github-personal/ports
1
0
Fork 0
mirror of https://github.com/outbackdingo/ports.git synced 2026-01-27 10:20:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

linux-pam: hashing algorithm changed from SHA512 to yescrypt

Browse Source
This commit is contained in:
Luis
2023-10-22 12:37:03 +00:00
parent 341cea87f9
commit 899f3bf1b3
6 changed files with 353 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
testing/linux-pam/.checksums Normal file
View File

@@ -0,0 +1,3 @@
a913bd5fbf9edeafaacf3eb1eb86fd83 linux-pam-1.5.3.tar.xz
6e6c8719e5989d976a14610f340bd33a other
d16d449133538e9247ee9ab7e7d19ee0 system-auth

202
testing/linux-pam/.pkgfiles Normal file
View File

@@ -0,0 +1,202 @@
linux-pam-1.5.3-2
drwxr-xr-x root/root etc/
-rw-r--r-- root/root etc/environment
drwxr-xr-x root/root etc/pam.d/
-rw-r--r-- root/root etc/pam.d/other
-rw-r--r-- root/root etc/pam.d/system-auth
drwxr-xr-x root/root etc/security/
-rw-r--r-- root/root etc/security/access.conf
-rw-r--r-- root/root etc/security/faillock.conf
-rw-r--r-- root/root etc/security/group.conf
-rw-r--r-- root/root etc/security/limits.conf
drwxr-xr-x root/root etc/security/limits.d/
-rw-r--r-- root/root etc/security/namespace.conf
drwxr-xr-x root/root etc/security/namespace.d/
-rwxr-xr-x root/root etc/security/namespace.init
-rw-r--r-- root/root etc/security/pam_env.conf
-rw-r--r-- root/root etc/security/pwhistory.conf
-rw-r--r-- root/root etc/security/time.conf
drwxr-xr-x root/root lib/
lrwxrwxrwx root/root lib/libpam.so.0 -> libpam.so.0.85.1
-rwxr-xr-x root/root lib/libpam.so.0.85.1
lrwxrwxrwx root/root lib/libpam_misc.so.0 -> libpam_misc.so.0.82.1
-rwxr-xr-x root/root lib/libpam_misc.so.0.82.1
lrwxrwxrwx root/root lib/libpamc.so.0 -> libpamc.so.0.82.1
-rwxr-xr-x root/root lib/libpamc.so.0.82.1
drwxr-xr-x root/root lib/security/
-rwxr-xr-x root/root lib/security/pam_access.so
-rwxr-xr-x root/root lib/security/pam_debug.so
-rwxr-xr-x root/root lib/security/pam_deny.so
-rwxr-xr-x root/root lib/security/pam_echo.so
-rwxr-xr-x root/root lib/security/pam_env.so
-rwxr-xr-x root/root lib/security/pam_exec.so
-rwxr-xr-x root/root lib/security/pam_faildelay.so
-rwxr-xr-x root/root lib/security/pam_faillock.so
-rwxr-xr-x root/root lib/security/pam_filter.so
drwxr-xr-x root/root lib/security/pam_filter/
-rwxr-xr-x root/root lib/security/pam_filter/upperLOWER
-rwxr-xr-x root/root lib/security/pam_ftp.so
-rwxr-xr-x root/root lib/security/pam_group.so
-rwxr-xr-x root/root lib/security/pam_issue.so
-rwxr-xr-x root/root lib/security/pam_keyinit.so
-rwxr-xr-x root/root lib/security/pam_limits.so
-rwxr-xr-x root/root lib/security/pam_listfile.so
-rwxr-xr-x root/root lib/security/pam_localuser.so
-rwxr-xr-x root/root lib/security/pam_loginuid.so
-rwxr-xr-x root/root lib/security/pam_mail.so
-rwxr-xr-x root/root lib/security/pam_mkhomedir.so
-rwxr-xr-x root/root lib/security/pam_motd.so
-rwxr-xr-x root/root lib/security/pam_namespace.so
-rwxr-xr-x root/root lib/security/pam_nologin.so
-rwxr-xr-x root/root lib/security/pam_permit.so
-rwxr-xr-x root/root lib/security/pam_pwhistory.so
-rwxr-xr-x root/root lib/security/pam_rhosts.so
-rwxr-xr-x root/root lib/security/pam_rootok.so
-rwxr-xr-x root/root lib/security/pam_securetty.so
-rwxr-xr-x root/root lib/security/pam_setquota.so
-rwxr-xr-x root/root lib/security/pam_shells.so
-rwxr-xr-x root/root lib/security/pam_stress.so
-rwxr-xr-x root/root lib/security/pam_succeed_if.so
-rwxr-xr-x root/root lib/security/pam_time.so
-rwxr-xr-x root/root lib/security/pam_timestamp.so
-rwxr-xr-x root/root lib/security/pam_umask.so
-rwxr-xr-x root/root lib/security/pam_unix.so
-rwxr-xr-x root/root lib/security/pam_usertype.so
-rwxr-xr-x root/root lib/security/pam_warn.so
-rwxr-xr-x root/root lib/security/pam_wheel.so
-rwxr-xr-x root/root lib/security/pam_xauth.so
drwxr-xr-x root/root sbin/
-rwxr-xr-x root/root sbin/faillock
-rwxr-xr-x root/root sbin/mkhomedir_helper
-rwxr-xr-x root/root sbin/pam_namespace_helper
-rwxr-xr-x root/root sbin/pam_timestamp_check
-rwxr-xr-x root/root sbin/pwhistory_helper
-rwsr-xr-x root/root sbin/unix_chkpwd
-rwxr-xr-x root/root sbin/unix_update
drwxr-xr-x root/root usr/
drwxr-xr-x root/root usr/include/
drwxr-xr-x root/root usr/include/security/
-rw-r--r-- root/root usr/include/security/_pam_compat.h
-rw-r--r-- root/root usr/include/security/_pam_macros.h
-rw-r--r-- root/root usr/include/security/_pam_types.h
-rw-r--r-- root/root usr/include/security/pam_appl.h
-rw-r--r-- root/root usr/include/security/pam_client.h
-rw-r--r-- root/root usr/include/security/pam_ext.h
-rw-r--r-- root/root usr/include/security/pam_filter.h
-rw-r--r-- root/root usr/include/security/pam_misc.h
-rw-r--r-- root/root usr/include/security/pam_modules.h
-rw-r--r-- root/root usr/include/security/pam_modutil.h
drwxr-xr-x root/root usr/lib/
lrwxrwxrwx root/root usr/lib/libpam.so -> ../../lib/libpam.so.0.85.1
lrwxrwxrwx root/root usr/lib/libpam_misc.so -> ../../lib/libpam_misc.so.0.82.1
lrwxrwxrwx root/root usr/lib/libpamc.so -> ../../lib/libpamc.so.0.82.1
drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/pam.pc
-rw-r--r-- root/root usr/lib/pkgconfig/pam_misc.pc
-rw-r--r-- root/root usr/lib/pkgconfig/pamc.pc
drwxr-xr-x root/root usr/share/
drwxr-xr-x root/root usr/share/man/
drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/misc_conv.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_acct_mgmt.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_authenticate.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_chauthtok.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_close_session.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_conv.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_end.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_error.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_fail_delay.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_get_authtok.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_get_authtok_noverify.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_get_authtok_verify.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_get_data.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_get_item.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_get_user.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_getenv.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_getenvlist.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_info.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_misc_drop_env.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_misc_paste_env.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_misc_setenv.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_open_session.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_prompt.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_putenv.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_set_data.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_set_item.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_setcred.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_sm_acct_mgmt.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_sm_authenticate.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_sm_chauthtok.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_sm_close_session.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_sm_open_session.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_sm_setcred.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_start.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_strerror.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_syslog.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_verror.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_vinfo.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_vprompt.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_vsyslog.3.gz
-rw-r--r-- root/root usr/share/man/man3/pam_xauth_data.3.gz
drwxr-xr-x root/root usr/share/man/man5/
-rw-r--r-- root/root usr/share/man/man5/access.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/environment.5.gz
-rw-r--r-- root/root usr/share/man/man5/faillock.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/group.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/limits.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/namespace.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/pam.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/pam.d.5.gz
-rw-r--r-- root/root usr/share/man/man5/pam_env.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/pwhistory.conf.5.gz
-rw-r--r-- root/root usr/share/man/man5/time.conf.5.gz
drwxr-xr-x root/root usr/share/man/man8/
-rw-r--r-- root/root usr/share/man/man8/PAM.8.gz
-rw-r--r-- root/root usr/share/man/man8/faillock.8.gz
-rw-r--r-- root/root usr/share/man/man8/mkhomedir_helper.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_access.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_debug.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_deny.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_echo.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_env.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_exec.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_faildelay.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_faillock.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_filter.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_ftp.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_group.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_issue.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_keyinit.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_limits.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_listfile.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_localuser.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_loginuid.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_mail.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_mkhomedir.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_motd.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_namespace.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_namespace_helper.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_nologin.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_permit.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_pwhistory.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_rhosts.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_rootok.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_securetty.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_setquota.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_shells.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_stress.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_succeed_if.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_time.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_timestamp.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_timestamp_check.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_umask.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_unix.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_usertype.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_warn.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_wheel.8.gz
-rw-r--r-- root/root usr/share/man/man8/pam_xauth.8.gz
-rw-r--r-- root/root usr/share/man/man8/pwhistory_helper.8.gz
-rw-r--r-- root/root usr/share/man/man8/unix_chkpwd.8.gz
-rw-r--r-- root/root usr/share/man/man8/unix_update.8.gz

