aboutsummaryrefslogtreecommitdiffstats
path: root/databases
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2003-02-05 00:31:34 +0800
committerdes <des@FreeBSD.org>2003-02-05 00:31:34 +0800
commit8b0af3d66bd18cb0c05174e71a354bda98c23839 (patch)
tree59636ba028f9377853465797cfda818f7c8dc79f /databases
parente8f605a299a0699387675a546b7a5a3500f7d0b2 (diff)
downloadfreebsd-ports-gnome-8b0af3d66bd18cb0c05174e71a354bda98c23839.tar.gz
freebsd-ports-gnome-8b0af3d66bd18cb0c05174e71a354bda98c23839.tar.zst
freebsd-ports-gnome-8b0af3d66bd18cb0c05174e71a354bda98c23839.zip
[1] Avoid leaking potentially sensitive information into system logs
[2] Add PAM support to gnatsd PR: [1] ports/41342 Submitted by: [1] Igor Kucherenko <kivvy@sunbay.com> [2] ru
Diffstat (limited to 'databases')
-rw-r--r--databases/gnats/Makefile2
-rw-r--r--databases/gnats/files/patch-ab22
-rw-r--r--databases/gnats/files/patch-gnats::cmds.c15
-rw-r--r--databases/gnats/files/patch-gnats::gnatsd.c130
4 files changed, 166 insertions, 3 deletions
diff --git a/databases/gnats/Makefile b/databases/gnats/Makefile
index 751a22a94dd3..362abc19c6d7 100644
--- a/databases/gnats/Makefile
+++ b/databases/gnats/Makefile
@@ -7,7 +7,7 @@
PORTNAME= gnats
PORTVERSION= 3.113.1
-PORTREVISION= 6
+PORTREVISION= 7
CATEGORIES= databases elisp
MASTER_SITES= ${MASTER_SITE_GNU}
MASTER_SITE_SUBDIR= gnats
diff --git a/databases/gnats/files/patch-ab b/databases/gnats/files/patch-ab
index bea5f88fe1a8..141789659a58 100644
--- a/databases/gnats/files/patch-ab
+++ b/databases/gnats/files/patch-ab
@@ -1,5 +1,23 @@
---- gnats/Makefile.in.orig Tue Sep 21 16:18:39 1999
-+++ gnats/Makefile.in Fri Jan 21 10:06:19 2000
+--- gnats/Makefile.in.orig Tue May 8 20:23:36 2001
++++ gnats/Makefile.in Tue Aug 20 19:17:44 2002
+@@ -122,7 +122,7 @@
+ DIFFOPT = @DIFFOPT@
+
+ # These are set by autoconf.
+-DEFS = @DEFS@
++DEFS = @DEFS@ -DHAVE_PAM
+ LIBS = @LIBS@
+ KRBINCLUDE = @KRBINCLUDE@
+
+@@ -311,7 +311,7 @@
+
+ gnatsd: gnatsd.o cmds.o regex.o libgnats.a
+ $(CC) $(LDFLAGS) -o $@ gnatsd.o cmds.o regex.o db_conf.o \
+- libgnats.a $(LIBRX) $(LIBIBERTY) $(LIBS)
++ libgnats.a $(LIBRX) $(LIBIBERTY) $(LIBS) -lpam
+
+ queue-pr: queue-pr.o libgnats.a
+ $(CC) $(LDFLAGS) -o $@ queue-pr.o \
@@ -465,7 +465,7 @@
getdate.c: getdate.y
diff --git a/databases/gnats/files/patch-gnats::cmds.c b/databases/gnats/files/patch-gnats::cmds.c
new file mode 100644
index 000000000000..727ce56bf87e
--- /dev/null
+++ b/databases/gnats/files/patch-gnats::cmds.c
@@ -0,0 +1,15 @@
+--- gnats/cmds.c.orig Sun Feb 4 22:56:10 2001
++++ gnats/cmds.c Mon Aug 5 17:25:48 2002
+@@ -476,9 +476,9 @@
+
+ if (user_access <= ACCESS_NONE)
+ {
+- syslog (LOG_ERR, "user not allowed access: %s/%s", av[0], av[1]);
+- printf ("%d You are not on the user access list: %s/%s.\r\n",
+- CODE_NO_ACCESS, av[0], av[1]);
++ syslog (LOG_ERR, "user %s not allowed access", av[0]);
++ printf ("%d You are not on the user access list.\r\n",
++ CODE_NO_ACCESS, av[0]);
+ exit (1);
+ }
+
