cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the dependency on security/mhash by calling MD5Data directly.

Browse Source 
No REVISION bump, as the port remained FORBIDDEN ever since the last
upgrade.

While here, clarify the FORBIDDEN message a little.
This commit is contained in:
Mikhail Teterin 2002-01-09 19:55:47 +00:00
parent f34fc29fc1
commit 396ebf2f43
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=52828
3 changed files with 101 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
security/pam-pgsql/Makefile
View File

@ -14,10 +14,9 @@ DISTFILES= ${PORTNAME}_${PORTVERSION}${EXTRACT_SUFX}
MAINTAINER= mi@aldan.algebra.com
LIB_DEPENDS= mhash:${PORTSDIR}/security/mhash \
pq:${PORTSDIR}/databases/postgresql7
LIB_DEPENDS= pq:${PORTSDIR}/databases/postgresql7
FORBIDDEN= security
FORBIDDEN= can be broken by carefully crafted password string
# When the family of Debian mirrors is added to bsd.port.mk,
# this will suddenly start making sense:

4
security/pam-pgsql/files/Makefile.bsd
View File

@ -4,9 +4,9 @@ SRCS= pam_pgsql.c pam_get_pass.c pam_std_option.c pam_get_service.c
LIB= pam_pgsql
SHLIB_NAME=${LIB}.so
LDADD= -lpam -L${LOCALBASE}/lib -lpq -lmhash
LDADD= -lpam -L${LOCALBASE}/lib -lpq -lmd
CFLAGS+= -Wall -D_GNU_SOURCE \
-I${LOCALBASE}/include/pgsql -I${LOCALBASE}/include
-I${LOCALBASE}/include/pgsql
INTERNALLIB= we don't need no stinking static lib
NOPROFILE= we don't need no profiling either

97
security/pam-pgsql/files/patch-md5 Normal file
View File

@ -0,0 +1,97 @@
This patch replaces calls to mhash library with direct calls into -lmd,
greatly simplifying things...
--- pam_pgsql.c Wed Apr 18 16:47:57 2001
+++ pam_pgsql.c Wed Jan 9 14:46:01 2002
@@ -14,5 +14,7 @@
#include <syslog.h>
#include <ctype.h>
-#include <mhash.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <md5.h>
#include <time.h>
#include <libpq-fe.h>
@@ -336,32 +336,7 @@
s = strdup(crypt(pass, crypt_make_salt()));
break;
- case PW_MD5: {
- char *buf;
- int buf_size;
- MHASH handle;
- unsigned char *hash;
-
- handle = mhash_init(MHASH_MD5);
-
- if(handle == MHASH_FAILED) {
- SYSLOG("could not initialize mhash library!");
- } else {
- int i;
-
- mhash(handle, pass, strlen(pass));
- hash = mhash_end(handle);
-
- buf_size = (mhash_get_block_size(MHASH_MD5) * 2)+1;
- buf = (char *)malloc(buf_size);
- bzero(buf, buf_size);
-
- for(i = 0; i < mhash_get_block_size(MHASH_MD5); i++) {
- /* should be safe */
- sprintf(&buf[i * 2], "%.2x", hash[i]);
- }
- s = buf;
- }
- }
- break;
+ case PW_MD5:
+ s = MD5Data(pass, strlen(pass), NULL);
+ break;
case PW_CLEAR:
default:
@@ -416,35 +391,15 @@
}
break;
- case PW_MD5: {
- char *buf;
- int buf_size;
- MHASH handle;
- unsigned char *hash;
-
- handle = mhash_init(MHASH_MD5);
-
- if(handle == MHASH_FAILED) {
- SYSLOG("could not initialize mhash library!");
- } else {
- int i;
-
- mhash(handle, passwd, strlen(passwd));
- hash = mhash_end(handle);
-
- buf_size = (mhash_get_block_size(MHASH_MD5) * 2)+1;
- buf = (char *)malloc(buf_size);
- bzero(buf, buf_size);
-
- for(i = 0; i < mhash_get_block_size(MHASH_MD5); i++) {
- sprintf(&buf[i * 2], "%.2x", hash[i]);
- }
-
- if(strcmp(buf, stored_pw) == 0)
- rc = PAM_SUCCESS;
-
- free(buf);
- }
- }
- break;
+ case PW_MD5:
+ if(strlen(stored_pw) != 32) {
+ SYSLOG("stored password has invalid length.");
+ } else {
+ char *hash;
+ hash = MD5Data(passwd, strlen(passwd), NULL);
+ if(strcmp(hash, stored_pw) == 0)
+ rc = PAM_SUCCESS;
+ free(hash);
+ }
+ break;
}
}