summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-apps/gradm/ChangeLog7
-rw-r--r--sys-apps/gradm/Manifest21
-rw-r--r--sys-apps/gradm/files/digest-gradm-2.0-r11
-rw-r--r--sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff230
-rw-r--r--sys-apps/gradm/gradm-2.0-r1.ebuild88
5 files changed, 332 insertions, 15 deletions
diff --git a/sys-apps/gradm/ChangeLog b/sys-apps/gradm/ChangeLog
index f551a93bcadf..127799820a89 100644
--- a/sys-apps/gradm/ChangeLog
+++ b/sys-apps/gradm/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for sys-apps/gradm
# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.32 2004/05/08 13:18:12 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.33 2004/06/20 18:24:11 pfeifer Exp $
+
+*gradm-2.0-r1 (20 Jun 2004)
+
+ 20 Jun 2004; <pfeifer@gentoo.org> gradm-2.0-r1.ebuild:
+ Added patch to support changes to hardened-dev-sources-2.6.5-r5.
08 May 2004; <solar@gentoo.org> gradm-2.0.ebuild:
removed unneeded dep of paxctl
diff --git a/sys-apps/gradm/Manifest b/sys-apps/gradm/Manifest
index 240530fcc7a2..28264b549494 100644
--- a/sys-apps/gradm/Manifest
+++ b/sys-apps/gradm/Manifest
@@ -1,19 +1,12 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 336c77b0c62688814bf5aa53e6969be0 ChangeLog 4797
+MD5 e90f8447085c749b073ac9b96ff719df gradm-1.9.14.ebuild 1650
MD5 c7a91944d74821f5abd399f1aa91010c gradm-2.0.ebuild 2324
+MD5 8eda56e04bad8a3260b35f9a090503f0 ChangeLog 4950
+MD5 2cc863ab3c5dbc9b1b3e2d73a5000f72 gradm-2.0-r1.ebuild 2511
MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
-MD5 cc10e9aff7c1035daec6c5a83f48d7d1 gradm-1.9.14.ebuild 1651
+MD5 d171c9355d72f37bed011aa069c00726 files/grsecurity.rc 1820
+MD5 36344ecbd7f54bdd4979c2fe6322c9c7 files/grsecurity 2325
MD5 62ba83f9a7bd71b4011ad2a2cf48f4a3 files/digest-gradm-2.0 60
+MD5 264e377e7c3221570d3730444e84d792 files/gradm2-cvs-20Jun2004.diff 8251
MD5 c2618fc7963e008681dfd08db6886058 files/gradm_parse.c-1.9.x.patch 524
-MD5 36344ecbd7f54bdd4979c2fe6322c9c7 files/grsecurity 2325
-MD5 1f31101dab2d3a9deb64ea31bf7339e3 files/grsecurity.rc 1821
MD5 f008a8f1133ea0db35a4ee305d390c23 files/digest-gradm-1.9.14 63
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.8 (GNU/Linux)
-
-iD8DBQFA0942HTu7gpaalycRAnLeAKDODxHTjr7ntsYL7YNRoakbkwgWagCeK4c1
-64iMrpBflR08ryZQVXp4uDY=
-=sE8d
------END PGP SIGNATURE-----
+MD5 62ba83f9a7bd71b4011ad2a2cf48f4a3 files/digest-gradm-2.0-r1 60
diff --git a/sys-apps/gradm/files/digest-gradm-2.0-r1 b/sys-apps/gradm/files/digest-gradm-2.0-r1
new file mode 100644
index 000000000000..48bc98e985b1
--- /dev/null
+++ b/sys-apps/gradm/files/digest-gradm-2.0-r1
@@ -0,0 +1 @@
+MD5 4b1c99ec6ea415fcc75ac1b89edc90f0 gradm-2.0.tar.gz 48424
diff --git a/sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff b/sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff
new file mode 100644
index 000000000000..0ba07710003e
--- /dev/null
+++ b/sys-apps/gradm/files/gradm2-cvs-20Jun2004.diff
@@ -0,0 +1,230 @@
+diff -Naupr gradm2-release/Makefile gradm2-cvs-20Jun2004/Makefile
+--- gradm2-release/Makefile 2004-04-03 23:19:40.000000000 -0600
++++ gradm2-cvs-20Jun2004/Makefile 2004-06-17 20:51:29.000000000 -0500
+@@ -23,9 +23,8 @@ STRIP=/usr/bin/strip
+ #LIBS=
+ LIBS=-lfl
+ KERNVER=`uname -r | cut -d"." -f 2`
+-#for sparc64
+-#OPT_FLAGS=-O2 -m64 -mcpu=ultrasparc -mcmodel=medlow -ffixed-g4 \
+-# -fcall-used-g5 -fcall-used-g5 -fcall-used-g7 -Wno-sign-compare
++#for 64-bit archs
++#OPT_FLAGS=-O2 -m64
+ OPT_FLAGS=-O2
