Initial version of the patches

diff --git a/README b/README
new file mode 100644 (file)
index 0000000..66267b3
--- /dev/null
+++ b/README
@@ -0,0 +1,9 @@
+The patches to add PAM authentication support for Transmission torrent daemon.
+(c) Andrew Sichevoi, http://thekondor.net
+
+The patches are distributed in the terms of GNU GPL v3.0+ license.
+
+Applicable for trunk@13057.
+
+Please find more details here: http://blog.thekondor.net/2011/10/pam-authentication-for-transmission.html
+

diff --git a/cli-Makefile.am.patch b/cli-Makefile.am.patch
new file mode 100644 (file)
index 0000000..fd5caed
--- /dev/null
+++ b/cli-Makefile.am.patch
@@ -0,0 +1,12 @@
+Index: cli/Makefile.am
+===================================================================
+--- cli/Makefile.am    (revision 13057)
++++ cli/Makefile.am    (working copy)
+@@ -23,6 +23,7 @@
+     @DHT_LIBS@ \
+     @LIBUTP_LIBS@ \
+     @LIBEVENT_LIBS@ \
++    @LIBPAM_LIBS@ \
+     @LIBCURL_LIBS@ \
+     @OPENSSL_LIBS@ \
+     @INTLLIBS@ \

diff --git a/configure.ac.patch b/configure.ac.patch
new file mode 100644 (file)
index 0000000..dde0e14
--- /dev/null
+++ b/configure.ac.patch
@@ -0,0 +1,32 @@
+Index: configure.ac
+===================================================================
+--- configure.ac       (revision 13057)
++++ configure.ac       (working copy)
+@@ -311,6 +311,27 @@
+ 
+ dnl ----------------------------------------------------------------------------
+ dnl
++dnl  native RPC authentication
++
++AC_ARG_ENABLE([native-rpc-auth],
++              AS_HELP_STRING([--enable-native-rpc-auth],[enable native user authentication for RPC]),
++              [enable_native_rpc_auth=yes])
++
++if test "x$enable_native_rpc_auth" == "xyes"; then
++    AC_CHECK_LIB([pam],[],
++                       [AC_MSG_ERROR(PAM library not found!)])
++    AC_CHECK_HEADER([security/pam_appl.h],[],
++                    [AC_MSG_ERROR(security/pam_appl.h not found!)])
++    AC_DEFINE([HAVE_NATIVE_AUTH_ENABLED], 1)
++    LIBPAM_CFLAGS=""
++    LIBPAM_LIBS="-lpam"
++fi
++    AC_SUBST(LIBPAM_CFLAGS)
++    AC_SUBST(LIBPAM_LIBS)
++
++
++dnl ----------------------------------------------------------------------------
++dnl
+ dnl  detection for the GTK+ client
+ 
+ 

diff --git a/daemon-Makefile.am.patch b/daemon-Makefile.am.patch
new file mode 100644 (file)
index 0000000..4729a81
--- /dev/null
+++ b/daemon-Makefile.am.patch
@@ -0,0 +1,12 @@
+Index: daemon/Makefile.am
+===================================================================
+--- daemon/Makefile.am (revision 13057)
++++ daemon/Makefile.am (working copy)
+@@ -25,6 +25,7 @@
+     @DHT_LIBS@ \
+     @LIBUTP_LIBS@ \
+     @LIBEVENT_LIBS@ \
++    @LIBPAM_LIBS@ \
+     @LIBCURL_LIBS@ \
+     @OPENSSL_LIBS@ \
+     @INTLLIBS@ \

diff --git a/gtk-Makefile.am.patch b/gtk-Makefile.am.patch
new file mode 100644 (file)
index 0000000..846d385
--- /dev/null
+++ b/gtk-Makefile.am.patch
@@ -0,0 +1,12 @@
+Index: gtk/Makefile.am
+===================================================================
+--- gtk/Makefile.am    (revision 13057)
++++ gtk/Makefile.am    (working copy)
+@@ -91,6 +91,7 @@
+     @GTK_LIBS@ \
+     @LIBAPPINDICATOR_LIBS@ \
+     @LIBEVENT_LIBS@ \
++    @LIBPAM_LIBS@ \
+     @LIBCURL_LIBS@ \
+     @OPENSSL_LIBS@ \
+     @ZLIB_LIBS@ \

