Remove upstreamed patch and add a new one to fix compilation.
Add some more configure options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=libpam
-PKG_VERSION:=1.3.1
+PKG_VERSION:=1.4.0
PKG_RELEASE:=1
PKG_SOURCE:=Linux-PAM-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/linux-pam/linux-pam/releases/download/v$(PKG_VERSION)
-PKG_HASH:=eff47a4ecd833fbf18de9686632a70ee8d0794b79aecb217ebd0ce11db4cd0db
+PKG_HASH:=cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034
PKG_BUILD_DIR:=$(BUILD_DIR)/Linux-PAM-$(PKG_VERSION)
PKG_MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
--disable-audit \
--disable-cracklib \
--disable-db \
- --disable-prelude \
+ --disable-debug \
+ --disable-doc \
+ --disable-econf \
--disable-lckpwdf \
--disable-nis \
+ --disable-prelude \
--disable-regenerate-docu \
--disable-rpath \
--disable-selinux \
+ --disable-Werror \
--with-gnu-ld \
--without-mailspool \
--without-xauth
+++ /dev/null
-From 1a2e6c979118dce5e79604e88c008c7879d1e4e6 Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Wed, 17 Jun 2015 18:19:23 +0800
-Subject: [PATCH 2/7] build: ignore pam_rhosts if neither ruserok nor
- ruserok_af is available.
-
-* configure.ac: check for ruserok and ruserok_af
-* modules/Makefile.am: ignore pam_rhosts/ if it's disabled
-* modules/pam_rhosts/pam_rhosts.c: include stdlib.h for malloc and free
-
-Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
----
- configure.ac | 5 ++++-
- modules/Makefile.am | 11 ++++++++---
- modules/pam_rhosts/pam_rhosts.c | 1 +
- 3 files changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 306b6e2..084071a 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -524,7 +524,10 @@ AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir selec
- AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
- AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
- AC_CHECK_FUNCS(getgrouplist getline getdelim)
--AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af)
-+AC_CHECK_FUNCS(inet_ntop inet_pton innetgr)
-+AC_CHECK_FUNCS([ruserok_af ruserok], [break])
-+
-+AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o "$ac_cv_func_ruserok" = yes])
-
- AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
- AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
-diff --git a/modules/Makefile.am b/modules/Makefile.am
-index 0c80cea..9ad26a9 100644
---- a/modules/Makefile.am
-+++ b/modules/Makefile.am
-@@ -2,16 +2,21 @@
- # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
- #
-
--SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
-+if COND_BUILD_PAM_RHOSTS
-+ MAYBE_PAM_RHOSTS = pam_rhosts
-+endif
-+
-+SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
- pam_env pam_exec pam_faildelay pam_filter pam_ftp \
- pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
- pam_listfile pam_localuser pam_loginuid pam_mail \
- pam_mkhomedir pam_motd pam_namespace pam_nologin \
-- pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
-+ pam_permit pam_pwhistory pam_rootok pam_securetty \
- pam_selinux pam_sepermit pam_shells pam_stress \
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
- pam_tty_audit pam_umask \
-- pam_unix pam_userdb pam_warn pam_wheel pam_xauth
-+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth \
-+ $(MAYBE_PAM_RHOSTS)
-
- CLEANFILES = *~
-
-diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
-index bc9e76f..51ef13e 100644
---- a/modules/pam_rhosts/pam_rhosts.c
-+++ b/modules/pam_rhosts/pam_rhosts.c
-@@ -35,6 +35,7 @@
- #include <pwd.h>
- #include <netdb.h>
- #include <string.h>
-+#include <stdlib.h>
- #include <syslog.h>
-
- #define PAM_SM_AUTH /* only defines this management group */
---
-1.7.10.4
-
+++ /dev/null
-From bac1ee3033cf22e31730fe3e77ca82bd5ebba692 Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Wed, 17 Jun 2015 21:18:05 +0800
-Subject: [PATCH 3/7] build: ignore pam_lastlog when logwtmp is not available.
