Submitted By: DJ Lucas Date: 2005-11-19 Initial Package Version: 1.1rc4 Origin: Thorsten Happel See http://archive.linuxfromscratch.org/mail-archives/blfs-dev/2005-November/012106.html Description: This patch removes the need for PAM headers by removing the functions that use PAM. Updated for 2.0.0. Upstream Status: Not Required --- OOo_2.0.0rc3_src/config_office/configure.orig 2005-11-19 15:59:12.000000000 +0100 +++ OOo_2.0.0rc3_src/config_office/configure 2005-11-19 16:03:03.000000000 +0100 @@ -5398,245 +5398,6 @@ fi -if test "$_os" = "Linux" -o "$_os" = "FreeBSD" -o "$_os" = "GNU"; then - if test "${ac_cv_header_security_pam_appl_h+set}" = set; then - echo "$as_me:$LINENO: checking for security/pam_appl.h" >&5 -echo $ECHO_N "checking for security/pam_appl.h... $ECHO_C" >&6 -if test "${ac_cv_header_security_pam_appl_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -echo "$as_me:$LINENO: result: $ac_cv_header_security_pam_appl_h" >&5 -echo "${ECHO_T}$ac_cv_header_security_pam_appl_h" >&6 -else - # Is the header compilable? -echo "$as_me:$LINENO: checking security/pam_appl.h usability" >&5 -echo $ECHO_N "checking security/pam_appl.h usability... $ECHO_C" >&6 -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" - || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -ac_header_compiler=no -fi -rm -f conftest.err conftest.$ac_objext conftest.$ac_ext -echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6 - -# Is the header present? -echo "$as_me:$LINENO: checking security/pam_appl.h presence" >&5 -echo $ECHO_N "checking security/pam_appl.h presence... $ECHO_C" >&6 -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 - (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null; then - if test -s conftest.err; then - ac_cpp_err=$ac_c_preproc_warn_flag - ac_cpp_err=$ac_cpp_err$ac_c_werror_flag - else - ac_cpp_err= - fi -else - ac_cpp_err=yes -fi -if test -z "$ac_cpp_err"; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi -rm -f conftest.err conftest.$ac_ext -echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6 - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: security/pam_appl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: security/pam_appl.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: security/pam_appl.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: security/pam_appl.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: security/pam_appl.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: security/pam_appl.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: security/pam_appl.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: security/pam_appl.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: security/pam_appl.h: in the future, the compiler will take precedence" >&2;} - ( - cat <<\_ASBOX -## ------------------------------------------ ## -## Report this to the AC_PACKAGE_NAME lists. ## -## ------------------------------------------ ## -_ASBOX - ) | - sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -echo "$as_me:$LINENO: checking for security/pam_appl.h" >&5 -echo $ECHO_N "checking for security/pam_appl.h... $ECHO_C" >&6 -if test "${ac_cv_header_security_pam_appl_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_security_pam_appl_h=$ac_header_preproc -fi -echo "$as_me:$LINENO: result: $ac_cv_header_security_pam_appl_h" >&5 -echo "${ECHO_T}$ac_cv_header_security_pam_appl_h" >&6 - -fi -if test $ac_cv_header_security_pam_appl_h = yes; then - : -else - { { echo "$as_me:$LINENO: error: pam_appl.h could not be found. libpam-dev or pam-devel missing?" >&5 -echo "$as_me: error: pam_appl.h could not be found. libpam-dev or pam-devel missing?" >&2;} - { (exit 1); exit 1; }; } -fi - - - echo "$as_me:$LINENO: checking whether to link to libpam" >&5 -echo $ECHO_N "checking whether to link to libpam... $ECHO_C" >&6 - if test -n "$enable_pam_link"; then - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - PAM_LINK=YES - -echo "$as_me:$LINENO: checking for pam_start in -lpam" >&5 -echo $ECHO_N "checking for pam_start in -lpam... $ECHO_C" >&6 -if test "${ac_cv_lib_pam_pam_start+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lpam $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char pam_start (); -int -main () -{ -pam_start (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -z "$ac_c_werror_flag" - || test ! -s conftest.err' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_pam_pam_start=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -ac_cv_lib_pam_pam_start=no -fi -rm -f conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -echo "$as_me:$LINENO: result: $ac_cv_lib_pam_pam_start" >&5 -echo "${ECHO_T}$ac_cv_lib_pam_pam_start" >&6 -if test $ac_cv_lib_pam_pam_start = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBPAM 1 -_ACEOF - - LIBS="-lpam $LIBS" - -else - { { echo "$as_me:$LINENO: error: libpam not found or functional" >&5 -echo "$as_me: error: libpam not found or functional" >&2;} - { (exit 1); exit 1; }; } -fi - - else - echo "$as_me:$LINENO: result: no, dynamically open it" >&5 -echo "${ECHO_T}no, dynamically open it" >&6 - PAM_LINK=NO - fi -fi - - if test "$_os" = "Linux"; then echo "$as_me:$LINENO: checking whether to link to libcrypt" >&5 echo $ECHO_N "checking whether to link to libcrypt... $ECHO_C" >&6 --- OOo_2.0.0rc2_src_orig/sal/osl/unx/security.c 2005-09-08 17:00:23.000000000 +0200 +++ OOo_2.0.0rc2_src/sal/osl/unx/security.c 2005-10-16 22:34:49.000000000 +0200 @@ -111,8 +111,6 @@ * */ -#include - typedef struct { char* name; char* password; @@ -121,10 +119,10 @@ typedef struct { int (*pam_start)(const char *service_name, const char *user, const struct pam_conv *pam_conversation, - pam_handle_t **pamh); - int (*pam_end) (pam_handle_t *pamh, int pam_status); - int (*pam_authenticate) (pam_handle_t *pamh, int flags); - int (*pam_acct_mgmt) (pam_handle_t *pamh, int flags); + void **pamh); + int (*pam_end) (void *pamh, int pam_status); + int (*pam_authenticate) (void *pamh, int flags); + int (*pam_acct_mgmt) (void *pamh, int flags); } sal_PamModule; /* @@ -142,69 +140,7 @@ osl_PamConversation (int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr) { - int i; - sal_Bool error; - sal_PamData *pam_data; - struct pam_response *p_reply; - - /* resource initialization */ - pam_data = (sal_PamData*) appdata_ptr; - p_reply = (struct pam_response *) calloc( num_msg, - sizeof(struct pam_response)); - if ( p_reply == NULL || pam_data == NULL ) - { - if ( p_reply != NULL ) - free ( p_reply ); - *response = NULL; - return PAM_CONV_ERR; - } - - /* pseudo dialog */ - error = sal_False; - for ( i = 0; i < num_msg ; i++ ) - { - switch ( msgm[ i ]->msg_style ) - { - case PAM_PROMPT_ECHO_OFF: - p_reply[ i ].resp_retcode = 0; - p_reply[ i ].resp = strdup( pam_data->password ); - break; - case PAM_PROMPT_ECHO_ON: - p_reply[ i ].resp_retcode = 0; - p_reply[ i ].resp = strdup( pam_data->name ); - break; - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - case PAM_BINARY_PROMPT: - case PAM_BINARY_MSG: - p_reply[ i ].resp_retcode = 0; - p_reply[ i ].resp = NULL; - break; - default: - error = sal_True; - break; - } - } - - /* free resources on error */ - if ( error ) - { - for ( i = 0; i < num_msg ; i++ ) - if ( p_reply[ i ].resp ) - { - memset ( p_reply[ i ].resp, 0, - strlen( p_reply[ i ].resp ) ); - free ( p_reply[ i ].resp ); - } - free ( p_reply ); - - *response = NULL; - return PAM_CONV_ERR; - } - - /* well done */ - *response = p_reply; - return PAM_SUCCESS; + return -1; } #ifndef PAM_LINK @@ -218,45 +154,6 @@ static sal_PamModule* osl_getPAM() { static sal_PamModule *pam_module = NULL; - static sal_Bool load_once = sal_False; - - if ( !load_once ) - { - /* get library-handle. cannot use osl-module, since - RTLD_GLOBAL is required for PAM-0.64 RH 5.2 - (but not for PAM-0.66 RH 6.0) */ - void *pam_hdl; - - pam_hdl = dlopen( "libpam.so.0", RTLD_GLOBAL | RTLD_LAZY ); - - if ( pam_hdl != NULL ) - pam_module = (sal_PamModule*)calloc( 1, sizeof(sal_PamModule) ); - - /* load functions */ - if ( pam_module != NULL ) - { - pam_module->pam_acct_mgmt = (int (*)(pam_handle_t *, int)) dlsym ( pam_hdl, "pam_acct_mgmt" ); - pam_module->pam_authenticate - = (int (*)(pam_handle_t *, int)) dlsym ( pam_hdl, "pam_authenticate" ); - pam_module->pam_end = (int (*)(pam_handle_t *, int)) dlsym ( pam_hdl, "pam_end" ); - pam_module->pam_start = (int (*)(const char *, const char *, const struct pam_conv *, pam_handle_t **)) dlsym ( pam_hdl, "pam_start" ); - - /* free resources, if not completely successful */ - if ( (pam_module->pam_start == NULL) - || (pam_module->pam_end == NULL) - || (pam_module->pam_authenticate == NULL) - || (pam_module->pam_acct_mgmt == NULL) ) - { - free( pam_module ); - pam_module = NULL; - dlclose( pam_hdl ); - } - } - - /* never try again */ - load_once = sal_True; - } - return pam_module; } #endif @@ -269,53 +166,6 @@ osl_PamAuthentification( const sal_Char* name, const sal_Char* password ) { sal_Bool success = sal_False; - -#ifndef PAM_LINK - sal_PamModule* pam_module; - - pam_module = osl_getPAM(); - if ( pam_module != NULL ) - { -#endif - pam_handle_t *pam_handle = NULL; - struct pam_conv pam_conversation; - sal_PamData pam_data; - - int return_value; - - pam_data.name = (char*) name; - pam_data.password = (char*) password; - - pam_conversation.conv = osl_PamConversation; - pam_conversation.appdata_ptr = (void*)(&pam_data); - -#ifndef PAM_LINK - return_value = pam_module->pam_start( "su", name, - &pam_conversation, &pam_handle); -#else - return_value = pam_start( "su", name, - &pam_conversation, &pam_handle); -#endif - if (return_value == PAM_SUCCESS ) -#ifndef PAM_LINK - return_value = pam_module->pam_authenticate(pam_handle, 0); -#else - return_value = pam_authenticate(pam_handle, 0); -#endif - if (return_value == PAM_SUCCESS ) -#ifndef PAM_LINK - return_value = pam_module->pam_acct_mgmt(pam_handle, 0); - pam_module->pam_end( pam_handle, return_value ); -#else - return_value = pam_acct_mgmt(pam_handle, 0); - pam_end( pam_handle, return_value ); -#endif - - success = (sal_Bool)(return_value == PAM_SUCCESS); -#ifndef PAM_LINK - } -#endif - return success; }