diff --git a/libtransmission-Makefile.am.patch b/libtransmission-Makefile.am.patch
new file mode 100644 (file)
index 0000000..f5263f2
--- /dev/null
+++ b/libtransmission-Makefile.am.patch
@@ -0,0 +1,28 @@
+Index: libtransmission/Makefile.am
+===================================================================
+--- libtransmission/Makefile.am        (revision 13057)
++++ libtransmission/Makefile.am        (working copy)
+@@ -40,6 +40,7 @@
+     magnet.c \
+     makemeta.c \
+     metainfo.c \
++    native-auth.c \
+     natpmp.c \
+     net.c \
+     peer-io.c \
+@@ -91,6 +92,7 @@
+     magnet.h \
+     makemeta.h \
+     metainfo.h \
++    native-auth.h \
+     natpmp.h \
+     net.h \
+     peer-common.h \
+@@ -145,6 +147,7 @@
+     @INTLLIBS@ \
+     @DHT_LIBS@ \
+     @LIBUTP_LIBS@ \
++    @LIBPAM_LIBS@ \
+     @LIBCURL_LIBS@ \
+     @LIBEVENT_LIBS@ \
+     @OPENSSL_LIBS@ \

diff --git a/libtransmission-native-auth.c.patch b/libtransmission-native-auth.c.patch
new file mode 100644 (file)
index 0000000..dd2d13f
--- /dev/null
+++ b/libtransmission-native-auth.c.patch
@@ -0,0 +1,163 @@
+Index: libtransmission/native-auth.c
+===================================================================
+--- libtransmission/native-auth.c      (revision 0)
++++ libtransmission/native-auth.c      (revision 0)
+@@ -0,0 +1,158 @@
++/******************************************************************************
++ * $Id:$
++ *
++ * Copyright (c) Transmission authors and contributors
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a
++ * copy of this software and associated documentation files (the "Software"),
++ * to deal in the Software without restriction, including without limitation
++ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
++ * and/or sell copies of the Software, and to permit persons to whom the
++ * Software is furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
++ * DEALINGS IN THE SOFTWARE.
++ *****************************************************************************/
++
++#include "native-auth.h"
++
++
++#if defined(HAVE_NATIVE_AUTH_ENABLED) && defined(linux)
++ #define  NATIVE_AUTH_ENABLED 1
++
++ #include "transmission.h"
++ #include "utils.h"
++
++ #include <assert.h>
++ #include <string.h>
++
++ #include <security/pam_appl.h>
++#endif
++
++#if defined(NATIVE_AUTH_ENABLED)
++static struct pam_response *
++makePAMResponse( const char * data )
++{
++    struct pam_response * response = ( struct pam_response * )tr_malloc( sizeof( struct pam_response ) );
++    if ( !response )
++    {
++        tr_err( _("Cannot allocate memory for PAM response") );
++        return NULL;
++    }
++
++    response->resp_retcode = PAM_SUCCESS;
++      response->resp = strdup( data );
++
++    return response;
++}
++
++static int
++pamAuthConversation( int numMsg,
++                     const struct pam_message ** messages,
++                     struct pam_response ** responses,
++                     void * data )
++{
++    int msgIndex;
++      bool errorOccurred = false;
++
++    assert( data );
++
++    *responses = (struct pam_response *)tr_malloc0( numMsg*sizeof( struct pam_response ) );
++    if ( !*responses )
++    {
++        return PAM_CONV_ERR;
++    }
++
++    for( msgIndex = 0; msgIndex < numMsg && !errorOccurred; ++msgIndex )
++    {
++        const struct pam_message * msg = *messages++;
++        switch( msg->msg_style )
++              {
++            case PAM_PROMPT_ECHO_OFF:
++            case PAM_PROMPT_ECHO_ON:
++            {
++                const char * password = (char *)data;
++                struct pam_response * response = makePAMResponse( password );
++
++                if ( !response )
