Accepting request 33253 from Base:System

Copy from Base:System/openssh based on submit request 33253 from user anicka OBS-URL: https://build.opensuse.org/request/show/33253 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=35
2010-02-25 13:23:54 +00:00 · 2010-02-25 13:23:54 +00:00 · 4b71b83bf7
commit 4b71b83bf7
parent a8b412a80b
4 changed files with 58 additions and 12 deletions
--- a/openssh-5.2p1-audit.patch
+++ b/openssh-5.2p1-audit.patch
@ -101,7 +101,7 @@
 #ifdef HAVE_UTIL_H
 # include <util.h>
 #endif
-@@ -202,6 +206,9 @@
+@@ -202,6 +206,9 @@ int utmp_write_entry(struct logininfo *l
 int utmpx_write_entry(struct logininfo *li);
 int wtmp_write_entry(struct logininfo *li);
 int wtmpx_write_entry(struct logininfo *li);
@ -111,7 +111,7 @@
 int lastlog_write_entry(struct logininfo *li);
 int syslogin_write_entry(struct logininfo *li);
 
-@@ -440,6 +447,10 @@
+@@ -440,6 +447,10 @@ login_write(struct logininfo *li)
 
 	/* set the timestamp */
 	login_set_current_time(li);
@ -122,16 +122,49 @@
 #ifdef USE_LOGIN
 	syslogin_write_entry(li);
 #endif
-@@ -1394,6 +1405,51 @@
+@@ -1394,6 +1405,87 @@ wtmpx_get_entry(struct logininfo *li)
 }
 #endif /* USE_WTMPX */
 
 +#ifdef HAVE_LINUX_AUDIT
+static void
+_audit_hexscape(const char *what, char *where, unsigned int size)
+{
+	const char *ptr = what;
+	const char *hex = "0123456789ABCDEF";
+
+	while (*ptr) {
+		if (*ptr == '"' || *ptr < 0x21 || *ptr > 0x7E) {
+			unsigned int i;
+			ptr = what;
+			for (i = 0; *ptr && i+2 < size; i += 2) {
+				where[i] = hex[((unsigned)*ptr & 0xF0)>>4]; /* Upper nibble */
+				where[i+1] = hex[(unsigned)*ptr & 0x0F];   /* Lower nibble */
+				ptr++;
+			}
+			where[i] = '\0';
+			return;
+		}
+		ptr++;
+	}
+	where[0] = '"';
+	if ((unsigned)(ptr - what) < size - 3)
+	{
+		size = ptr - what + 3;
+	}
+	strncpy(where + 1, what, size - 3);
+	where[size-2] = '"';
+	where[size-1] = '\0';
+}
+
+#define AUDIT_LOG_SIZE 128
+#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8)
+
 +int
 +linux_audit_record_event(int uid, const char *username,
 +	const char *hostname, const char *ip, const char *ttyn, int success)
 +{
-+	char buf[64];
+	char buf[AUDIT_LOG_SIZE];
 +	int audit_fd, rc;
 +
 +	audit_fd = audit_open();
@ -144,8 +177,11 @@
 +	}
 +	if (username == NULL)
 +		snprintf(buf, sizeof(buf), "uid=%d", uid);
-+	else
-+		snprintf(buf, sizeof(buf), "acct=%s", username);
+	else {
+		char encoded[AUDIT_ACCT_SIZE];
+		_audit_hexscape(username, encoded, sizeof(encoded));
+		snprintf(buf, sizeof(buf), "acct=%s", encoded);
+	}
 +	rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
 +		buf, hostname, ip, ttyn, success);
 +	close(audit_fd);
--- a/openssh-askpass-gnome.spec
+++ b/openssh-askpass-gnome.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openssh-askpass-gnome (Version 5.2p1)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -23,7 +23,7 @@ BuildRequires:  gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-dev
 License:        BSD3c(or similar)
 Group:          Productivity/Networking/SSH
 Version:        5.2p1
-Release:        9
+Release:        10
 Requires:       openssh = %{version} openssh-askpass = %{version}
 AutoReqProv:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Feb 23 15:45:06 CET 2010 - anicka@suse.cz
+
+- audit patch: add fix for bnc#545271 
+
+-------------------------------------------------------------------
+Mon Feb 22 17:15:22 CET 2010 - anicka@suse.cz
+
+- do not fix uid/gid anymore (bnc#536564) 
+
 -------------------------------------------------------------------
 Tue Dec 15 11:04:00 CET 2009 - jengelh@medozas.de

--- a/openssh.spec
+++ b/openssh.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openssh (Version 5.2p1)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -36,7 +36,7 @@ PreReq:         /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq  %fillup_pr
 Conflicts:      nonfreessh
 AutoReqProv:    on
 Version:        5.2p1
-Release:        9
+Release:        10
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
 Url:            http://www.openssh.com/
@ -244,8 +244,8 @@ mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir}
 install -m 644 %{S:9} $RPM_BUILD_ROOT/%{_fwdefdir}/sshd

 %pre
-/usr/sbin/groupadd -g 65 -o -r sshd 2> /dev/null || :
-/usr/sbin/useradd -r -o -g sshd -u 71 -s /bin/false -c "SSH daemon" -d /var/lib/sshd sshd 2> /dev/null || :
+getent group sshd >/dev/null || groupadd -o -r sshd
+getent passwd sshd >/dev/null || useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd

 %post
 %{fillup_and_insserv -n ssh sshd}