summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth/tcb')
-rw-r--r--sys-auth/tcb/ChangeLog10
-rw-r--r--sys-auth/tcb/files/tcb-1.0.2-build.patch37
-rw-r--r--sys-auth/tcb/files/tcb-gentoo.patch162
-rw-r--r--sys-auth/tcb/files/tcb-xcrypt.patch50
-rw-r--r--sys-auth/tcb/tcb-1.0.3-r1.ebuild53
-rw-r--r--sys-auth/tcb/tcb-1.0.4.ebuild (renamed from sys-auth/tcb/tcb-1.0.3-r2.ebuild)19
6 files changed, 77 insertions, 254 deletions
diff --git a/sys-auth/tcb/ChangeLog b/sys-auth/tcb/ChangeLog
index 2c0b51630a1c..08bdcdd5bf5a 100644
--- a/sys-auth/tcb/ChangeLog
+++ b/sys-auth/tcb/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for sys-auth/tcb
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/ChangeLog,v 1.6 2010/01/19 14:37:41 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/ChangeLog,v 1.7 2010/02/12 10:00:24 phajdan.jr Exp $
+
+*tcb-1.0.4 (12 Feb 2010)
+
+ 12 Feb 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org>
+ -files/tcb-1.0.2-build.patch, -tcb-1.0.3-r1.ebuild, -tcb-1.0.3-r2.ebuild,
+ +tcb-1.0.4.ebuild, files/tcb-gentoo.patch, -files/tcb-xcrypt.patch:
+ Version bump. Remove old. Update the compatibility patch. Drop old
+ patches.
19 Jan 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org>
files/tcb-1.0.2-build.patch:
diff --git a/sys-auth/tcb/files/tcb-1.0.2-build.patch b/sys-auth/tcb/files/tcb-1.0.2-build.patch
deleted file mode 100644
index 60cc1c519354..000000000000
--- a/sys-auth/tcb/files/tcb-1.0.2-build.patch
+++ /dev/null
@@ -1,37 +0,0 @@
---- tcb-1.0/libs/Makefile
-+++ tcb-1.0/libs/Makefile
-@@ -17,13 +17,13 @@
- $(CC) $(CFLAGS) $(DBGFLAG) -c $< -o $@
-
- $(LIBTCB_LONG): libtcb.o $(LIB_MAP)
-- $(CC) $(DBGFLAG) -shared -o $@ -Wl,-soname,$(LIBTCB) \
-+ $(CC) $(LDFLAGS) $(DBGFLAG) -shared -o $@ -Wl,-soname,$(LIBTCB) \
- -Wl,--version-script=$(LIB_MAP) $< -lc
- ln -sf $@ $(LIBTCB)
- ln -sf $(LIBTCB) libtcb.so
-
- $(LIBNSS): nss.o $(NSS_MAP) $(LIBTCB_LONG)
-- $(CC) $(DBGFLAG) -shared -o $@ -Wl,--version-script=$(NSS_MAP) \
-+ $(CC) $(LDFLAGS) $(DBGFLAG) -shared -o $@ -Wl,-soname,$@ -Wl,--version-script=$(NSS_MAP) \
- $< -L. $(LIBNSL) -ltcb
-
- .c.o:
---- tcb-1.0/progs/Makefile
-+++ tcb-1.0/progs/Makefile
-@@ -7,13 +7,13 @@
- all: $(CONVERT) $(UNCONVERT) $(CHKPWD)
-
- $(CONVERT): $(CONVERT).o
-- $(CC) -o $@ $<
-+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
-
- $(UNCONVERT): $(UNCONVERT).o
-- $(CC) -o $@ $< -L../libs -ltcb
-+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -L../libs -ltcb
-
- $(CHKPWD): $(CHKPWD).o
-- $(CC) -o $@ $< -lcrypt
-+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lcrypt
-
- .c.o:
- $(CC) $(CFLAGS) -c $< -o $@
diff --git a/sys-auth/tcb/files/tcb-gentoo.patch b/sys-auth/tcb/files/tcb-gentoo.patch
index ee681854f784..3cdab6e25879 100644
--- a/sys-auth/tcb/files/tcb-gentoo.patch
+++ b/sys-auth/tcb/files/tcb-gentoo.patch
@@ -1,121 +1,51 @@
--- pam_tcb/support.c.orig 2010-01-17 12:22:29.000000000 +0100
-+++ pam_tcb/support.c 2010-01-17 15:47:38.000000000 +0100
-@@ -466,6 +466,39 @@
