summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-auth/tcb/ChangeLog9
-rw-r--r--sys-auth/tcb/files/tcb-gentoo.patch126
-rw-r--r--sys-auth/tcb/tcb-1.0.3-r2.ebuild52
3 files changed, 186 insertions, 1 deletions
diff --git a/sys-auth/tcb/ChangeLog b/sys-auth/tcb/ChangeLog
index 87b1e77407b5..9351794bef96 100644
--- a/sys-auth/tcb/ChangeLog
+++ b/sys-auth/tcb/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-auth/tcb
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/ChangeLog,v 1.4 2010/01/12 17:59:48 phajdan.jr Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/ChangeLog,v 1.5 2010/01/17 14:55:16 phajdan.jr Exp $
+
+*tcb-1.0.3-r2 (17 Jan 2010)
+
+ 17 Jan 2010; Pawel Hajdan jr <phajdan.jr@gentoo.org> +tcb-1.0.3-r2.ebuild,
+ +files/tcb-gentoo.patch:
+ Drop dependency on libxcrypt, provide better upgrade path by supporting
+ hash functions present in unpatched glibc.
*tcb-1.0.3-r1 (12 Jan 2010)
diff --git a/sys-auth/tcb/files/tcb-gentoo.patch b/sys-auth/tcb/files/tcb-gentoo.patch
new file mode 100644
index 000000000000..ee681854f784
--- /dev/null
+++ b/sys-auth/tcb/files/tcb-gentoo.patch
@@ -0,0 +1,126 @@
+--- pam_tcb/support.c.orig 2010-01-17 12:22:29.000000000 +0100
++++ pam_tcb/support.c 2010-01-17 15:47:38.000000000 +0100
+@@ -466,6 +466,39 @@
+ return retval;
+ }
+
++static char i64c(int i)
++{
++ if (i < 0)
++ return '.';
++ if (i > 63)
++ return 'z';
++
++ if (i == 0)
++ return '.';
++ if (i == 1)
++ return '/';
++ if (i >= 2 && i <= 11)
++ return ('0' - 2 + i);
++ if (i >= 12 && i <= 37)
++ return ('A' - 12 + i);
++ if (i >= 38 && i <= 63)
++ return ('a' - 38 + i);
++
++ return '\0';
++}
++
++static char *make_salt(const char *prefix, const char *entropy,
++ int entropy_size)
++{
++ char salt[64];
++ char *sp = stpcpy(salt, prefix);
++ int i;
++ for (i = 0; i < entropy_size / 2; i++)
++ *sp++ = i64c(entropy[i] & 077);
++ *sp = '\0';
++ return strdup(salt);
++}
++
+ static int check_crypt(pam_handle_t *pamh, const char *pass,
+ const char *stored_hash)
+ {
+@@ -481,11 +514,11 @@
+
+ /* This exists because of timing attacks. */
+ memset(input, 0x55, sizeof(input));
+- fake_salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix,
+- pam_unix_param.count, input, sizeof(input));
++ fake_salt = make_salt(pam_unix_param.crypt_prefix,
++ input, sizeof(input));
+
+ if (!fake_salt) {
+- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m");
++ pam_syslog(pamh, LOG_CRIT, "make_salt: %m");
+ return PAM_BUF_ERR;
+ }
+
+@@ -816,22 +849,21 @@
+ return PAM_SUCCESS;
+ }
+
+-static char *crypt_wrapper_ra(pam_handle_t *pamh, const char *key,
++static char *crypt_wrapper_r(pam_handle_t *pamh, const char *key,
+ const char *salt)
+ {
+- char *retval;
+- void *data = NULL;
+- int size = 0;
++ char *retval = NULL;
++ struct crypt_data *cdata = malloc(sizeof(*cdata));
+
+- retval = crypt_ra(key, salt, &data, &size);
+- if (retval)
+- retval = strdup(retval); /* we return NULL if strdup fails */
+- else
+- pam_syslog(pamh, LOG_CRIT, "crypt_ra: %m");
+- if (data) {
+- memset(data, 0, size);
+- free(data);
++ if (cdata != NULL) {
++ cdata->initialized = 0;
++ retval = strdup(crypt_r(key, salt, cdata));
++ if (!retval)
++ pam_syslog(pamh, LOG_CRIT, "crypt_r: %m");
++ memset(cdata, '\0', sizeof(*cdata));
++ free(cdata);
+ }
++
+ return retval;
+ }
+
+@@ -841,7 +873,7 @@
+ char *retval;
+
+ if (off(UNIX_PLAIN_CRYPT))
+- return crypt_wrapper_ra(pamh, key, salt);
++ return crypt_wrapper_r(pamh, key, salt);
+
+ errno = 0;
+ retval = crypt(key, salt);
+@@ -873,13 +905,13 @@
+ }
+ close(fd);
+
+- salt = crypt_gensalt_ra(pam_unix_param.crypt_prefix,
+- pam_unix_param.count, entropy, sizeof(entropy));
++ salt = make_salt(pam_unix_param.crypt_prefix,
++ entropy, sizeof(entropy));
+
+ memset(entropy, 0, sizeof(entropy));
+
+ if (!salt) {
+- pam_syslog(pamh, LOG_CRIT, "crypt_gensalt_ra: %m");
++ pam_syslog(pamh, LOG_CRIT, "make_salt: %m");
+ return NULL;
+ }
+
+@@ -1019,7 +1051,7 @@
+ if (!parse_opt(pamh, *argv, the_cmdline_opts))
+ return 0;
+ param = get_optval("prefix=", the_cmdline_opts);
+- pam_unix_param.crypt_prefix = param ?: "$2a$";
++ pam_unix_param.crypt_prefix = param ?: "$6$";
+
+ param = get_optval("helper=", the_cmdline_opts);
+ pam_unix_param.helper = param ?: CHKPWD_HELPER;
diff --git a/sys-auth/tcb/tcb-1.0.3-r2.ebuild b/sys-auth/tcb/tcb-1.0.3-r2.ebuild
new file mode 100644
index 000000000000..fab566c5e830
--- /dev/null
+++ b/sys-auth/tcb/tcb-1.0.3-r2.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/tcb/tcb-1.0.3-r2.ebuild,v 1.1 2010/01/17 14:55:16 phajdan.jr Exp $
+
+inherit eutils multilib
+
+DESCRIPTION="Libraries and tools implementing the tcb password shadowing scheme"
+HOMEPAGE="http://www.openwall.com/tcb/"
+SRC_URI="ftp://ftp.openwall.com/pub/projects/tcb/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="pam"
+
+DEPEND="pam? ( >=sys-libs/pam-0.75 )"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ for group in auth chkpwd shadow ; do
+ enewgroup ${group}
+ done
+
+ mymakeopts="
+ SLIBDIR=/$(get_libdir)
+ LIBDIR=/usr/$(get_libdir)
+ MANDIR=/usr/share/man
+ DESTDIR='${D}'"
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}"/${PN}-1.0.2-build.patch
+ epatch "${FILESDIR}"/${PN}-gentoo.patch
+ use pam || sed -i '/pam/d' Makefile
+}
+
+src_compile() {
+ emake $mymakeopts || die "emake failed"
+}
+
+src_install() {
+ emake $mymakeopts install || die "emake install failed"
+ dodoc ChangeLog
+}
+
+pkg_postinst() {
+ einfo "You must now run /sbin/tcb_convert to convert your shadow to tcb"
+ einfo "To remove this you must first run /sbin/tcp_unconvert and then unmerge"
+}