35:36 +0200 Subject: Imported Debian patch 0.99-5 --- Makefile.Debian | 56 ----------------------- debian/Makefile | 39 +++++++++++++++++ debian/changelog | 13 ++++++ debian/compat | 1 + debian/control | 17 ++++--- debian/dirs | 1 - debian/docs | 2 - debian/libpam-pwdfile.dirs | 2 + debian/libpam-pwdfile.docs | 2 + debian/libpam-pwdfile.install | 2 + debian/libpam-pwdfile.lintian-overrides | 2 + debian/patches/regular_crypt | 22 ++++++++++ debian/patches/series | 2 + debian/patches/visibility | 23 ++++++++++ debian/rules | 78 +++------------------------------ debian/source.lintian-overrides | 3 ++ debian/source/format | 1 + pam_pwdfile.c | 2 - 18 files changed, 129 insertions(+), 139 deletions(-) delete mode 100644 Makefile.Debian create mode 100644 debian/Makefile create mode 100644 debian/compat delete mode 100644 debian/dirs delete mode 100644 debian/docs create mode 100755 debian/libpam-pwdfile.dirs create mode 100644 debian/libpam-pwdfile.docs create mode 100755 debian/libpam-pwdfile.install create mode 100644 debian/libpam-pwdfile.lintian-overrides create mode 100644 debian/patches/regular_crypt create mode 100644 debian/patches/series create mode 100644 debian/patches/visibility create mode 100644 debian/source.lintian-overrides create mode 100644 debian/source/format diff --git a/Makefile.Debian b/Makefile.Debian deleted file mode 100644 index 597c53a..0000000 --- a/Makefile.Debian +++ /dev/null @@ -1,56 +0,0 @@ -# Modified Makefile to allow for building of the standalone module - -TITLE=pam_pwdfile - -CC = gcc -LD = gcc -CFLAGS = -fPIC -c -g -Wall -Wformat-security -fvisibility=hidden -LDFLAGS = -Wl,-x --shared -LDLIBS = -lcrypt -lpam -lpam_misc -LIBSRC = $(TITLE).c -LIBOBJ = $(TITLE).o md5_good.o md5_broken.o md5_crypt_good.o md5_crypt_broken.o bigcrypt.o -LIBSHARED = $(TITLE).so -PAM_LIB_DIR = $(DESTDIR)/lib/security -INSTALL = /usr/bin/install - -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -else - CFLAGS += -O2 -endif - - -all: $(LIBSHARED) - -md5_good.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' \ - $(TARGET_ARCH) $< -o $@ - -md5_broken.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ - $(TARGET_ARCH) $< -o $@ - -md5_crypt_good.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Good##x' \ - $(TARGET_ARCH) $< -o $@ - -md5_crypt_broken.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ - $(TARGET_ARCH) $< -o $@ - -$(LIBSHARED): $(LIBOBJ) - $(LD) $(LDFLAGS) -o $@ $(LIBOBJ) $(LDLIBS) - -install: $(LIBSHARED) - $(INSTALL) -m 0755 -d $(PAM_LIB_DIR) - $(INSTALL) -m 0644 pam_pwdfile.so $(PAM_LIB_DIR) - -clean: - rm -f $(LIBOBJS) $(LIBSHARED) core *~ - -extraclean: clean - rm -f *.a *.o *.so *.bak - -.c.o: - $(CC) $(CFLAGS) $< -o $@ - diff --git a/debian/Makefile b/debian/Makefile new file mode 100644 index 0000000..965cf9d --- /dev/null +++ b/debian/Makefile @@ -0,0 +1,39 @@ +# Modified Makefile to allow for building of the standalone module + +TITLE=pam_pwdfile + +CC = gcc +LD = gcc +CFLAGS += -fPIC -c -g -Wall -Wformat-security -fvisibility=hidden +LDFLAGS += -Wl,-x --shared +LDLIBS = -lcrypt -lpam +LIBOBJ = $(TITLE).o md5_good.o md5_broken.o md5_crypt_good.o md5_crypt_broken.o bigcrypt.o +LIBSHARED = $(TITLE).so + +all: $(LIBSHARED) + +md5_good.o: md5.c + $(CC) $(CFLAGS) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' \ + $(TARGET_ARCH) $< -o $@ + +md5_broken.o: md5.c + $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ + $(TARGET_ARCH) $< -o $@ + +md5_crypt_good.o: md5_crypt.c + $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Good##x' \ + $(TARGET_ARCH) $< -o $@ + +md5_crypt_broken.o: md5_crypt.c + $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ + $(TARGET_ARCH) $< -o $@ + +$(LIBSHARED): $(LIBOBJ) + $(LD) $(LDFLAGS) -o $@ $(LIBOBJ) $(LDLIBS) + +clean: + rm -f $(LIBOBJS) $(LIBSHARED) core *~ + +extraclean: clean + rm -f *.a *.o *.so *.bak + diff --git a/debian/changelog b/debian/changelog index 8905429..1ae7cde 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +libpam-pwdfile (0.99-5) unstable; urgency=low + + * New Maintainer (Closes: #588877) + * debian/patches/regular_crypt: Use libc's crypt in the regular way to + support newer crypt types, esp. SHA2 based ones. + * Bump Standards-Version to 3.9.3. + * Bump dh compat level to 9. + * Enable Multi-Arch. + * Use source/format 3.0 (quilt). + * Move Makefile.Debian to debian/Makefile + + -- Timo Weingärtner Fri, 22 Jun 2012 10:35:36 +0200 + libpam-pwdfile (0.99-4) unstable; urgency=low * Orphan this package (set maintainer to Debian QA Group). diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control index 216899a..ad49335 100644 --- a/debian/control +++ b/debian/control @@ -1,14 +1,17 @@ Source: libpam-pwdfile Section: admin Priority: extra -Maintainer: Debian QA Group -Standards-Version: 3.6.2 -Build-Depends: debhelper, libpam0g-dev +Maintainer: Timo Weingärtner +Standards-Version: 3.9.3 +Build-Depends: debhelper (>= 9), dh-exec (>=0.3), libpam0g-dev +Homepage: http://code.google.com/p/pam-pwdfile/ Package: libpam-pwdfile Architecture: any -Depends: ${shlibs:Depends} +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} Description: PAM module allowing authentication via an /etc/passwd-like file - This PAM module lets you use an arbitrarily-named text file similar in - structure to /etc/passwd to authenticate users. Both DES and MD5 - hashed passwords are supported. + This PAM module lets you use an arbitrarily-named text file similar in + structure to /etc/passwd to authenticate users. It supports libc's crypt + plus md5crypt with a broken md5 and Digital UNIX's bigcrypt. diff --git a/debian/dirs b/debian/dirs deleted file mode 100644 index d1f6515..0000000 --- a/debian/dirs +++ /dev/null @@ -1 +0,0 @@ -lib/security diff --git a/debian/docs b/debian/docs deleted file mode 100644 index 5c130d3..0000000 --- a/debian/docs +++ /dev/null @@ -1,2 +0,0 @@ -README -contrib/warwick_duncan-cyrus_without_system_accounts.txt diff --git a/debian/libpam-pwdfile.dirs b/debian/libpam-pwdfile.dirs new file mode 100755 index 0000000..5cd1ce0 --- /dev/null +++ b/debian/libpam-pwdfile.dirs @@ -0,0 +1,2 @@ +#!/usr/bin/dh-exec +lib/${DEB_HOST_MULTIARCH}/security diff --git a/debian/libpam-pwdfile.docs b/debian/libpam-pwdfile.docs new file mode 100644 index 0000000..5c130d3 --- /dev/null +++ b/debian/libpam-pwdfile.docs @@ -0,0 +1,2 @@ +README +contrib/warwick_duncan-cyrus_without_system_accounts.txt diff --git a/debian/libpam-pwdfile.install b/debian/libpam-pwdfile.install new file mode 100755 index 0000000..d0704c3 --- /dev/null +++ b/debian/libpam-pwdfile.install @@ -0,0 +1,2 @@ +#!/usr/bin/dh-exec +pam_pwdfile.so lib/${DEB_HOST_MULTIARCH}/security/ diff --git a/debian/libpam-pwdfile.lintian-overrides b/debian/libpam-pwdfile.lintian-overrides new file mode 100644 index 0000000..99542bc --- /dev/null +++ b/debian/libpam-pwdfile.lintian-overrides @@ -0,0 +1,2 @@ +# spelling error came from upstream +spelling-error-in-copyright GNU Public License GNU General Public License diff --git a/debian/patches/regular_crypt b/debian/patches/regular_crypt new file mode 100644 index 0000000..9895e33 --- /dev/null +++ b/debian/patches/regular_crypt @@ -0,0 +1,22 @@ +Description: Use libc's crypt in the regular way + * That should support newer crypt types. + * We do the check before the weird stuff but keep it to not break setups + using broken md5 hashing or bigcrypt. + * CRYPTED_BCPWD_LEN as an upper limit seems to be ok by now. +Author: Timo Weingärtner +Forwarded: no +Last-Update: 2012-06-20 + +--- libpam-pwdfile-0.99.orig/pam_pwdfile.c ++++ libpam-pwdfile-0.99/pam_pwdfile.c +@@ -348,6 +348,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h + + temp_result = 0; + ++ if (strcmp(crypt(password, stored_crypted_password), stored_crypted_password) == 0) { ++ D(_pam_log(LOG_ERR,"password matched using the systems crypt()")); ++ temp_result = 1; ++ } + /* Extract the salt and set the passwd length, depending on MD5 or DES */ + if (strncmp(stored_crypted_password, "$1$", 3) == 0) { + D(_pam_log(LOG_ERR,"password hash type is 'md5'")); diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..fb3fb12 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +visibility +regular_crypt diff --git a/debian/patches/visibility b/debian/patches/visibility new file mode 100644 index 0000000..d121a1e --- /dev/null +++ b/debian/patches/visibility @@ -0,0 +1,23 @@ +Description: Mark the pam_sm_* functions as __attribute__((visibility("default"))) +Author: Peter Palfrader +Bug-Debian: http://bugs.debian.org/499203 +Last-Update: 2012-06-20 + +--- libpam-pwdfile-0.99.orig/pam_pwdfile.c ++++ libpam-pwdfile-0.99/pam_pwdfile.c +@@ -222,6 +222,7 @@ + } + + /* expected hook for auth service */ ++__attribute__((visibility("default"))) + PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) { + int retval, pcnt, pwdfilename_found; +@@ -408,6 +409,7 @@ + } + + /* another expected hook */ ++__attribute__((visibility("default"))) + PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { diff --git a/debian/rules b/debian/rules index b0cbb7f..9546ad8 100755 --- a/debian/rules +++ b/debian/rules @@ -1,76 +1,12 @@ #!/usr/bin/make -f -# Sample debian/rules that uses debhelper. -# GNU copyright 1997 to 1999 by Joey Hess. -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 +%: + dh $@ -# This is the debhelper compatability version to use. -export DH_COMPAT=4 +override_dh_auto_build: + $(MAKE) -f debian/Makefile -export PACKAGE=pam_pwdfile +override_dh_auto_clean: + $(MAKE) -f debian/Makefile extraclean -build: build-stamp -build-stamp: - dh_testdir - - - # Add here commands to compile the package. - $(MAKE) -f Makefile.Debian - - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp - - -$(MAKE) -f Makefile.Debian extraclean - - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - $(MAKE) -f Makefile.Debian DESTDIR=$(CURDIR)/debian/`dh_listpackages` install - - touch install-stamp - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install -# dh_testversion - dh_testdir - dh_testroot -# dh_installdebconf - dh_installdocs -# dh_installexamples -# dh_installmenu -# dh_installemacsen -# dh_installpam -# dh_installinit -# dh_installcron - dh_installman -# dh_installinfo -# dh_undocumented - dh_installchangelogs changelog - dh_link - dh_strip - dh_compress - dh_fixperms -# dh_makeshlibs - dh_installdeb -# dh_perl - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install +override_dh_auto_install: diff --git a/debian/source.lintian-overrides b/debian/source.lintian-overrides new file mode 100644 index 0000000..0cd63ff --- /dev/null +++ b/debian/source.lintian-overrides @@ -0,0 +1,3 @@ +# already in upstream tarball +source-contains-cvs-control-dir contrib/CVS +source-contains-cvs-control-dir CVS diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/pam_pwdfile.c b/pam_pwdfile.c index be6e6ad..ec2bd96 100644 --- a/pam_pwdfile.c +++ b/pam_pwdfile.c @@ -222,7 +222,6 @@ static int fgetpwnam(FILE *stream, const char *name, char *password) { } /* expected hook for auth service */ -__attribute__((visibility("default"))) PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval, pcnt, pwdfilename_found; @@ -409,7 +408,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, } /* another expected hook */ -__attribute__((visibility("default"))) PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { -- cgit v1.2.3