++++ pam_tcb/support.c 2010-02-12 10:47:37.000000000 +0100
+@@ -466,6 +466,44 @@
return retval;
}
-+static char i64c(int i)
-+{
-+ if (i < 0)
-+ return '.';
-+ if (i > 63)
-+ return 'z';
-+
-+ if (i == 0)
-+ return '.';
-+ if (i == 1)
-+ return '/';
-+ if (i >= 2 && i <= 11)
-+ return ('0' - 2 + i);
-+ if (i >= 12 && i <= 37)
-+ return ('A' - 12 + i);
-+ if (i >= 38 && i <= 63)
-+ return ('a' - 38 + i);
-+
-+ return '\0';
-+}
++static unsigned char _crypt_itoa64[64 + 1] =
++ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
-+static char *make_salt(const char *prefix, const char *entropy,
-+ int entropy_size)
++static char *crypt_gensalt_ra(const char *prefix, unsigned long count,
++ const char *entropy, int entropy_size)
+{
-+ char salt[64];
++ if (count != 0)
++ return NULL;
++ if (entropy_size < 3)
++ return NULL;
++ char* salt = malloc(strlen(prefix) + entropy_size/3*4 + 1);
++ if (!salt)
++ return NULL;
+ char *sp = stpcpy(salt, prefix);
+ int i;
-+ for (i = 0; i < entropy_size / 2; i++)
-+ *sp++ = i64c(entropy[i] & 077);
++ for (i = 0; entropy_size >= 3 * (i + 1); i++) {
++ unsigned long value =
++ ((unsigned long)(unsigned char)entropy[3 * i]) |
++ ((unsigned long)(unsigned char)entropy[3 * i + 1] << 8) |
++ ((unsigned long)(unsigned char)entropy[3 * i + 2] << 16);
++ *sp++ = _crypt_itoa64[value & 0x3f];
++ *sp++ = _crypt_itoa64[(value >> 6) & 0x3f];
++ *sp++ = _crypt_itoa64[(value >> 12) & 0x3f];
++ *sp++ = _crypt_itoa64[(value >> 18) & 0x3f];
++ }
+ *sp = '\0';
-+ return strdup(salt);
++ return salt;
++}
++
++static char *crypt_ra(const char *key, const char *salt,
++ void **data, int *size)
++{
++ *size = sizeof(struct crypt_data);
++ if (!(*data = calloc(1, *size)))
++ return NULL;
++ return crypt_r(key, salt, *data);
+}
+
static int check_crypt(pam_handle_t *pamh, const char *pass,
const char *stored_hash)
{
-@@ -481,11 +514,11 @@
-
- /* This exists because of timing attacks. */
- memset(input, 0x55, sizeof(input));
-- fake_salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix,
-- pam_unix_param.count, input, sizeof(input));
-+ fake_salt = make_salt(pam_unix_param.crypt_prefix,
-+ input, sizeof(input));
-
- if (!fake_salt) {
-- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m");
-+ pam_syslog(pamh, LOG_CRIT, "make_salt: %m");
- return PAM_BUF_ERR;
- }
-
-@@ -816,22 +849,21 @@
- return PAM_SUCCESS;
- }
-
--static char *crypt_wrapper_ra(pam_handle_t *pamh, const char *key,
-+static char *crypt_wrapper_r(pam_handle_t *pamh, const char *key,
- const char *salt)
- {
-- char *retval;
-- void *data = NULL;
-- int size = 0;
-+ char *retval = NULL;
-+ struct crypt_data *cdata = malloc(sizeof(*cdata));
-
-- retval = crypt_ra(key, salt, &data, &size);
-- if (retval)
-- retval = strdup(retval); /* we return NULL if strdup fails */
-- else
-- pam_syslog(pamh, LOG_CRIT, "crypt_ra: %m");
-- if (data) {
-- memset(data, 0, size);
-- free(data);
-+ if (cdata != NULL) {
-+ cdata->initialized = 0;
-+ retval = strdup(crypt_r(key, salt, cdata));
-+ if (!retval)
