diff -urN pam-0.72.orig/debian/patches/099_kill_nis pam-0.72/debian/patches/099_kill_nis --- pam-0.72.orig/debian/patches/099_kill_nis 1969-12-31 17:00:00.000000000 -0700 +++ pam-0.72/debian/patches/099_kill_nis 2003-10-19 03:33:29.000000000 -0600 @@ -0,0 +1,437 @@ +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/Makefile Linux-PAM-0.72/modules/pam_unix/Makefile +--- Linux-PAM-0.72/modules/pam_unix.orig/Makefile 2003-10-19 03:27:19.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/Makefile 2003-10-19 03:27:48.000000000 -0600 +@@ -35,7 +35,7 @@ + LIBOBJS = $(addprefix static/,$(LIBOBJ)) + + PLUS = md5_good.o md5_broken.o md5_crypt_good.o md5_crypt_broken.o \ +- yppasswd_xdr.o bigcrypt.o obscure.o ++ bigcrypt.o obscure.o + + ifdef DYNAMIC + LIBSHARED = pam_unix.so +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/pam_unix_acct.c Linux-PAM-0.72/modules/pam_unix/pam_unix_acct.c +--- Linux-PAM-0.72/modules/pam_unix.orig/pam_unix_acct.c 2003-10-19 03:27:19.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/pam_unix_acct.c 2003-10-19 03:31:24.000000000 -0600 +@@ -96,32 +96,7 @@ + return PAM_USER_UNKNOWN; + } + +- if (!strcmp( pwent->pw_passwd, "*NP*" )) { /* NIS+ */ +- uid_t save_euid, save_uid; +- +- save_euid = geteuid(); +- save_uid = getuid(); +- if (save_uid == pwent->pw_uid) +- setreuid( save_euid, save_uid ); +- else { +- setreuid( 0, -1 ); +- if (setreuid( -1, pwent->pw_uid ) == -1) { +- setreuid( -1, 0 ); +- setreuid( 0, -1 ); +- if(setreuid( -1, pwent->pw_uid ) == -1) +- return PAM_CRED_INSUFFICIENT; +- } +- } +- spent = getspnam( uname ); +- if (save_uid == pwent->pw_uid) +- setreuid( save_uid, save_euid ); +- else { +- if (setreuid( -1, 0 ) == -1) +- setreuid( save_uid, -1 ); +- setreuid( -1, save_euid ); +- } +- +- } else if (!strcmp( pwent->pw_passwd, "x" )) { ++ if (!strcmp( pwent->pw_passwd, "x" )) { + spent = getspnam(uname); + } else if ((spent = getspnam(uname)) == NULL) { + return PAM_SUCCESS; +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/pam_unix_passwd.c Linux-PAM-0.72/modules/pam_unix/pam_unix_passwd.c +--- Linux-PAM-0.72/modules/pam_unix.orig/pam_unix_passwd.c 2003-10-19 03:27:19.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/pam_unix_passwd.c 2003-10-19 03:30:21.000000000 -0600 +@@ -51,9 +51,6 @@ + #include + #include + #include +-#include +-#include +-#include + + #ifdef USE_CRACKLIB + #include +@@ -71,15 +68,9 @@ + #include + #endif /* LINUX_PAM */ + +-#include "yppasswd.h" + #include "md5.h" + #include "support.h" + +-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) +-extern int getrpcport(const char *host, unsigned long prognum, +- unsigned long versnum, unsigned int proto); +-#endif /* GNU libc 2.1 */ +- + /* + * PAM framework looks for these entry-points to pass control to the + * password changing module. +@@ -179,34 +170,6 @@ + return x; + } + +-static char *getNISserver(void) +-{ +- char *master; +- char *domainname; +- int port, err; +- +- if ((err = yp_get_default_domain(&domainname)) != 0) { +- _log_err(LOG_WARNING, "can't get local yp domain: %s\n", +- yperr_string(err)); +- return NULL; +- } +- if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) { +- _log_err(LOG_WARNING, "can't find the master ypserver: %s\n", +- yperr_string(err)); +- return NULL; +- } +- port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); +- if (port == 0) { +- _log_err(LOG_WARNING, "yppasswdd not running on NIS master host\n"); +- return NULL; +- } +- if (port >= IPPORT_RESERVED) { +- _log_err(LOG_WARNING, "yppasswd daemon running on illegal port.