D13811.diff
No OneTemporary
Actions

Size

12 KB

Referenced Files

None

Subscribers

None

D13811.diff
View Options

	Index: head/sysutils/Makefile
	===================================================================
	--- head/sysutils/Makefile
	+++ head/sysutils/Makefile
	@@ -419,6 +419,7 @@
	SUBDIR += gnome-system-monitor
	SUBDIR += gnome_subr
	SUBDIR += goaccess
	+ SUBDIR += google-compute-engine-oslogin
	SUBDIR += goss
	SUBDIR += gpart
	SUBDIR += gpte
	Index: head/sysutils/google-compute-engine-oslogin/Makefile
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/Makefile
	+++ head/sysutils/google-compute-engine-oslogin/Makefile
	@@ -0,0 +1,46 @@
	+# $FreeBSD$
	+
	+PORTNAME= google-compute-engine-oslogin
	+DISTVERSION= 1.1.2
	+CATEGORIES= sysutils
	+
	+MAINTAINER= helen.koike@collabora.com
	+COMMENT= OS Login Guest Environment for Google Compute Engine
	+
	+LICENSE= APACHE20
	+LICENSE_FILE= ${WRKSRC}/../LICENSE
	+
	+LIB_DEPENDS= libcurl.so:ftp/curl \
	+ libjson-c.so:devel/json-c
	+RUN_DEPENDS= gsed:textproc/gsed \
	+ ${LOCALBASE}/lib/pam_mkhomedir.so:security/pam_mkhomedir
	+
	+USES= gmake
	+USE_LDCONFIG= yes
	+USE_GCC= any
	+USE_GITHUB= yes
	+GH_ACCOUNT= GoogleCloudPlatform
	+GH_PROJECT= compute-image-packages
	+GH_TAGNAME= 20171213
	+MAKE_ARGS= JSON_INCLUDE_PATH=${LOCALBASE}/include/json-c \
	+ BIN_INSTALL_PATH=/bin \
	+ PAM_INSTALL_PATH=/lib \
	+ AUTHKEYS_INSTALL_PATH=/bin \
	+ NSS_LIBRARY_SONAME=nss_oslogin.so.1
	+
	+WRKSRC_SUBDIR= google_compute_engine_oslogin
	+
	+PLIST_SUB= DISTVERSION=${DISTVERSION}
	+
	+post-patch:
	+ @${REINPLACE_CMD} -e 's\|/etc/sudoers.d\|${PREFIX}/etc/sudoers.d\|g ; \
	+ s\|/usr/bin\|${PREFIX}/bin\|g' ${WRKSRC}/bin/google_oslogin_control
	+
	+post-install:
	+ ${LN} -sf libnss_${PORTNAME}-${DISTVERSION}.so ${STAGEDIR}${PREFIX}/lib/nss_oslogin.so.1
	+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/google_authorized_keys \
	+ ${STAGEDIR}${PREFIX}/lib/libnss_google-compute-engine-oslogin-${DISTVERSION}.so \
	+ ${STAGEDIR}${PREFIX}/lib/pam_oslogin_admin.so \
	+ ${STAGEDIR}${PREFIX}/lib/pam_oslogin_login.so
	+
	+.include <bsd.port.mk>
	Index: head/sysutils/google-compute-engine-oslogin/distinfo
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/distinfo
	+++ head/sysutils/google-compute-engine-oslogin/distinfo
	@@ -0,0 +1,3 @@
	+TIMESTAMP = 1514471176
	+SHA256 (GoogleCloudPlatform-compute-image-packages-1.1.2-20171213_GH0.tar.gz) = 483d97c6d64cd7d9002247db63af8cb591e526a09ce52fd8d545c66da3ebb181
	+SIZE (GoogleCloudPlatform-compute-image-packages-1.1.2-20171213_GH0.tar.gz) = 131055
	Index: head/sysutils/google-compute-engine-oslogin/files/patch-Makefile
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/files/patch-Makefile
	+++ head/sysutils/google-compute-engine-oslogin/files/patch-Makefile
	@@ -0,0 +1,11 @@
	+--- Makefile.orig 2017-12-13 23:47:59 UTC
	++++ Makefile
	+@@ -15,7 +15,7 @@ AUTHKEYS_INSTALL_PATH = /usr/bin
	+ JSON_INCLUDE_PATH = /usr/include/json-c
	+ INCLUDE_FLAGS = -I$(JSON_INCLUDE_PATH)
	+
	+-CXX = g++
	++CXX ?= g++
	+ CXXFLAGS += -fPIC# -Wall
	+ PAMFLAGS = $(LDFLAGS) $(INCLUDE_FLAGS) -shared
	+ NSSFLAGS = $(LDFLAGS) $(INCLUDE_FLAGS) -shared -Wl,-soname,$(NSS_LIBRARY_SONAME)
	Index: head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control
	+++ head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control
	@@ -0,0 +1,51 @@
	+--- bin/google_oslogin_control.orig 2017-12-13 23:47:59 UTC
	++++ bin/google_oslogin_control
	+@@ -65,29 +65,31 @@ overwrite_file() {
	+
	+ remove_from_config() {
	+ config=$1
	+- sed -i "/${added_comment}/,+1d" ${config}.new
	++ gsed -i "/${added_comment}/,+1d" ${config}.new
	+ }
	+
	+ remove_from_nss_config() {
	+- sed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
	++ gsed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new
	+ }
	+
	+ add_to_sshd_config() {
	+ remove_from_config ${sshd_config}
	+- sed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
	+- sed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
	++ gsed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new
