diff options
author | kensmith <kensmith@FreeBSD.org> | 2005-07-07 14:16:38 +0000 |
---|---|---|
committer | kensmith <kensmith@FreeBSD.org> | 2005-07-07 14:16:38 +0000 |
commit | 28b7f562fc678fae0db68e2f56a58b703f9a93dd (patch) | |
tree | 710b8b002dddd551dd4f24a9841dfdb5fa2d4ee6 | |
parent | 0d69457df8ccd88ca9066d313c9d76c6bd22f148 (diff) | |
download | FreeBSD-src-28b7f562fc678fae0db68e2f56a58b703f9a93dd.zip FreeBSD-src-28b7f562fc678fae0db68e2f56a58b703f9a93dd.tar.gz |
This is sort of an MFS. Peter made these changes to the RELENG_*
branches but missed HEAD. This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).
From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync. For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root
The Makefile tweaks will be MFC-ed, the rest is already done.
MFC after: 3 days
Approved by: re (dwhite)
-rw-r--r-- | crypto/heimdal/appl/su/Makefile.am | 5 | ||||
-rw-r--r-- | crypto/heimdal/appl/su/su.c | 20 | ||||
-rw-r--r-- | kerberos5/usr.bin/ksu/Makefile | 5 | ||||
-rw-r--r-- | lib/libpam/modules/pam_krb5/Makefile | 3 | ||||
-rw-r--r-- | lib/libpam/modules/pam_krb5/pam_krb5.c | 4 |
5 files changed, 34 insertions, 3 deletions
diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am index 9cacaba..86e8533 100644 --- a/crypto/heimdal/appl/su/Makefile.am +++ b/crypto/heimdal/appl/su/Makefile.am @@ -1,9 +1,14 @@ # $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $ +# $FreeBSD$ include $(top_srcdir)/Makefile.am.common INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) +.if defined(_FREEFALL_CONFIG) +CFLAGS+=-D_FREEFALL_CONFIG +.endif + bin_PROGRAMS = su bin_SUIDS = su su_SOURCES = su.c diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index 79324e9..d44cf1b 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -30,6 +30,10 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * $FreeBSD$ + */ + #include <config.h> RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $"); @@ -193,12 +197,20 @@ krb5_verify(const struct passwd *login_info, NULL); else ret = krb5_make_principal(context, &p, NULL, +#ifdef _FREEFALL_CONFIG + login_name, +#else su_info->pw_name, +#endif NULL); if(ret) return 1; - if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) { + if( +#ifndef _FREEFALL_CONFIG + su_info->pw_uid != 0 || +#endif + krb5_kuserok(context, p, su_info->pw_name)) { ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); if(ret) { #if 1 @@ -430,7 +442,11 @@ main(int argc, char **argv) ok = 4; #endif - if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) { + if(ok == 0 && login_info->pw_uid +#ifndef _FREEFALL_CONFIG + && verify_unix(su_info) != 0 +#endif + ) { printf("Sorry!\n"); exit(1); } diff --git a/kerberos5/usr.bin/ksu/Makefile b/kerberos5/usr.bin/ksu/Makefile index cca520e..1e095ec 100644 --- a/kerberos5/usr.bin/ksu/Makefile +++ b/kerberos5/usr.bin/ksu/Makefile @@ -1,13 +1,16 @@ # $FreeBSD$ PROG= ksu -.if defined(ENABLE_SUID_K5SU) +.if defined(ENABLE_SUID_K5SU) || defined(_FREEFALL_CONFIG) BINMODE=4555 PRECIOUSPROG= .endif NO_MAN= SRCS= su.c CFLAGS+=-I${KRB5DIR}/lib/roken +.if defined(_FREEFALL_CONFIG) +CFLAGS+=-D_FREEFALL_CONFIG +.endif DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ diff --git a/lib/libpam/modules/pam_krb5/Makefile b/lib/libpam/modules/pam_krb5/Makefile index 9bbe345..8d33284 100644 --- a/lib/libpam/modules/pam_krb5/Makefile +++ b/lib/libpam/modules/pam_krb5/Makefile @@ -27,6 +27,9 @@ LIB= pam_krb5 SRCS= pam_krb5.c MAN= pam_krb5.8 +.if defined(_FREEFALL_CONFIG) +CFLAGS+=-D_FREEFALL_CONFIG +.endif DPADD= ${LIBKRB5} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} LDADD= -lkrb5 -lasn1 -lroken -lcom_err -lcrypt -lcrypto diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c index 2cfddbc..0ed57f9 100644 --- a/lib/libpam/modules/pam_krb5/pam_krb5.c +++ b/lib/libpam/modules/pam_krb5/pam_krb5.c @@ -333,6 +333,9 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc __unused, const char *argv[] __unused) { +#ifdef _FREEFALL_CONFIG + return (PAM_SUCCESS); +#else krb5_error_code krbret; krb5_context pam_context; @@ -570,6 +573,7 @@ cleanup3: free(cache_name_buf); return (retval); +#endif } /* |