rpms/cvs/devel cvs-1.11.21-pam.patch, NONE, 1.1 cvs.pam, NONE, 1.1 cvs.sh, NONE, 1.1 cvs.spec, 1.37, 1.38
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Dec 14 15:45:11 UTC 2005
Author: stransky
Update of /cvs/dist/rpms/cvs/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv2559
Modified Files:
cvs.spec
Added Files:
cvs-1.11.21-pam.patch cvs.pam cvs.sh
Log Message:
work in progress
cvs-1.11.21-pam.patch:
configure.in | 30 ++++++++++++++++++++++++++
src/server.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 95 insertions(+), 1 deletion(-)
--- NEW FILE cvs-1.11.21-pam.patch ---
--- cvs-1.11.21/configure.in.pam 2005-12-14 14:19:06.000000000 +0100
+++ cvs-1.11.21/configure.in 2005-12-14 14:16:21.000000000 +0100
@@ -793,6 +794,36 @@
[The high water mark in bytes for server flow control. Required if
SERVER_FLOWCONTROL is defined, and useless otherwise.])
fi # enable_server_flow_control
+
+ dnl
+ dnl Give the confiscator control over whether the pam support is used
+ dnl
+ AC_ARG_ENABLE(
+ [pam],
+ AC_HELP_STRING(
+ [--enable-pam],
+ [Include code for running with pam code (default)]), ,
+ [if test "$ac_cv_search_connect" != yes; then
+ enable_pam=no
+ fi])
+
+ if test no != "$enable_pam"; then
+ AC_DEFINE(
+ [PAM_SUPPORT], [1],
+ [Define if you want CVS to be able to serve repositories to remote
+ clients.])
+
+ dnl
+ dnl Finding the pam_authenticate function.
+ dnl
+ AC_SEARCH_LIBS(
+ [pam_authenticate], [pam],
+ [AC_DEFINE(
+ [HAVE_PAM], [1],
+ [Define if you have the pam_authenticate function.])
+ ]) dnl AC_SEARCH_LIBS
+ fi #enable_pam
+
fi # enable_server
--- cvs-1.11.21/src/server.c.pam 2005-12-14 14:19:06.000000000 +0100
+++ cvs-1.11.21/src/server.c 2005-12-14 14:19:06.000000000 +0100
@@ -16,6 +16,12 @@
#include "getline.h"
#include "buffer.h"
+/* needed for PAM authentication - fk 2000 */
+#if PAM_SUPPORT
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#endif
+
int server_active = 0;
#if defined(SERVER_SUPPORT) || defined(CLIENT_SUPPORT)
@@ -5610,7 +5616,36 @@
return retval;
}
-
+/* callback for PAM authentication - fk 2000 */
+#if PAM_SUPPORT
+int silent_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata) {
+ int replies;
+ struct pam_response *reply = NULL;
+
+ reply = calloc(num_msg,sizeof(struct pam_response));
+ for (replies=0; replies<num_msg; replies++) {
+ switch (msgm[replies]->msg_style) {
+ case PAM_PROMPT_ECHO_ON:
+ case PAM_PROMPT_ECHO_OFF:
+ /* printf("Prompt: %s\n",msgm[replies]->msg); */
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = strdup((char*)appdata);
+ break;
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ reply[replies].resp_retcode = PAM_SUCCESS;
+ reply[replies].resp = NULL;
+ break;
+ default:
+ free(reply);
+ return PAM_CONV_ERR;
+ }
+ }
+ *response = reply;
+ return PAM_SUCCESS;
+}
+#endif
/* Return a hosting username if password matches, else NULL. */
static char *
@@ -5698,6 +5733,34 @@
if (*found_passwd)
{
/* user exists and has a password */
+#if PAM_SUPPORT
+ pam_handle_t *pamh = NULL;
+ struct pam_conv conv;
+ int retval;
+
+ conv.conv = silent_conv;
+ conv.appdata_ptr = password;
+
+ retval = pam_start("cvs", username, &conv, &pamh);
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_authenticate(pamh, 0); /* is user really user? */
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
+
+ /* This is where we have been authorized or not. */
+
+ if (retval == PAM_SUCCESS) {
+ host_user = username;
+ } else {
+ host_user = NULL;
+ }
+
+ if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
+ pamh = NULL;
+ }
+#else
if (strcmp (found_passwd, crypt (password, found_passwd)) == 0)
{
host_user = xstrdup (username);
@@ -5711,6 +5774,7 @@
crypt(password, found_passwd), found_passwd);
#endif
}
+#endif
goto handle_return;
}
--- NEW FILE cvs.pam ---
#%PAM-1.0
auth include system-auth
--- NEW FILE cvs.sh ---
# change default from rsh to ssh for cvs command
export CVS_RSH=ssh
Index: cvs.spec
===================================================================
RCS file: /cvs/dist/rpms/cvs/devel/cvs.spec,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- cvs.spec 9 Dec 2005 22:40:08 -0000 1.37
+++ cvs.spec 14 Dec 2005 15:45:08 -0000 1.38
@@ -1,12 +1,17 @@
+# Use PAM for pserver autentization
+%define pamified 1
+
Summary: A version control system.