++                    errorOccurred = true;
++                else
++                    responses[msgIndex] = response;
++
++                break;
++            }
++
++            case PAM_TEXT_INFO:
++                break;
++
++            default:
++                errorOccurred = true;
++                tr_err( _("Error while PAM conversation occurred") );
++        }
++    }
++
++    if( errorOccurred )
++    {
++        tr_free( *responses );
++        return PAM_CONV_ERR;
++    }
++
++    return PAM_SUCCESS;
++}
++
++static void
++performPAMAuthentication( const char * user, const char * password, bool * isSuccess )
++{
++    const char * PAM_AUTH_MODULE = "auth"; 
++    struct pam_conv pamConversation = { pamAuthConversation, (void *) password };
++    int pamError = 0;
++    pam_handle_t * pamHandle = NULL;
++
++    *isSuccess = false;
++              
++    pamError = pam_start( PAM_AUTH_MODULE, user, &pamConversation, &pamHandle );
++    if ( PAM_SUCCESS != pamError )
++    {
++        tr_err( _( "Failed to start PAM session: %s" ), pam_strerror( pamHandle, pamError ) );
++        return;
++    }
++
++    pamError = pam_authenticate( pamHandle, PAM_SILENT );
++    if ( PAM_SUCCESS == pamError )
++        *isSuccess = true;
++    else
++        pamError = pam_end( pamHandle, /* last status */ 0 );
++
++    if ( PAM_SUCCESS != pamError )
++    {
++        tr_err( _( "Failed to close PAM session: %s" ), pam_strerror( pamHandle, pamError ) );
++    }
++}
++#endif
++
++void
++tr_performNativeAuthentication( const char * user, const char * password, tr_rpcNativeAuthenticationResult * result )
++{
++    bool isSuccessAuth = false;
++
++#ifdef HAVE_NATIVE_AUTH_ENABLED
++
++#if defined(linux)
++    performPAMAuthentication( user, password, &isSuccessAuth );       
++#else
++    #warning Native user authentication for this platform is not supported yet.
++#endif
++
++#endif /* HAVE_NATIVE_AUTH_ENABLED */
++
++    *result = ( isSuccessAuth ) ? NATIVE_AUTHENTICATON_SUCCESS : NATIVE_AUTHENTICATON_FAIL;
++}
++

diff --git a/libtransmission-native-auth.h.patch b/libtransmission-native-auth.h.patch
new file mode 100644 (file)
index 0000000..5ede71c
--- /dev/null
+++ b/libtransmission-native-auth.h.patch
@@ -0,0 +1,48 @@
+Index: libtransmission/native-auth.h
+===================================================================
+--- libtransmission/native-auth.h      (revision 0)
++++ libtransmission/native-auth.h      (revision 0)
+@@ -0,0 +1,43 @@
++/******************************************************************************
++ * $Id:$
++ *
++ * Copyright (c) Transmission authors and contributors
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a
++ * copy of this software and associated documentation files (the "Software"),
++ * to deal in the Software without restriction, including without limitation
++ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
++ * and/or sell copies of the Software, and to permit persons to whom the
++ * Software is furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
++ * DEALINGS IN THE SOFTWARE.
++ *****************************************************************************/
++
++#ifndef __TRANSMISSION__
++ #error only libtransmission should #include this header.
++#endif
++
++#ifndef TR_NATIVE_AUTH_H
++#define TR_NATIVE_AUTH_H 1
++
++enum _tr_rpcNativeAuthenticationResult
++{
++    NATIVE_AUTHENTICATON_FAIL = 0,
++    NATIVE_AUTHENTICATON_SUCCESS
++};
++
++typedef enum _tr_rpcNativeAuthenticationResult tr_rpcNativeAuthenticationResult;
++
++void tr_performNativeAuthentication( const char * user, const char * password, tr_rpcNativeAuthenticationResult * result );
++
++#endif
++

