| Index: shadow-4.1.2.1/configure.in |
| =================================================================== |
| --- shadow-4.1.2.1.orig/configure.in |
| +++ shadow-4.1.2.1/configure.in |
| @@ -339,13 +339,29 @@ if test "$with_libpam" != "no"; then |
| AC_MSG_ERROR(libpam not found) |
| fi |
| |
| - AC_CHECK_LIB(pam_misc, main, |
| - [pam_misc_lib="yes"], [pam_misc_lib="no"]) |
| - if test "$pam_misc_lib$with_libpam" = "noyes" ; then |
| - AC_MSG_ERROR(libpam_misc not found) |
| + LIBPAM="-lpam" |
| + pam_conv_function="no" |
| + |
| + AC_CHECK_LIB(pam, openpam_ttyconv, |
| + [pam_conv_function="openpam_ttyconv"], |
| + AC_CHECK_LIB(pam_misc, misc_conv, |
| + [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"]) |
| + ) |
| + |
| + if test "$pam_conv_function$with_libpam" = "noyes" ; then |
| + AC_MSG_ERROR(PAM conversation function not found) |
| fi |
| |
| - if test "$pam_lib$pam_misc_lib" = "yesyes" ; then |
| + pam_headers_found=no |
| + AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h], |
| + [ pam_headers_found=yes ; break ], [], |
| + [ #include <security/pam_appl.h> ] ) |
| + if test "$pam_headers_found$with_libpam" = "noyes" ; then |
| + AC_MSG_ERROR(PAM headers not found) |
| + fi |
| + |
| + |
| + if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then |
| with_libpam="yes" |
| else |
| with_libpam="no" |
| @@ -353,9 +369,22 @@ if test "$with_libpam" != "no"; then |
| fi |
| dnl Now with_libpam is either yes or no |
| if test "$with_libpam" = "yes"; then |
| + AC_CHECK_DECLS([PAM_ESTABLISH_CRED, |
| + PAM_DELETE_CRED, |
| + PAM_NEW_AUTHTOK_REQD, |
| + PAM_DATA_SILENT], |
| + [], [], [#include <security/pam_appl.h>]) |
| + |
| + |
| + save_libs=$LIBS |
| + LIBS="$LIBS $LIBPAM" |
| + AC_CHECK_FUNCS([pam_fail_delay]) |
| + LIBS=$save_libs |
| + |
| AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules]) |
| + AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use]) |
| AM_CONDITIONAL(USE_PAM, [true]) |
| - LIBPAM="-lpam -lpam_misc" |
| + |
| AC_MSG_CHECKING(use login and su access checking if PAM not used) |
| AC_MSG_RESULT(no) |
| else |
| Index: shadow-4.1.2.1/lib/pam_defs.h |
| =================================================================== |
| --- shadow-4.1.2.1.orig/lib/pam_defs.h |
| +++ shadow-4.1.2.1/lib/pam_defs.h |
| @@ -28,24 +28,31 @@ |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| +#include <config.h> |
| #include <security/pam_appl.h> |
| -#include <security/pam_misc.h> |
| +#ifdef HAVE_SECURITY_PAM_MISC_H |
| +# include <security/pam_misc.h> |
| +#endif |
| +#ifdef HAVE_SECURITY_OPENPAM_H |
| +# include <security/openpam.h> |
| +#endif |
| + |
| |
| static struct pam_conv conv = { |
| - misc_conv, |
| + SHADOW_PAM_CONVERSATION, |
| NULL |
| }; |
| |
| /* compatibility with different versions of Linux-PAM */ |
| -#ifndef PAM_ESTABLISH_CRED |
| +#if !HAVE_DECL_PAM_ESTABLISH_CRED |
| #define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH |
| #endif |
| -#ifndef PAM_DELETE_CRED |
| +#if !HAVE_DECL_PAM_DELETE_CRED |
| #define PAM_DELETE_CRED PAM_CRED_DELETE |
| #endif |
| -#ifndef PAM_NEW_AUTHTOK_REQD |
| +#if !HAVE_DECL_PAM_NEW_AUTHTOK_REQD |
| #define PAM_NEW_AUTHTOK_REQD PAM_AUTHTOKEN_REQD |
| #endif |
| -#ifndef PAM_DATA_SILENT |
| +#if !HAVE_DECL_PAM_DATA_SILENT |
| #define PAM_DATA_SILENT 0 |
| #endif |
| Index: shadow-4.1.2.1/src/login.c |
| =================================================================== |
| --- shadow-4.1.2.1.orig/src/login.c |
| +++ shadow-4.1.2.1/src/login.c |
| @@ -644,9 +644,10 @@ int main (int argc, char **argv) |
| failed = 0; |
| |
| failcount++; |
| +#ifdef HAVE_PAM_FAIL_DELAY |
| if (delay > 0) |
| retcode = pam_fail_delay(pamh, 1000000*delay); |
| - |
| +#endif |
| retcode = pam_authenticate (pamh, 0); |
| |
| pam_get_item (pamh, PAM_USER, |