Added patch to support changes to hardened-dev-sources-2.6.5-r5.

author: Jay Pfeifer <pfeifer@gentoo.org> 2004-06-20 18:24:11 +0000
committer: Jay Pfeifer <pfeifer@gentoo.org> 2004-06-20 18:24:11 +0000
commit: 770ef0288f364002ae54aa6eed46b2776e89146a (patch)
tree: b820db79f8a91b107d8726d81b4ebb6b220f597f /sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff
parent: Added IUSE (Manifest recommit) (diff)
download: gentoo-2-770ef0288f364002ae54aa6eed46b2776e89146a.tar.gz
gentoo-2-770ef0288f364002ae54aa6eed46b2776e89146a.tar.bz2
gentoo-2-770ef0288f364002ae54aa6eed46b2776e89146a.zip
1 files changed, 230 insertions, 0 deletions
diff --git a/sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff b/sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff
new file mode 100644
index 000000000000..0ba07710003e
--- /dev/null
+++ b/sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff
@@ -0,0 +1,230 @@
+diff -Naupr gradm2-release/Makefile gradm2-cvs-20Jun2004/Makefile
+--- gradm2-release/Makefile	2004-04-03 23:19:40.000000000 -0600
++++ gradm2-cvs-20Jun2004/Makefile	2004-06-17 20:51:29.000000000 -0500
+@@ -23,9 +23,8 @@ STRIP=/usr/bin/strip
+ #LIBS=
+ LIBS=-lfl
+ KERNVER=`uname -r | cut -d"." -f 2`
+-#for sparc64
+-#OPT_FLAGS=-O2 -m64 -mcpu=ultrasparc -mcmodel=medlow -ffixed-g4 \
+-#	-fcall-used-g5 -fcall-used-g5 -fcall-used-g7 -Wno-sign-compare
++#for 64-bit archs
++#OPT_FLAGS=-O2 -m64
+ OPT_FLAGS=-O2
+ CFLAGS=$(OPT_FLAGS) -DGRSEC_DIR=\"$(GRSEC_DIR)\" -DKERNVER=$(KERNVER)
+ LDFLAGS=
+diff -Naupr gradm2-release/gradm_analyze.c gradm2-cvs-20Jun2004/gradm_analyze.c
+--- gradm2-release/gradm_analyze.c	2004-03-02 14:42:31.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_analyze.c	2004-05-31 10:03:56.000000000 -0500
+@@ -319,9 +319,22 @@ analyze_acls(void)
+ 	struct chk_perm chk;
+ 	unsigned int errs_found = 0;
+ 	struct role_acl *role;
++	int def_role_found = 0;
+ 
+ 	check_role_transitions();
+ 
++	for_each_role(role, current_role)
++		if (role->roletype & GR_ROLE_DEFAULT)
++			def_role_found = 1;
++
++	if (!def_role_found) {
++		fprintf(stderr, "There is no default role present in your "
++			"configuration.\nPlease read the RBAC "
++			"documentation and create a default role before "
++			"attempting to enable the RBAC system.\n\n");
++		exit(EXIT_FAILURE);
++	}
++
+ 	for_each_role(role, current_role) {
+ 		if (role->roletype & GR_ROLE_SPECIAL)
+ 			continue;
+diff -Naupr gradm2-release/gradm_arg.c gradm2-cvs-20Jun2004/gradm_arg.c
+--- gradm2-release/gradm_arg.c	2004-04-03 10:22:56.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_arg.c	2004-06-12 04:04:36.000000000 -0500
+@@ -140,9 +140,8 @@ parse_args(int argc, char *argv[])
+ 				show_help();
+ 			entry.mode = GRADM_UNSPROLE;
+ 			check_acl_status(entry.mode);
+-			get_user_passwd(&entry, GR_PWONLY);
+ 			grarg = conv_user_to_kernel(&entry);
+-			transmit_to_kernel(grarg, sizeof (struct gr_arg));
++			transmit_to_kernel(grarg);
+ 			memset(grarg, 0, sizeof (struct gr_arg));
+ 			break;
+ 		case 'R':
+@@ -157,7 +156,7 @@ parse_args(int argc, char *argv[])
+ 			grarg = conv_user_to_kernel(&entry);
+ 			read_saltandpass(entry.rolename, grarg->salt,
+ 					 grarg->sum);
+-			transmit_to_kernel(grarg, sizeof (struct gr_arg));
++			transmit_to_kernel(grarg);
+ 			memset(grarg, 0, sizeof (struct gr_arg));
