Index: head/sysutils/google-compute-engine-oslogin/Makefile =================================================================== --- head/sysutils/google-compute-engine-oslogin/Makefile (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/Makefile (revision 485700) @@ -1,47 +1,49 @@ # $FreeBSD$ PORTNAME= google-compute-engine-oslogin -DISTVERSION= 1.3.0 -PORTREVISION= 3 +DISTVERSION= 1.3.1 CATEGORIES= sysutils MAINTAINER= helen.koike@collabora.com COMMENT= OS Login Guest Environment for Google Compute Engine LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/../LICENSE LIB_DEPENDS= libcurl.so:ftp/curl \ libjson-c.so:devel/json-c RUN_DEPENDS= gsed:textproc/gsed \ ${LOCALBASE}/lib/pam_mkhomedir.so:security/pam_mkhomedir USES= gmake localbase:ldflags USE_LDCONFIG= yes USE_GITHUB= yes GH_ACCOUNT= GoogleCloudPlatform GH_PROJECT= compute-image-packages -GH_TAGNAME= 20180611 +GH_TAGNAME= 20181011 + MAKE_ARGS= JSON_INCLUDE_PATH=${LOCALBASE}/include/json-c \ BIN_INSTALL_PATH=/bin \ PAM_INSTALL_PATH=/lib \ AUTHKEYS_INSTALL_PATH=/bin \ NSS_LIBRARY_SONAME=nss_oslogin.so.1 WRKSRC_SUBDIR= google_compute_engine_oslogin PLIST_SUB= DISTVERSION=${DISTVERSION} post-patch: - @${REINPLACE_CMD} -e 's|/etc/sudoers.d|${PREFIX}/etc/sudoers.d|g ; \ - s|/usr/bin|${PREFIX}/bin|g' ${WRKSRC}/bin/google_oslogin_control + @${REINPLACE_CMD} -e 's!%%PREFIX%%!${PREFIX}!' \ + ${WRKSRC}/bin/google_oslogin_control \ + ${WRKSRC}/libnss_cache_oslogin/nss_cache_oslogin.c \ + ${WRKSRC}/nss_cache/nss_cache.cc post-install: ${LN} -sf libnss_${PORTNAME}-${DISTVERSION}.so ${STAGEDIR}${PREFIX}/lib/nss_oslogin.so.1 ${LN} -sf libnss_cache_${PORTNAME}-${DISTVERSION}.so ${STAGEDIR}${PREFIX}/lib/nss_cache_oslogin.so.1 ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/google_authorized_keys \ ${STAGEDIR}${PREFIX}/lib/libnss_google-compute-engine-oslogin-${DISTVERSION}.so \ ${STAGEDIR}${PREFIX}/lib/pam_oslogin_admin.so \ ${STAGEDIR}${PREFIX}/lib/pam_oslogin_login.so .include Index: head/sysutils/google-compute-engine-oslogin/distinfo =================================================================== --- head/sysutils/google-compute-engine-oslogin/distinfo (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/distinfo (revision 485700) @@ -1,3 +1,3 @@ -TIMESTAMP = 1528807879 -SHA256 (GoogleCloudPlatform-compute-image-packages-1.3.0-20180611_GH0.tar.gz) = f71bdc6d01cff014bb4d066096be9a6e067fd3028c730cc4c9557001ec99ab6e -SIZE (GoogleCloudPlatform-compute-image-packages-1.3.0-20180611_GH0.tar.gz) = 143678 +TIMESTAMP = 1539895280 +SHA256 (GoogleCloudPlatform-compute-image-packages-1.3.1-20181011_GH0.tar.gz) = c9fb44fb8c4bbde108a2aeba44f11938c7840256ca078804ec3c720a47e79144 +SIZE (GoogleCloudPlatform-compute-image-packages-1.3.1-20181011_GH0.tar.gz) = 147405 Index: head/sysutils/google-compute-engine-oslogin/files/patch-Makefile =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-Makefile (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-Makefile (nonexistent) @@ -1,20 +0,0 @@ ---- Makefile.orig 2018-06-11 17:16:50 UTC -+++ Makefile -@@ -96,7 +96,7 @@ $(NSS): $(NSS_LIBRARY_SOURCE) $(UTILS) - $(NSS_SRC) $(UTILS) $(LIBS) - - $(NSS_CACHE_BIN): $(NSS_CACHE_SRC) $(UTILS_SRC) -- $(CXX) $(LDFLAGS) $(INCLUDE_FLAGS) -o $(NSS_CACHE_BIN) $(NSS_CACHE_SRC) $(UTILS_SRC) $(LIBS) -+ $(CXX) $(CXXFLAGS) $(LDFLAGS) $(INCLUDE_FLAGS) -o $(NSS_CACHE_BIN) $(NSS_CACHE_SRC) $(UTILS_SRC) $(LIBS) - - $(LIBNSS_CACHE_OSLOGIN_NAME): $(LIBNSS_CACHE_OBJ) $(LIBNSS_COMPAT_OBJ) - $(CXX) $(LIBNSS_SO_FLAGS) -o $(LIBNSS_CACHE_OSLOGIN_NAME) $(LIBNSS_CACHE_OBJ) $(LIBNSS_COMPAT_OBJ) -@@ -122,7 +122,7 @@ $(PAM_ADMIN_OBJ): $(PAM_ADMIN_SRC) - $(CXX) $(CXXFLAGS) -c $(PAM_ADMIN_SRC) -o $(PAM_ADMIN_OBJ) - - $(AUTHKEYS_BIN): $(AUTHKEYS_SRC) $(UTILS_SRC) -- $(CXX) $(LDFLAGS) $(INCLUDE_FLAGS) -o $(AUTHKEYS_BIN) $(AUTHKEYS_SRC) $(UTILS_SRC) $(LIBS) -+ $(CXX) $(CXXFLAGS) $(LDFLAGS) $(INCLUDE_FLAGS) -o $(AUTHKEYS_BIN) $(AUTHKEYS_SRC) $(UTILS_SRC) $(LIBS) - - $(UTILS): $(UTILS_SRC) - $(CXX) $(CXXFLAGS) $(INCLUDE_FLAGS) -c $(UTILS_SRC) -o $(UTILS) Property changes on: head/sysutils/google-compute-engine-oslogin/files/patch-Makefile ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control (revision 485700) @@ -1,58 +1,76 @@ ---- bin/google_oslogin_control.orig 2018-06-11 17:16:50 UTC +--- bin/google_oslogin_control.orig 2018-10-11 16:53:23 UTC +++ bin/google_oslogin_control +@@ -20,7 +20,7 @@ sshd_config="/etc/ssh/sshd_config" + el_release_file="/etc/redhat-release" + sudoers_dir="/var/google-sudoers.d" + users_dir="/var/google-users.d" +-sudoers_file="/etc/sudoers.d/google-oslogin" ++sudoers_file="%%PREFIX%%/etc/sudoers.d/google-oslogin" + + usage() { + echo "Usage: ${script_name} {activate|deactivate|status} [--norestartsshd]" +@@ -31,7 +31,7 @@ usage() { + } + + added_comment="# Added by Google Compute Engine OS Login." +-sshd_command="AuthorizedKeysCommand /usr/bin/google_authorized_keys" ++sshd_command="AuthorizedKeysCommand %%PREFIX%%/bin/google_authorized_keys" + sshd_user="AuthorizedKeysCommandUser root" + pam_login="account requisite pam_oslogin_login.so" + pam_admin="account optional pam_oslogin_admin.so" @@ -65,24 +65,26 @@ overwrite_file() { remove_from_config() { config=$1 - sed -i "/${added_comment}/,+1d" ${config}.new + gsed -i "/${added_comment}/,+1d" ${config}.new } remove_from_nss_config() { - sed -i '/^passwd:/ s/ cache_oslogin oslogin//' ${nss_config}.new - sed -i '/^passwd:/ s/ cache oslogin//' ${nss_config}.new - sed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new + gsed -i '/^passwd:/ s/ cache_oslogin oslogin//' ${nss_config}.new + gsed -i '/^passwd:/ s/ cache oslogin//' ${nss_config}.new + gsed -i '/^passwd:/ s/ oslogin//' ${nss_config}.new } add_to_sshd_config() { remove_from_config ${sshd_config} - sed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new - sed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new + gsed -i "\$a${added_comment}\n${sshd_command}" ${sshd_config}.new + gsed -i "\$a${added_comment}\n${sshd_user}" ${sshd_config}.new } add_to_nss_config() { remove_from_nss_config - sed -i '/^passwd:/ s/$/ cache_oslogin oslogin/' ${nss_config}.new + gsed -i '/^passwd:/ s/$/ cache_oslogin oslogin/' ${nss_config}.new + # Replace compat by files (as compat cannot be used with other sources) + gsed -i '/^passwd:/ s/compat/files/' ${nss_config}.new } add_to_pam_config() { @@ -99,9 +101,9 @@ ${pam_homedir} " echo "${added_config}$(cat ${pam_config}.new)" > ${pam_config}.new else - sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new - sed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new - sed -i "/pam_loginuid.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new + gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_admin}" ${pam_config}.new + gsed -i "/account.*pam_nologin.so/ a${added_comment}\n${pam_login}" ${pam_config}.new + gsed -i "/session.*pam_permit.so/ a${added_comment}\n${pam_homedir}" ${pam_config}.new fi } @@ -115,7 +117,7 @@ restart_service() { fi fi if which service > /dev/null 2>&1; then - if service --status-all | grep -Fq ${service}; then + if service -e | grep -Fq ${service}; then echo "Restarting ${service}." service ${service} restart return $? Index: head/sysutils/google-compute-engine-oslogin/files/patch-libnss__cache__oslogin_nss__cache__oslogin.c =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-libnss__cache__oslogin_nss__cache__oslogin.c (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-libnss__cache__oslogin_nss__cache__oslogin.c (revision 485700) @@ -1,46 +1,47 @@ ---- libnss_cache_oslogin/nss_cache_oslogin.c.orig 2018-06-11 17:16:50 UTC +--- libnss_cache_oslogin/nss_cache_oslogin.c.orig 2018-10-11 16:53:23 UTC +++ libnss_cache_oslogin/nss_cache_oslogin.c @@ -16,6 +16,7 @@ #include "nss_cache_oslogin.h" +#include #include // Locking implementation: use pthreads. -@@ -32,7 +33,7 @@ static pthread_mutex_t mutex = PTHREAD_M +@@ -32,7 +33,7 @@ static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZ static FILE *p_file = NULL; static char p_filename[NSS_CACHE_OSLOGIN_PATH_LENGTH] = - "/etc/oslogin_passwd.cache"; -+ "/usr/local/etc/oslogin_passwd.cache"; ++ "%%PREFIX%%/etc/oslogin_passwd.cache"; #ifdef BSD extern int fgetpwent_r(FILE *, struct passwd *, char *, size_t, struct passwd **); -@@ -435,3 +436,26 @@ enum nss_status _nss_cache_oslogin_getpw +@@ -434,4 +435,27 @@ enum nss_status _nss_cache_oslogin_getpwnam_r(const ch + NSS_CACHE_OSLOGIN_UNLOCK(); return ret; - } ++} + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +static ns_mtab methods[] = { + { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, (void*)_nss_cache_oslogin_getpwnam_r }, + { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, (void*)_nss_cache_oslogin_getpwuid_r }, + { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, (void*)_nss_cache_oslogin_getpwent_r }, + { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, (void*)_nss_cache_oslogin_endpwent }, + { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, (void*)_nss_cache_oslogin_setpwent }, +}; + +ns_mtab * +nss_module_register (const char *name, unsigned int *size, + nss_module_unregister_fn *unregister) +{ + *size = sizeof (methods) / sizeof (methods[0]); + *unregister = NULL; + return (methods); -+} + } Index: head/sysutils/google-compute-engine-oslogin/files/patch-nss__cache_nss__cache.cc =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-nss__cache_nss__cache.cc (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-nss__cache_nss__cache.cc (revision 485700) @@ -1,13 +1,13 @@ --- nss_cache/nss_cache.cc.orig 2018-06-11 17:16:50 UTC +++ nss_cache/nss_cache.cc @@ -31,8 +31,8 @@ using oslogin_utils::MutexLock; using oslogin_utils::NssCache; // File paths for the nss cache file. -static const char kDefaultFilePath[] = "/etc/oslogin_passwd.cache"; -static const char kDefaultBackupFilePath[] = "/etc/oslogin_passwd.cache.bak"; -+static const char kDefaultFilePath[] = "/usr/local/etc/oslogin_passwd.cache"; -+static const char kDefaultBackupFilePath[] = "/usr/local/etc/oslogin_passwd.cache.bak"; ++static const char kDefaultFilePath[] = "%%PREFIX%%/etc/oslogin_passwd.cache"; ++static const char kDefaultBackupFilePath[] = "%%PREFIX%%/etc/oslogin_passwd.cache.bak"; // Local NSS Cache size. This affects the maximum number of passwd entries per // http request. Index: head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-nss__module_nss__oslogin.cc (revision 485700) @@ -1,41 +1,41 @@ ---- nss_module/nss_oslogin.cc.orig 2018-06-11 17:16:50 UTC +--- nss_module/nss_oslogin.cc.orig 2018-10-11 16:53:23 UTC +++ nss_module/nss_oslogin.cc @@ -16,6 +16,7 @@ #include #include #include +#include #include #include #include -@@ -103,4 +104,30 @@ int _nss_oslogin_getpwnam_r(const char * +@@ -103,4 +104,30 @@ int _nss_oslogin_getpwnam_r(const char *name, struct p // nss_getpwent_r() is intentionally left unimplemented. This functionality is // now covered by the nss_cache binary and nss_cache module. +void _nss_oslogin_getpwent_r() {} +void _nss_oslogin_endpwent() {} +void _nss_oslogin_setpwent() {} + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +static ns_mtab methods[] = { + { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, (void*)_nss_oslogin_getpwnam_r }, + { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, (void*)_nss_oslogin_getpwuid_r }, + { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, (void*)_nss_oslogin_getpwent_r }, + { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, (void*)_nss_oslogin_endpwent }, + { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, (void*)_nss_oslogin_setpwent }, +}; + +ns_mtab * +nss_module_register (const char *name, unsigned int *size, + nss_module_unregister_fn *unregister) +{ + *size = sizeof (methods) / sizeof (methods[0]); + *unregister = NULL; + return (methods); +} } // extern "C" Index: head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__admin.cc (revision 485700) @@ -1,28 +1,28 @@ ---- pam_module/pam_oslogin_admin.cc.orig 2018-06-11 17:16:50 UTC +--- pam_module/pam_oslogin_admin.cc.orig 2018-10-11 16:53:23 UTC +++ pam_module/pam_oslogin_admin.cc @@ -14,7 +14,6 @@ #define PAM_SM_ACCOUNT #include -#include #include #include #include -@@ -47,7 +46,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand +@@ -48,7 +47,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in int pam_result = PAM_SUCCESS; const char *user_name; if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_INFO, "Could not get pam user."); + syslog(LOG_INFO, "Could not get pam user."); return pam_result; } string str_user_name(user_name); -@@ -77,7 +76,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand +@@ -82,7 +81,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in if (HttpGet(url.str(), &response, &http_code) && http_code == 200 && ParseJsonToAuthorizeResponse(response)) { if (!file_exists) { - pam_syslog(pamh, LOG_INFO, + syslog(LOG_INFO, "Granting sudo permissions to organization user %s.", user_name); std::ofstream sudoers_file; Index: head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-pam__module_pam__oslogin__login.cc (revision 485700) @@ -1,37 +1,37 @@ ---- pam_module/pam_oslogin_login.cc.orig 2018-06-11 17:16:50 UTC +--- pam_module/pam_oslogin_login.cc.orig 2018-10-11 16:53:23 UTC +++ pam_module/pam_oslogin_login.cc @@ -14,7 +14,6 @@ #define PAM_SM_ACCOUNT #include -#include #include #include #include -@@ -45,7 +44,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand +@@ -46,7 +45,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in int pam_result = PAM_PERM_DENIED; const char *user_name; if ((pam_result = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_INFO, "Could not get pam user."); + syslog(LOG_INFO, "Could not get pam user."); return pam_result; } string str_user_name(user_name); -@@ -88,7 +87,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand +@@ -93,7 +92,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in chown(users_filename.c_str(), 0, 0); chmod(users_filename.c_str(), S_IRUSR | S_IWUSR | S_IRGRP); } - pam_syslog(pamh, LOG_INFO, + syslog(LOG_INFO, "Granting login permission for organization user %s.", user_name); pam_result = PAM_SUCCESS; -@@ -96,7 +95,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand +@@ -101,7 +100,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, in if (file_exists) { remove(users_filename.c_str()); } - pam_syslog(pamh, LOG_INFO, + syslog(LOG_INFO, "Denying login permission for organization user %s.", user_name); pam_result = PAM_PERM_DENIED; Index: head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc =================================================================== --- head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc (revision 485699) +++ head/sysutils/google-compute-engine-oslogin/files/patch-utils_oslogin__utils.cc (revision 485700) @@ -1,18 +1,29 @@ ---- utils/oslogin_utils.cc.orig 2018-06-11 17:16:50 UTC +--- utils/oslogin_utils.cc.orig 2018-11-13 21:29:55 UTC +++ utils/oslogin_utils.cc -@@ -255,7 +255,14 @@ bool ValidatePasswd(struct passwd* resul +@@ -23,8 +23,7 @@ + #include + #include + +-#ifdef __GNUC__ +-#if __GNUC__ > 4 || \ ++#if defined(__clang__) || __GNUC__ > 4 || \ + (__GNUC__ == 4 && (__GNUC_MINOR__ > 9 || \ + (__GNUC_MINOR__ == 9 && \ + __GNUC_PATCHLEVEL__ > 0))) +@@ -34,7 +33,6 @@ + #include + #define Regex boost + #endif +-#endif + + #include "oslogin_utils.h" + +@@ -279,7 +277,7 @@ bool ValidatePasswd(struct passwd* result, BufferManag } } if (strlen(result->pw_shell) == 0) { - if (!buf->AppendString("/bin/bash", &result->pw_shell, errnop)) { -+ if (!buf->AppendString("/bin/sh", &result->pw_shell, errnop)) { -+ return false; -+ } -+ } -+ -+ // If shell is set to /bin/bash, fallback to /bin/sh -+ if (strcmp(result->pw_shell, "/bin/bash") == 0 ) { + if (!buf->AppendString("/bin/sh", &result->pw_shell, errnop)) { return false; } }