openwrt-packages-dist/libs/libpam/patches/000-OE-pam-no-innetgr.patch

innetgr may not be there so make sure that when innetgr is not present
then we inform about it and not use it.

-Khem
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -656,7 +656,11 @@ static int check_account(pam_handle_t *p
 	}
 	/* If buffer starts with @, we are using netgroups */
 	if (buffer[0] == '@')
+#ifdef HAVE_INNETGR
 	  good &= innetgr (&buffer[1], NULL, user, NULL);
+#else
+	pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
+#endif
 	/* otherwise, if the buffer starts with %, it's a UNIX group */
 	else if (buffer[0] == '%')
           good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -555,9 +555,13 @@ check_account(pam_handle_t *pamh, const
 	  }
 	  /* If buffer starts with @, we are using netgroups */
 	  if (buffer[0] == '@')
-	    good &= innetgr (&buffer[1], NULL, user, NULL);
+#ifdef HAVE_INNETGR
+	       good &= innetgr (&buffer[1], NULL, user, NULL);
+#else
+	       pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
+#endif
 	  else
-	    good &= logic_field(pamh, user, buffer, count, is_same);
+	       good &= logic_field(pamh, user, buffer, count, is_same);
 	  D(("with user: %s", good ? "passes":"fails" ));
 
 	  /* here we get the time field */
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh,
 }
 /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
 static int
-evaluate_innetgr(const char *host, const char *user, const char *group)
+evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
 {
+#ifdef HAVE_INNETGR
 	if (innetgr(group, host, user, NULL) == 1)
 		return PAM_SUCCESS;
+#else
+        pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
+#endif
+
 	return PAM_AUTH_ERR;
 }
 /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
 static int
-evaluate_notinnetgr(const char *host, const char *user, const char *group)
+evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
 {
+#ifdef HAVE_INNETGR
 	if (innetgr(group, host, user, NULL) == 0)
 		return PAM_SUCCESS;
+#else
+	pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
+#endif
 	return PAM_AUTH_ERR;
 }
 
@@ -387,14 +396,14 @@ evaluate(pam_handle_t *pamh, int debug,
 		const void *rhost;
 		if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
 			rhost = NULL;
-		return evaluate_innetgr(rhost, user, right);
+		return evaluate_innetgr(pamh, rhost, user, right);
 	}
 	/* (Rhost, user) is not in this group. */
 	if (strcasecmp(qual, "notinnetgr") == 0) {
 		const void *rhost;
 		if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
 			rhost = NULL;
-		return evaluate_notinnetgr(rhost, user, right);
+		return evaluate_notinnetgr(pamh, rhost, user, right);
 	}
 	/* Fail closed. */
 	return PAM_SERVICE_ERR;