-+ pam_syslog(pamh, LOG_CRIT, "crypt_r: %m");
-+ memset(cdata, '\0', sizeof(*cdata));
-+ free(cdata);
- }
-+
- return retval;
- }
-
-@@ -841,7 +873,7 @@
- char *retval;
-
- if (off(UNIX_PLAIN_CRYPT))
-- return crypt_wrapper_ra(pamh, key, salt);
-+ return crypt_wrapper_r(pamh, key, salt);
-
- errno = 0;
- retval = crypt(key, salt);
-@@ -873,13 +905,13 @@
- }
- close(fd);
-
-- salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix,
-- pam_unix_param.count, entropy, sizeof(entropy));
-+ salt = make_salt(pam_unix_param.crypt_prefix,
-+ entropy, sizeof(entropy));
-
- memset(entropy, 0, sizeof(entropy));
-
- if (!salt) {
-- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m");
-+ pam_syslog(pamh, LOG_CRIT, "make_salt: %m");
- return NULL;
- }
-
-@@ -1019,7 +1051,7 @@
+@@ -1019,28 +1057,16 @@
if (!parse_opt(pamh, *argv, the_cmdline_opts))
return 0;
param = get_optval("prefix=", the_cmdline_opts);
@@ -124,3 +54,27 @@
param = get_optval("helper=", the_cmdline_opts);
pam_unix_param.helper = param ?: CHKPWD_HELPER;
+
+ param = get_optval("count=", the_cmdline_opts);
+ if (param) {
+- char *end;
+- /*
+- * SUSv2 says:
+- * Because 0 and ULONG_MAX are returned on error and
+- * are also valid returns on success, an application
+- * wishing to check for error situations should set
+- * errno to 0, then call strtoul(), then check errno.
+- */
+- errno = 0;
+- pam_unix_param.count = strtoul(param, &end, 10);
+- if (errno || !*param || *end) {
+- pam_syslog(pamh, LOG_ERR,
+- "Invalid count= argument: %s", param);
+- return 0;
+- }
++ pam_syslog(pamh, LOG_ERR,
++ "count= parameter is not supported without Openwall libcrypt extensions");
++ return 0;
+ } else
+ pam_unix_param.count = 0;
+
diff --git a/sys-auth/tcb/files/tcb-xcrypt.patch b/sys-auth/tcb/files/tcb-xcrypt.patch
deleted file mode 100644
index ec7f08c0b37b..000000000000
--- a/sys-auth/tcb/files/tcb-xcrypt.patch
+++ /dev/null
@@ -1,50 +0,0 @@
---- pam_tcb/support.c.orig 2009-12-27 16:33:28.000000000 +0100
-+++ pam_tcb/support.c 2009-12-27 16:34:03.000000000 +0100
-@@ -10,7 +10,7 @@
- #include <signal.h>
- #include <pwd.h>
- #include <shadow.h>
--#include <crypt.h>
-+#include <xcrypt.h>
- #include <sys/types.h>
- #include <sys/wait.h>
- #include <rpcsvc/ypclnt.h>
-@@ -481,11 +481,11 @@
-
- /* This exists because of timing attacks. */
- memset(input, 0x55, sizeof(input));
-- fake_salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix,
-+ fake_salt = xcrypt_gensalt_ra(pam_unix_param.crypt_prefix,
- pam_unix_param.count, input, sizeof(input));
-
- if (!fake_salt) {
-- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m");
-+ pam_syslog(pamh, LOG_CRIT, "xcrypt_gensalt_ra: %m");
- return PAM_BUF_ERR;
- }
-
-@@ -823,11 +823,11 @@
- void *data = NULL;
- int size = 0;
-
-- retval = crypt_ra(key, salt, &data, &size);
-+ retval = xcrypt_ra(key, salt, &data, &size);
- if (retval)
- retval = strdup(retval); /* we return NULL if strdup fails */
- else
-- pam_syslog(pamh, LOG_CRIT, "crypt_ra: %m");
-+ pam_syslog(pamh, LOG_CRIT, "xcrypt_ra: %m");