+ 			break;
+ 		case 'M':
+@@ -174,7 +173,7 @@ parse_args(int argc, char *argv[])
+ 				conv_name_to_num(optarg, &entry.segv_dev,
+ 						 &entry.segv_inode);
+ 			grarg = conv_user_to_kernel(&entry);
+-			transmit_to_kernel(grarg, sizeof (struct gr_arg));
++			transmit_to_kernel(grarg);
+ 			memset(grarg, 0, sizeof (struct gr_arg));
+ 			exit(EXIT_SUCCESS);
+ 			break;
+@@ -185,7 +184,7 @@ parse_args(int argc, char *argv[])
+ 			check_acl_status(entry.mode);
+ 			get_user_passwd(&entry, GR_PWONLY);
+ 			grarg = conv_user_to_kernel(&entry);
+-			if (transmit_to_kernel(grarg, sizeof (struct gr_arg)))
++			if (transmit_to_kernel(grarg))
+ 				memset(grarg, 0, sizeof (struct gr_arg));
+ 			else {
+ 				memset(grarg, 0, sizeof (struct gr_arg));
+@@ -246,7 +245,7 @@ parse_args(int argc, char *argv[])
+ 			check_acl_status(entry.mode);
+ 			get_user_passwd(&entry, GR_PWONLY);
+ 			grarg = conv_user_to_kernel(&entry);
+-			transmit_to_kernel(grarg, sizeof (struct gr_arg));
++			transmit_to_kernel(grarg);
+ 			memset(grarg, 0, sizeof (struct gr_arg));
+ 			exit(EXIT_SUCCESS);
+ 			break;
+@@ -258,7 +257,7 @@ parse_args(int argc, char *argv[])
+ 			entry.mode = GRADM_SPROLE;
+ 			check_acl_status(entry.mode);
+ 			grarg = conv_user_to_kernel(&entry);
+-			transmit_to_kernel(grarg, sizeof (struct gr_arg));
++			transmit_to_kernel(grarg);
+ 			memset(grarg, 0, sizeof (struct gr_arg));
+ 			exit(EXIT_SUCCESS);
+ 			break;
+@@ -298,7 +297,7 @@ parse_args(int argc, char *argv[])
+ 		grarg = conv_user_to_kernel(&entry);
+ 		read_saltandpass(entry.rolename, grarg->salt,
+ 				 grarg->sum);
+-		transmit_to_kernel(grarg, sizeof (struct gr_arg));
++		transmit_to_kernel(grarg);
+ 		memset(grarg, 0, sizeof (struct gr_arg));
+ 	} else if (gr_learn && gr_output) {
+ 		FILE *stream;
+diff -Naupr gradm2-release/gradm_func.h gradm2-cvs-20Jun2004/gradm_func.h
+--- gradm2-release/gradm_func.h	2004-03-30 19:20:18.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_func.h	2004-06-17 20:50:57.000000000 -0500
+@@ -1,7 +1,7 @@
+ void yyerror(const char *s);
+ FILE *open_acl_file(const char *filename);
+ void get_user_passwd(struct gr_pw_entry *entry, int mode);
+-int transmit_to_kernel(void *buf, unsigned long len);
++int transmit_to_kernel(struct gr_arg *buf);
+ void generate_salt(struct gr_pw_entry *entry);
+ void write_user_passwd(struct gr_pw_entry *entry);
+ void parse_acls(void);
+@@ -126,3 +126,4 @@ void gr_dyn_free(void *addr);
+ void insert_acl_object(struct proc_acl *subject, struct file_acl *object);
+ void insert_acl_subject(struct role_acl *role, struct proc_acl *subject);
+ 
++void insert_nested_acl_subject(struct proc_acl *subject);
+diff -Naupr gradm2-release/gradm_lib.c gradm2-cvs-20Jun2004/gradm_lib.c
+--- gradm2-release/gradm_lib.c	2004-03-07 18:22:09.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_lib.c	2004-06-17 20:50:57.000000000 -0500
+@@ -554,3 +554,8 @@ void insert_acl_subject(struct role_acl 
+ 	return;
+ }
+ 
++void insert_nested_acl_subject(struct proc_acl *subject)
++{
++	subject->hash = create_hash_table(GR_HASH_OBJECT);
++	return;
++}
+diff -Naupr gradm2-release/gradm_misc.c gradm2-cvs-20Jun2004/gradm_misc.c
+--- gradm2-release/gradm_misc.c	2004-03-09 19:45:17.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_misc.c	2004-06-12 23:12:04.000000000 -0500