+ CFLAGS=$(OPT_FLAGS) -DGRSEC_DIR=\"$(GRSEC_DIR)\" -DKERNVER=$(KERNVER)
+ LDFLAGS=
+diff -Naupr gradm2-release/gradm_analyze.c gradm2-cvs-20Jun2004/gradm_analyze.c
+--- gradm2-release/gradm_analyze.c 2004-03-02 14:42:31.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_analyze.c 2004-05-31 10:03:56.000000000 -0500
+@@ -319,9 +319,22 @@ analyze_acls(void)
+ struct chk_perm chk;
+ unsigned int errs_found = 0;
+ struct role_acl *role;
++ int def_role_found = 0;
+
+ check_role_transitions();
+
++ for_each_role(role, current_role)
++ if (role->roletype & GR_ROLE_DEFAULT)
++ def_role_found = 1;
++
++ if (!def_role_found) {
++ fprintf(stderr, "There is no default role present in your "
++ "configuration.\nPlease read the RBAC "
++ "documentation and create a default role before "
++ "attempting to enable the RBAC system.\n\n");
++ exit(EXIT_FAILURE);
++ }
++
+ for_each_role(role, current_role) {
+ if (role->roletype & GR_ROLE_SPECIAL)
+ continue;
+diff -Naupr gradm2-release/gradm_arg.c gradm2-cvs-20Jun2004/gradm_arg.c
+--- gradm2-release/gradm_arg.c 2004-04-03 10:22:56.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_arg.c 2004-06-12 04:04:36.000000000 -0500
+@@ -140,9 +140,8 @@ parse_args(int argc, char *argv[])
+ show_help();
+ entry.mode = GRADM_UNSPROLE;
+ check_acl_status(entry.mode);
+- get_user_passwd(&entry, GR_PWONLY);
+ grarg = conv_user_to_kernel(&entry);
+- transmit_to_kernel(grarg, sizeof (struct gr_arg));
++ transmit_to_kernel(grarg);
+ memset(grarg, 0, sizeof (struct gr_arg));
+ break;
+ case 'R':
+@@ -157,7 +156,7 @@ parse_args(int argc, char *argv[])
+ grarg = conv_user_to_kernel(&entry);
+ read_saltandpass(entry.rolename, grarg->salt,
+ grarg->sum);
+- transmit_to_kernel(grarg, sizeof (struct gr_arg));
++ transmit_to_kernel(grarg);
+ memset(grarg, 0, sizeof (struct gr_arg));
+ break;
+ case 'M':
+@@ -174,7 +173,7 @@ parse_args(int argc, char *argv[])
+ conv_name_to_num(optarg, &entry.segv_dev,
+ &entry.segv_inode);
+ grarg = conv_user_to_kernel(&entry);
+- transmit_to_kernel(grarg, sizeof (struct gr_arg));
++ transmit_to_kernel(grarg);
+ memset(grarg, 0, sizeof (struct gr_arg));
+ exit(EXIT_SUCCESS);
+ break;
+@@ -185,7 +184,7 @@ parse_args(int argc, char *argv[])
+ check_acl_status(entry.mode);
+ get_user_passwd(&entry, GR_PWONLY);
+ grarg = conv_user_to_kernel(&entry);
+- if (transmit_to_kernel(grarg, sizeof (struct gr_arg)))
++ if (transmit_to_kernel(grarg))
+ memset(grarg, 0, sizeof (struct gr_arg));
+ else {
+ memset(grarg, 0, sizeof (struct gr_arg));
+@@ -246,7 +245,7 @@ parse_args(int argc, char *argv[])
+ check_acl_status(entry.mode);
+ get_user_passwd(&entry, GR_PWONLY);
+ grarg = conv_user_to_kernel(&entry);
+- transmit_to_kernel(grarg, sizeof (struct gr_arg));
++ transmit_to_kernel(grarg);
+ memset(grarg, 0, sizeof (struct gr_arg));
+ exit(EXIT_SUCCESS);
+ break;
+@@ -258,7 +257,7 @@ parse_args(int argc, char *argv[])
+ entry.mode = GRADM_SPROLE;
+ check_acl_status(entry.mode);
+ grarg = conv_user_to_kernel(&entry);
+- transmit_to_kernel(grarg, sizeof (struct gr_arg));
++ transmit_to_kernel(grarg);
+ memset(grarg, 0, sizeof (struct gr_arg));
+ exit(EXIT_SUCCESS);
+ break;
+@@ -298,7 +297,7 @@ parse_args(int argc, char *argv[])
+ grarg = conv_user_to_kernel(&entry);
+ read_saltandpass(entry.rolename, grarg->salt,
+ grarg->sum);
+- transmit_to_kernel(grarg, sizeof (struct gr_arg));
++ transmit_to_kernel(grarg);
+ memset(grarg, 0, sizeof (struct gr_arg));
