This is sort of an MFS. Peter made these changes to the RELENG_*
branches but missed HEAD. This patch extends his a little bit, setting it up via the Makefiles so that adding _FREEFALL_CONFIG to /etc/make.conf is the only thing needed to cluster-ize things (current setup also requires overriding CFLAGS). From Peter's commit to the RELENG_* branches: > Add the freebsd.org custer's source modifications under #ifdefs to aid > keeping things in sync. For ksu: > * install suid-root by default > * don't fall back to asking for a unix password (ie: be pure kerberos) > * allow custom user instances for things like www and not just root The Makefile tweaks will be MFC-ed, the rest is already done. MFC after: 3 days Approved by: re (dwhite)
This commit is contained in:
parent
0d69457df8
commit
28b7f562fc
@ -1,9 +1,14 @@
|
||||
# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
|
||||
# $FreeBSD$
|
||||
|
||||
include $(top_srcdir)/Makefile.am.common
|
||||
|
||||
INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
|
||||
|
||||
.if defined(_FREEFALL_CONFIG)
|
||||
CFLAGS+=-D_FREEFALL_CONFIG
|
||||
.endif
|
||||
|
||||
bin_PROGRAMS = su
|
||||
bin_SUIDS = su
|
||||
su_SOURCES = su.c
|
||||
|
@ -30,6 +30,10 @@
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
|
||||
|
||||
/*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
||||
RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
|
||||
@ -193,12 +197,20 @@ krb5_verify(const struct passwd *login_info,
|
||||
NULL);
|
||||
else
|
||||
ret = krb5_make_principal(context, &p, NULL,
|
||||
#ifdef _FREEFALL_CONFIG
|
||||
login_name,
|
||||
#else
|
||||
su_info->pw_name,
|
||||
#endif
|
||||
NULL);
|
||||
if(ret)
|
||||
return 1;
|
||||
|
||||
if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
|
||||
if(
|
||||
#ifndef _FREEFALL_CONFIG
|
||||
su_info->pw_uid != 0 ||
|
||||
#endif
|
||||
krb5_kuserok(context, p, su_info->pw_name)) {
|
||||
ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
|
||||
if(ret) {
|
||||
#if 1
|
||||
@ -430,7 +442,11 @@ main(int argc, char **argv)
|
||||
ok = 4;
|
||||
#endif
|
||||
|
||||
if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
|
||||
if(ok == 0 && login_info->pw_uid
|
||||
#ifndef _FREEFALL_CONFIG
|
||||
&& verify_unix(su_info) != 0
|
||||
#endif
|
||||
) {
|
||||
printf("Sorry!\n");
|
||||
exit(1);
|
||||
}
|
||||
|
@ -1,13 +1,16 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PROG= ksu
|
||||
.if defined(ENABLE_SUID_K5SU)
|
||||
.if defined(ENABLE_SUID_K5SU) || defined(_FREEFALL_CONFIG)
|
||||
BINMODE=4555
|
||||
PRECIOUSPROG=
|
||||
.endif
|
||||
NO_MAN=
|
||||
SRCS= su.c
|
||||
CFLAGS+=-I${KRB5DIR}/lib/roken
|
||||
.if defined(_FREEFALL_CONFIG)
|
||||
CFLAGS+=-D_FREEFALL_CONFIG
|
||||
.endif
|
||||
DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \
|
||||
${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR}
|
||||
LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \
|
||||
|
@ -27,6 +27,9 @@
|
||||
LIB= pam_krb5
|
||||
SRCS= pam_krb5.c
|
||||
MAN= pam_krb5.8
|
||||
.if defined(_FREEFALL_CONFIG)
|
||||
CFLAGS+=-D_FREEFALL_CONFIG
|
||||
.endif
|
||||
|
||||
DPADD= ${LIBKRB5} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO}
|
||||
LDADD= -lkrb5 -lasn1 -lroken -lcom_err -lcrypt -lcrypto
|
||||
|
@ -333,6 +333,9 @@ PAM_EXTERN int
|
||||
pam_sm_setcred(pam_handle_t *pamh, int flags,
|
||||
int argc __unused, const char *argv[] __unused)
|
||||
{
|
||||
#ifdef _FREEFALL_CONFIG
|
||||
return (PAM_SUCCESS);
|
||||
#else
|
||||
|
||||
krb5_error_code krbret;
|
||||
krb5_context pam_context;
|
||||
@ -570,6 +573,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
|
||||
free(cache_name_buf);
|
||||
|
||||
return (retval);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user