\n"); +- return NULL; +- } +- return master; +-} +- + static int check_old_password(const char *forwho, const char *newpass) + { + static char buf[16384]; +@@ -442,68 +405,6 @@ + if (pwd == NULL) + return PAM_AUTHTOK_ERR; + +- if (on(UNIX_NIS, ctrl)) { +- struct timeval timeout; +- struct yppasswd yppwd; +- CLIENT *clnt; +- char *master; +- int status; +- int err = 0; +- +- /* Make RPC call to NIS server */ +- if ((master = getNISserver()) == NULL) +- return PAM_TRY_AGAIN; +- +- /* Initialize password information */ +- yppwd.newpw.pw_passwd = pwd->pw_passwd; +- yppwd.newpw.pw_name = pwd->pw_name; +- yppwd.newpw.pw_uid = pwd->pw_uid; +- yppwd.newpw.pw_gid = pwd->pw_gid; +- yppwd.newpw.pw_gecos = pwd->pw_gecos; +- yppwd.newpw.pw_dir = pwd->pw_dir; +- yppwd.newpw.pw_shell = pwd->pw_shell; +- yppwd.oldpass = fromwhat ? fromwhat : ""; +- yppwd.newpw.pw_passwd = towhat; +- +- D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho)); +- +- /* The yppasswd.x file said `unix authentication required', +- * so I added it. This is the only reason it is in here. +- * My yppasswdd doesn't use it, but maybe some others out there +- * do. --okir +- */ +- clnt = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); +- clnt->cl_auth = authunix_create_default(); +- memset((char *) &status, '\0', sizeof(status)); +- timeout.tv_sec = 25; +- timeout.tv_usec = 0; +- err = clnt_call(clnt, YPPASSWDPROC_UPDATE, +- (xdrproc_t) xdr_yppasswd, (char *) &yppwd, +- (xdrproc_t) xdr_int, (char *) &status, +- timeout); +- +- if (err) { +- clnt_perrno(err); +- retval = PAM_TRY_AGAIN; +- } else if (status) { +- fprintf(stderr, "Error while changing NIS password.\n"); +- retval = PAM_TRY_AGAIN; +- } +- printf("\nThe password has%s been changed on %s.\n", +- (err || status) ? " not" : "", master); +- +- auth_destroy(clnt->cl_auth); +- clnt_destroy(clnt); +- if ((err || status) != 0) { +- retval = PAM_TRY_AGAIN; +- } +-#ifdef DEBUG +- sleep(5); +-#endif +- _log_err(LOG_NOTICE, "NIS Password for %s was changed on %s", forwho, master); +- +- return retval; +- } + /* first, save old password */ + if (save_old_password(forwho, fromwhat, remember)) { + return PAM_AUTHTOK_ERR; +@@ -546,18 +447,7 @@ + if (spwdent == NULL) + return PAM_AUTHINFO_UNAVAIL; + } else { +- if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */ +- uid_t save_uid; +- +- save_uid = geteuid(); +- seteuid (pwd->pw_uid); +- spwdent = getspnam( user ); +- seteuid (save_uid); +- +- if (spwdent == NULL) +- return PAM_AUTHINFO_UNAVAIL; +- } else +- spwdent = NULL; ++ spwdent = NULL; + } + + if (spwdent != NULL) { +@@ -662,16 +552,6 @@ + + ctrl = _set_ctrl(flags, &remember, argc, argv); + +-#ifdef USE_LCKPWDF +- /* our current locking system requires that we lock the +- entire password database. This avoids both livelock +- and deadlock. */ +- if (off(UNIX_NIS, ctrl)) +- { +- pwlocked = 1; +- lckpwdf(); +- } +-#endif + + /* + * First get the name of a user +@@ -744,9 +624,7 @@ + set(UNIX__OLD_PASSWD, lctrl); + retval = _unix_read_password(pamh, lctrl + ,Announce +- ,(on(UNIX__IAMROOT, ctrl) +- ? "NIS server root password: " +- : "(current) UNIX password: ") ++ ,"(current) UNIX password: " + ,NULL + ,_UNIX_OLD_AUTHTOK + ,(const char **) &pass_old); +@@ -760,12 +638,9 @@ + #endif + return retval; + } +- /* verify that this is the password for this user +- * if we're not using NIS */ ++ /* verify that this is the password for this user */ + +- if (off(UNIX_NIS, ctrl)) { +- retval = _unix_verify_password(pamh, user, pass_old, ctrl); +- } ++ retval = _unix_verify_password(pamh, user, pass_old, ctrl); + } else { + D(("process run by root so do nothing this time around")); + pass_old = NULL; +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/support.c Linux-PAM-0.72/modules/pam_unix/support.c +--- Linux-PAM-0.72/modules/pam_unix.orig/support.c 2003-10-19 03:27:19.