diff --git a/libtransmission-rpc-server.c.patch b/libtransmission-rpc-server.c.patch
new file mode 100644 (file)
index 0000000..d91b3d2
--- /dev/null
+++ b/libtransmission-rpc-server.c.patch
@@ -0,0 +1,101 @@
+Index: libtransmission/rpc-server.c
+===================================================================
+--- libtransmission/rpc-server.c       (revision 13057)
++++ libtransmission/rpc-server.c       (working copy)
+@@ -32,6 +32,7 @@
+ #include "fdlimit.h"
+ #include "list.h"
+ #include "net.h"
++#include "native-auth.h"
+ #include "platform.h" /* tr_getWebClientDir() */
+ #include "ptrarray.h"
+ #include "rpcimpl.h"
+@@ -56,6 +57,7 @@
+ {
+     bool               isEnabled;
+     bool               isPasswordEnabled;
++    bool               isNativeAuthenticationEnabled;
+     bool               isWhitelistEnabled;
+     tr_port            port;
+     char *             url;
+@@ -575,6 +577,35 @@
+ }
+ 
+ static bool
++isUserAllowed( struct tr_rpc_server* server, const char * user, const char * pass)
++{
++    bool successAuth;
++
++    if( !server->isPasswordEnabled )
++          return true;
++
++    if( !user || !pass )
++    {
++        return false;
++    }
++
++    if( server->isNativeAuthenticationEnabled )
++    {
++        tr_rpcNativeAuthenticationResult authResult;
++        tr_performNativeAuthentication( user, pass, &authResult);
++        successAuth = (NATIVE_AUTHENTICATON_SUCCESS == authResult);
++    }
++    else
++    {
++        successAuth = !strcmp( server->username, user ) &&
++                      tr_ssha1_matches( server->password, pass);
++    }
++
++    return successAuth;
++}
++
++
++static bool
+ test_session_id( struct tr_rpc_server * server, struct evhttp_request * req )
+ {
+     const char * ours = get_current_session_id( server );
+@@ -616,10 +647,7 @@
+                 "<p>If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.</p>"
+                 "<p>If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.</p>" );
+         }
+-        else if( server->isPasswordEnabled
+-                 && ( !pass || !user || strcmp( server->username, user )
+-                                     || !tr_ssha1_matches( server->password,
+-                                                           pass ) ) )
++        else if( !isUserAllowed( server, user, pass ) )
+         {
+             evhttp_add_header( req->output_headers,
+                                "WWW-Authenticate",
+@@ -877,6 +905,19 @@
+     return server->isPasswordEnabled;
+ }
+ 
++void
++tr_rpcSetNativeAuthenticationEnabled( tr_rpc_server * server, bool isEnabled )
++{
++    server->isNativeAuthenticationEnabled = isEnabled;
++    dbgmsg( "setting 'native authenication enabled' to %d", (int)isEnabled );
++}
++
++bool
++tr_rpcIsNativeAuthenticationEnabled( const tr_rpc_server * server )
++{
++    return server->isNativeAuthenticationEnabled;
++}
++
+ const char *
+ tr_rpcGetBindAddress( const tr_rpc_server * server )
+ {
+@@ -961,6 +1002,12 @@
+     else
+         tr_rpcSetPasswordEnabled( s, boolVal );
+ 
++    key = TR_PREFS_KEY_RPC_NATIVE_AUTH_ENABLED;
++    if ( !tr_bencDictFindBool( settings, key, &boolVal ) )
++        tr_nerr( MY_NAME, _( "Couldn't find settings key \"%s\"" ), key );
++    else
++        tr_rpcSetNativeAuthenticationEnabled( s, boolVal );
++
+     key = TR_PREFS_KEY_RPC_WHITELIST;
+     if( !tr_bencDictFindStr( settings, key, &str ) && str )
+         tr_nerr( MY_NAME, _( "Couldn't find settings key \"%s\"" ), key );