-
-* configure.ac: check logwtmp and set COND_BUILD_PAM_LASTLOG
-* modules/pam_lastlog/Makefile.am: check COND_BUILD_PAM_LASTLOG
-
-Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
----
- configure.ac | 2 ++
- modules/Makefile.am | 8 ++++++--
- 2 files changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 084071a..ca4bf5b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -526,8 +526,10 @@ AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r
- AC_CHECK_FUNCS(getgrouplist getline getdelim)
- AC_CHECK_FUNCS(inet_ntop inet_pton innetgr)
- AC_CHECK_FUNCS([ruserok_af ruserok], [break])
-+AC_CHECK_FUNCS([logwtmp])
-
- AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o "$ac_cv_func_ruserok" = yes])
-+AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes])
-
- AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
- AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
-diff --git a/modules/Makefile.am b/modules/Makefile.am
-index 9ad26a9..b98dc5c 100644
---- a/modules/Makefile.am
-+++ b/modules/Makefile.am
-@@ -6,9 +6,13 @@ if COND_BUILD_PAM_RHOSTS
- MAYBE_PAM_RHOSTS = pam_rhosts
- endif
-
-+if COND_BUILD_PAM_LASTLOG
-+ MAYBE_PAM_LASTLOG = pam_lastlog
-+endif
-+
- SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
- pam_env pam_exec pam_faildelay pam_filter pam_ftp \
-- pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
-+ pam_group pam_issue pam_keyinit pam_limits \
- pam_listfile pam_localuser pam_loginuid pam_mail \
- pam_mkhomedir pam_motd pam_namespace pam_nologin \
- pam_permit pam_pwhistory pam_rootok pam_securetty \
-@@ -16,7 +20,7 @@ SUBDIRS := pam_access pam_cracklib pam_debug pam_deny pam_echo \
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
- pam_tty_audit pam_umask \
- pam_unix pam_userdb pam_warn pam_wheel pam_xauth \
-- $(MAYBE_PAM_RHOSTS)
-+ $(MAYBE_PAM_RHOSTS) $(MAYBE_PAM_LASTLOG)
-
- CLEANFILES = *~
-
---
-1.7.10.4
-
+++ /dev/null
-From 1563e57ea8ab9d123f765129a6840929ef58ff7a Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Wed, 17 Jun 2015 20:38:41 +0800
-Subject: [PATCH 5/7] build: fix doc build.
-
-* Makefile.am: ignore doc/ directory if not ENABLE_REGENERATE_MAN
-* doc/adg/Makefile.am: remove check on ENABLE_REGENERATE_MAN
-* doc/man/Makefile.am: ditto
-* doc/mwg/Makefile.am: ditto
-* doc/sag/Makefile.am: ditto
-* doc/specs/Makefile.am: ignore CC from command line
-
-Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
----
- Makefile.am | 5 ++++-
- doc/adg/Makefile.am | 3 ---
- doc/man/Makefile.am | 2 --
- doc/mwg/Makefile.am | 3 ---
- doc/sag/Makefile.am | 2 --
- doc/specs/Makefile.am | 2 +-
- 6 files changed, 5 insertions(+), 12 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 3db4e37..5e6592a 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -4,7 +4,10 @@
-
- AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 dist-xz check-news
-
--SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
-+if ENABLE_REGENERATE_MAN
-+ MAYBE_DOC = doc
-+endif
-+SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests $(MAYBE_DOC)
-
- CLEANFILES = *~
-
-diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am
-index 77bd7a9..bec5edc 100644
---- a/doc/adg/Makefile.am
-+++ b/doc/adg/Makefile.am
-@@ -9,7 +9,6 @@ EXTRA_DIST = $(XMLS)
- XMLS = Linux-PAM_ADG.xml $(shell ls $(srcdir)/pam_*.xml)
- DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml)
-
--if ENABLE_REGENERATE_MAN
- MAINTAINERCLEANFILES = Linux-PAM_ADG.txt Linux-PAM_ADG.pdf html/*.html
-
- all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf
-@@ -51,8 +50,6 @@ html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS)
- distclean-local:
- -rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf
-
--endif
--
- install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(docdir)
- $(mkinstalldirs) $(DESTDIR)$(pdfdir)
-diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
-index 78c891d..b1dc421 100644
---- a/doc/man/Makefile.am
-+++ b/doc/man/Makefile.am
-@@ -45,7 +45,6 @@ XMLS = pam.3.xml pam.8.xml \
- misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \
- pam_misc_setenv.3.xml
-
--if ENABLE_REGENERATE_MAN
- PAM.8: pam.8
- pam_get_authtok_noverify.3: pam_get_authtok.3
- pam_get_authtok_verify.3: pam_get_authtok.3
-@@ -60,4 +59,3 @@ pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
- pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml
- pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml
- -include $(top_srcdir)/Make.xml.rules
--endif
-diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am
-index 2bbb2d0..f57e297 100644
---- a/doc/mwg/Makefile.am
-+++ b/doc/mwg/Makefile.am
-@@ -9,7 +9,6 @@ EXTRA_DIST = $(XMLS)
- XMLS = Linux-PAM_MWG.xml $(shell ls $(srcdir)/pam_*.xml)
- DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml)
-
--if ENABLE_REGENERATE_MAN
- MAINTAINERCLEANFILES = Linux-PAM_MWG.txt Linux-PAM_MWG.pdf html/*.html
-
