diff options
author | des <des@FreeBSD.org> | 2003-02-05 00:31:34 +0800 |
---|---|---|
committer | des <des@FreeBSD.org> | 2003-02-05 00:31:34 +0800 |
commit | 8b0af3d66bd18cb0c05174e71a354bda98c23839 (patch) | |
tree | 59636ba028f9377853465797cfda818f7c8dc79f /databases | |
parent | e8f605a299a0699387675a546b7a5a3500f7d0b2 (diff) | |
download | freebsd-ports-gnome-8b0af3d66bd18cb0c05174e71a354bda98c23839.tar.gz freebsd-ports-gnome-8b0af3d66bd18cb0c05174e71a354bda98c23839.tar.zst freebsd-ports-gnome-8b0af3d66bd18cb0c05174e71a354bda98c23839.zip |
[1] Avoid leaking potentially sensitive information into system logs
[2] Add PAM support to gnatsd
PR: [1] ports/41342
Submitted by: [1] Igor Kucherenko <kivvy@sunbay.com>
[2] ru
Diffstat (limited to 'databases')
-rw-r--r-- | databases/gnats/Makefile | 2 | ||||
-rw-r--r-- | databases/gnats/files/patch-ab | 22 | ||||
-rw-r--r-- | databases/gnats/files/patch-gnats::cmds.c | 15 | ||||
-rw-r--r-- | databases/gnats/files/patch-gnats::gnatsd.c | 130 |
4 files changed, 166 insertions, 3 deletions
diff --git a/databases/gnats/Makefile b/databases/gnats/Makefile index 751a22a94dd3..362abc19c6d7 100644 --- a/databases/gnats/Makefile +++ b/databases/gnats/Makefile @@ -7,7 +7,7 @@ PORTNAME= gnats PORTVERSION= 3.113.1 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= databases elisp MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= gnats diff --git a/databases/gnats/files/patch-ab b/databases/gnats/files/patch-ab index bea5f88fe1a8..141789659a58 100644 --- a/databases/gnats/files/patch-ab +++ b/databases/gnats/files/patch-ab @@ -1,5 +1,23 @@ ---- gnats/Makefile.in.orig Tue Sep 21 16:18:39 1999 -+++ gnats/Makefile.in Fri Jan 21 10:06:19 2000 +--- gnats/Makefile.in.orig Tue May 8 20:23:36 2001 ++++ gnats/Makefile.in Tue Aug 20 19:17:44 2002 +@@ -122,7 +122,7 @@ + DIFFOPT = @DIFFOPT@ + + # These are set by autoconf. +-DEFS = @DEFS@ ++DEFS = @DEFS@ -DHAVE_PAM + LIBS = @LIBS@ + KRBINCLUDE = @KRBINCLUDE@ + +@@ -311,7 +311,7 @@ + + gnatsd: gnatsd.o cmds.o regex.o libgnats.a + $(CC) $(LDFLAGS) -o $@ gnatsd.o cmds.o regex.o db_conf.o \ +- libgnats.a $(LIBRX) $(LIBIBERTY) $(LIBS) ++ libgnats.a $(LIBRX) $(LIBIBERTY) $(LIBS) -lpam + + queue-pr: queue-pr.o libgnats.a + $(CC) $(LDFLAGS) -o $@ queue-pr.o \ @@ -465,7 +465,7 @@ getdate.c: getdate.y diff --git a/databases/gnats/files/patch-gnats::cmds.c b/databases/gnats/files/patch-gnats::cmds.c new file mode 100644 index 000000000000..727ce56bf87e --- /dev/null +++ b/databases/gnats/files/patch-gnats::cmds.c @@ -0,0 +1,15 @@ +--- gnats/cmds.c.orig Sun Feb 4 22:56:10 2001 ++++ gnats/cmds.c Mon Aug 5 17:25:48 2002 +@@ -476,9 +476,9 @@ + + if (user_access <= ACCESS_NONE) + { +- syslog (LOG_ERR, "user not allowed access: %s/%s", av[0], av[1]); +- printf ("%d You are not on the user access list: %s/%s.\r\n", +- CODE_NO_ACCESS, av[0], av[1]); ++ syslog (LOG_ERR, "user %s not allowed access", av[0]); ++ printf ("%d You are not on the user access list.