diff --git a/libtransmission-rpc-server.h.patch b/libtransmission-rpc-server.h.patch
new file mode 100644 (file)
index 0000000..6cc3b20
--- /dev/null
+++ b/libtransmission-rpc-server.h.patch
@@ -0,0 +1,15 @@
+Index: libtransmission/rpc-server.h
+===================================================================
+--- libtransmission/rpc-server.h       (revision 13057)
++++ libtransmission/rpc-server.h       (working copy)
+@@ -64,6 +64,10 @@
+ 
+ bool            tr_rpcIsPasswordEnabled( const tr_rpc_server * session );
+ 
++void            tr_rpcSetNativeAuthenticationEnabled( tr_rpc_server * server, bool isEnabled );
++
++bool            tr_rpcIsNativeAuthenticationEnabled( const tr_rpc_server * server );
++
+ const char*     tr_rpcGetBindAddress( const tr_rpc_server * server );
+ 
+ #endif

diff --git a/libtransmission-session.c.patch b/libtransmission-session.c.patch
new file mode 100644 (file)
index 0000000..9bf971f
--- /dev/null
+++ b/libtransmission-session.c.patch
@@ -0,0 +1,43 @@
+Index: libtransmission/session.c
+===================================================================
+--- libtransmission/session.c  (revision 13057)
++++ libtransmission/session.c  (working copy)
+@@ -342,6 +342,7 @@
+     tr_bencDictAddBool( d, TR_PREFS_KEY_RPC_ENABLED,                     false );
+     tr_bencDictAddStr ( d, TR_PREFS_KEY_RPC_PASSWORD,                    "" );
+     tr_bencDictAddStr ( d, TR_PREFS_KEY_RPC_USERNAME,                    "" );
++    tr_bencDictAddBool( d, TR_PREFS_KEY_RPC_NATIVE_AUTH_ENABLED,         false );
+     tr_bencDictAddStr ( d, TR_PREFS_KEY_RPC_WHITELIST,                   TR_DEFAULT_RPC_WHITELIST );
+     tr_bencDictAddBool( d, TR_PREFS_KEY_RPC_WHITELIST_ENABLED,           true );
+     tr_bencDictAddInt ( d, TR_PREFS_KEY_RPC_PORT,                        atoi( TR_DEFAULT_RPC_PORT_STR ) );
+@@ -415,6 +416,7 @@
+     tr_bencDictAddInt ( d, TR_PREFS_KEY_RPC_PORT,                         tr_sessionGetRPCPort( s ) );
+     tr_bencDictAddStr ( d, TR_PREFS_KEY_RPC_URL,                          tr_sessionGetRPCUrl( s ) );
+     tr_bencDictAddStr ( d, TR_PREFS_KEY_RPC_USERNAME,                     tr_sessionGetRPCUsername( s ) );
++    tr_bencDictAddBool( d, TR_PREFS_KEY_RPC_NATIVE_AUTH_ENABLED,          tr_sessionIsRPCNativeAuthenticationEnabled( s) );
+     tr_bencDictAddStr ( d, TR_PREFS_KEY_RPC_WHITELIST,                    tr_sessionGetRPCWhitelist( s ) );
+     tr_bencDictAddBool( d, TR_PREFS_KEY_RPC_WHITELIST_ENABLED,            tr_sessionGetRPCWhitelistEnabled( s ) );
+     tr_bencDictAddBool( d, TR_PREFS_KEY_SCRAPE_PAUSED_TORRENTS,           s->scrapePausedTorrents );
+@@ -2578,6 +2580,22 @@
+     return tr_rpcIsPasswordEnabled( session->rpcServer );
+ }
+ 
++void
++tr_sessionSetRPCNativeAuthenticationEnabled( tr_session * session, bool isEnabled )
++{
++    assert( tr_isSession( session ) );
++
++    return tr_rpcSetNativeAuthenticationEnabled( session->rpcServer, isEnabled );
++}
++
++bool
++tr_sessionIsRPCNativeAuthenticationEnabled( const tr_session * session )
++{
++    assert( tr_isSession (session) );
++
++    return tr_rpcIsNativeAuthenticationEnabled( session->rpcServer ); 
++}
++
+ const char *
+ tr_sessionGetRPCBindAddress( const tr_session * session )
+ {