- all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf
-@@ -51,8 +50,6 @@ html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS)
- distclean-local:
- -rm -rf html Linux-PAM_MWG.txt Linux-PAM_MWG.pdf
-
--endif
--
- install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(docdir)
- $(mkinstalldirs) $(DESTDIR)$(pdfdir)
-diff --git a/doc/sag/Makefile.am b/doc/sag/Makefile.am
-index 31816aa..a8b655f 100644
---- a/doc/sag/Makefile.am
-+++ b/doc/sag/Makefile.am
-@@ -10,7 +10,6 @@ XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml)
-
- DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml)
-
--if ENABLE_REGENERATE_MAN
- MAINTAINERCLEANFILES = Linux-PAM_SAG.txt Linux-PAM_SAG.pdf html/*.html
-
- all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf
-@@ -51,7 +50,6 @@ html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS)
-
- distclean-local:
- -rm -rf html Linux-PAM_SAG.txt Linux-PAM_SAG.pdf
--endif
-
- install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(docdir)
-diff --git a/doc/specs/Makefile.am b/doc/specs/Makefile.am
-index 99ecc70..39c850f 100644
---- a/doc/specs/Makefile.am
-+++ b/doc/specs/Makefile.am
-@@ -11,7 +11,7 @@ draft-morgan-pam-current.txt: padout draft-morgan-pam.raw
-
- AM_YFLAGS = -d
-
--CC = @CC_FOR_BUILD@
-+override CC = @CC_FOR_BUILD@
- CPPFLAGS = @BUILD_CPPFLAGS@
- CFLAGS = @BUILD_CFLAGS@
- LDFLAGS = @BUILD_LDFLAGS@
---
-1.7.10.4
-
+++ /dev/null
-From 2e3ed4c6fb09f84fede589047d37d11783202d34 Mon Sep 17 00:00:00 2001
-From: Yousong Zhou <yszhou4tech@gmail.com>
-Date: Wed, 17 Jun 2015 18:16:18 +0800
-Subject: [PATCH 6/7] pam_unix: fix compilation in case rpc/rpc.h is missing.
-
-* modules/pam_unix/pam_unix_passwd.c: conditional compile on the
- availability of rpc/rpc.h
-
-Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
----
- modules/pam_unix/pam_unix_passwd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
-index 2d330e5..970724a 100644
---- a/modules/pam_unix/pam_unix_passwd.c
-+++ b/modules/pam_unix/pam_unix_passwd.c
-@@ -410,7 +410,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
- }
-
- if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
--#ifdef HAVE_NIS
-+#if defined(HAVE_NIS) && defined(HAVE_RPC_RPC_H)
- if ((master=getNISserver(pamh, ctrl)) != NULL) {
- struct timeval timeout;
- struct yppasswd yppwd;
---
-1.7.10.4
-
+++ /dev/null
-From 9f23ba5a40b42acf4463b593bffd73caee8b527c Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Sun, 15 Jul 2018 20:43:44 -0700
-Subject: [PATCH] Replace strndupa with strcpy
-
-glibc only. A static string is better.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- modules/pam_exec/pam_exec.c | 31 +++++++++++--------------------
- 1 file changed, 11 insertions(+), 20 deletions(-)
-
-diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
-index 0ab6548..2fbab4f 100644
---- a/modules/pam_exec/pam_exec.c
-+++ b/modules/pam_exec/pam_exec.c
-@@ -102,7 +102,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
- int use_stdout = 0;
- int optargc;
- const char *logfile = NULL;
-- const char *authtok = NULL;
-+ char authtok[PAM_MAX_RESP_SIZE];
- pid_t pid;
- int fds[2];
- int stdout_fds[2];
-@@ -180,12 +180,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
- if (resp)
- {
- pam_set_item (pamh, PAM_AUTHTOK, resp);
-- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
-+ strcpy (authtok, resp);
- _pam_drop (resp);
- }
- }
- else
-- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
-+ strcpy (authtok, void_pass);
-
- if (pipe(fds) != 0)
- {
-@@ -225,23 +225,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
-
- if (expose_authtok) /* send the password to the child */
- {
-- if (authtok != NULL)
-- { /* send the password to the child */
-- if (debug)
-- pam_syslog (pamh, LOG_DEBUG, "send password to child");
-- if (write(fds[1], authtok, strlen(authtok)+1) == -1)
-- pam_syslog (pamh, LOG_ERR,
-- "sending password to child failed: %m");
-- authtok = NULL;
-- }
-- else
-- {
-- if (write(fds[1], "", 1) == -1) /* blank password */
-- pam_syslog (pamh, LOG_ERR,
-- "sending password to child failed: %m");
-- }
-- close(fds[0]); /* close here to avoid possible SIGPIPE above */
-- close(fds[1]);
-+ if (debug)
-+ pam_syslog (pamh, LOG_DEBUG, "send password to child");
-+ if (write(fds[1], authtok, strlen(authtok)) == -1)
-+ pam_syslog (pamh, LOG_ERR,
-+ "sending password to child failed: %m");
-+
-+ close(fds[0]); /* close here to avoid possible SIGPIPE above */
-+ close(fds[1]);
- }
-
- if (use_stdout)
---
-2.19.1
-
--- /dev/null
+From aef363c7e8e942224e6cffc4398366c6e5d31749 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Thu, 11 Jun 2020 00:04:32 +0200
+Subject: [PATCH] configure.ac: fix build failure when crypt() does not require
+ libcrypt
+
+Since commit 522246d20e4cd92fadc2d760228cb7e78cbeb4c5, the build fails
+if "none required" is returned by AC_SEARCH_LIBS for libcrypt.
