head 1.4; access; symbols pkgsrc-2014Q1:1.3.0.90 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.88 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.86 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.84 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.82 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.80 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.78 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.76 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.74 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.72 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.70 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.68 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.66 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.64 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.62 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.60 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.58 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.56 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.54 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.52 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.50 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.48 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.46 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.44 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.42 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.40 pkgsrc-2008Q1:1.3.0.38 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.36 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.34 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.32 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.30 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.28 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.26 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.24 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.22 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.20 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.18 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.16 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.14 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.12 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.10 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.8 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.6 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.4 pkgsrc-2003Q4-base:1.3 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.2.0.8 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.2 netbsd-1-5-PATCH001:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.4 date 2014.06.10.13.54.30; author joerg; state dead; branches; next 1.3; commitid Bfz6AmAQXMitTYDx; 1.3 date 2002.12.23.21.23.59; author jlam; state Exp; branches; next 1.2; 1.2 date 2002.01.29.17.10.11; author jlam; state Exp; branches; next 1.1; 1.1 date 2000.10.21.18.41.54; author rh; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.10.21.18.41.54; author rh; state Exp; branches; next ; desc @@ 1.4 log @Remove outdated security/PAM. @ text @$NetBSD: patch-an,v 1.3 2002/12/23 21:23:59 jlam Exp $ --- modules/pam_mkhomedir/pam_mkhomedir.c.orig Fri Feb 8 00:20:17 2002 +++ modules/pam_mkhomedir/pam_mkhomedir.c @@@@ -34,6 +34,7 @@@@ #include #include #include +#include #include #include #include @ 1.3 log @Update security/PAM to 0.77. Changes from version 0.75 include: * Numerous bug fixes for most of the PAM modules, including several string length checks and fixes (update recommended!). * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been called * pam_unix: - don't zero out password strings during password changing function * pam_wheel: - feature: can use the module to provide wheel access to non-root accounts. * pam_limits: - added '%' domain for maxlogins limiting, now '*' and @@group have the old meaning (every) and '%' the new one (all) - handle negative priority limits (which can apply to the superuser too). * pam_userdb: - require that all of typed password matches that in database * pam_access: - added the 'fieldsep=' argument, made a PAM_RHOST of "" equivalent to NULL Incidentally, cups-1.1.18 will once again do PAM authentication using pam_unix.so if built against PAM-0.77. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update security/PAM to 0.75. Note that this release contains backwardly incompatible changes to libpam.so; prior versions were buggy so upgrading is highly recommended. Pkgsrc changes from version 0.72 include: * Honor ${PKG_SYSCONFDIR}: the config files are now found in /etc/pam.conf and /etc/pam/*.conf, or in the appropriate ${PKG_SYSCONFBASE} directory. * Convert to use the general INSTALL/DEINSTALL scripts. Changes from version 0.72 include: * bug fixes to almost every PAM module * pam_pwdb replaced with pam_unix * fixed a small security hole (more of a user confusion issue) with the unix and pwdb password helper binaries. * improved handling of the setcred/close_session and update chauthtok stack. *Warning* This is a backwardly incompatible change, but 'more sane' than before. (Bug 129775 - agmorgan) * added support for '/' symbols in pam_time and pam_group config files (support for modern terminal devices). Fixed infinite loop problem with '\\[^\n]' in these files. * added accessconf= feature to pam_access @ text @d3 5 a7 4 --- modules/pam_unix/pam_unix_acct.c.orig Wed Dec 20 00:15:05 2000 +++ modules/pam_unix/pam_unix_acct.c @@@@ -41,9 +41,12 @@@@ #include d9 1 a9 3 #include +#include #include d11 2 a12 78 +#ifndef BSD #include +#endif #include /* for time() */ #include @@@@ -72,7 +75,7 @@@@ const char *uname; int retval, daysleft; time_t curdays; - struct spwd *spent; + struct spwd *spent = NULL; struct passwd *pwent; char buf[80]; @@@@ -113,6 +116,9 @@@@ return PAM_CRED_INSUFFICIENT; } } +#ifdef BSD + spent = NULL; +#else spent = getspnam( uname ); if (save_uid == pwent->pw_uid) setreuid( save_uid, save_euid ); @@@@ -121,16 +127,42 @@@@ setreuid( save_uid, -1 ); setreuid( -1, save_euid ); } - +#endif } else if (!strcmp( pwent->pw_passwd, "x" )) { +#ifdef BSD + spent = NULL; +#else spent = getspnam(uname); +#endif } else { +#if (defined(BSD) && BSD >= 199306) + time_t now = time(NULL); + if (now > pwent->pw_expire) { + _log_err(LOG_NOTICE + ,"account %s has expired (account expired)" + ,uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + "Your account has expired; please contact your system administrator"); + D(("account expired")); + return PAM_ACCT_EXPIRED; + } + else if (now + _PASSWORD_WARNDAYS * 86400 > pwent->pw_expire) { + daysleft = (pwent->pw_expire - now) / 86400; + _log_err(LOG_DEBUG + ,"password for user %s will expire in %d days" + ,uname, daysleft); + snprintf(buf, 80, "Warning: your password will expire in %d day%.2s", + daysleft, daysleft == 1 ? "" : "s"); + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); + } +#endif return PAM_SUCCESS; } if (!spent) return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ +#ifndef BSD curdays = time(NULL) / (60 * 60 * 24); D(("today is %d, last change %d", curdays, spent->sp_lstchg)); if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) @@@@ -183,7 +215,7 @@@@ daysleft, daysleft == 1 ? "" : "s"); _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); } - +#endif D(("all done")); return PAM_SUCCESS; @ 1.1 log @Initial revision @ text @d3 1 a3 1 --- modules/pam_unix/pam_unix_acct.c.orig Sat Oct 21 12:49:02 2000 d5 1 a5 1 @@@@ -46,9 +46,12 @@@@ d17 2 a18 2 @@@@ -78,7 +81,7 @@@@ d27 1 a27 1 @@@@ -119,6 +122,9 @@@@ d37 1 a37 1 @@@@ -127,16 +133,42 @@@@ d81 1 a81 1 @@@@ -189,7 +221,7 @@@@ @ 1.1.1.1 log @Initial import of PAM-0.72, a pluggable authentication module mechanism @ text @@