Relevant BUGIDs:

Purpose of commit: bugfix Commit summary: --------------- This makes Linux-PAM compile able with uClibc or on embedded systems without full libc/libnsl. 2009-06-29 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files. * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS support if all necessary functions exist. * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug option, handle correct if OS has no NIS support. * modules/pam_access/pam_access.c (netgroup_match): Check if yp_get_default_domain and innetgr are available at compile time. * configure.in: Check for functions: innetgr, getdomainname check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
author: Thorsten Kukuk <kukuk@thkukuk.de> 2009-06-30 10:28:53 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2009-06-30 10:28:53 +0000
commit: 2037cd51a2b787c492d60c9235b85868f03ed9ba (patch)
tree: e26118a22a2b18899e841676dd70c01571d11141
parent: 006cf0e7333c53f7981c60c1cfcad77537d0fe74 (diff)
download: pam-2037cd51a2b787c492d60c9235b85868f03ed9ba.tar.gz
pam-2037cd51a2b787c492d60c9235b85868f03ed9ba.tar.bz2
pam-2037cd51a2b787c492d60c9235b85868f03ed9ba.zip
6 files changed, 86 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 8b82adbb..9ee58687 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,24 @@
+2009-06-29  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.
+
+	* modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
+	support if all necessary functions exist.
+
+	* modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
+	option, handle correct if OS has no NIS support.
+
+	* modules/pam_access/pam_access.c (netgroup_match): Check if
+	yp_get_default_domain and innetgr are available at compile time.
+
+	* configure.in: Check for functions: innetgr, getdomainname
+	check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.
+
+2009-06-29  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_unix/pam_unix.8.xml: Fix blowfish description.
+	Reported by Diego E. “Flameeyes” Pettenò.
+
 2009-06-26  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* modules/pam_namespace/Makefile.am: Fix make maintainer-clean,
diff --git a/configure.in b/configure.in
index b7d88003..3cc05ed4 100644
--- a/configure.in
+++ b/configure.in
@@ -409,7 +409,7 @@ AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
 AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
 BACKUP_LIBS=$LIBS
 LIBS="$LIBS $LIBNSL"
-AC_CHECK_FUNCS(yp_get_default_domain)
+AC_CHECK_FUNCS(yp_get_default_domain getdomainname innetgr yperr_string yp_master yp_bind yp_match yp_unbind)
 LIBS=$BACKUP_LIBS
 AC_SUBST(LIBNSL)
 
@@ -436,7 +436,7 @@ dnl Checks for header files.
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
+AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h)
 
 dnl For module/pam_lastlog
 AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index ba8effe3..963ce528 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -41,11 +41,12 @@
 #include <errno.h>
 #include <ctype.h>
 #include <sys/utsname.h>
-#include <rpcsvc/ypclnt.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <sys/socket.h>
-
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #endif
@@ -465,13 +466,31 @@ static int
 netgroup_match (pam_handle_t *pamh, const char *netgroup,
 		const char *machine, const char *user, int debug)
 {
-  char *mydomain = NULL;
   int retval;
+  char *mydomain = NULL;
 
+#ifdef HAVE_YP_GET_DEFAUTL_DOMAIN
   yp_get_default_domain(&mydomain);
+#elif defined(HAVE_GETDOMAINNAME)
+  char domainname_res[256];
 
+  if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
+    {
+      if (strcmp (domainname_res, "(none)") == 0)
+        {
+          /* If domainname is not set, some systems will return "(none)" */
+	  domainname_res[0] = '\0';
+	}
+      mydomain = domainname_res;
+    }
+#endif
 
+#ifdef HAVE_INNETGR
   retval = innetgr (netgroup, machine, user, mydomain);
+#else
+  retval = 0;
+  pam_syslog (pamh, LOG_ERR, "pam_access does not have netgroup support");
+#endif
   if (debug == YES)
     pam_syslog (pamh, LOG_DEBUG,
 		"netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)",
@@ -479,7 +498,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
 		machine ? machine : "NULL",
 		user ? user : "NULL", mydomain ? mydomain : "NULL");
   return retval;
-
 }
 
 /* user_match - match a username against one token */
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 29b9c67d..2792a4d5 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -55,8 +55,12 @@
 #include <sys/time.h>
 #include <sys/stat.h>
 #include <rpc/rpc.h>
+#ifdef HAVE_RPCSVC_YP_PROT_H
 #include <rpcsvc/yp_prot.h>
+#endif
+#ifdef HAVE_RPCSVC_YPCLNT_H
 #include <rpcsvc/ypclnt.h>
+#endif
 
