ports/97066: sysutils/fcron

huntting at glarp.com huntting at glarp.com
Wed May 10 00:10:22 UTC 2006 

>Number:         97066
>Category:       ports
>Synopsis:       sysutils/fcron
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 10 00:10:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Brad Huntting
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
>Environment:
System: FreeBSD pernicious.glarp.com 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Apr 20 00:14:39 MDT 2006 root at pernicious.glarp.com:/usr/src/sys/i386/compile/PERNICIOUS i386


>Description:
	This update fixes the problems detailed in http://www.freebsd.org/cgi/query-pr.cgi?pr=96918
	and http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/96552

	Specifically:

		The port now installs the pam files directly (in /etc/pam.d,
		unless they already exist) rather than just leaving them
		in the examples directory.  There seems to be no real
		security advantage to not installing the pam files since
		they are required for fcron and fcrontab to operate, and
		root privs are required to install fcron to begin with.

		The sockaddr.sa_len was not set prior to calls to
		bind() and connect().  The upshot begin that fcrondyn
		was unable to open the socket to communicate with
		fcron.

>How-To-Repeat:
	See
	http://www.freebsd.org/cgi/query-pr.cgi?pr=96918
	http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/96552

>Fix:


diff -Nru /usr/ports/sysutils/fcron/Makefile fcron/Makefile
--- /usr/ports/sysutils/fcron/Makefile	Fri Feb 10 02:51:04 2006
+++ fcron/Makefile	Tue May  9 17:18:12 2006
@@ -8,6 +8,7 @@
 
 PORTNAME=	fcron
 PORTVERSION=	3.0.1
+PORTREVISION=	1
 CATEGORIES=	sysutils
 MASTER_SITES=	${MASTER_SITE_SUNSITE} \
 		http://fcron.free.fr/archives/ \
@@ -20,10 +21,11 @@
 
 GNU_CONFIGURE=	yes
 USE_GMAKE=	yes
+USE_AUTOTOOLS=	autoconf:259
 USE_PERL5_BUILD=yes
 CONFIGURE_ARGS=	--with-etcdir=${PREFIX}/etc --with-cflags="${CFLAGS}" \
 		--with-rootname=root --with-rootgroup=wheel \
-		--with-docdir=${DOCSDIR}
+		--with-docdir=${DOCSDIR} --with-debug
 
