aboutsummaryrefslogtreecommitdiff
path: root/x11
diff options
context:
space:
mode:
authorEdwin Groothuis <edwin@FreeBSD.org>2005-12-12 21:18:26 +0000
committerEdwin Groothuis <edwin@FreeBSD.org>2005-12-12 21:18:26 +0000
commit5d5a063ca2e34665db3eb356db94ca1f3b26a653 (patch)
treedc7bececce36d1da4966e5315b8f8bf38fc7a04a /x11
parentb7fb262579536e259303c24dcbf4ac10c7a764be (diff)
downloadports-5d5a063ca2e34665db3eb356db94ca1f3b26a653.tar.gz
ports-5d5a063ca2e34665db3eb356db94ca1f3b26a653.zip
Notes
Diffstat (limited to 'x11')
-rw-r--r--x11/xlockmore/Makefile37
-rw-r--r--x11/xlockmore/files/patch-pam-passwd.c62
-rw-r--r--x11/xlockmore/files/patch-pam-xlock.c17
3 files changed, 114 insertions, 2 deletions
diff --git a/x11/xlockmore/Makefile b/x11/xlockmore/Makefile
index f7681fbbda74..8185360b9f5e 100644
--- a/x11/xlockmore/Makefile
+++ b/x11/xlockmore/Makefile
@@ -35,6 +35,15 @@ USE_X_PREFIX= yes
USE_XPM= yes
MAN1= xlock.1
+OPTIONS=MESAGL "Enable Mesa 3D (for GL modes)" off \
+ MB "Enable Xmb function series" off \
+ SYSLOG "Enable syslog logging" off \
+ DISABLE_ALLOW_ROOT "Allows users to turn off allowroot" off \
+ NICE_ONLY "Enable only low cpu modes" off \
+ BLANK_ONLY "Enable blank mode only (boring)" off \
+ PAM "Enable PAM authentication support" off \
+ BAD_PAM "Xlock will ask PAM with root rights" off
+
.include <bsd.port.pre.mk>
.if ${ARCH} == amd64
@@ -54,12 +63,24 @@ CONFIGURE_ARGS+= --without-mesa --without-opengl
CONFIGURE_ARGS+= --enable-nice-only
.endif
+.if defined(WITH_BAD_PAM) && !defined(WITH_PAM)
+WITH_PAM= yes
+.endif
+
.if defined(WITH_PAM)
CONFIGURE_ARGS+= --enable-pam
.endif
+.if defined(WITH_NICE_ONLY)
+CONFIGURE_ARGS+= --enable-nice-only
+.endif
+
+.if defined(WITH_BLANK_ONLY)
+CONFIGURE_ARGS+= --enable-blank-only
+.endif
+
.if defined(WITH_MB)
-CONFIGURE_ARGS+= --enable-use_mb
+CONFIGURE_ARGS+= --enable-use-mb
.endif
.if defined(XLOCKMORE_LANG)
@@ -76,10 +97,22 @@ CONFIGURE_ENV+= XLOCKLIBS="${KRB5LIB} ${KRB4LIB} ${MESALIB}"
CONFIGURE_ARGS+= --disable-allow-root
.endif
-.if ${X_WINDOW_SYSTEM:L} != xfree86-3
+.if defined(WITH_PAM) && !defined (WITH_BAD_PAM)
+pre-extract:
+ @${ECHO}
+ @${ECHO} "You have enabled PAM support. If you want to authenticate against"
+ @${ECHO} "root only accessible PAM modules then define WITH_BAD_PAM=yes also."
+ @${ECHO} "For example, pam_unix requires root rights to access shadow passwords."
+ @${ECHO}
+.endif
+
post-configure:
+.if ${X_WINDOW_SYSTEM:L} != xfree86-3
${REINPLACE_CMD} -e 's/-lXdpms//g' ${WRKSRC}/modes/Makefile
.endif
+.if defined(WITH_BAD_PAM)
+ ${REINPLACE_CMD} -e 's|/\* #define BAD_PAM \*/|#define BAD_PAM|g' ${WRKSRC}/config.h
+.endif
PLIST_FILES= bin/xlock lib/X11/app-defaults/XLock
diff --git a/x11/xlockmore/files/patch-pam-passwd.c b/x11/xlockmore/files/patch-pam-passwd.c
new file mode 100644
index 000000000000..e2f4e4341ebe
--- /dev/null
+++ b/x11/xlockmore/files/patch-pam-passwd.c
@@ -0,0 +1,62 @@
+--- ../xlockmore-5.20.1.orig/xlock/passwd.c Mon Sep 26 17:11:20 2005
++++ xlock/passwd.c Mon Dec 12 15:04:31 2005
+@@ -304,6 +304,16 @@
+ reply = (struct pam_response *) malloc(sizeof (struct pam_response) *
+ num_msg);
+
++// reply[] members is not initialized!
++// As a result - abort trap when PAM tries to free reply structure
++// after PAM_ERROR_MSG processing.
++
++// So I just initialize reply here with default values and drop
++// initialization from code below (if code matches).
++
++ reply[replies].resp_retcode = PAM_SUCCESS; // be optimistic
++ reply[replies].resp = NULL;
++
+ if (!reply)
+ return PAM_CONV_ERR;
+
+@@ -325,7 +335,6 @@
+ }
+ else
+ {
+- reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = COPY_STRING(PAM_password);
+ }
+ #ifdef DEBUG
+@@ -340,11 +349,6 @@
+ {
+ PAM_putText( msg[replies], &reply[replies], False );
+ }
+- else
+- {
+- reply[replies].resp_retcode = PAM_SUCCESS;
+- reply[replies].resp = NULL;
+- }
+ #ifdef DEBUG
+ (void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" );
+ (void) printf( "Response is: (%s)\n, Return Code is: (%d)\n",
+@@ -357,11 +361,7 @@
+ {
+ PAM_putText( msg[replies], &reply[replies], False );
+ }
+- else
+- {
+- reply[replies].resp_retcode = PAM_SUCCESS;
+- reply[replies].resp = NULL;
+- }
++ /* PAM frees resp */
+ #ifdef DEBUG
+ (void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" );
+ (void) printf( "Response is: (%s)\n, Return Code is: (%d)\n",
+@@ -1205,8 +1205,7 @@
+ pam_error = pam_authenticate(pamh, 0);
+ if (pam_error != PAM_SUCCESS) {
+ if (!allowroot) {
+- pam_end(pamh, 0);
+- return False;
++ PAM_BAIL;
+ }
+
+ /* Try as root; bail if no success there either */
diff --git a/x11/xlockmore/files/patch-pam-xlock.c b/x11/xlockmore/files/patch-pam-xlock.c
new file mode 100644
index 000000000000..cd4df5f0f2dd
--- /dev/null
+++ b/x11/xlockmore/files/patch-pam-xlock.c
@@ -0,0 +1,17 @@
+--- ../xlockmore-5.20.1.orig/xlock/xlock.c Thu Oct 27 04:09:29 2005
++++ xlock/xlock.c Mon Dec 12 14:56:05 2005
+@@ -3316,7 +3316,14 @@
+ #ifdef USE_VTLOCK
+ if (!vtlock)
+ #endif
++#ifdef BAD_PAM
++ (void) seteuid(ruid);
++#else
+ (void) setuid(ruid);
++#endif
++// #ifdef BAD_PAM ... #endif above will be added to prevent xlock from
++// dropping privileges when using PAM modules, that needs root rights
++// (pam_unix e.g.)
+
+ #if 0
+ /* synchronize -- so I am aware of errors immediately */