xtrlock: add support for systems using a shadow file.

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: xtrlock: add support for systems using a shadow file.
From: Paolo Vincenzo Olivo <vms%retrobsd.ddns.net@localhost>
Date: Sat, 29 Oct 2022 08:12:01 +0000

Module Name:	pkgsrc-wip
Committed By:	Paolo Vincenzo Olivo <vms%retrobsd.ddns.net@localhost>
Pushed By:	vms
Date:		Sat Oct 29 10:12:01 2022 +0200
Changeset:	096da1fe81c08580facf55d1bf74f60b6d351aa8

Modified Files:
	xtrlock/Makefile
Added Files:
	xtrlock/MESSAGE

Log Message:
xtrlock: add support for systems using a shadow file.

This adds support for Linux, SunOS, HP-UX and other systems relying on
/etc/shadow to store the password database, by including shadow.h and
using getspnam() instead of getpwnam().

If a `shadow' group is present, the xtrlock binary is installed sgid
"shadow". The group name can be changed to whatever group grants read
permissions to the password file, by explicitly setting the SHADOWGRP
variable.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=096da1fe81c08580facf55d1bf74f60b6d351aa8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 xtrlock/MESSAGE  | 13 +++++++++++++
 xtrlock/Makefile | 18 +++++++++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

diffs:
diff --git a/xtrlock/MESSAGE b/xtrlock/MESSAGE
new file mode 100644
index 0000000000..d7841bea70
--- /dev/null
+++ b/xtrlock/MESSAGE
@@ -0,0 +1,13 @@
+===========================================================================
+$NetBSD$
+
+By default, xtrlock(1) is installed suid root, this is required to inspect
+the user database when locking the screen.
+
+On systems relying on a special group to grant read permission to the
+password file (by default `shadow'), xtrlock is installed sgid shadow.
+Define SHADOWGRP if you want to change this behaviour.
+
+Privileges are dropped at startup and are reacquired only upon unlocking.
+
+===========================================================================
diff --git a/xtrlock/Makefile b/xtrlock/Makefile
index 33bb594ed7..40f8bad6f7 100644
--- a/xtrlock/Makefile
+++ b/xtrlock/Makefile
@@ -13,14 +13,26 @@ LICENSE=	gnu-gpl-v3
 
 USE_IMAKE=	yes
 
-MAKE_FLAGS+=	CCOPTIONS=${CFLAGS:Q}
-MAKE_FLAGS+=	LOCAL_LDFLAGS=${LDFLAGS:Q}
+.if exists(/etc/shadow)
+MAKE_FLAGS+=		CCOPTIONS="-DSHADOW_PWD ${CFLAGS}"
+.else
+MAKE_FLAGS+=		CCOPTIONS=${CFLAGS:Q}
+SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${BINGRP} 4555
+.endif
+MAKE_FLAGS+=		LOCAL_LDFLAGS=${LDFLAGS:Q}
 
-INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1
+SHADOWGRP?=		shadow
+CHECK_SHADOWGRP:=	${GREP} ${SHADOWGRP} /etc/group
 
+.if !empty(CHECK_SHADOWGRP)
+SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${SHADOWGRP} 2555
+.else
 SETUID_ROOT_PERMS?=	${REAL_ROOT_USER} ${BINGRP} 4555
+.endif
 SPECIAL_PERMS+=		bin/xtrlock ${SETUID_ROOT_PERMS}
 
+INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1
+
 do-build:
 	cd ${WRKSRC} && ${SETENV} ${MAKE_ENV}								\
 	${MAKE_PROGRAM} ${MAKE_FLAGS} xtrlock

Prev by Date: xss-lock: enable tool dependency on docutils.
Next by Date: xtrlock: removing TODO - The package has been succesfully built and tested on NetBSD, SunOS and Linux. A user reported it's working on OpenBSD too.
Previous by Thread: xss-lock: enable tool dependency on docutils.
Next by Thread: xtrlock: removing TODO - The package has been succesfully built and tested on NetBSD, SunOS and Linux. A user reported it's working on OpenBSD too.
Indexes:

Home | Main Index | Thread Index | Old Index