+ } else if (gr_learn && gr_output) {
+ FILE *stream;
+diff -Naupr gradm2-release/gradm_func.h gradm2-cvs-20Jun2004/gradm_func.h
+--- gradm2-release/gradm_func.h 2004-03-30 19:20:18.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_func.h 2004-06-17 20:50:57.000000000 -0500
+@@ -1,7 +1,7 @@
+ void yyerror(const char *s);
+ FILE *open_acl_file(const char *filename);
+ void get_user_passwd(struct gr_pw_entry *entry, int mode);
+-int transmit_to_kernel(void *buf, unsigned long len);
++int transmit_to_kernel(struct gr_arg *buf);
+ void generate_salt(struct gr_pw_entry *entry);
+ void write_user_passwd(struct gr_pw_entry *entry);
+ void parse_acls(void);
+@@ -126,3 +126,4 @@ void gr_dyn_free(void *addr);
+ void insert_acl_object(struct proc_acl *subject, struct file_acl *object);
+ void insert_acl_subject(struct role_acl *role, struct proc_acl *subject);
+
++void insert_nested_acl_subject(struct proc_acl *subject);
+diff -Naupr gradm2-release/gradm_lib.c gradm2-cvs-20Jun2004/gradm_lib.c
+--- gradm2-release/gradm_lib.c 2004-03-07 18:22:09.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_lib.c 2004-06-17 20:50:57.000000000 -0500
+@@ -554,3 +554,8 @@ void insert_acl_subject(struct role_acl
+ return;
+ }
+
++void insert_nested_acl_subject(struct proc_acl *subject)
++{
++ subject->hash = create_hash_table(GR_HASH_OBJECT);
++ return;
++}
+diff -Naupr gradm2-release/gradm_misc.c gradm2-cvs-20Jun2004/gradm_misc.c
+--- gradm2-release/gradm_misc.c 2004-03-09 19:45:17.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_misc.c 2004-06-12 23:12:04.000000000 -0500
+@@ -14,17 +14,18 @@ open_acl_file(const char *filename)
+ }
+
+ int
+-transmit_to_kernel(void *buf, unsigned long len)
++transmit_to_kernel(struct gr_arg *buf)
+ {
+ int fd;
+ int err = 0;
++ void *pbuf = buf;
+
+ if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) {
+ fprintf(stderr, "Could not open %s.\n", GRDEV_PATH);
+ failure("open");
+ }
+
+- if (write(fd, buf, len) != len) {
++ if (write(fd, &pbuf, sizeof(struct gr_arg *)) != sizeof(struct gr_arg *)) {
+ err = 1;
+ switch (errno) {
+ case EFAULT:
+@@ -65,6 +66,7 @@ void check_acl_status(__u16 reqmode)
+ int fd;
+ int retval;
+ struct gr_arg arg;
++ struct gr_arg *parg = &arg;
+
+ arg.mode = GRADM_STATUS;
+
+@@ -73,7 +75,7 @@ void check_acl_status(__u16 reqmode)
+ failure("open");
+ }
+
+- retval = write(fd, &arg, sizeof(arg));
++ retval = write(fd, &parg, sizeof(struct gr_arg *));
+ close(fd);
+
+ switch (reqmode) {
+diff -Naupr gradm2-release/gradm_newlearn.c gradm2-cvs-20Jun2004/gradm_newlearn.c
+--- gradm2-release/gradm_newlearn.c 2004-04-06 14:09:33.000000000 -0500
++++ gradm2-cvs-20Jun2004/gradm_newlearn.c 2004-06-17 21:50:20.000000000 -0500
+@@ -1652,7 +1652,10 @@ insert_learn_role(struct gr_learn_role_e
+ (*((*role_list) + num)) = (struct gr_learn_role_entry *)gr_stat_alloc(sizeof(struct gr_learn_role_entry));
+ (*((*role_list) + num))->rolename = rolename;
+ (*((*role_list) + num))->rolemode = rolemode;
+-
++
++ /* give every learned role a / subject */
++ insert_learn_role_subject(*((*role_list) + num), conv_filename_to_struct("/", GR_FIND));
++
+ return (*((*role_list) + num));
+ }
+
+diff -Naupr gradm2-release/gradm_opt.c gradm2-cvs-20Jun2004/gradm_opt.c
+--- gradm2-release/gradm_opt.c 2004-03-30 19:20:18.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_opt.c 2004-05-08 14:26:47.000000000 -0500
+@@ -10,11 +10,10 @@ expand_acl(struct proc_acl *proc, struct
