From 276e406c0fff059d4812dcc731be3b0087259973 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Mon, 21 Jul 2008 21:14:06 +0000
Subject: [PATCH] 	* README, NEWS, configure.in, lib/pam_defs.h,
 src/login.c: Add 	support for OpenPAM.

---
 ChangeLog      |  5 +++++
 NEWS           |  2 ++
 README         |  1 +
 configure.in   | 41 +++++++++++++++++++++++++++++++++++------
 lib/pam_defs.h | 19 +++++++++++++------
 src/login.c    |  2 ++
 6 files changed, 58 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f5848385..a4d4e0d1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-07-21  Seraphim Mellos  <mellos@ceid.upatras.gr>
+
+	* README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add
+	support for OpenPAM.
+
 2008-07-12  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/chage.c: Ignore the return value of pam_end() before exiting.
diff --git a/NEWS b/NEWS
index 94828643..a4de8496 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ $Id$
 shadow-4.1.2.1 -> shadow-4.1.3						UNRELEASED
 
 *** general:
+- packaging
+  * Added support for OpenPAM.
 - newusers
   * Implement the -r, --system option.
 - usermod
diff --git a/README b/README
index 88e73464..16128cf2 100644
--- a/README
+++ b/README
@@ -91,6 +91,7 @@ Phillip Street
 Rafał Maszkowski <rzm@icm.edu.pl>
 Rani Chouha <ranibey@smartec.com>
 Sami Kerola <kerolasa@rocketmail.com>
+Seraphim Mellos  <mellos@ceid.upatras.gr>
 Shane Watts <shane@nexus.mlckew.edu.au>
 Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
 Thorsten Kukuk <kukuk@suse.de>
diff --git a/configure.in b/configure.in
index c2c580a1..6e88b673 100644
--- a/configure.in
+++ b/configure.in
@@ -340,13 +340,29 @@ if test "$with_libpam" != "no"; then
 		AC_MSG_ERROR(libpam not found)
 	fi
 
-	AC_CHECK_LIB(pam_misc, main,
-	             [pam_misc_lib="yes"], [pam_misc_lib="no"])
-	if test "$pam_misc_lib$with_libpam" = "noyes" ; then
-		AC_MSG_ERROR(libpam_misc not found)
+	LIBPAM="-lpam"
+	pam_conv_function="no"
+
+	AC_CHECK_LIB(pam, openpam_ttyconv,
+		[pam_conv_function="openpam_ttyconv"],
+		AC_CHECK_LIB(pam_misc, misc_conv,
+			[pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
+		)
+
+	if test "$pam_conv_function$with_libpam" = "noyes" ; then
+		AC_MSG_ERROR(PAM conversation function not found)
 	fi
 
-	if test "$pam_lib$pam_misc_lib" = "yesyes" ; then
+	pam_headers_found=no
+	AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
+			 [ pam_headers_found=yes ; break ], [],
+			 [ #include <security/pam_appl.h> ] )
+        if test "$pam_headers_found$with_libpam" = "noyes" ; then
+	                AC_MSG_ERROR(PAM headers not found)
+        fi
+
+
+	if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
 		with_libpam="yes"
 	else
 		with_libpam="no"
@@ -354,9 +370,22 @@ if test "$with_libpam" != "no"; then
 fi
 dnl Now with_libpam is either yes or no
 if test "$with_libpam" = "yes"; then
+	AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
+		PAM_DELETE_CRED,
+		PAM_NEW_AUTHTOK_REQD,
+		PAM_DATA_SILENT],
+		[], [], [#include <security/pam_appl.h>])
+
+
+	save_libs=$LIBS
+        LIBS="$LIBS $LIBPAM"
+	AC_CHECK_FUNCS([pam_fail_delay])
+	LIBS=$save_libs
+
 	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
+	AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
 	AM_CONDITIONAL(USE_PAM, [true])
-	LIBPAM="-lpam -lpam_misc"
+
 	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_MSG_RESULT(no)
 else
diff --git a/lib/pam_defs.h b/lib/pam_defs.h
index 23a399a0..343fbb45 100644
--- a/lib/pam_defs.h
+++ b/lib/pam_defs.h
@@ -28,24 +28,31 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include <config.h>
 #include <security/pam_appl.h>
-#include <security/pam_misc.h>
+#ifdef HAVE_SECURITY_PAM_MISC_H
+# include <security/pam_misc.h>
+#endif
+#ifdef HAVE_SECURITY_OPENPAM_H
+# include <security/openpam.h>
+#endif
+
 
 static struct pam_conv conv = {
-	misc_conv,
+	SHADOW_PAM_CONVERSATION,
 	NULL
 };
 
 /* compatibility with different versions of Linux-PAM */
-#ifndef PAM_ESTABLISH_CRED
+#if !HAVE_DECL_PAM_ESTABLISH_CRED
 #define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH
 #endif
-#ifndef PAM_DELETE_CRED
+#if !HAVE_DECL_PAM_DELETE_CRED
 #define PAM_DELETE_CRED PAM_CRED_DELETE
 #endif
-#ifndef PAM_NEW_AUTHTOK_REQD
+#if !HAVE_DECL_PAM_NEW_AUTHTOK_REQD
 #define PAM_NEW_AUTHTOK_REQD PAM_AUTHTOKEN_REQD
 #endif
-#ifndef PAM_DATA_SILENT
+#if !HAVE_DECL_PAM_DATA_SILENT
 #define PAM_DATA_SILENT 0
 #endif
diff --git a/src/login.c b/src/login.c
index f23e1851..6344a9d4 100644
--- a/src/login.c
+++ b/src/login.c
@@ -691,9 +691,11 @@ int main (int argc, char **argv)
 			  failed = false;
 
 			  failcount++;
+#ifdef HAVE_PAM_FAIL_DELAY
 			  if (delay > 0) {
 			    retcode = pam_fail_delay(pamh, 1000000*delay);
 			  }
+#endif
 
 			  retcode = pam_authenticate (pamh, 0);