diff options
| author | Edwin Groothuis <edwin@FreeBSD.org> | 2005-12-12 21:18:26 +0000 |
|---|---|---|
| committer | Edwin Groothuis <edwin@FreeBSD.org> | 2005-12-12 21:18:26 +0000 |
| commit | 5d5a063ca2e34665db3eb356db94ca1f3b26a653 (patch) | |
| tree | dc7bececce36d1da4966e5315b8f8bf38fc7a04a /x11 | |
| parent | b7fb262579536e259303c24dcbf4ac10c7a764be (diff) | |
| download | ports-5d5a063ca2e34665db3eb356db94ca1f3b26a653.tar.gz ports-5d5a063ca2e34665db3eb356db94ca1f3b26a653.zip | |
Notes
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/xlockmore/Makefile | 37 | ||||
| -rw-r--r-- | x11/xlockmore/files/patch-pam-passwd.c | 62 | ||||
| -rw-r--r-- | x11/xlockmore/files/patch-pam-xlock.c | 17 |
3 files changed, 114 insertions, 2 deletions
diff --git a/x11/xlockmore/Makefile b/x11/xlockmore/Makefile index f7681fbbda74..8185360b9f5e 100644 --- a/x11/xlockmore/Makefile +++ b/x11/xlockmore/Makefile @@ -35,6 +35,15 @@ USE_X_PREFIX= yes USE_XPM= yes MAN1= xlock.1 +OPTIONS=MESAGL "Enable Mesa 3D (for GL modes)" off \ + MB "Enable Xmb function series" off \ + SYSLOG "Enable syslog logging" off \ + DISABLE_ALLOW_ROOT "Allows users to turn off allowroot" off \ + NICE_ONLY "Enable only low cpu modes" off \ + BLANK_ONLY "Enable blank mode only (boring)" off \ + PAM "Enable PAM authentication support" off \ + BAD_PAM "Xlock will ask PAM with root rights" off + .include <bsd.port.pre.mk> .if ${ARCH} == amd64 @@ -54,12 +63,24 @@ CONFIGURE_ARGS+= --without-mesa --without-opengl CONFIGURE_ARGS+= --enable-nice-only .endif +.if defined(WITH_BAD_PAM) && !defined(WITH_PAM) +WITH_PAM= yes +.endif + .if defined(WITH_PAM) CONFIGURE_ARGS+= --enable-pam .endif +.if defined(WITH_NICE_ONLY) +CONFIGURE_ARGS+= --enable-nice-only +.endif + +.if defined(WITH_BLANK_ONLY) +CONFIGURE_ARGS+= --enable-blank-only +.endif + .if defined(WITH_MB) -CONFIGURE_ARGS+= --enable-use_mb +CONFIGURE_ARGS+= --enable-use-mb .endif .if defined(XLOCKMORE_LANG) @@ -76,10 +97,22 @@ CONFIGURE_ENV+= XLOCKLIBS="${KRB5LIB} ${KRB4LIB} ${MESALIB}" CONFIGURE_ARGS+= --disable-allow-root .endif -.if ${X_WINDOW_SYSTEM:L} != xfree86-3 +.if defined(WITH_PAM) && !defined (WITH_BAD_PAM) +pre-extract: + @${ECHO} + @${ECHO} "You have enabled PAM support. If you want to authenticate against" + @${ECHO} "root only accessible PAM modules then define WITH_BAD_PAM=yes also." + @${ECHO} "For example, pam_unix requires root rights to access shadow passwords." + @${ECHO} +.endif + post-configure: +.if ${X_WINDOW_SYSTEM:L} != xfree86-3 ${REINPLACE_CMD} -e 's/-lXdpms//g' ${WRKSRC}/modes/Makefile .endif +.if defined(WITH_BAD_PAM) + ${REINPLACE_CMD} -e 's|/\* #define BAD_PAM \*/|#define BAD_PAM|g' ${WRKSRC}/config.h +.endif PLIST_FILES= bin/xlock lib/X11/app-defaults/XLock diff --git a/x11/xlockmore/files/patch-pam-passwd.c b/x11/xlockmore/files/patch-pam-passwd.c new file mode 100644 index 000000000000..e2f4e4341ebe --- /dev/null +++ b/x11/xlockmore/files/patch-pam-passwd.c @@ -0,0 +1,62 @@ +--- ../xlockmore-5.20.1.orig/xlock/passwd.c Mon Sep 26 17:11:20 2005 ++++ xlock/passwd.c Mon Dec 12 15:04:31 2005 +@@ -304,6 +304,16 @@ + reply = (struct pam_response *) malloc(sizeof (struct pam_response) * + num_msg); + ++// reply[] members is not initialized! ++// As a result - abort trap when PAM tries to free reply structure ++// after PAM_ERROR_MSG processing. ++ ++// So I just initialize reply here with default values and drop ++// initialization from code below (if code matches). ++ ++ reply[replies].resp_retcode = PAM_SUCCESS; // be optimistic ++ reply[replies].resp = NULL; ++ + if (!reply) + return PAM_CONV_ERR; + +@@ -325,7 +335,6 @@ + } + else + { +- reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = COPY_STRING(PAM_password); + } + #ifdef DEBUG +@@ -340,11 +349,6 @@ + { + PAM_putText( msg[replies], &reply[replies], False ); + } +- else +- { +- reply[replies].resp_retcode = PAM_SUCCESS; +- reply[replies].resp = NULL; +- } + #ifdef DEBUG + (void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" ); + (void) printf( "Response is: (%s)\n, Return Code is: (%d)\n", +@@ -357,11 +361,7 @@ + { + PAM_putText( msg[replies], &reply[replies], False ); + } +- else +- { +- reply[replies].resp_retcode = PAM_SUCCESS; +- reply[replies].resp = NULL; +- } ++ /* PAM frees resp */ + #ifdef DEBUG + (void) printf( "Back From PAM_putText: PAM_PROMPT_ECHO_ON\n" ); + (void) printf( "Response is: (%s)\n, Return Code is: (%d)\n", +@@ -1205,8 +1205,7 @@ + pam_error = pam_authenticate(pamh, 0); + if (pam_error != PAM_SUCCESS) { + if (!allowroot) { +- pam_end(pamh, 0); +- return False; ++ PAM_BAIL; + } + + /* Try as root; bail if no success there either */ diff --git a/x11/xlockmore/files/patch-pam-xlock.c b/x11/xlockmore/files/patch-pam-xlock.c new file mode 100644 index 000000000000..cd4df5f0f2dd --- /dev/null +++ b/x11/xlockmore/files/patch-pam-xlock.c @@ -0,0 +1,17 @@ +--- ../xlockmore-5.20.1.orig/xlock/xlock.c Thu Oct 27 04:09:29 2005 ++++ xlock/xlock.c Mon Dec 12 14:56:05 2005 +@@ -3316,7 +3316,14 @@ + #ifdef USE_VTLOCK + if (!vtlock) + #endif ++#ifdef BAD_PAM ++ (void) seteuid(ruid); ++#else + (void) setuid(ruid); ++#endif ++// #ifdef BAD_PAM ... #endif above will be added to prevent xlock from ++// dropping privileges when using PAM modules, that needs root rights ++// (pam_unix e.g.) + + #if 0 + /* synchronize -- so I am aware of errors immediately */ |