90
testing/linux-pam/musl.patch Executable file
View File

@@ -0,0 +1,90 @@
diff -ruN Linux-PAM-1.3.1-orig/modules/pam_exec/pam_exec.c Linux-PAM-1.3.1/modules/pam_exec/pam_exec.c
--- Linux-PAM-1.3.1-orig/modules/pam_exec/pam_exec.c 2017-02-10 19:10:15.000000000 +0900
+++ Linux-PAM-1.3.1/modules/pam_exec/pam_exec.c 2019-06-12 01:48:32.254297617 +0900
@@ -103,11 +103,14 @@
int optargc;
const char *logfile = NULL;
const char *authtok = NULL;
+ char authtok_buf[PAM_MAX_RESP_SIZE+1];
+
pid_t pid;
int fds[2];
int stdout_fds[2];
FILE *stdout_file = NULL;
+ memset(authtok_buf, 0, sizeof(authtok_buf));
if (argc < 1) {
pam_syslog (pamh, LOG_ERR,
"This module needs at least one argument");
@@ -180,12 +183,12 @@
if (resp)
{
pam_set_item (pamh, PAM_AUTHTOK, resp);
- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
+ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
_pam_drop (resp);
}
}
else
- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
+ authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));
if (pipe(fds) != 0)
{
diff -ruN Linux-PAM-1.3.1-orig/modules/pam_lastlog/pam_lastlog.c Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c
--- Linux-PAM-1.3.1-orig/modules/pam_lastlog/pam_lastlog.c 2017-02-10 19:10:15.000000000 +0900
+++ Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c 2019-06-12 01:45:31.750401266 +0900
@@ -26,6 +26,7 @@
#include <sys/types.h>
#include <syslog.h>
#include <unistd.h>
+#include <paths.h>
#if defined(hpux) || defined(sunos) || defined(solaris)
# ifndef _PATH_LASTLOG
@@ -403,7 +404,9 @@
if (announce & LASTLOG_WTMP) {
/* write wtmp entry for user */
+#ifdef HAVE_LOGWTMP
logwtmp(last_login.ll_line, user, remote_host);
+#endif
}
/* cleanup */
@@ -714,7 +717,9 @@
terminal_line = get_tty(pamh);
/* Wipe out utmp logout entry */
+#ifdef HAVE_LOGWTMP
logwtmp(terminal_line, "", "");
+#endif
return PAM_SUCCESS;
}
diff -ruN Linux-PAM-1.3.1-orig/modules/pam_rhosts/pam_rhosts.c Linux-PAM-1.3.1/modules/pam_rhosts/pam_rhosts.c
--- Linux-PAM-1.3.1-orig/modules/pam_rhosts/pam_rhosts.c 2017-02-10 19:10:15.000000000 +0900
+++ Linux-PAM-1.3.1/modules/pam_rhosts/pam_rhosts.c 2019-06-12 01:46:16.469383082 +0900
@@ -112,8 +112,10 @@
#ifdef HAVE_RUSEROK_AF
retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
-#else
+#elif HAVE_RUSEROK
retval = ruserok (rhost, as_root, ruser, luser);
+#else
+ retval = 1;
#endif
if (retval != 0) {
if (!opt_silent || opt_debug)
diff -ruN Linux-PAM-1.3.1-orig/modules/pam_unix/pam_unix_acct.c Linux-PAM-1.3.1/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.3.1-orig/modules/pam_unix/pam_unix_acct.c 2017-02-10 19:10:15.000000000 +0900
+++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix_acct.c 2019-06-12 01:46:48.168661988 +0900
@@ -48,6 +48,7 @@
#include <time.h> /* for time() */
#include <errno.h>
#include <sys/wait.h>
+#include <sys/resource.h> /* for RLIMIT_NOFILE */
#include <security/_pam_macros.h>

5
testing/linux-pam/other Executable file
View File

@@ -0,0 +1,5 @@
#%PAM-1.0
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so

36
testing/linux-pam/spkgbuild Executable file
View File

@@ -0,0 +1,36 @@
# description : Pluggable Authentication Modules used to enable the local system administrator to choose how applications authenticate users
name=linux-pam
version=1.5.3
release=2
source="$name-$version.tar.xz::https://github.com/linux-pam/linux-pam/releases/download/v$version/Linux-PAM-$version.tar.xz
other
system-auth"
build() {
cd Linux-PAM-$version
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--libdir=/usr/lib \
--disable-regenerate-docu \
--disable-nls \
--enable-securedir=/lib/security
make
make DESTDIR=$PKG install
chmod -v 4755 $PKG/sbin/unix_chkpwd
for file in pam pam_misc pamc
do
mv -v $PKG/usr/lib/lib${file}.so.* $PKG/lib
ln -sfv ../../lib/$(readlink $PKG/usr/lib/lib${file}.so) $PKG/usr/lib/lib${file}.so
done
mkdir -m 755 $PKG/etc/pam.d
install -D -m 644 -o root -g root $SRC/other $PKG/etc/pam.d/other
install -D -m 644 -o root -g root $SRC/system-auth $PKG/etc/pam.d/system-auth
rm -rf $PKG/usr/lib/systemd
}

17
testing/linux-pam/system-auth Executable file
View File

@@ -0,0 +1,17 @@
#%PAM-1.0
auth required pam_unix.so try_first_pass nullok
auth optional pam_permit.so
auth required pam_env.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
password required pam_unix.so try_first_pass nullok yescrypt shadow
password optional pam_permit.so
session optional pam_umask.so usergroups
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so