Bug#36158: marked as done (pam support for cucipop)

3 Jul 1999 01:06:17 -0000 

Your message dated Sat, 3 Jul 1999 10:57:15 +1000
with message-id <[EMAIL PROTECTED]>
and subject line [EMAIL PROTECTED]: Installed cucipop 1.31-8 (source i386)]
has caused the attached bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Ian Jackson
(administrator, Debian bugs database)

Received: (at submit) by bugs.debian.org; 15 Apr 1999 21:00:20 +0000
Received: (qmail 7762 invoked from network); 15 Apr 1999 21:00:20 -0000
Received: from giant.larc.nasa.gov (128.155.4.97)
  by master.debian.org with SMTP; 15 Apr 1999 21:00:20 -0000
Received: from bmc by giant.larc.nasa.gov with local (Exim 2.05 #1 (Debian))
        id 10XtBj-0000Pu-00; Thu, 15 Apr 1999 16:56:43 -0400
Date: Thu, 15 Apr 1999 16:56:43 -0400
From: Ben Collins <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: pam support for cucipop
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="HcAYCG3uE/tztfnV"
X-Mailer: Mutt 0.95.4i
Sender: Ben Collins <[EMAIL PROTECTED]>


--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii

Package: cucipop
Severity: wishlist

Attached is a patch for cucipop 1.31 to add PAM authentication
support. This applies directly over the debian source package,
includes needed additions to debian/{rules,dirs,conffile} as well
as a /etc/pam.d/cucipop file (placed as debian/pam.d after patching)

Thanks

--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="cucipop-1.31+pam.diff"

diff -urN cucipop-1.31/Makefile cucipop-1.31+pam/Makefile
--- cucipop-1.31/Makefile       Tue May 12 17:09:14 1998
+++ cucipop-1.31+pam/Makefile   Thu Apr 15 16:24:31 1999
@@ -10,8 +10,8 @@
 # Omit USE_DB if you don't have the -ldb2 library (Berkeley DB, v2.x)
 # WARNING: bulletins are not remembered to have been deleted without USE_DB
 
-CFLAGS = -O -DUSE_DB #$(GCC_WARNINGS)
-LDFLAGS = -lcrypt -ldb2
+CFLAGS = -O -DUSE_DB -DUSE_PAM #$(GCC_WARNINGS)
+LDFLAGS = -lcrypt -ldb2 -lpam
 
 # If you change this, edit config.h as well
 CUCIPOPLIB=/var/lib/cucipop
@@ -32,7 +32,7 @@
 MD5_OBJ=md5/md5c.$(O)
 
 OBJS=cucipop.$(O) authenticate.$(O) atotime.$(O) locking.$(O) xcreat.$(O) \
-       dbops.$(O) hsort.$(O) simplecrypt.$(O) $(MD5_OBJ)
+       dbops.$(O) hsort.$(O) simplecrypt.$(O) pam.$(O) $(MD5_OBJ)
 
 BINS=cucipop makevpopdb
 
diff -urN cucipop-1.31/authenticate.c cucipop-1.31+pam/authenticate.c
--- cucipop-1.31/authenticate.c Wed May 13 12:57:39 1998
+++ cucipop-1.31+pam/authenticate.c     Thu Apr 15 14:29:42 1999
@@ -72,7 +72,11 @@
 
 char*auth_logname;
 
+#ifndef USE_PAM 
 static auth_identity authi;                  /* reuse copy, only one active */
+#else
+struct auth_identity authi;
+#endif
 
 static void castlower(str)register char*str;   /* and I'll take the low road */
 { for(;*str;str++)
@@ -183,6 +187,9 @@
 }
 
 #ifndef PROCMAIL
+#ifdef USE_PAM
+extern int auth_checkpassword(const struct auth_identity*const, const 
char*const, const int);
+#else
 int auth_checkpassword(pass,pw,allowemptypw)const auth_identity*const pass;
  const char*const pw;const int allowemptypw;
 { const char*rpw;
@@ -197,6 +204,7 @@
      return allowemptypw;                          /* should we allow this? */
   return !strcmp(rpw,crypt(pw,rpw));               /* compare the passwords */
 }
+#endif /* USE_PAM */
 