diff --git a/databases/gnats/files/patch-gnats::gnatsd.c b/databases/gnats/files/patch-gnats::gnatsd.c
new file mode 100644
index 000000000000..a979f42d8815
--- /dev/null
+++ b/databases/gnats/files/patch-gnats::gnatsd.c
@@ -0,0 +1,130 @@
+--- gnats/gnatsd.c.orig Wed Sep 22 02:18:39 1999
++++ gnats/gnatsd.c Tue Aug 20 21:11:28 2002
+@@ -24,6 +24,15 @@
+ #include "query.h"
+ #include "db_conf.h"
+
++#ifdef HAVE_PAM
++#include <security/pam_appl.h>
++#ifdef _OPENPAM
++#include <security/openpam.h>
++#endif
++
++static int issetuidroot;
++#endif /* HAVE_PAM */
++
+ char myname[MAXHOSTNAMELEN];
+
+ char *program_name;
+@@ -387,9 +396,9 @@
+ return found;
+ }
+
+-/* Get the access lever for this user. */
+-int
+-get_user_access (database, filename, user, passwd)
++/* Get the access level for this user using the file backend. */
++static int
++get_user_access_file (database, filename, user, passwd)
+ char *database;
+ char *filename;
+ char *user;
+@@ -489,6 +498,86 @@
+ return access;
+ }
+
++#ifdef HAVE_PAM
++#ifndef _OPENPAM
++int
++pam_conv (n, msg, resp, data)
++ int n;
++ const struct pam_message **msg;
++ struct pam_response **resp;
++ void *data;
++{
++
++ if (n != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF)
++ return(PAM_CONV_ERR);
++ if ((*resp = malloc(sizeof(struct pam_response))) == NULL)
++ return(PAM_CONV_ERR);
++ (*resp)[0].resp = strdup((const char *)data);
++ (*resp)[0].resp_retcode = 0;
++
++ return ((*resp)[0].resp != NULL ? PAM_SUCCESS : PAM_CONV_ERR);
++}
++#endif /* _OPENPAM */
++
++/* Get the access level for this user using the PAM backend. */
++static int
++get_user_access_pam (user, passwd)
++ char *user;
++ char *passwd;
++{
++ int access;
++ pam_handle_t *pamh;
++ struct pam_conv pamc = {
++#ifdef _OPENPAM
++ &openpam_nullconv, NULL
++#else
++ &pam_conv, passwd
++#endif
++ };
++
++ access = -1;
++
++ /* PAM chain may require super-user. */
++ if (issetuidroot)
++ seteuid(0);
++
++ if (pam_start("gnatsd", user, &pamc, &pamh) == PAM_SUCCESS &&
++#ifdef _OPENPAM
++ pam_set_item(pamh, PAM_AUTHTOK, passwd) == PAM_SUCCESS &&
++#endif
++ pam_authenticate(pamh, 0) == PAM_SUCCESS)
++ {
++ access = ACCESS_EDIT;
++ }
++
++ /* Revert back to real UID. */
++ if (issetuidroot)
++ seteuid(getuid());
++
++ return access;
++}
++#endif /* HAVE_PAM */
++
++/* Get the access level for this user. */
++int
++get_user_access (database, filename, user, passwd)
++ char *database;
++ char *filename;
++ char *user;
++ char *passwd;
++{
++ int access;
++
++ access = -1;
++
++#ifdef HAVE_PAM
++ if ((access = get_user_access_pam(user, passwd)) == -1)
++#endif /* HAVE_PAM */
++ access = get_user_access_file(database, filename, user, passwd);
++
++ return access;
++}
++
+ void
+ start_connection ()
+ {
+@@ -680,6 +769,11 @@
+ int optc;
+ int not_inetd = 0;
+ int access, access_required;
++
++#ifdef HAVE_PAM
++ if ((issetuidroot = geteuid() == 0 && getuid() != 0))
++ seteuid(getuid());
++#endif /* HAVE_PAM */
+
+ outfile = stdout;
+