3 files changed, 114 insertions, 2 deletions

diff --git a/x11/xlockmore/Makefile b/x11/xlockmore/Makefile
index f7681fbbda74..8185360b9f5e 100644
--- a/x11/xlockmore/Makefile
+++ b/x11/xlockmore/Makefile
@@ -35,6 +35,15 @@ USE_X_PREFIX=	yes
 USE_XPM=	yes
 MAN1=		xlock.1
 
+OPTIONS=MESAGL			"Enable Mesa 3D (for GL modes)"		off \
+	MB			"Enable Xmb function series"		off \
+	SYSLOG			"Enable syslog logging"			off \
+	DISABLE_ALLOW_ROOT	"Allows users to turn off allowroot"	off \
+	NICE_ONLY		"Enable only low cpu modes"		off \
+	BLANK_ONLY		"Enable blank mode only (boring)"	off \
+	PAM			"Enable PAM authentication support"	off \
+	BAD_PAM			"Xlock will ask PAM with root rights"	off
+
 .include <bsd.port.pre.mk>
 
 .if ${ARCH} == amd64
@@ -54,12 +63,24 @@ CONFIGURE_ARGS+=	--without-mesa --without-opengl
 CONFIGURE_ARGS+=	--enable-nice-only
 .endif
 
+.if defined(WITH_BAD_PAM) && !defined(WITH_PAM)
+WITH_PAM=	yes
+.endif
+
 .if defined(WITH_PAM)
 CONFIGURE_ARGS+=	--enable-pam
 .endif
 
+.if defined(WITH_NICE_ONLY)
+CONFIGURE_ARGS+=	--enable-nice-only
+.endif
+
+.if defined(WITH_BLANK_ONLY)
+CONFIGURE_ARGS+=	--enable-blank-only
+.endif
+
 .if defined(WITH_MB)
-CONFIGURE_ARGS+=	--enable-use_mb
+CONFIGURE_ARGS+=	--enable-use-mb
 .endif
 
 .if defined(XLOCKMORE_LANG)
@@ -76,10 +97,22 @@ CONFIGURE_ENV+=		XLOCKLIBS="${KRB5LIB} ${KRB4LIB} ${MESALIB}"
 CONFIGURE_ARGS+=	--disable-allow-root
 .endif
 
-.if ${X_WINDOW_SYSTEM:L} != xfree86-3
+.if defined(WITH_PAM) && !defined (WITH_BAD_PAM)
+pre-extract:
+	@${ECHO}
+	@${ECHO} "You have enabled PAM support. If you want to authenticate against"
+	@${ECHO} "root only accessible PAM modules then define WITH_BAD_PAM=yes also."
+	@${ECHO} "For example, pam_unix requires root rights to access shadow passwords."
+	@${ECHO}
+.endif
+
 post-configure:
+.if ${X_WINDOW_SYSTEM:L} != xfree86-3
 	${REINPLACE_CMD} -e 's/-lXdpms//g' ${WRKSRC}/modes/Makefile
 .endif
+.if defined(WITH_BAD_PAM)
+	 ${REINPLACE_CMD} -e 's|/\* #define BAD_PAM \*/|#define BAD_PAM|g' ${WRKSRC}/config.h
+.endif
 
 PLIST_FILES=	bin/xlock lib/X11/app-defaults/XLock
 
diff --git a/x11/xlockmore/files/patch-pam-passwd.c b/x11/xlockmore/files/patch-pam-passwd.c
new file mode 100644
index 000000000000..e2f4e4341ebe
--- /dev/null
+++ b/x11/xlockmore/files/patch-pam-passwd.c
@@ -0,0 +1,62 @@
+--- ../xlockmore-5.20.1.orig/xlock/passwd.c	Mon Sep 26 17:11:20 2005
++++ xlock/passwd.c	Mon Dec 12 15:04:31 2005
+@@ -304,6 +304,16 @@
+ 	reply = (struct pam_response *) malloc(sizeof (struct pam_response) *
+ 					       num_msg);
+ 
++// reply[] members is not initialized!
++// As a result - abort trap when PAM tries to free reply structure
++// after PAM_ERROR_MSG processing.
++
++// So I just initialize reply here with default values and drop
++// initialization from code below (if code matches).
++
++	reply[replies].resp_retcode = PAM_SUCCESS; // be optimistic
++	reply[replies].resp = NULL;
++
+ 	if (!reply)
+ 		return PAM_CONV_ERR;
+ 
+@@ -325,7 +335,6 @@
+ 			  }
+ 			  else
+ 			  {
+-			    reply[replies].resp_retcode = PAM_SUCCESS;
+ 			    reply[replies].resp = COPY_STRING(PAM_password);
+ 			  }
+ #ifdef DEBUG
+@@ -340,11 +349,6 @@
+ 			  {
+ 			    PAM_putText( msg[replies], &reply[replies], False );
+ 			  }
+-			  else
+-			  {
+-			    reply[replies].resp_retcode = PAM_SUCCESS;
+-			    reply[replies].resp = NULL;
+-			  }
+ #ifdef DEBUG
+ 			        (void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" );
+ 			        (void) printf( "Response is: (%s)\n, Return Code is: (%d)\n",
+@@ -357,11 +361,7 @@
+ 			  {
+ 			    PAM_putText( msg[replies], &reply[replies], False );
+ 			  }
+-			  else
+-			  {
+-			    reply[replies].resp_retcode = PAM_SUCCESS;
+-			    reply[replies].resp = NULL;
+-			  }
++				/* PAM frees resp */
+ #ifdef DEBUG
+ 			        (void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" );
+ 			        (void) printf( "Response is: (%s)\n, Return Code is: (%d)\n",
+@@ -1205,8 +1205,7 @@
+ 	pam_error = pam_authenticate(pamh, 0);
+ 	if (pam_error != PAM_SUCCESS) {
+                 if (!allowroot) {
+-                        pam_end(pamh, 0);
+-                        return False;
++					PAM_BAIL;
+                 }
+ 
+ 		/* Try as root; bail if no success there either */
diff --git a/x11/xlockmore/files/patch-pam-xlock.c b/x11/xlockmore/files/patch-pam-xlock.c
new file mode 100644
index 000000000000..cd4df5f0f2dd
--- /dev/null
+++ b/x11/xlockmore/files/patch-pam-xlock.c
@@ -0,0 +1,17 @@
+--- ../xlockmore-5.20.1.orig/xlock/xlock.c	Thu Oct 27 04:09:29 2005
++++ xlock/xlock.c	Mon Dec 12 14:56:05 2005
+@@ -3316,7 +3316,14 @@
+ #ifdef USE_VTLOCK
+ 	if (!vtlock)
+ #endif
++#ifdef BAD_PAM
++		(void) seteuid(ruid);
++#else
+ 		(void) setuid(ruid);
++#endif
++// #ifdef BAD_PAM ... #endif above will be added to prevent xlock from
++// dropping privileges when using PAM modules, that needs root rights
++// (pam_unix e.g.)
+ 
+ #if 0
+ 	/* synchronize -- so I am aware of errors immediately */