 WRKSRC=		${WRKDIR}/fcron-${PORTVERSION}
 
@@ -34,6 +36,9 @@
 MAN5=		fcron.conf.5 fcrontab.5
 MAN8=		fcron.8
 
+PAMDIR?=	/etc/pam.d
+PLIST_SUB+=	PAMDIR=${PAMDIR}
+
 PORTDOCS=	*
 
 .if defined(MANLANG) && exists(${WRKSRC}/doc/${MANLANG})
@@ -55,6 +60,8 @@
 .endfor
 	${MKDIR} ${EXAMPLESDIR}
 	${INSTALL_DATA} ${FILESDIR}/fcrontab-* ${WRKSRC}/files/*.pam ${EXAMPLESDIR}
+	[ -f ${PAMDIR}/fcron ] || ${INSTALL_DATA} ${WRKSRC}/files/fcron.pam ${PAMDIR}/fcron
+	[ -f ${PAMDIR}/fcrontab ] || ${INSTALL_DATA} ${WRKSRC}/files/fcrontab.pam ${PAMDIR}/fcrontab
 .for n in 1 5 8
 	${INSTALL_MAN} ${MAN${n}:S|^|${DOCSRC}/man/|} ${PREFIX}/man/man${n}
 .endfor
diff -Nru /usr/ports/sysutils/fcron/files/patch-config.h.in fcron/files/patch-config.h.in
--- /usr/ports/sysutils/fcron/files/patch-config.h.in	Wed Dec 31 17:00:00 1969
+++ fcron/files/patch-config.h.in	Tue May  9 17:15:42 2006
@@ -0,0 +1,8 @@
+--- config.h.in.orig	Mon Feb  6 14:44:52 2006
++++ config.h.in	Tue May  9 17:15:19 2006
+@@ -424,3 +424,5 @@
+ #define O_SYNC O_FSYNC
+ #endif
+ 
++/* Define if (struct sockaddr) has an sa_len field.  */
++#undef HAVE_SA_LEN
diff -Nru /usr/ports/sysutils/fcron/files/patch-configure.in fcron/files/patch-configure.in
--- /usr/ports/sysutils/fcron/files/patch-configure.in	Wed Dec 31 17:00:00 1969
+++ fcron/files/patch-configure.in	Tue May  9 17:04:47 2006
@@ -0,0 +1,20 @@
+--- configure.in.orig	Mon Jan  9 17:21:24 2006
++++ configure.in	Tue May  9 17:04:30 2006
+@@ -57,6 +57,17 @@
+ AC_STRUCT_TM
+ AC_TYPE_UID_T
+ 
++dnl Check for post-Reno style struct sockaddr
++AC_CACHE_CHECK([for sa_len],
++  ac_cv_sa_len,
++[AC_TRY_COMPILE([#include <sys/types.h>
++#include <sys/socket.h>], [int main(void) {
++ struct sockaddr t;t.sa_len = 0;}],
++  ac_cv_sa_len=yes,ac_cv_sa_len=no)])
++if test $ac_cv_sa_len = yes; then
++  AC_DEFINE(HAVE_SA_LEN)
++fi
++
+ dnl Checks for library functions.
+ AC_PROG_GCC_TRADITIONAL
+ AC_FUNC_MEMCMP
diff -Nru /usr/ports/sysutils/fcron/files/patch-fcrondyn.c fcron/files/patch-fcrondyn.c
--- /usr/ports/sysutils/fcron/files/patch-fcrondyn.c	Wed Dec 31 17:00:00 1969
+++ fcron/files/patch-fcrondyn.c	Tue May  9 15:26:26 2006
@@ -0,0 +1,29 @@
+--- fcrondyn.c.orig	Mon Feb  6 14:44:52 2006
++++ fcrondyn.c	Tue May  9 15:24:22 2006
+@@ -399,17 +399,21 @@
+     int fd = -1;
+     struct sockaddr_un addr;
+     int len = 0;
++    int sa_len;
+ 
+     if ( (fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1 )
+ 	die_e("could not create socket");
+ 
+     addr.sun_family = AF_UNIX;
+-    if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) )
+-	die("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path));
+-    strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path) - 1);
+-    addr.sun_path[sizeof(addr.sun_path)-1] = '\0';
++    if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) - 1 )
++	die("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path) - 1);
++    strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path));
++    sa_len = (addr.sun_path - (char *)&addr) + len;
++#if HAVE_SA_LEN
++    addr.sun_len = sa_len;
++#endif
+ 
+-    if ( connect(fd, (struct sockaddr *) &addr, sizeof(addr.sun_family) + len) < 0 )
++    if ( connect(fd, (struct sockaddr *) &addr, sa_len) < 0 )
+ 	die_e("Cannot connect() to fcron (check if fcron is running)");
+ 
+     if ( authenticate_user(fd) == ERR ) {
diff -Nru /usr/ports/sysutils/fcron/files/patch-socket.c fcron/files/patch-socket.c
--- /usr/ports/sysutils/fcron/files/patch-socket.c	Wed Dec 31 17:00:00 1969
+++ fcron/files/patch-socket.c	Tue May  9 16:33:41 2006
@@ -0,0 +1,34 @@
+--- socket.c.orig	Mon Feb  6 14:44:52 2006
++++ socket.c	Tue May  9 16:33:19 2006
+@@ -134,6 +134,7 @@
+ {
+     struct sockaddr_un addr;
+     int len = 0;
++    int sa_len;
+ 
+     /* used in fcron.c:main_loop():select() */
+     FD_ZERO(&read_set);
+@@ -145,15 +146,19 @@
+     }
+ 
+     addr.sun_family = AF_UNIX;
+-    if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) ) {
+-	error("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path));
++    if ( (len = strlen(fifofile)) > sizeof(addr.sun_path) - 1) {
++	error("Error : fifo file path too long (max is %d)", sizeof(addr.sun_path) - 1);
+ 	goto err;
+     }
+-    strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path) - 1);
++    strncpy(addr.sun_path, fifofile, sizeof(addr.sun_path));
+     addr.sun_path[sizeof(addr.sun_path) -1 ] = '\0';
++    sa_len = (addr.sun_path - (char *)&addr) + len;
++#if HAVE_SA_LEN
++    addr.sun_len = sa_len;
++#endif
+ 
+     unlink(fifofile);
+-    if (bind(listen_fd, (struct sockaddr*) &addr, sizeof(addr.sun_family)+len+1) != 0){
++    if (bind(listen_fd, (struct sockaddr*) &addr, sa_len) != 0){
+ 	error_e("Cannot bind socket to '%s'", fifofile);
+ 	goto err;
+     }
diff -Nru /usr/ports/sysutils/fcron/files/pkg-message.in fcron/files/pkg-message.in
--- /usr/ports/sysutils/fcron/files/pkg-message.in	Fri Feb 10 02:51:04 2006
+++ fcron/files/pkg-message.in	Mon May  8 09:24:35 2006
@@ -5,12 +5,6 @@
 	fcron_enable="YES"
 	cron_enable="NO"
 
-install the pam config files
-
-	mkdir -p %%PREFIX%%/etc/pam.d
-	cp %%EXAMPLESDIR%%/fcron.pam %%PREFIX%%/etc/pam.d/fcron
-	cp %%EXAMPLESDIR%%/fcrontab.pam %%PREFIX%%/etc/pam.d/fcrontab
-
 and move any jobs in /etc/crontab to the root fcrontab(5) file. See:
 
 %%EXAMPLESDIR%%
diff -Nru /usr/ports/sysutils/fcron/pkg-plist fcron/pkg-plist
--- /usr/ports/sysutils/fcron/pkg-plist	Fri Feb 10 02:51:04 2006
+++ fcron/pkg-plist	Tue May  9 16:54:49 2006
@@ -5,8 +5,8 @@
 etc/fcron.conf.dist
 etc/fcron.deny.dist
 sbin/fcron
-%%EXAMPLESDIR%%/fcron.pam
+%%PAMDIR%%/fcron
+%%PAMDIR%%/fcrontab
 %%EXAMPLESDIR%%/fcrontab-operator
 %%EXAMPLESDIR%%/fcrontab-root
-%%EXAMPLESDIR%%/fcrontab.pam
 @dirrm %%EXAMPLESDIR%%
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list