- if (data) {
- memset(data, 0, size);
- free(data);
---- pam_tcb/Makefile.orig 2009-12-27 16:38:53.000000000 +0100
-+++ pam_tcb/Makefile 2009-12-27 16:39:10.000000000 +0100
-@@ -13,7 +13,7 @@
-
- $(PAM_TCB): $(LIBOBJ) $(PAM_MAP)
- $(CC) $(LDFLAGS) -shared -o $@ -Wl,--version-script=$(PAM_MAP) \
-- $(LIBOBJ) -lnsl -lcrypt -lpam -ltcb
-+ $(LIBOBJ) -lnsl -lxcrypt -lpam -ltcb
-
- .c.o:
- $(CC) $(CFLAGS) -fPIC -c $< -o $@
diff --git a/sys-auth/tcb/tcb-1.0.3-r1.ebuild b/sys-auth/tcb/tcb-1.0.3-r1.ebuild
deleted file mode 100644
index 51c9ec111320..000000000000
--- a/sys-auth/tcb/tcb-1.0.3-r1.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.3-r1.ebuild,v 1.1 2010/01/12 17:59:48 phajdan.jr Exp $
-
-inherit eutils multilib
-
-DESCRIPTION="Libraries and tools implementing the tcb password shadowing scheme"
-HOMEPAGE="http://www.openwall.com/tcb/"
-SRC_URI="ftp://ftp.openwall.com/pub/projects/tcb/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="pam"
-
-DEPEND=">=sys-libs/libxcrypt-2.4
- pam? ( >=sys-libs/pam-0.75 )"
-RDEPEND="${DEPEND}"
-
-pkg_setup() {
- for group in auth chkpwd shadow ; do
- enewgroup ${group}
- done
-
- mymakeopts="
- SLIBDIR=/$(get_libdir)
- LIBDIR=/usr/$(get_libdir)
- MANDIR=/usr/share/man
- DESTDIR='${D}'"
-}
-
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- epatch "${FILESDIR}"/${PN}-1.0.2-build.patch
- epatch "${FILESDIR}"/${PN}-xcrypt.patch
- use pam || sed -i '/pam/d' Makefile
-}
-
-src_compile() {
- emake $mymakeopts || die "emake failed"
-}
-
-src_install() {
- emake $mymakeopts install || die "emake install failed"
- dodoc ChangeLog
-}
-
-pkg_postinst() {
- einfo "You must now run /sbin/tcb_convert to convert your shadow to tcb"
- einfo "To remove this you must first run /sbin/tcp_unconvert and then unmerge"
-}
diff --git a/sys-auth/tcb/tcb-1.0.3-r2.ebuild b/sys-auth/tcb/tcb-1.0.4.ebuild
index fab566c5e830..e4923a643ef3 100644
--- a/sys-auth/tcb/tcb-1.0.3-r2.ebuild
+++ b/sys-auth/tcb/tcb-1.0.4.ebuild
@@ -1,6 +1,8 @@
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.3-r2.ebuild,v 1.1 2010/01/17 14:55:16 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.4.ebuild,v 1.1 2010/02/12 10:00:24 phajdan.jr Exp $
+
+EAPI="2"
inherit eutils multilib
@@ -11,9 +13,9 @@ SRC_URI="ftp://ftp.openwall.com/pub/projects/tcb/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
-IUSE="pam"
+IUSE=""
-DEPEND="pam? ( >=sys-libs/pam-0.75 )"
+DEPEND=">=sys-libs/pam-0.75"
RDEPEND="${DEPEND}"
pkg_setup() {
@@ -28,13 +30,12 @@ pkg_setup() {
DESTDIR='${D}'"
}
-src_unpack() {
- unpack ${A}
- cd "${S}"
-
- epatch "${FILESDIR}"/${PN}-1.0.2-build.patch
+src_prepare() {
+ # We don't have Openwall glibc extensions. The patch makes it possible
+ # to run tcb with normal glibc. It has been reviewed by upstream, but
+ # is not going to be accepted. The plan is to add support for sha hashes
+ # to Openwall's crypto routines and use them when that's available.
epatch "${FILESDIR}"/${PN}-gentoo.patch
- use pam || sed -i '/pam/d' Makefile
}
src_compile() {