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/support.c 2003-10-19 03:30:57.000000000 -0600 +@@ -308,34 +308,7 @@ + pwd = getpwnam(name); /* Get password file entry... */ + + if (pwd != NULL) { +- if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) +- { /* NIS+ */ +- uid_t save_euid, save_uid; +- +- save_euid = geteuid(); +- save_uid = getuid(); +- if (save_uid == pwd->pw_uid) +- setreuid( save_euid, save_uid ); +- else { +- setreuid( 0, -1 ); +- if (setreuid( -1, pwd->pw_uid ) == -1) { +- setreuid( -1, 0 ); +- setreuid( 0, -1 ); +- if(setreuid( -1, pwd->pw_uid ) == -1) +- /* Will fail elsewhere. */ +- return 0; +- } +- } +- +- spwdent = getspnam( name ); +- if (save_uid == pwd->pw_uid) +- setreuid( save_uid, save_euid ); +- else { +- if (setreuid( -1, 0 ) == -1) +- setreuid( save_uid, -1 ); +- setreuid( -1, save_euid ); +- } +- } else if (strcmp(pwd->pw_passwd, "x") == 0) { ++ if (strcmp(pwd->pw_passwd, "x") == 0) { + /* + * ...and shadow password file entry for this user, + * if shadowing is enabled +@@ -465,33 +438,7 @@ + pwd = getpwnam(name); /* Get password file entry... */ + + if (pwd != NULL) { +- if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) +- { /* NIS+ */ +- uid_t save_euid, save_uid; +- +- save_euid = geteuid(); +- save_uid = getuid(); +- if (save_uid == pwd->pw_uid) +- setreuid( save_euid, save_uid ); +- else { +- setreuid( 0, -1 ); +- if (setreuid( -1, pwd->pw_uid ) == -1) { +- setreuid( -1, 0 ); +- setreuid( 0, -1 ); +- if(setreuid( -1, pwd->pw_uid ) == -1) +- return PAM_CRED_INSUFFICIENT; +- } +- } +- +- spwdent = getspnam( name ); +- if (save_uid == pwd->pw_uid) +- setreuid( save_uid, save_euid ); +- else { +- if (setreuid( -1, 0 ) == -1) +- setreuid( save_uid, -1 ); +- setreuid( -1, save_euid ); +- } +- } else if (strcmp(pwd->pw_passwd, "x") == 0) { ++ if (strcmp(pwd->pw_passwd, "x") == 0) { + /* + * ...and shadow password file entry for this user, + * if shadowing is enabled +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/unix_chkpwd.c Linux-PAM-0.72/modules/pam_unix/unix_chkpwd.c +--- Linux-PAM-0.72/modules/pam_unix.orig/unix_chkpwd.c 2003-10-19 03:27:19.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/unix_chkpwd.c 2003-10-19 03:32:10.000000000 -0600 +@@ -112,18 +112,7 @@ + else + pwd = NULL; + } else { +- if (strcmp(pwd->pw_passwd, "*NP*") == 0) { /* NIS+ */ +- uid_t save_uid; +- +- save_uid = geteuid(); +- seteuid(pwd->pw_uid); +- spwdent = getspnam(name); +- seteuid(save_uid); +- +- salt = x_strdup(spwdent->sp_pwdp); +- } else { +- salt = x_strdup(pwd->pw_passwd); +- } ++ salt = x_strdup(pwd->pw_passwd); + } + } + if (pwd == NULL || salt == NULL) { +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/yppasswd.h Linux-PAM-0.72/modules/pam_unix/yppasswd.h +--- Linux-PAM-0.72/modules/pam_unix.orig/yppasswd.h 1999-07-04 23:53:10.