+
+Resolves: https://github.com/linux-pam/linux-pam/pull/235
+Fixes: http://autobuild.buildroot.org/results/92b3dd7c984d2b843ac9aacacd69eec99f28743e
+Fixes: v1.4.0~228 ("Use cached 'crypt' library result correctly")
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ configure.ac | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index ea08a7a3..c1862ea7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -428,7 +428,11 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
+ [crypt_libs="crypt"])
+
+ BACKUP_LIBS=$LIBS
+-AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_cv_search_crypt}", LIBCRYPT="")
++AC_SEARCH_LIBS([crypt],[$crypt_libs])
++case "$ac_cv_search_crypt" in
++ -l*) LIBCRYPT="$ac_cv_search_crypt" ;;
++ *) LIBCRYPT="" ;;
++esac
+ AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
+ LIBS=$BACKUP_LIBS
+ AC_SUBST(LIBCRYPT)
--- /dev/null
+--- a/modules/pam_faillock/pam_faillock.c
++++ b/modules/pam_faillock/pam_faillock.c
+@@ -348,42 +348,81 @@ set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const c
+ static int
+ check_local_user (pam_handle_t *pamh, const char *user)
+ {
+- struct passwd pw, *pwp;
+- char buf[16384];
+- int found = 0;
++ int rc;
++ size_t user_len;
+ FILE *fp;
+- int errn;
++ char line[BUFSIZ];
+
+- fp = fopen(PATH_PASSWD, "r");
+- if (fp == NULL) {
+- pam_syslog(pamh, LOG_ERR, "unable to open %s: %m",
+- PATH_PASSWD);
+- return -1;
++ /* Validate the user name. */
++ if ((user_len = strlen(user)) == 0) {
++ pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
++ return PAM_SERVICE_ERR;
++ }
++
++ if (user_len > sizeof(line) - sizeof(":")) {
++ pam_syslog(pamh, LOG_NOTICE, "user name is too long");
++ return PAM_SERVICE_ERR;
++ }
++
++ if (strchr(user, ':') != NULL) {
++ /*
++ * "root:x" is not a local user name even if the passwd file
++ * contains a line starting with "root:x:".
++ */
++ return PAM_PERM_DENIED;
+ }
+
+- for (;;) {
+- errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);
+- if (errn == ERANGE) {
+- pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",
+- PATH_PASSWD);
++ /* Open the passwd file. */
++ FILE *file_name = "/etc/passwd";
++ if ((fp = fopen(file_name, "r")) == NULL) {
++ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
++ return PAM_SERVICE_ERR;
++ }
++
++ /*
++ * Scan the file using fgets() instead of fgetpwent_r() because
++ * the latter is not flexible enough in handling long lines
++ * in passwd files.
++ */
++ rc = PAM_PERM_DENIED;
++ while (fgets(line, sizeof(line), fp) != NULL) {
++ size_t line_len;
++ const char *str;
++
++ /*
++ * Does this line start with the user name
++ * followed by a colon?
++ */
++ if (strncmp(user, line, user_len) == 0 &&
++ line[user_len] == ':') {
++ rc = PAM_SUCCESS;
+ break;
+ }
+- if (errn != 0)
+- break;
+- if (strcmp(pwp->pw_name, user) == 0) {
+- found = 1;
++ /* Has a newline been read? */
++ line_len = strlen(line);
++ if (line_len < sizeof(line) - 1 ||
++ line[line_len - 1] == '\n') {
++ /* Yes, continue with the next line. */
++ continue;
++ }
++
++ /* No, read till the end of this line first. */
++ while ((str = fgets(line, sizeof(line), fp)) != NULL) {
++ line_len = strlen(line);
++ if (line_len == 0 ||
++ line[line_len - 1] == '\n') {
++ break;
++ }
++ }
++ if (str == NULL) {
++ /* fgets returned NULL, we are done. */
+ break;
+ }
++ /* Continue with the next line. */
+ }
+
+- fclose (fp);
+-
+- if (errn != 0 && errn != ENOENT) {
+- pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %m");
+- return -1;
+- } else {
+- return found;
+- }
++ fclose(fp);
++ return rc;
+ }
+
+ static int
projects / feed / packages.git / commitdiff