+ strcpy(tmpproc, proc->filename);
+
+ while (parent_dir(proc->filename, &tmpproc)) {
+- for_each_subject(tmpp, role) {
+- if (!strcmp(tmpproc, tmpp->filename)) {
+- proc->parent_subject = tmpp;
+- return;
+- }
++ tmpp = lookup_acl_subject_by_name(role, tmpproc);
++ if (tmpp) {
++ proc->parent_subject = tmpp;
++ return;
+ }
+ }
+
+diff -Naupr gradm2-release/gradm_parse.c gradm2-cvs-20Jun2004/gradm_parse.c
+--- gradm2-release/gradm_parse.c 2004-04-03 11:18:11.000000000 -0600
++++ gradm2-cvs-20Jun2004/gradm_parse.c 2004-06-17 20:50:57.000000000 -0500
+@@ -565,7 +565,12 @@ add_proc_subject_acl(struct role_acl *ro
+ return 0;
+ }
+
+- insert_acl_subject(role, p);
++ /* don't insert nested subjects into main hash */
++ if (!(flag & GR_FFAKE))
++ insert_acl_subject(role, p);
++ else
++ insert_nested_acl_subject(p);
++
+ current_subject = p;
+
+ return 1;
diff --git a/sys-apps/gradm/gradm-2.0-r1.ebuild b/sys-apps/gradm/gradm-2.0-r1.ebuild
new file mode 100644
index 000000000000..188669e0e49c
--- /dev/null
+++ b/sys-apps/gradm/gradm-2.0-r1.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-2.0-r1.ebuild,v 1.1 2004/06/20 18:24:11 pfeifer Exp $
+
+inherit flag-o-matic gcc
+
+#MY_PV=2.0-${PV/*_/}
+
+MAINTAINER="solar@gentoo.org"
+DESCRIPTION="Administrative interface for grsecuritys2 access control lists"
+HOMEPAGE="http://www.grsecurity.net/"
+SRC_URI="http://www.grsecurity.net/gradm-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~arm ~amd64" ; # ~alpha"
+IUSE=""
+
+DEPEND="virtual/glibc
+ sys-devel/bison
+ sys-devel/flex
+ sys-apps/chpax"
+
+S="${WORKDIR}/${PN}2"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+
+ # Fixup for hardened-dev-sources-2.6.5-r5
+ ebegin "Patching gradm 2.0 sources with a few cvs fixes"
+ patch -p1 -s -N -E -d ${S} < ${FILESDIR}/gradm2-cvs-20Jun2004.diff || die
+ eend $?
+
+ # (Jan 03 2004) - <solar@gentoo>
+ # static linking required for proper operation of gradm
+ # however ssp is known to break static linking when it's enabled
+ # in >=gcc-3.3.1 && <=gcc-3.3.2-r5 . So we strip ssp if needed.
+ gmicro=$(gcc-micro-version)
+ if [ "$(gcc-version)" == "3.3" -a -n "${gmicro}" -a ${gmicro} -le 2 ]; then
+ # extract out gentoo revision
+ gentoo_gcc_r=$($(gcc-getCC) -v 2>&1 | tail -n 1 | awk '{print $7}')
+ gentoo_gcc_r=${gentoo_gcc_r/,/}
+ gentoo_gcc_r=${gentoo_gcc_r/-/ }
+ gentoo_gcc_r=${gentoo_gcc_r:7}
+ [ -n "${gentoo_gcc_r}" -a ${gentoo_gcc_r} -le 5 ] && \
+ filter-flags -fstack-protector -fstack-protector-all
+ fi
+
+ ebegin "Patching Makefile to use gentoo CFLAGS"
+ sed -i -e "s|-O2|${CFLAGS}|" Makefile
+ eend $?
+
+}
+
+src_compile() {
+ cd ${S}
+ emake CC="$(gcc-getCC)" || die "compile problem"
+}
+
+src_install() {
+ cd ${S}
+ # Were not ready for init.d,script functions yet.
+ #exeinto /etc/init.d
+ #newexe ${FILESDIR}/grsecurity2.rc grsecurity2
+ #insinto /etc/conf.d
+ #doins ${FILESDIR}/grsecurity2
+
+ mkdir -p -m 700 ${D}/etc/grsec
+ doman gradm.8
+ dodoc acl
+
+ into /
+ dosbin grlearn gradm || die
+
+ # Normal users can authenticate to special roles now and thus
+ # need execution permission on gradm2. We remove group,other readable bits
+ # to help ensure that our gradm2 binary is as protected from misbehaving users.
+ fperms 711 ${D}/sbin/gradm
+}
+
+pkg_postinst() {
+ if [ ! -e /dev/grsec ] ; then
+ einfo "Making character device for grsec2 learning mode"
+ mkdir -p -m 755 /dev/
+ mknod -m 0622 /dev/grsec c 1 10 || die "Cant mknod for grsec learning device"
+ fi
+}