This is sort of an MFS. Peter made these changes to the RELENG_*

branches but missed HEAD.  This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync.  For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after:      3 days
Approved by:    re (dwhite)
This commit is contained in:
kensmith 2005-07-07 14:16:38 +00:00
parent 0d69457df8
commit 28b7f562fc
5 changed files with 34 additions and 3 deletions

View File

@ -1,9 +1,14 @@
# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
# $FreeBSD$
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
.if defined(_FREEFALL_CONFIG)
CFLAGS+=-D_FREEFALL_CONFIG
.endif
bin_PROGRAMS = su
bin_SUIDS = su
su_SOURCES = su.c

View File

@ -30,6 +30,10 @@
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
/*
* $FreeBSD$
*/
#include <config.h>
RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
@ -193,12 +197,20 @@ krb5_verify(const struct passwd *login_info,
NULL);
else
ret = krb5_make_principal(context, &p, NULL,
#ifdef _FREEFALL_CONFIG
login_name,
#else
su_info->pw_name,
#endif
NULL);
if(ret)
return 1;
if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
if(
#ifndef _FREEFALL_CONFIG
su_info->pw_uid != 0 ||
#endif
krb5_kuserok(context, p, su_info->pw_name)) {
ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
if(ret) {
#if 1
@ -430,7 +442,11 @@ main(int argc, char **argv)
ok = 4;
#endif
if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
if(ok == 0 && login_info->pw_uid
#ifndef _FREEFALL_CONFIG
&& verify_unix(su_info) != 0
#endif
) {
printf("Sorry!\n");
exit(1);
}

View File

@ -1,13 +1,16 @@
# $FreeBSD$
PROG= ksu
.if defined(ENABLE_SUID_K5SU)
.if defined(ENABLE_SUID_K5SU) || defined(_FREEFALL_CONFIG)
BINMODE=4555
PRECIOUSPROG=
.endif
NO_MAN=
SRCS= su.c
CFLAGS+=-I${KRB5DIR}/lib/roken
.if defined(_FREEFALL_CONFIG)
CFLAGS+=-D_FREEFALL_CONFIG
.endif
DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \
${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR}
LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \

View File

@ -27,6 +27,9 @@
LIB= pam_krb5
SRCS= pam_krb5.c
MAN= pam_krb5.8
.if defined(_FREEFALL_CONFIG)
CFLAGS+=-D_FREEFALL_CONFIG
.endif
DPADD= ${LIBKRB5} ${LIBASN1} ${LIBROKEN} ${LIBCOM_ERR} ${LIBCRYPT} ${LIBCRYPTO}
LDADD= -lkrb5 -lasn1 -lroken -lcom_err -lcrypt -lcrypto

View File

@ -333,6 +333,9 @@ PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc __unused, const char *argv[] __unused)
{
#ifdef _FREEFALL_CONFIG
return (PAM_SUCCESS);
#else
krb5_error_code krbret;
krb5_context pam_context;
@ -570,6 +573,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
free(cache_name_buf);
return (retval);
#endif
}
/*