Date: Tue, 9 May 2006 18:04:43 -0600 (MDT) From: huntting@glarp.com To: FreeBSD-gnats-submit@FreeBSD.org Cc: huntting@glarp.com Subject: ports/97066: sysutils/fcron Message-ID: <200605100004.k4A04hv4001766@pernicious.glarp.com> Resent-Message-ID: <200605100010.k4A0ALT5084597@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 97066 >Category: ports >Synopsis: sysutils/fcron >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed May 10 00:10:21 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Brad Huntting >Release: FreeBSD 6.0-RELEASE i386 >Organization: >Environment: System: FreeBSD pernicious.glarp.com 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Apr 20 00:14:39 MDT 2006 root@pernicious.glarp.com:/usr/src/sys/i386/compile/PERNICIOUS i386 >Description: This update fixes the problems detailed in http://www.freebsd.org/cgi/query-pr.cgi?pr=96918 and http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/96552 Specifically: The port now installs the pam files directly (in /etc/pam.d, unless they already exist) rather than just leaving them in the examples directory. There seems to be no real security advantage to not installing the pam files since they are required for fcron and fcrontab to operate, and root privs are required to install fcron to begin with. The sockaddr.sa_len was not set prior to calls to bind() and connect(). The upshot begin that fcrondyn was unable to open the socket to communicate with fcron. >How-To-Repeat: See http://www.freebsd.org/cgi/query-pr.cgi?pr=96918 http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/96552 >Fix: diff -Nru /usr/ports/sysutils/fcron/Makefile fcron/Makefile --- /usr/ports/sysutils/fcron/Makefile Fri Feb 10 02:51:04 2006 +++ fcron/Makefile Tue May 9 17:18:12 2006 @@ -8,6 +8,7 @@ PORTNAME= fcron PORTVERSION= 3.0.1 +PORTREVISION= 1 CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_SUNSITE} \ http://fcron.free.fr/archives/ \ @@ -20,10 +21,11 @@ GNU_CONFIGURE= yes USE_GMAKE= yes +USE_AUTOTOOLS= autoconf:259 USE_PERL5_BUILD=yes CONFIGURE_ARGS= --with-etcdir=${PREFIX}/etc --with-cflags="${CFLAGS}" \ --with-rootname=root --with-rootgroup=wheel \ - --with-docdir=${DOCSDIR} + --with-docdir=${DOCSDIR} --with-debug WRKSRC= ${WRKDIR}/fcron-${PORTVERSION} @@ -34,6 +36,9 @@ MAN5= fcron.conf.5 fcrontab.5 MAN8= fcron.8 +PAMDIR?= /etc/pam.d +PLIST_SUB+= PAMDIR=${PAMDIR} + PORTDOCS= * .if defined(MANLANG) && exists(${WRKSRC}/doc/${MANLANG}) @@ -55,6 +60,8 @@ .endfor ${MKDIR} ${EXAMPLESDIR} ${INSTALL_DATA} ${FILESDIR}/fcrontab-* ${WRKSRC}/files/*.pam ${EXAMPLESDIR} + [ -f ${PAMDIR}/fcron ] || ${INSTALL_DATA} ${WRKSRC}/files/fcron.pam ${PAMDIR}/fcron + [ -f ${PAMDIR}/fcrontab ] || ${INSTALL_DATA} ${WRKSRC}/files/fcrontab.pam ${PAMDIR}/fcrontab .for n in 1 5 8 ${INSTALL_MAN} ${MAN${n}:S|^|${DOCSRC}/man/|} ${PREFIX}/man/man${n} .endfor diff -Nru /usr/ports/sysutils/fcron/files/patch-config.h.in fcron/files/patch-config.h.in --- /usr/ports/sysutils/fcron/files/patch-config.h.in Wed Dec 31 17:00:00 1969 +++ fcron/files/patch-config.h.in Tue May 9 17:15:42 2006 @@ -0,0 +1,8 @@ +--- config.h.in.orig Mon Feb 6 14:44:52 2006 ++++ config.h.in Tue May 9 17:15:19 2006 +@@ -424,3 +424,5 @@ + #define O_SYNC O_FSYNC + #endif + ++/* Define if (struct sockaddr) has an sa_len field. */ ++#undef HAVE_SA_LEN diff -Nru /usr/ports/sysutils/fcron/files/patch-configure.in fcron/files/patch-configure.in --- /usr/ports/sysutils/fcron/files/patch-configure.in Wed Dec 31 17:00:00 1969 +++ fcron/files/patch-configure.in Tue May 9 17:04:47 2006 @@ -0,0 +1,20 @@ +--- configure.in.orig Mon Jan 9 17:21:24 2006 ++++ configure.in Tue May 9 17:04:30 2006 +@@ -57,6 +57,17 @@ + AC_STRUCT_TM + AC_TYPE_UID_T + ++dnl Check for post-Reno style struct sockaddr ++AC_CACHE_CHECK([for sa_len], ++ ac_cv_sa_len, ++[AC_TRY_COMPILE([#include <sys/types.h> ++#include <sys/socket.h>], [int main(void) { ++ struct sockaddr t;t.sa_len = 0;}], ++ ac_cv_sa_len=yes,ac_cv_sa_len=no)]) ++if test $ac_cv_sa_len = yes; then ++ AC_DEFINE(HAVE_SA_LEN) ++fi ++ + dnl Checks for library functions. + AC_PROG_GCC_TRADITIONAL + AC_FUNC_MEMCMP diff -Nru /usr/ports/sysutils/fcron/files/patch-fcrondyn.c fcron/files/patch-fcrondyn.c --- /usr/ports/sysutils/fcron/files/patch-fcrondyn.c Wed Dec 31 17:00:00 1969 +++ fcron/files/patch-fcrondyn.c Tue May 9 15:26:26 2006 @@ -0,0 +1,29 @@ +--- fcrondyn.c.orig Mon Feb 6 14:44:52 2006 ++++ fcrondyn.c Tue May 9 15:24:22 2006 +@@ -399,17 +399,21 @@ + int fd = -1; + struct sockaddr_un addr; + int len = 0; ++ int sa_len; + + if ( (fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1 ) + die_e("could not create socket"); + + addr.sun_family = AF_UNIX; +- if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) ) +- die("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path)); +- strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path) - 1); +- addr.sun_path[sizeof(addr.sun_path)-1] = '\0'; ++ if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) - 1 ) ++ die("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path) - 1); ++ strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path)); ++ sa_len = (addr.sun_path - (char *)&addr) + len; ++#if HAVE_SA_LEN ++ addr.sun_len = sa_len; ++#endif + +- if ( connect(fd, (struct sockaddr *) &addr, sizeof(addr.sun_family) + len) < 0 ) ++ if ( connect(fd, (struct sockaddr *) &addr, sa_len) < 0 ) + die_e("Cannot connect() to fcron (check if fcron is running)"); + + if ( authenticate_user(fd) == ERR ) { diff -Nru /usr/ports/sysutils/fcron/files/patch-socket.c fcron/files/patch-socket.c --- /usr/ports/sysutils/fcron/files/patch-socket.c Wed Dec 31 17:00:00 1969 +++ fcron/files/patch-socket.c Tue May 9 16:33:41 2006 @@ -0,0 +1,34 @@ +--- socket.c.orig Mon Feb 6 14:44:52 2006 ++++ socket.c Tue May 9 16:33:19 2006 +@@ -134,6 +134,7 @@ + { + struct sockaddr_un addr; + int len = 0; ++ int sa_len; + + /* used in fcron.c:main_loop():select() */ + FD_ZERO(&read_set); +@@ -145,15 +146,19 @@ + } + + addr.sun_family = AF_UNIX; +- if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) ) { +- error("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path)); ++ if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) - 1) { ++ error("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path) - 1); + goto err; + } +- strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path) - 1); ++ strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path)); + addr.sun_path[sizeof(addr.sun_path) -1 ] = '\0'; ++ sa_len = (addr.sun_path - (char *)&addr) + len; ++#if HAVE_SA_LEN ++ addr.sun_len = sa_len; ++#endif + + unlink(fifofile); +- if (bind(listen_fd, (struct sockaddr*) &addr, sizeof(addr.sun_family)+len+1) != 0){ ++ if (bind(listen_fd, (struct sockaddr*) &addr, sa_len) != 0){ + error_e("Cannot bind socket to '%s'", fifofile); + goto err; + } diff -Nru /usr/ports/sysutils/fcron/files/pkg-message.in fcron/files/pkg-message.in --- /usr/ports/sysutils/fcron/files/pkg-message.in Fri Feb 10 02:51:04 2006 +++ fcron/files/pkg-message.in Mon May 8 09:24:35 2006 @@ -5,12 +5,6 @@ fcron_enable="YES" cron_enable="NO" -install the pam config files - - mkdir -p %%PREFIX%%/etc/pam.d - cp %%EXAMPLESDIR%%/fcron.pam %%PREFIX%%/etc/pam.d/fcron - cp %%EXAMPLESDIR%%/fcrontab.pam %%PREFIX%%/etc/pam.d/fcrontab - and move any jobs in /etc/crontab to the root fcrontab(5) file. See: %%EXAMPLESDIR%% diff -Nru /usr/ports/sysutils/fcron/pkg-plist fcron/pkg-plist --- /usr/ports/sysutils/fcron/pkg-plist Fri Feb 10 02:51:04 2006 +++ fcron/pkg-plist Tue May 9 16:54:49 2006 @@ -5,8 +5,8 @@ etc/fcron.conf.dist etc/fcron.deny.dist sbin/fcron -%%EXAMPLESDIR%%/fcron.pam +%%PAMDIR%%/fcron +%%PAMDIR%%/fcrontab %%EXAMPLESDIR%%/fcrontab-operator %%EXAMPLESDIR%%/fcrontab-root -%%EXAMPLESDIR%%/fcrontab.pam @dirrm %%EXAMPLESDIR%% >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605100004.k4A04hv4001766>