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/yppasswd.h 1969-12-31 17:00:00.000000000 -0700 +@@ -1,51 +0,0 @@ +-/* +- * yppasswdd +- * Copyright 1994, 1995, 1996 Olaf Kirch, +- * +- * This program is covered by the GNU General Public License, version 2. +- * It is provided in the hope that it is useful. However, the author +- * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. +- * +- * This file was generated automatically by rpcgen from yppasswd.x, and +- * editied manually. +- */ +- +-#ifndef _YPPASSWD_H_ +-#define _YPPASSWD_H_ +- +-#define YPPASSWDPROG ((u_long)100009) +-#define YPPASSWDVERS ((u_long)1) +-#define YPPASSWDPROC_UPDATE ((u_long)1) +- +-/* +- * The password struct passed by the update call. I renamed it to +- * xpasswd to avoid a type clash with the one defined in . +- */ +-#ifndef __sgi +-typedef struct xpasswd { +- char *pw_name; +- char *pw_passwd; +- int pw_uid; +- int pw_gid; +- char *pw_gecos; +- char *pw_dir; +- char *pw_shell; +-} xpasswd; +- +-#else +-#include +-typedef struct xpasswd xpasswd; +-#endif +- +-/* The updated password information, plus the old password. +- */ +-typedef struct yppasswd { +- char *oldpass; +- xpasswd newpw; +-} yppasswd; +- +-/* XDR encoding/decoding routines */ +-bool_t xdr_xpasswd(XDR * xdrs, xpasswd * objp); +-bool_t xdr_yppasswd(XDR * xdrs, yppasswd * objp); +- +-#endif /* _YPPASSWD_H_ */ +diff -urN Linux-PAM-0.72/modules/pam_unix.orig/yppasswd_xdr.c Linux-PAM-0.72/modules/pam_unix/yppasswd_xdr.c +--- Linux-PAM-0.72/modules/pam_unix.orig/yppasswd_xdr.c 2003-10-19 03:27:19.000000000 -0600 ++++ Linux-PAM-0.72/modules/pam_unix/yppasswd_xdr.c 1969-12-31 17:00:00.000000000 -0700 +@@ -1,36 +0,0 @@ +-/* +- * yppasswdd +- * Copyright 1994, 1995, 1996 Olaf Kirch, +- * +- * This program is covered by the GNU General Public License, version 2. +- * It is provided in the hope that it is useful. However, the author +- * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. +- * +- * This file was generated automatically by rpcgen from yppasswd.x, and +- * editied manually. +- */ +- +-#include +-#include +-#include +-#include "yppasswd.h" +- +-bool_t +-xdr_xpasswd(XDR * xdrs, xpasswd * objp) +-{ +- return xdr_string(xdrs, &objp->pw_name, ~0) +- && xdr_string(xdrs, &objp->pw_passwd, ~0) +- && xdr_int(xdrs, &objp->pw_uid) +- && xdr_int(xdrs, &objp->pw_gid) +- && xdr_string(xdrs, &objp->pw_gecos, ~0) +- && xdr_string(xdrs, &objp->pw_dir, ~0) +- && xdr_string(xdrs, &objp->pw_shell, ~0); +-} +- +- +-bool_t +-xdr_yppasswd(XDR * xdrs, yppasswd * objp) +-{ +- return xdr_string(xdrs, &objp->oldpass, ~0) +- && xdr_xpasswd(xdrs, &objp->newpw); +-} # --- T2-COPYRIGHT-NOTE-BEGIN --- # This copyright note is auto-generated by ./scripts/Create-CopyPatch. # # T2 SDE: package/.../uclibc/patches/pam-no_nis.patch # Copyright (C) 2004 - 2005 The T2 SDE Project # # More information can be found in the files COPYING and README. # # This patch file is dual-licensed. It is available under the license the # patched project is licensed under, as long as it is an OpenSource license # as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms # of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # --- T2-COPYRIGHT-NOTE-END --- --- ./modules/pam_unix/yppasswd_xdr.c.orig 2005-01-19 22:34:53.000000000 -0300 +++ pam-0.76/Linux-PAM/modules/pam_unix/yppasswd_xdr.c 2005-01-19 22:35:08.000000000 -0300 @@ -13,8 +13,6 @@ #include #include -#include -#include #include "yppasswd.h" bool_t --- ./modules/pam_unix/pam_unix_passwd.c.orig 2005-01-19 22:37:28.000000000 -0300 +++ pam-0.76/Linux-PAM/modules/pam_unix/pam_unix_passwd.c 2005-01-19 22:37:49.000000000 -0300 @@ -54,8 +54,6 @@ #include #include #include -#include -#include #ifdef USE_CRACKLIB #include --- /tmp/configure 2005-09-02 11:08:09.714564704 +0300 +++ pam-0.76/Linux-PAM/configure 2005-09-02 11:10:56.405223872 +0300 @@ -1522,10 +1522,10 @@ /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ -char fcrypt(); +char crypt(); int main() { -fcrypt() +crypt() ; return 0; } EOF if { (eval echo configure:1532: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then