Name: cvs
Version: 1.11.21
-Release: 1.1
+Release: 2
License: GPL
Group: Development/Tools
Source0: https://ccvs.cvshome.org/files/documents/19/192/cvs-%{version}.tar.bz2
Source1: https://ccvs.cvshome.org/files/documents/19/192/cvs-%{version}.tar.bz2.sig
Source2: cvs.xinetd
+Source3: cvs.pam
+Source4: cvs.sh
URL: http://www.cvshome.org/
Patch0: cvs-1.11.19-cvspass.patch
Patch1: cvs-1.11.19-extzlib.patch
@@ -18,12 +23,17 @@
Patch8: cvs-1.11.19-tagname.patch
Patch9: cvs-1.11.19-comp.patch
Patch11: cvs-1.11.19-tmp.patch
+Patch12: cvs-1.11.21-pam.patch
Prereq: /sbin/install-info
Requires: vim-minimal
Prefix: %{_prefix}
Buildroot: %{_tmppath}/%{name}-root
BuildPreReq: autoconf >= 2.58, automake >= 1.7.9, libtool, zlib-devel, vim-minimal
%{!?nokerberos:BuildPrereq: krb5-devel}
+%if %{pamified}
+BuildPreReq: pam-devel
+%endif
+
%description
CVS (Concurrent Versions System) is a version control system that can
@@ -52,6 +62,11 @@
%patch8 -p1
%patch9 -p1
%patch11 -p1 -b .tmp
+
+%if %{pamified}
+%patch12 -p1 -b .pam
+%endif
+
# Apply a patch to the generated files, OR
# run autoreconf and require autoconf >= 2.58, automake >= 1.7.9
#%patch5 -p1 -b .extzlib2
@@ -60,11 +75,15 @@
autoreconf
+%if %{pamified}
+PAM_CONFIG="--enable-pam"
+%endif
+
%{!?nokerberos:k5prefix=`krb5-config --prefix`}
%{!?nokerberos:CPPFLAGS=-I${k5prefix}/include/kerberosIV; export CPPFLAGS}
%{!?nokerberos:CFLAGS=-I${k5prefix}/include/kerberosIV; export CFLAGS}
%{!?nokerberos:LIBS="-lkrb4 -ldes425 -lk5crypto"; export LIBS}
-%configure CFLAGS="$CFLAGS $RPM_OPT_FLAGS"\
+%configure CFLAGS="$CFLAGS $RPM_OPT_FLAGS" $PAM_CONFIG \
%{!?nokerberos: --with-gssapi --with-krb4 --enable-encryption}
make
@@ -81,6 +100,11 @@
rm -f $RPM_BUILD_ROOT/%{_infodir}/dir
install -D -m 644 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/xinetd.d/%{name}
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/%{name}
+%if %{pamified}
+install -D -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/cvs
+%endif
+install -D -m 755 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/profile.d/cvs.sh
+
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@@ -106,8 +130,14 @@
%{_datadir}/%{name}
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%dir %{_localstatedir}/%{name}
+%{_sysconfdir}/pam.d/*
+%{_sysconfdir}/profile.d/*
%changelog
+* Wed Dec 14 2005 Martin Stransky <stransky at redhat.com> 1.11.21-2
+- pam patch (#48937)
+- CVS_RSH is set to ssh (#58699)
+
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
More information about the fedora-cvs-commits
mailing list