+@@ -14,17 +14,18 @@ open_acl_file(const char *filename)
+ }
+ 
+ int
+-transmit_to_kernel(void *buf, unsigned long len)
++transmit_to_kernel(struct gr_arg *buf)
+ {
+ 	int fd;
+ 	int err = 0;
++	void *pbuf = buf;
+ 
+ 	if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) {
+ 		fprintf(stderr, "Could not open %s.\n", GRDEV_PATH);
+ 		failure("open");
+ 	}
+ 
+-	if (write(fd, buf, len) != len) {
++	if (write(fd, &pbuf, sizeof(struct gr_arg *)) != sizeof(struct gr_arg *)) {
+ 		err = 1;
+ 		switch (errno) {
+ 		case EFAULT:
+@@ -65,6 +66,7 @@ void check_acl_status(__u16 reqmode)
+ 	int fd;
+ 	int retval;
+ 	struct gr_arg arg;
++	struct gr_arg *parg = &arg;
+ 
+ 	arg.mode = GRADM_STATUS;
+ 
+@@ -73,7 +75,7 @@ void check_acl_status(__u16 reqmode)
+ 		failure("open");
+ 	}
+ 
+-	retval = write(fd, &arg, sizeof(arg));
++	retval = write(fd, &parg, sizeof(struct gr_arg *));
+ 	close(fd);
+ 
+ 	switch (reqmode) {
+diff -Naupr gradm2-release/gradm_newlearn.c gradm2-cvs-20Jun2004/gradm_newlearn.c
+--- gradm2-release/gradm_newlearn.c	2004-04-06 14:09:33.000000000 -0500
++++ gradm2-cvs-20Jun2004/gradm_newlearn.c	2004-06-17 21:50:20.000000000 -0500
+@@ -1652,7 +1652,10 @@ insert_learn_role(struct gr_learn_role_e
+ 	(*((*role_list) + num)) = (struct gr_learn_role_entry *)gr_stat_alloc(sizeof(struct gr_learn_role_entry));
+ 	(*((*role_list) + num))->rolename = rolename;
+ 	(*((*role_list) + num))->rolemode = rolemode;
+-	
++
++	/* give every learned role a / subject */
++	insert_learn_role_subject(*((*role_list) + num), conv_filename_to_struct("/", GR_FIND));
++
+ 	return (*((*role_list) + num));
+ }
+ 
+diff -Naupr gradm2-release/gradm_opt.c gradm2-cvs-20Jun2004/gradm_opt.c
+--- gradm2-release/gradm_opt.c	2004-03-30 19:20:18.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_opt.c	2004-05-08 14:26:47.000000000 -0500
+@@ -10,11 +10,10 @@ expand_acl(struct proc_acl *proc, struct
+ 	strcpy(tmpproc, proc->filename);
+ 
+ 	while (parent_dir(proc->filename, &tmpproc)) {
+-		for_each_subject(tmpp, role) {
+-			if (!strcmp(tmpproc, tmpp->filename)) {
+-				proc->parent_subject = tmpp;
+-				return;
+-			}
++		tmpp = lookup_acl_subject_by_name(role, tmpproc);
++	        if (tmpp) {
++			proc->parent_subject = tmpp;
++			return;
+ 		}
+ 	}
+ 
+diff -Naupr gradm2-release/gradm_parse.c gradm2-cvs-20Jun2004/gradm_parse.c
+--- gradm2-release/gradm_parse.c	2004-04-03 11:18:11.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_parse.c	2004-06-17 20:50:57.000000000 -0500
+@@ -565,7 +565,12 @@ add_proc_subject_acl(struct role_acl *ro
+ 		return 0;
+ 	}
+ 
+-	insert_acl_subject(role, p);
++	/* don't insert nested subjects into main hash */
++	if (!(flag & GR_FFAKE))
++		insert_acl_subject(role, p);
++	else
++		insert_nested_acl_subject(p);
++
+ 	current_subject = p;
+ 
+ 	return 1;
author	Jay Pfeifer <pfeifer@gentoo.org>	2004-06-20 18:24:11 +0000
committer	Jay Pfeifer <pfeifer@gentoo.org>	2004-06-20 18:24:11 +0000
commit	770ef0288f364002ae54aa6eed46b2776e89146a (patch)
tree	b820db79f8a91b107d8726d81b4ebb6b220f597f /sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff
parent	Added IUSE (Manifest recommit) (diff)
download	gentoo-2-770ef0288f364002ae54aa6eed46b2776e89146a.tar.gz gentoo-2-770ef0288f364002ae54aa6eed46b2776e89146a.tar.bz2 gentoo-2-770ef0288f364002ae54aa6eed46b2776e89146a.zip