From 2672e71736bc2f7d0e5d289320b486b646710342 Mon Sep 17 00:00:00 2001 From: Ken Smith Date: Thu, 7 Jul 2005 14:16:38 +0000 Subject: [PATCH] This is sort of an MFS. Peter made these changes to the RELENG_* branches but missed HEAD. This patch extends his a little bit, setting it up via the Makefiles so that adding _FREEFALL_CONFIG to /etc/make.conf is the only thing needed to cluster-ize things (current setup also requires overriding CFLAGS). From Peter's commit to the RELENG_* branches: > Add the freebsd.org custer's source modifications under #ifdefs to aid > keeping things in sync. For ksu: > * install suid-root by default > * don't fall back to asking for a unix password (ie: be pure kerberos) > * allow custom user instances for things like www and not just root The Makefile tweaks will be MFC-ed, the rest is already done. MFC after: 3 days Approved by: re (dwhite) --- crypto/heimdal/appl/su/Makefile.am | 5 +++++ crypto/heimdal/appl/su/su.c | 20 ++++++++++++++++++-- kerberos5/usr.bin/ksu/Makefile | 5 ++++- lib/libpam/modules/pam_krb5/Makefile | 3 +++ lib/libpam/modules/pam_krb5/pam_krb5.c | 4 ++++ 5 files changed, 34 insertions(+), 3 deletions(-) diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am index 9cacaba7d1b..86e8533f7bd 100644 --- a/crypto/heimdal/appl/su/Makefile.am +++ b/crypto/heimdal/appl/su/Makefile.am @@ -1,9 +1,14 @@ # $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $ +# $FreeBSD$ include $(top_srcdir)/Makefile.am.common INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) +.if defined(_FREEFALL_CONFIG) +CFLAGS+=-D_FREEFALL_CONFIG +.endif + bin_PROGRAMS = su bin_SUIDS = su su_SOURCES = su.c diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index 79324e9ee55..d44cf1b70da 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -30,6 +30,10 @@ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * $FreeBSD$ + */ + #include RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $"); @@ -193,12 +197,20 @@ krb5_verify(const struct passwd *login_info, NULL); else ret = krb5_make_principal(context, &p, NULL, +#ifdef _FREEFALL_CONFIG + login_name, +#else su_info->pw_name, +#endif NULL); if(ret) return 1; - if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) { + if( +#ifndef _FREEFALL_CONFIG + su_info->pw_uid != 0 || +#endif + krb5_kuserok(context, p, su_info->pw_name)) { ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); if(ret) { #if 1 @@ -430,7 +442,11 @@ main(int argc, char **argv) ok = 4; #endif - if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) { + if(ok == 0 && login_info->pw_uid +#ifndef _FREEFALL_CONFIG + && verify_unix(su_info) != 0 +#endif + ) { printf("Sorry!\n"); exit(1); } diff --git a/kerberos5/usr.bin/ksu/Makefile b/kerberos5/usr.bin/ksu/Makefile index cca520e4e3c..1e095ec2902 100644 --- a/kerberos5/usr.bin/ksu/Makefile +++ b/kerberos5/usr.bin/ksu/Makefile @@ -1,13 +1,16 @@ # $FreeBSD$ PROG= ksu -.if defined(ENABLE_SUID_K5SU) +.if defined(ENABLE_SUID_K5SU) || defined(_FREEFALL_CONFIG) BINMODE=4555 PRECIOUSPROG= .endif NO_MAN= SRCS= su.c CFLAGS+=-I${KRB5DIR}/lib/roken +.if defined(_FREEFALL_CONFIG) +CFLAGS+=-D_FREEFALL_CONFIG +.endif DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ diff --git a/lib/libpam/modules/pam_krb5/Makefile b/lib/libpam/modules/pam_krb5/Makefile index 9bbe345353a..8d33284ffef 100644 --- a/lib/libpam/modules/pam_krb5/Makefile +++ b/lib/libpam/modules/pam_krb5/Makefile @@ -27,6 +27,9 @@ LIB= pam_krb5 SRCS= pam_krb5.c MAN= pam_krb5.8 +.if defined(_FREEFALL_CONFIG) +CFLAGS+=-D_FREEFALL_CONFIG +.endif DPADD= ${LIBKRB5} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO} LDADD= -lkrb5 -lasn1 -lroken -lcom_err -lcrypt -lcrypto diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c index 2cfddbcb89a..0ed57f93208 100644 --- a/lib/libpam/modules/pam_krb5/pam_krb5.c +++ b/lib/libpam/modules/pam_krb5/pam_krb5.c @@ -333,6 +333,9 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc __unused, const char *argv[] __unused) { +#ifdef _FREEFALL_CONFIG + return (PAM_SUCCESS); +#else krb5_error_code krbret; krb5_context pam_context; @@ -570,6 +573,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, free(cache_name_buf); return (retval); +#endif } /*