diff -u -r pam_radius-1.3.17/Makefile pam_radius-1.3.17-patch/Makefile --- pam_radius-1.3.17/Makefile 2007-03-26 06:22:11.000000000 +0200 +++ pam_radius-1.3.17-patch/Makefile 2010-02-03 16:18:07.000000000 +0100 @@ -30,12 +30,18 @@ # all: pam_radius_auth.so +mac: pam_radius_auth.so_mac + ###################################################################### # # Build the object file from the C source. # pam_radius_auth.o: pam_radius_auth.c pam_radius_auth.h $(CC) $(CFLAGS) -c pam_radius_auth.c -o pam_radius_auth.o + +pam_radius_auth.o_mac: pam_radius_auth.c pam_radius_auth.h + $(CC) $(CFLAGS) -DMACOS -c pam_radius_auth.c -o pam_radius_auth.o + # # This is what should work on Irix: #pam_radius_auth.so: pam_radius_auth.o md5.o @@ -57,6 +63,9 @@ pam_radius_auth.so: pam_radius_auth.o md5.o ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so +pam_radius_auth.so_mac: pam_radius_auth.o_mac md5.o + ld -bundle pam_radius_auth.o md5.o /usr/lib/bundle1.o -lc -lpam -o pam_radius_auth.so + ###################################################################### # # Check a distribution out of the source tree, and make a tar file. diff -u -r pam_radius-1.3.17/pam_radius_auth.c pam_radius-1.3.17-patch/pam_radius_auth.c --- pam_radius-1.3.17/pam_radius_auth.c 2007-03-26 11:36:13.000000000 +0200 +++ pam_radius-1.3.17-patch/pam_radius_auth.c 2010-02-03 16:17:31.000000000 +0100 @@ -60,6 +60,10 @@ #ifdef sun #include #endif +#ifdef MACOS +#include +#endif + #include #include "pam_radius_auth.h" @@ -355,13 +359,20 @@ { /* do this *always* on other platforms */ MD5_CTX my_md5; struct timeval tv; - struct timezone tz; + static unsigned int session = 0; /* make the number harder to guess */ + +#ifndef MACOS + +/* MacOS doesn't have gettimofday(). Later using the uninitialized struct tv only. + This might mean less entropy and reduced security. Someone should review this. */ + + struct timezone tz; /* Use the time of day with the best resolution the system can give us -- often close to microsecond accuracy. */ gettimeofday(&tv,&tz); - +#endif if (session == 0) { session = getppid(); /* (possibly) hard to guess information */ } @@ -371,7 +382,9 @@ /* Hash things to get maybe cryptographically strong pseudo-random numbers */ MD5Init(&my_md5); MD5Update(&my_md5, (unsigned char *) &tv, sizeof(tv)); +#ifndef MACOS MD5Update(&my_md5, (unsigned char *) &tz, sizeof(tz)); +#endif MD5Final(vector, &my_md5); /* set the final vector */ } }