	++ gsed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new
	+ }
	+
	+ add_to_nss_config() {
	+ remove_from_nss_config
	+- sed -i '/^passwd:/ s/$/ oslogin/' ${nss_config}.new
	++ gsed -i '/^passwd:/ s/$/ oslogin/' ${nss_config}.new
	++ # Replace compat by files (as compat cannot be used with other sources)
	++ gsed -i '/^passwd:/ s/compat/files/' ${nss_config}.new
	+ }
	+
	+ add_to_pam_config() {
	+ remove_from_config ${pam_config}
	+- sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
	+- sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
	+- sed -i "/pam_loginuid.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
	++ gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new
	++ gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new
	++ gsed -i "/session.*pam_permit.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new
	+ }
	+
	+ restart_service() {
	+@@ -100,7 +102,7 @@ restart_service() {
	+ fi
	+ fi
	+ if which service > /dev/null 2>&1; then
	+- if service --status-all \| grep -Fq ${service}; then
	++ if service -e \| grep -Fq ${service}; then
	+ echo "Restarting ${service}."
	+ service ${service} restart
	+ return $?
	Index: head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc
	+++ head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc
	@@ -0,0 +1,38 @@
	+--- nss_module/nss_oslogin.cc.orig 2017-12-13 23:47:59 UTC
	++++ nss_module/nss_oslogin.cc
	+@@ -16,6 +16,7 @@
	+ #include <errno.h>
	+ #include <grp.h>
	+ #include <nss.h>
	++#include <nsswitch.h>
	+ #include <pthread.h>
	+ #include <pwd.h>
	+ #include <sys/types.h>
	+@@ -150,4 +151,27 @@ int _nss_oslogin_getpwent_r(struct passw
	+ }
	+ return NSS_STATUS_SUCCESS;
	+ }
	++
	++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
	++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
	++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
	++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
	++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
	++
	++static ns_mtab methods[] = {
	++ { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, (void*)_nss_oslogin_getpwnam_r },
	++ { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, (void*)_nss_oslogin_getpwuid_r },
	++ { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, (void*)_nss_oslogin_getpwent_r },
	++ { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, (void*)_nss_oslogin_endpwent },
	++ { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, (void*)_nss_oslogin_setpwent },
	++};
	++
	++ns_mtab *
	++nss_module_register (const char name, unsigned int size,
	++ nss_module_unregister_fn *unregister)
	++{
	++ *size = sizeof (methods) / sizeof (methods[0]);
	++ *unregister = NULL;
	++ return (methods);
	++}
	+ } // extern "C"
	Index: head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc
	+++ head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc
	@@ -0,0 +1,28 @@
	+--- pam_module/pam_oslogin_admin.cc.orig 2017-12-13 23:47:59 UTC
	++++ pam_module/pam_oslogin_admin.cc
	+@@ -14,7 +14,6 @@
	+
	+ #define PAM_SM_ACCOUNT
	+ #include <security/pam_appl.h>
	+-#include <security/pam_ext.h>
	+ #include <security/pam_modules.h>
	+ #include <sys/stat.h>
	+ #include <sys/types.h>
	+@@ -47,7 +46,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
	+ int pam_result = PAM_SUCCESS;
	+ const char *user_name;
	+ if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
	+- pam_syslog(pamh, LOG_INFO, "Could not get pam user.");
	++ syslog(LOG_INFO, "Could not get pam user.");
	+ return pam_result;
	+ }
	+ string str_user_name(user_name);
	+@@ -77,7 +76,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
	+ if (HttpGet(url.str(), &response, &http_code) && http_code == 200 &&
	+ ParseJsonToAuthorizeResponse(response)) {
	+ if (!file_exists) {
	+- pam_syslog(pamh, LOG_INFO,
	++ syslog(LOG_INFO,
	+ "Granting sudo permissions to organization user %s.",
	+ user_name);
	+ std::ofstream sudoers_file;
	Index: head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc
	+++ head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc
	@@ -0,0 +1,37 @@
	+--- pam_module/pam_oslogin_login.cc.orig 2017-12-13 23:47:59 UTC
	++++ pam_module/pam_oslogin_login.cc
	+@@ -14,7 +14,6 @@
	+
	+ #define PAM_SM_ACCOUNT
	+ #include <security/pam_appl.h>
	+-#include <security/pam_ext.h>
	+ #include <security/pam_modules.h>
	+ #include <sys/stat.h>
	+ #include <sys/types.h>
	+@@ -45,7 +44,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
	+ int pam_result = PAM_PERM_DENIED;
	+ const char *user_name;
	+ if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
	+- pam_syslog(pamh, LOG_INFO, "Could not get pam user.");
	++ syslog(LOG_INFO, "Could not get pam user.");
	+ return pam_result;
	+ }
	+ string str_user_name(user_name);
	+@@ -88,7 +87,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
	+ chown(users_filename.c_str(), 0, 0);
	+ chmod(users_filename.c_str(), S_IRUSR \| S_IWUSR \| S_IRGRP);
	+ }
	+- pam_syslog(pamh, LOG_INFO,
	++ syslog(LOG_INFO,
	+ "Granting login permission for organization user %s.",
	+ user_name);
	+ pam_result = PAM_SUCCESS;
	+@@ -96,7 +95,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
	+ if (file_exists) {
	+ remove(users_filename.c_str());
	+ }
	+- pam_syslog(pamh, LOG_INFO,
	++ syslog(LOG_INFO,
	+ "Denying login permission for organization user %s.", user_name);
	+
	+ pam_result = PAM_PERM_DENIED;
	Index: head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc
	+++ head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc
	@@ -0,0 +1,18 @@
	+--- utils/oslogin_utils.cc.orig 2017-12-13 23:47:59 UTC
	++++ utils/oslogin_utils.cc
	+@@ -218,7 +218,14 @@ bool ValidatePasswd(struct passwd* resul
	+ }
	+ }
	+ if (strlen(result->pw_shell) == 0) {
	+- if (!buf->AppendString("/bin/bash", &result->pw_shell, errnop)) {
	++ if (!buf->AppendString("/bin/sh", &result->pw_shell, errnop)) {
	++ return false;
	++ }
	++ }
	++
	++ // If shell is set to /bin/bash, fallback to /bin/sh
	++ if (strcmp(result->pw_shell, "/bin/bash") == 0 ) {
	++ if (!buf->AppendString("/bin/sh", &result->pw_shell, errnop)) {
	+ return false;
	+ }
	+ }
	Index: head/sysutils/google-compute-engine-oslogin/pkg-descr
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/pkg-descr
	+++ head/sysutils/google-compute-engine-oslogin/pkg-descr
	@@ -0,0 +1,19 @@
	+This package enables Google Cloud OS Login features on Google Compute Engine
	+instances.
	+The OS Login package has the following components:
	+
	+- Authorized Keys Command to fetch SSH keys from the user's OS Login profile and
	+make them available to sshd.
	+- NSS Module provides support for making OS Login user and group information
	+available to the system, using NSS (Name Service Switch) functionality.
	+- PAM Module provides authorization and authentication support allowing the
	+system to use data stored in Google Cloud IAM permissions to control both, the
	+ability to log into an instance, and to perform operations as root (sudo).
	+- Utils provides common code to support the components listed above.
	+
	+In addition to the main components, there are also utilities for packaging and
	+installing these components:
	+
	+- bin contains a shell script for (de)activating the package components.
	+
	+WWW: https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_oslogin
	Index: head/sysutils/google-compute-engine-oslogin/pkg-plist
	===================================================================
	--- head/sysutils/google-compute-engine-oslogin/pkg-plist
	+++ head/sysutils/google-compute-engine-oslogin/pkg-plist
	@@ -0,0 +1,6 @@
	+bin/google_authorized_keys
	+bin/google_oslogin_control
	+lib/libnss_google-compute-engine-oslogin-%%DISTVERSION%%.so
	+lib/nss_oslogin.so.1
	+lib/pam_oslogin_admin.so
	+lib/pam_oslogin_login.so

File Metadata

Mime Type: text/plain
Expires: Sat, Dec 14, 1:04 AM (16 h, 33 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 15375058
Default Alt Text: D13811.diff (12 KB)

D13811.diffNo OneTemporaryActions

D13811.diffView Options

File Metadata

Event Timeline

D13811.diff
No OneTemporary
Actions

D13811.diff
View Options