 #include <signal.h>
 #include <errno.h>
@@ -98,17 +102,34 @@ extern int getrpcport(const char *host, unsigned long prognum,
 
 #define MAX_PASSWD_TRIES	3
 
-static char *getNISserver(pam_handle_t *pamh)
+static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
 {
+#if (defined(HAVE_YP_GET_DEFAULT_DOMAIN) || defined(HAVE_GETDOMAINNAME)) && defined(HAVE_YP_MASTER)
 	char *master;
 	char *domainname;
 	int port, err;
 
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
 	if ((err = yp_get_default_domain(&domainname)) != 0) {
 		pam_syslog(pamh, LOG_WARNING, "can't get local yp domain: %s",
 			 yperr_string(err));
 		return NULL;
 	}
+#elif defined(HAVE_GETDOMAINNAME)
+	char domainname_res[256];
+
+	if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
+	  {
+	    if (strcmp (domainname_res, "(none)") == 0)
+	      {
+		/* If domainname is not set, some systems will return "(none)" */
+		domainname_res[0] = '\0';
+	      }
+	    domainname = domainname_res;
+	  }
+	else domainname = NULL;
+#endif
+
 	if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) {
 		pam_syslog(pamh, LOG_WARNING, "can't find the master ypserver: %s",
 			 yperr_string(err));
@@ -125,7 +146,18 @@ static char *getNISserver(pam_handle_t *pamh)
 		         "yppasswd daemon running on illegal port");
 		return NULL;
 	}
+	if (on(UNIX_DEBUG, ctrl)) {
+	  pam_syslog(pamh, LOG_DEBUG, "Use NIS server on %s with port %d",
+		     master, port);
+	}
 	return master;
+#else
+	if (on(UNIX_DEBUG, ctrl)) {
+	  pam_syslog(pamh, LOG_DEBUG, "getNISserver: No NIS support available");
+	}
+
+	return NULL;
+#endif
 }
 
 #ifdef WITH_SELINUX
@@ -294,7 +326,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
 	}
 
 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
-	    if ((master=getNISserver(pamh)) != NULL) {
+	  if ((master=getNISserver(pamh, ctrl)) != NULL) {
 		struct timeval timeout;
 		struct yppasswd yppwd;
 		CLIENT *clnt;
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 050e0dc1..2a47d157 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -19,7 +19,9 @@
 #include <ctype.h>
 #include <syslog.h>
 #include <sys/resource.h>
+#ifdef HAVE_RPCSVC_YPCLNT_H
 #include <rpcsvc/ypclnt.h>
+#endif
 
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
@@ -275,6 +277,7 @@ int _unix_getpwnam(pam_handle_t *pamh, const char *name,
 		}
 	}
 
+#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined (HAVE_YP_BIND) && defined (HAVE_YP_MATCH) && defined (HAVE_YP_UNBIND)
 	if (!matched && nis) {
 		char *userinfo = NULL, *domain = NULL;
 		int len = 0, i;
@@ -293,6 +296,10 @@ int _unix_getpwnam(pam_handle_t *pamh, const char *name,
 			}
 		}
 	}
+#else
+	/* we don't have NIS support, make compiler happy. */
+	nis = 0;
+#endif
 
 	if (matched && (ret != NULL)) {
 		*ret = NULL;
diff --git a/modules/pam_unix/yppasswd_xdr.c b/modules/pam_unix/yppasswd_xdr.c
index 0b7cfac6..0b95b82b 100644
--- a/modules/pam_unix/yppasswd_xdr.c
+++ b/modules/pam_unix/yppasswd_xdr.c
@@ -13,8 +13,6 @@
 #include "config.h"
 
 #include <rpc/rpc.h>
-#include <rpcsvc/yp_prot.h>
-#include <rpcsvc/ypclnt.h>
 #include "yppasswd.h"
 
 bool_t
author	Thorsten Kukuk <kukuk@thkukuk.de>	2009-06-30 10:28:53 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2009-06-30 10:28:53 +0000
commit	2037cd51a2b787c492d60c9235b85868f03ed9ba (patch)
tree	e26118a22a2b18899e841676dd70c01571d11141
parent	006cf0e7333c53f7981c60c1cfcad77537d0fe74 (diff)
download	pam-2037cd51a2b787c492d60c9235b85868f03ed9ba.tar.gz pam-2037cd51a2b787c492d60c9235b85868f03ed9ba.tar.bz2 pam-2037cd51a2b787c492d60c9235b85868f03ed9ba.zip