Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

This makes Linux-PAM compile able with uClibc or on embedded systems
without full libc/libnsl.

2009-06-29  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files.

        * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS
        support if all necessary functions exist.

        * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug
        option, handle correct if OS has no NIS support.

        * modules/pam_access/pam_access.c (netgroup_match): Check if
        yp_get_default_domain and innetgr are available at compile time.

        * configure.in: Check for functions: innetgr, getdomainname
        check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h.

4 files changed, 63 insertions, 8 deletions

diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index ba8effe3..963ce528 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -41,11 +41,12 @@
 #include <errno.h>
 #include <ctype.h>
 #include <sys/utsname.h>
-#include <rpcsvc/ypclnt.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <sys/socket.h>
-
+#ifdef HAVE_RPCSVC_YPCLNT_H
+#include <rpcsvc/ypclnt.h>
+#endif
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #endif
@@ -465,13 +466,31 @@ static int
 netgroup_match (pam_handle_t *pamh, const char *netgroup,
 		const char *machine, const char *user, int debug)
 {
-  char *mydomain = NULL;
   int retval;
+  char *mydomain = NULL;
 
+#ifdef HAVE_YP_GET_DEFAUTL_DOMAIN
   yp_get_default_domain(&mydomain);
+#elif defined(HAVE_GETDOMAINNAME)
+  char domainname_res[256];
 
+  if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
+    {
+      if (strcmp (domainname_res, "(none)") == 0)
+        {
+          /* If domainname is not set, some systems will return "(none)" */
+	  domainname_res[0] = '\0';
+	}
+      mydomain = domainname_res;
+    }
+#endif
 
+#ifdef HAVE_INNETGR
   retval = innetgr (netgroup, machine, user, mydomain);
+#else
+  retval = 0;
+  pam_syslog (pamh, LOG_ERR, "pam_access does not have netgroup support");
+#endif
   if (debug == YES)
     pam_syslog (pamh, LOG_DEBUG,
 		"netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)",
@@ -479,7 +498,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
 		machine ? machine : "NULL",
 		user ? user : "NULL", mydomain ? mydomain : "NULL");
   return retval;
-
 }
 
 /* user_match - match a username against one token */
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 29b9c67d..2792a4d5 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -55,8 +55,12 @@
 #include <sys/time.h>
 #include <sys/stat.h>
 #include <rpc/rpc.h>
+#ifdef HAVE_RPCSVC_YP_PROT_H
 #include <rpcsvc/yp_prot.h>
+#endif
+#ifdef HAVE_RPCSVC_YPCLNT_H
 #include <rpcsvc/ypclnt.h>
+#endif
 
 #include <signal.h>
 #include <errno.h>
@@ -98,17 +102,34 @@ extern int getrpcport(const char *host, unsigned long prognum,
 
 #define MAX_PASSWD_TRIES	3
 
-static char *getNISserver(pam_handle_t *pamh)
+static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
 {
+#if (defined(HAVE_YP_GET_DEFAULT_DOMAIN) || defined(HAVE_GETDOMAINNAME)) && defined(HAVE_YP_MASTER)
 	char *master;
 	char *domainname;
 	int port, err;
 
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
 	if ((err = yp_get_default_domain(&domainname)) != 0) {
 		pam_syslog(pamh, LOG_WARNING, "can't get local yp domain: %s",
 			 yperr_string(err));
 		return NULL;
 	}
+#elif defined(HAVE_GETDOMAINNAME)
+	char domainname_res[256];
+
+	if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
+	  {
+	    if (strcmp (domainname_res, "(none)") == 0)
+	      {
+		/* If domainname is not set, some systems will return "(none)" */
+		domainname_res[0] = '\0';
+	      }
+	    domainname = domainname_res;
+	  }
+	else domainname = NULL;
+#endif
+
 	if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) {
 		pam_syslog(pamh, LOG_WARNING, "can't find the master ypserver: %s",
 			 yperr_string(err));
@@ -125,7 +146,18 @@ static char *getNISserver(pam_handle_t *pamh)
 		         "yppasswd daemon running on illegal port");
 		return NULL;
 	}
+	if (on(UNIX_DEBUG, ctrl)) {
+	  pam_syslog(pamh, LOG_DEBUG, "Use NIS server on %s with port %d",
+		     master, port);
+	}
 	return master;
+#else
+	if (on(UNIX_DEBUG, ctrl)) {
+	  pam_syslog(pamh, LOG_DEBUG, "getNISserver: No NIS support available");
+	}
+
+	return NULL;
+#endif
 }
 
 #ifdef WITH_SELINUX
@@ -294,7 +326,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
 	}
 
 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
-	    if ((master=getNISserver(pamh)) != NULL) {
+	  if ((master=getNISserver(pamh, ctrl)) != NULL) {
 		struct timeval timeout;
 		struct yppasswd yppwd;
 		CLIENT *clnt;
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 050e0dc1..2a47d157 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -19,7 +19,9 @@
 #include <ctype.h>
 #include <syslog.h>
 #include <sys/resource.h>
+#ifdef HAVE_RPCSVC_YPCLNT_H
 #include <rpcsvc/ypclnt.h>
+#endif
 
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
@@ -275,6 +277,7 @@ int _unix_getpwnam(pam_handle_t *pamh, const char *name,
 		}
 	}
 
+#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined (HAVE_YP_BIND) && defined (HAVE_YP_MATCH) && defined (HAVE_YP_UNBIND)
 	if (!matched && nis) {
 		char *userinfo = NULL, *domain = NULL;
 		int len = 0, i;
@@ -293,6 +296,10 @@ int _unix_getpwnam(pam_handle_t *pamh, const char *name,
 			}
 		}
 	}
+#else
+	/* we don't have NIS support, make compiler happy. */
+	nis = 0;
+#endif
 
 	if (matched && (ret != NULL)) {
 		*ret = NULL;
diff --git a/modules/pam_unix/yppasswd_xdr.c b/modules/pam_unix/yppasswd_xdr.c
index 0b7cfac6..0b95b82b 100644
--- a/modules/pam_unix/yppasswd_xdr.c
+++ b/modules/pam_unix/yppasswd_xdr.c
@@ -13,8 +13,6 @@
 #include "config.h"
 
 #include <rpc/rpc.h>
-#include <rpcsvc/yp_prot.h>
-#include <rpcsvc/ypclnt.h>
 #include "yppasswd.h"
 
 bool_t