\r\n", ++ CODE_NO_ACCESS, av[0]); + exit (1); + } + diff --git a/databases/gnats/files/patch-gnats::gnatsd.c b/databases/gnats/files/patch-gnats::gnatsd.c new file mode 100644 index 000000000000..a979f42d8815 --- /dev/null +++ b/databases/gnats/files/patch-gnats::gnatsd.c @@ -0,0 +1,130 @@ +--- gnats/gnatsd.c.orig Wed Sep 22 02:18:39 1999 ++++ gnats/gnatsd.c Tue Aug 20 21:11:28 2002 +@@ -24,6 +24,15 @@ + #include "query.h" + #include "db_conf.h" + ++#ifdef HAVE_PAM ++#include <security/pam_appl.h> ++#ifdef _OPENPAM ++#include <security/openpam.h> ++#endif ++ ++static int issetuidroot; ++#endif /* HAVE_PAM */ ++ + char myname[MAXHOSTNAMELEN]; + + char *program_name; +@@ -387,9 +396,9 @@ + return found; + } + +-/* Get the access lever for this user. */ +-int +-get_user_access (database, filename, user, passwd) ++/* Get the access level for this user using the file backend. */ ++static int ++get_user_access_file (database, filename, user, passwd) + char *database; + char *filename; + char *user; +@@ -489,6 +498,86 @@ + return access; + } + ++#ifdef HAVE_PAM ++#ifndef _OPENPAM ++int ++pam_conv (n, msg, resp, data) ++ int n; ++ const struct pam_message **msg; ++ struct pam_response **resp; ++ void *data; ++{ ++ ++ if (n != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) ++ return(PAM_CONV_ERR); ++ if ((*resp = malloc(sizeof(struct pam_response))) == NULL) ++ return(PAM_CONV_ERR); ++ (*resp)[0].resp = strdup((const char *)data); ++ (*resp)[0].resp_retcode = 0; ++ ++ return ((*resp)[0].resp != NULL ? PAM_SUCCESS : PAM_CONV_ERR); ++} ++#endif /* _OPENPAM */ ++ ++/* Get the access level for this user using the PAM backend. */ ++static int ++get_user_access_pam (user, passwd) ++ char *user; ++ char *passwd; ++{ ++ int access; ++ pam_handle_t *pamh; ++ struct pam_conv pamc = { ++#ifdef _OPENPAM ++ &openpam_nullconv, NULL ++#else ++ &pam_conv, passwd ++#endif ++ }; ++ ++ access = -1; ++ ++ /* PAM chain may require super-user. */ ++ if (issetuidroot) ++ seteuid(0); ++ ++ if (pam_start("gnatsd", user, &pamc, &pamh) == PAM_SUCCESS && ++#ifdef _OPENPAM ++ pam_set_item(pamh, PAM_AUTHTOK, passwd) == PAM_SUCCESS && ++#endif ++ pam_authenticate(pamh, 0) == PAM_SUCCESS) ++ { ++ access = ACCESS_EDIT; ++ } ++ ++ /* Revert back to real UID. */ ++ if (issetuidroot) ++ seteuid(getuid()); ++ ++ return access; ++} ++#endif /* HAVE_PAM */ ++ ++/* Get the access level for this user. */ ++int ++get_user_access (database, filename, user, passwd) ++ char *database; ++ char *filename; ++ char *user; ++ char *passwd; ++{ ++ int access; ++ ++ access = -1; ++ ++#ifdef HAVE_PAM ++ if ((access = get_user_access_pam(user, passwd)) == -1) ++#endif /* HAVE_PAM */ ++ access = get_user_access_file(database, filename, user, passwd); ++ ++ return access; ++} ++ + void + start_connection () + { +@@ -680,6 +769,11 @@ + int optc; + int not_inetd = 0; + int access, access_required; ++ ++#ifdef HAVE_PAM ++ if ((issetuidroot = geteuid() == 0 && getuid() != 0)) ++ seteuid(getuid()); ++#endif /* HAVE_PAM */ + + outfile = stdout; + |