 const char*auth_getsecret(pass)const auth_identity*const pass;
 { return authi.usersecret;
diff -urN cucipop-1.31/debian/conffiles cucipop-1.31+pam/debian/conffiles
--- cucipop-1.31/debian/conffiles       Thu Apr 15 16:49:54 1999
+++ cucipop-1.31+pam/debian/conffiles   Thu Apr 15 16:45:58 1999
@@ -1 +1,2 @@
 /etc/init.d/cucipop
+/etc/pam.d/cucipop
diff -urN cucipop-1.31/debian/dirs cucipop-1.31+pam/debian/dirs
--- cucipop-1.31/debian/dirs    Thu Apr 15 16:49:54 1999
+++ cucipop-1.31+pam/debian/dirs        Thu Apr 15 16:45:44 1999
@@ -1,4 +1,5 @@
 etc/init.d
+etc/pam.d
 usr/sbin
 usr/doc/cucipop
 var/lib/cucipop/bulletins
diff -urN cucipop-1.31/debian/pam.d cucipop-1.31+pam/debian/pam.d
--- cucipop-1.31/debian/pam.d   Wed Dec 31 19:00:00 1969
+++ cucipop-1.31+pam/debian/pam.d       Thu Apr 15 16:44:26 1999
@@ -0,0 +1,6 @@
+#
+# /etc/pam.d/cucipop
+#
+
+auth     required       pam_unix_auth.so
+account  required       pam_unix_acct.so
diff -urN cucipop-1.31/debian/rules cucipop-1.31+pam/debian/rules
--- cucipop-1.31/debian/rules   Thu Apr 15 16:49:54 1999
+++ cucipop-1.31+pam/debian/rules       Thu Apr 15 16:45:34 1999
@@ -33,6 +33,7 @@
        dh_installdocs FEATURES README INSTALL
        dh_installchangelogs HISTORY
        install cucipop makevpopdb debian/tmp/usr/sbin/.
+       install -m 644 debian/pam.d debian/tmp/etc/pam.d/cucipop
        dh_installmanpages
        dh_compress
        chown root.mail debian/tmp/usr/sbin/cucipop*
diff -urN cucipop-1.31/pam.c cucipop-1.31+pam/pam.c
--- cucipop-1.31/pam.c  Wed Dec 31 19:00:00 1969
+++ cucipop-1.31+pam/pam.c      Thu Apr 15 16:42:32 1999
@@ -0,0 +1,167 @@
+/*
+ * Copyright 1999 By Ben Collins <[EMAIL PROTECTED]>
+ *
+ * Modifiable and distributable under the terms of the GPL
+ *
+ * Modifications for PAM support in cucipop
+ */
+
+#ifdef USE_PAM
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <security/pam_appl.h>
+#include <pwd.h>
+
+#define PASSWDLEN 8
+
+struct auth_identity
+  {
+      const struct passwd *pw;
+      char *mbox, *usersecret;
+      int sock;
+  };
+extern struct auth_identity authi;
+
+/*
+ * Static variables used to communicate between the conversation function
+ * and the login function
+ */
+static char *PAM_username;
+static char *PAM_password;
+static int PAM_error = 0;
+
+/* Safe strdup(), never tries to copy NULL -- Ben Collins */
+char *
+my_strdup (char *string)
+{
+    if (string != NULL)
+       return (char *) strdup (string);
+    else
+       return NULL;
+}
+
+/* Safe free(), never tries to free NULL, plus set's NULL after free()'ing.
+ * This should never double-free. -- Ben Collins */
+#define my_free(s) xmy_free((void **)&s)
+void
+xmy_free (void **ptr)
+{
+    if (*ptr != NULL)
+      {
+         free (*ptr);
+         *ptr = NULL;
+      }
+}
+
+/*
+ * PAM conversation function
+ * Here we assume (for now, at least) that echo on means login name, and
+ * echo off means password. (taken from netatalk)
+ */
+static int
+PAM_conv (int num_msg,
+         const struct pam_message **msg,
+         struct pam_response **resp,
+         void *appdata_ptr)
+{
+    int count = 0;
+    struct pam_response *reply;
+
+    if (num_msg < 1)
+       return PAM_CONV_ERR;
+
+    reply = (struct pam_response *)
+       calloc (num_msg, sizeof (struct pam_response));
+
+    if (!reply)
+       return PAM_CONV_ERR;
+
+    for (count = 0; count < num_msg; count++)
+      {
+         char *string = NULL;
+
+         switch (msg[count]->msg_style)
+           {
+           case PAM_PROMPT_ECHO_ON:
+               if ((string = my_strdup (PAM_username)) == NULL)
+                   goto pam_fail_conv;
+               break;
+           case PAM_PROMPT_ECHO_OFF:
+               if ((string = my_strdup (PAM_password)) == NULL)
+                   goto pam_fail_conv;
+               break;
+           case PAM_TEXT_INFO:
+               /* ignore it... */
+               break;
+           case PAM_ERROR_MSG:
+           default:
+               goto pam_fail_conv;
+           }
+
+         if (string)
+           {
+               reply[count].resp_retcode = 0;
+               reply[count].resp = string;
+           }
+      }
+
+    *resp = reply;
+    return PAM_SUCCESS;
+
+  pam_fail_conv:
+    for (count = 0; count < num_msg; count++)
+      {
+         switch (msg[count]->msg_style)
+           {
+           case PAM_PROMPT_ECHO_ON:
+           case PAM_PROMPT_ECHO_OFF:
+               if (reply[count].resp)
+                 {
+                     memset (reply[count].resp, 0, PASSWDLEN);
+                     my_free (reply[count].resp);
+                 }
+               break;
+           }
+      }
+    my_free (reply);
+    return PAM_CONV_ERR;
+}
+
+static struct pam_conv PAM_conversation =
+{
+    &PAM_conv,
+    NULL
+};
+
+pam_handle_t *pamh = NULL;     /* We need this global so we can do
+                                  pam_end() elsewhere if needed */
+
+/* We ignore 'allowemptypw' since that is something PAM can handle itself */
+int
+auth_checkpassword (const struct auth_identity *const pass, const char *const 
pw,
+                   const int allowemptypw)
+{
+    int retval;
+    char *user;
+
+    PAM_username = pass->pw->pw_name;
+    PAM_password = pw;
+
+    retval = pam_start ("cucipop", PAM_username, &PAM_conversation, &pamh);
+
+    if (retval == PAM_SUCCESS)
+       retval = pam_authenticate (pamh, 0);
+
+    if (retval == PAM_SUCCESS)
+       retval = pam_acct_mgmt (pamh, 0);
+
+    (void) pam_end (pamh, retval);
+
+    if (retval == PAM_SUCCESS)
+         return (1);
+    else
+         return (0);
+}
+
+#endif /* USE_PAM */

--HcAYCG3uE/tztfnV--

Reply via email to