diff --git a/libtransmission-transmission.h.patch b/libtransmission-transmission.h.patch
new file mode 100644 (file)
index 0000000..8d0a8ba
--- /dev/null
+++ b/libtransmission-transmission.h.patch
@@ -0,0 +1,24 @@
+Index: libtransmission/transmission.h
+===================================================================
+--- libtransmission/transmission.h     (revision 13057)
++++ libtransmission/transmission.h     (working copy)
+@@ -196,6 +196,7 @@
+ #define TR_PREFS_KEY_RATIO_ENABLED                      "ratio-limit-enabled"
+ #define TR_PREFS_KEY_RENAME_PARTIAL_FILES               "rename-partial-files"
+ #define TR_PREFS_KEY_RPC_AUTH_REQUIRED                  "rpc-authentication-required"
++#define TR_PREFS_KEY_RPC_NATIVE_AUTH_ENABLED            "rpc-native-authentication-enabled"
+ #define TR_PREFS_KEY_RPC_BIND_ADDRESS                   "rpc-bind-address"
+ #define TR_PREFS_KEY_RPC_ENABLED                        "rpc-enabled"
+ #define TR_PREFS_KEY_RPC_PASSWORD                       "rpc-password"
+@@ -504,6 +505,11 @@
+ 
+ bool tr_sessionIsRPCPasswordEnabled( const tr_session * session );
+ 
++void  tr_sessionSetRPCNativeAuthenticationEnabled( tr_session * session,
++                                                   bool         isEnabled );
++
++bool tr_sessionIsRPCNativeAuthenticationEnabled( const tr_session * session );
++
+ const char* tr_sessionGetRPCBindAddress( const tr_session * session );
+ 
+ 

diff --git a/qt-qtr.pro.patch b/qt-qtr.pro.patch
new file mode 100644 (file)
index 0000000..b15d2b6
--- /dev/null
+++ b/qt-qtr.pro.patch
@@ -0,0 +1,13 @@
+Index: qt/qtr.pro
+===================================================================
+--- qt/qtr.pro (revision 13057)
++++ qt/qtr.pro (working copy)
+@@ -27,7 +27,7 @@
+     LIBS += $${TRANSMISSION_TOP}/third-party/miniupnp/libminiupnp.a
+ }
+ LIBS += $${TRANSMISSION_TOP}/third-party/libnatpmp/libnatpmp.a
+-unix: LIBS += -L$${EVENT_TOP}/lib -lz -lrt
++unix: LIBS += -L$${EVENT_TOP}/lib -lz -lrt -lpam
+ win32:DEFINES += QT_DBUS
+ win32:LIBS += -levent-2.0 -lws2_32 -lintl
+ win32:LIBS += -lidn -liconv -lwldap32 -liphlpapi

diff --git a/utils-Makefile.am.patch b/utils-Makefile.am.patch
new file mode 100644 (file)
index 0000000..bf14c31
--- /dev/null
+++ b/utils-Makefile.am.patch
@@ -0,0 +1,12 @@
+Index: utils/Makefile.am
+===================================================================
+--- utils/Makefile.am  (revision 13057)
++++ utils/Makefile.am  (working copy)
+@@ -32,6 +32,7 @@
+     @DHT_LIBS@ \
+     @LIBUTP_LIBS@ \
+     @LIBEVENT_LIBS@ \
++    @LIBPAM_LIBS@ \
+     @LIBCURL_LIBS@ \
+     @OPENSSL_LIBS@ \
+     @ZLIB_LIBS@ \