security/pam_fprint: revive port

pam_fprint is a simple PAM module which uses libfprint's fingerprint
processing and verification functionality for authentication. In other
words, instead of seeing a password prompt, you're asked to scan your
fingerprint.

Submitter becomes maintainer.  Is already maintainer of other ports.

PR:		269554
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38628

MOVED

@@ -14714,7 +14714,6 @@ security/libbf||2020-05-05|Has expired: Broken for more than 6 months
 security/log2timeline||2020-05-05|Has expired: Broken for more than 6 months
 security/opencdk||2020-05-05|Has expired: Broken for more than 6 months
 security/pad||2020-05-05|Has expired: Broken for more than 6 months
-security/pam_fprint||2020-05-05|Has expired: Broken for more than 6 months
 security/pam_per_user||2020-05-05|Has expired: Broken for more than 6 months
 security/razorback-dispatcher||2020-05-05|Has expired: Broken for more than 6 months
 security/ruby-camellia||2020-05-05|Has expired: Broken for more than 6 months

security/Makefile

@@ -714,6 +714,7 @@
     SUBDIR += pam-modules
     SUBDIR += pam-mysql
     SUBDIR += pam-pgsql
+    SUBDIR += pam_fprint
     SUBDIR += pam_google_authenticator
     SUBDIR += pam_helper
     SUBDIR += pam_jail

security/pam_fprint/Makefile

@@ -0,0 +1,26 @@
+PORTNAME=	pam_fprint
+DISTVERSION=	20080330
+PORTREVISION=	1
+CATEGORIES=	security
+
+MAINTAINER=	Clockwork6400@protonmail.com
+COMMENT=	PAM module offering finger print authentication using libfprint
+WWW=		https://github.com/Clockwork6400/pam-fprint
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libfprint.so:security/libfprint
+
+GNU_CONFIGURE=	yes
+USES=		autoreconf pkgconfig
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	Clockwork6400
+
+PLIST_FILES+=	bin/pam_fprint_enroll \
+		lib/pam_fprint.so
+
+SUB_FILES=	pkg-message
+
+.include <bsd.port.mk>

security/pam_fprint/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1676392070
+SHA256 (Clockwork6400-pam_fprint-20080330_GH0.tar.gz) = 35d9ed7a3e0d6d32db88da2b7ca5c70d656dff2548a3e417c1c49b8952ca650f
+SIZE (Clockwork6400-pam_fprint-20080330_GH0.tar.gz) = 15853

security/pam_fprint/files/patch-src_Makefile.am

@@ -0,0 +1,11 @@
+--- src/Makefile.am.orig	2023-02-14 15:43:27 UTC
++++ src/Makefile.am
+@@ -1,7 +1,6 @@
+-noinst_PROGRAMS = pamtest
+ bin_PROGRAMS = pam_fprint_enroll
+ pammod_PROGRAMS = pam_fprint.so
+-pammoddir=/lib/security
++pammoddir=$(PREFIX)/lib
+
+ pam_fprint_so_SOURCES = pam_fprint.c
+ pam_fprint_so_CFLAGS = -fPIC $(FPRINT_CFLAGS)

security/pam_fprint/files/patch-src_pam__fprint.c

@@ -0,0 +1,62 @@
+--- src/pam_fprint.c.orig	2023-02-14 15:43:27 UTC
++++ src/pam_fprint.c
+@@ -18,6 +18,7 @@
+  */
+
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <unistd.h>
+ #include <sys/types.h>
+ #include <pwd.h>
+@@ -27,6 +28,7 @@
+
+ #define PAM_SM_AUTH
+ #include <security/pam_modules.h>
++#include <security/pam_appl.h>
+
+ static int send_info_msg(pam_handle_t *pamh, char *msg)
+ {
+@@ -41,10 +43,10 @@ static int send_info_msg(pam_handle_t *pamh, char *msg
+
+     r = pam_get_item(pamh, PAM_CONV, (const void **) &pc);
+ 	if (r != PAM_SUCCESS)
+-		return;
++		return r;
+
+ 	if (!pc || !pc->conv)
+-		return;
++		return PAM_BUF_ERR;
+
+ 	return pc->conv(1, &msgp, &resp, pc->appdata_ptr);
+ }
+@@ -62,10 +64,10 @@ static int send_err_msg(pam_handle_t *pamh, char *msg)
+
+     r = pam_get_item(pamh, PAM_CONV, (const void **) &pc);
+ 	if (r != PAM_SUCCESS)
+-		return;
++		return r;
+
+ 	if (!pc || !pc->conv)
+-		return;
++		return PAM_BUF_ERR;
+
+ 	return pc->conv(1, &msgp, &resp, pc->appdata_ptr);
+ }
+@@ -102,7 +104,7 @@ static struct fp_print_data **find_dev_and_prints(stru
+ 	struct fp_print_data **gallery;
+
+ 	/* TODO: add device selection */
+-	while (print = prints[i++]) {
++	while ((print = prints[i++])) {
+ 		if (!ddev) {
+ 			ddev = fp_dscv_dev_for_dscv_print(ddevs, print);
+ 			driver_id = fp_dscv_print_get_driver_id(print);
+@@ -133,7 +135,7 @@ static struct fp_print_data **find_dev_and_prints(stru
+ 	}
+
+ 	i = 0, j = 0;
+-	while (print = prints[i++]) {
++	while ((print = prints[i++])) {
+ 		driver_id_cur = fp_dscv_print_get_driver_id(print);
+ 		if (driver_id_cur == driver_id) {
+ 			err = fp_print_data_from_dscv_print(print, & (gallery[j]));

security/pam_fprint/files/patch-src_pam__fprint__enroll.c

@@ -0,0 +1,20 @@
+--- src/pam_fprint_enroll.c.orig	2023-02-14 15:43:27 UTC
++++ src/pam_fprint_enroll.c
+@@ -26,7 +26,7 @@
+ #include <unistd.h>
+ #include <getopt.h>
+
+-#include <libfprint/fprint.h>
++#include <fprint.h>
+
+ static const char *finger_names[] = {
+ 	[LEFT_THUMB] = "Left Thumb",
+@@ -47,7 +47,7 @@ static struct fp_dscv_dev *discover_device(struct fp_d
+ 	struct fp_dscv_dev *ddev = NULL;
+ 	int i;
+
+-	for (i = 0; ddev = discovered_devs[i]; i++) {
++	for (i = 0; (ddev = discovered_devs[i]); i++) {
+ 		struct fp_driver *drv = fp_dscv_dev_get_driver(ddev);
+ 		printf("Found device claimed by %s driver\n",
+ 			fp_driver_get_full_name(drv));

security/pam_fprint/files/pkg-message.in

@@ -0,0 +1,20 @@
+[
+{ type: install
+  message: <<EOM
+The security/fprint_demo port contains the graphical `fprint_demo'
+application that allows you to manage your finger prints in a comfortable
+way.
+
+After enrolling fingerprints for your user(s), you can enable finger
+print authentication by adding the following line to the corresponding
+PAM configuration file(s) (see the PAM documentation and the pam_fprint
+web site for more information).
+
+auth            sufficient      %%PREFIX%%/lib/pam_fprint.so
+
+/etc/pam.d/system is used for system-wide defaults,
+/etc/pam.d/{gdm, kde} are used by the GDM/KDM login managers.
+EOM
+}
+]
+

security/pam_fprint/pkg-descr

@@ -0,0 +1,3 @@
+pam_fprint is a simple PAM module which uses libfprint's fingerprint
+processing and verification functionality for authentication. In other words,
+instead of seeing a password prompt, you're asked to scan your fingerprint.