stamp-h.in
sun
test
+deb-build
+deb-nonet
## Process this file with `automake' to generate `Makefile.in'
## -*-makefile-*-
##
-## $Id: Makefile.am,v 1.3 1998/01/12 16:45:19 mdw Exp $
+## $Id: Makefile.am,v 1.4 2003/11/29 23:39:16 mdw Exp $
##
## Makefile for `become'
##
##----- Revision history ----------------------------------------------------
##
## $Log: Makefile.am,v $
+## Revision 1.4 2003/11/29 23:39:16 mdw
+## Debianization.
+##
## Revision 1.3 1998/01/12 16:45:19 mdw
## Fix copyright date.
##
AUTOMAKE_OPTIONS = foreign
SUBDIRS = src manual conf
+EXTRA_DIST = debian/rules debian/copyright debian/control debian/changelog
+
##----- That's all, folks ---------------------------------------------------
/* -*-c-*-
*
- * $Id: acconfig.h,v 1.10 2003/10/12 00:14:44 mdw Exp $
+ * $Id: acconfig.h,v 1.11 2003/11/29 23:39:16 mdw Exp $
*
* Default settings for `become' config.h
*
/*----- Revision history --------------------------------------------------*
*
* $Log: acconfig.h,v $
+ * Revision 1.11 2003/11/29 23:39:16 mdw
+ * Debianization.
+ *
* Revision 1.10 2003/10/12 00:14:44 mdw
* Major overhaul. Now uses DSA signatures rather than the bogus symmetric
* encrypt-and-hope thing. Integrated with mLib and Catacomb.
/* The `etcdir' contains configuration and state information. */
#define ETCDIR "/etc/become"
+/* The `pidfile' is where Become puts its process id if it runs as a
+ * daemon. */
+#define file_PID "/etc/become/become.pid"
+
/* Default login style can be `l_preserve', `l_setuser' or `l_login'. */
#define DEFAULT_LOGIN_STYLE l_preserve
#define file_KEY ETCDIR "/become.key"
#define file_PUBKEY ETCDIR "/become.pubkey"
-#define file_PID ETCDIR "/become.pid"
#define file_RULES ETCDIR "/become.conf"
#define file_SERVER ETCDIR "/become.server"
## Process this file with `automake' to generate `Makefile.in'
## -*-makefile-*-
##
-## $Id: Makefile.am,v 1.4 1999/05/04 16:18:39 mdw Exp $
+## $Id: Makefile.am,v 1.5 2003/11/29 23:39:16 mdw Exp $
##
## Makefile for `become'
##
##----- Revision history ----------------------------------------------------
##
## $Log: Makefile.am,v $
+## Revision 1.5 2003/11/29 23:39:16 mdw
+## Debianization.
+##
## Revision 1.4 1999/05/04 16:18:39 mdw
## Make sure the sample configuration gets distributed. (Automake changed
## behaviour here.)
EXTRA_DIST = become.conf
install-data-local: become.conf
- $(mkinstalldirs) $(etcdir)
- if test -r $(etcdir)/become.conf; then \
+ $(mkinstalldirs) $(DESTDIR)$(etcdir)
+ if test -r $(DESTDIR)$(etcdir)/become.conf; then \
echo ">>>>>"; \
echo ">>>>> become.conf NOT installed"; \
echo ">>>>>"; \
else \
- $(INSTALL_DATA) $(srcdir)/become.conf $(etcdir)/become.conf; \
+ $(INSTALL_DATA) $(srcdir)/become.conf \
+ $(DESTDIR)$(etcdir)/become.conf; \
fi
uninstall-local:
- if cmp -s $(srcdir)/become.conf $(etcdir)/become.conf; then \
- rm -f $(etcdir)/become.conf; \
+ if cmp -s $(srcdir)/become.conf $(DESTDIR)$(etcdir)/become.conf; then \
+ rm -f $(DESTDIR)$(etcdir)/become.conf; \
else \
echo ">>>>>"; \
echo ">>>>> $(etcdir)/become.conf NOT uninstalled."; \
-dnl -*-fundamental-*-
+dnl -*-m4-*-
dnl
-dnl $Id: configure.in,v 1.19 2003/10/12 00:14:44 mdw Exp $
+dnl $Id: configure.in,v 1.20 2003/11/29 23:39:16 mdw Exp $
dnl
dnl Source for auto configuration for `become'
dnl
dnl----- Revision history ---------------------------------------------------
dnl
dnl $Log: configure.in,v $
+dnl Revision 1.20 2003/11/29 23:39:16 mdw
+dnl Debianization.
+dnl
dnl Revision 1.19 2003/10/12 00:14:44 mdw
dnl Major overhaul. Now uses DSA signatures rather than the bogus symmetric
dnl encrypt-and-hope thing. Integrated with mLib and Catacomb.
[default is /etc/become]],
[etcdir="$withval"], [etcdir="/etc/become"])
AC_SUBST(etcdir)
-AC_DEFINE_UNQUOTED(ETCDIR, "$etcdir")
+
+AC_ARG_WITH([pidfile],
+[ --with-pidfile=PATH set filename for pidfile
+ [default is ETCDIR/become/pid]],
+[pidfile="$withval"], [pidfile="${etcdir}/become.pid"])
+AC_SUBST(pidfile)
AC_ARG_WITH([htmldir],
[ --with-htmldir=PATH set directory for HTML documentation
[htmldir="$withval"], [htmldir='${prefix}/html/become'])
AC_SUBST(htmldir)
+mdw_DEFINE_PATHS([
+ mdw_DEFINE_PATH([ETCDIR], [$etcdir])
+ mdw_DEFINE_PATH([file_PID], [$pidfile])
+])
+
dnl --- Debugging stuff ---
mdw_OPT_EFENCE
--- /dev/null
+files tmp substvars *.substvars *.debhelper
+become become-doc become-nonet
--- /dev/null
+Document: become-manual
+Title: Become
+Author: Mark Wooding
+Abstract:
+ Become is a system for managing shared accounts. It allows users to
+ `become' other users in order to do useful work. It can be managed on a
+ central server (or a small number of central servers), or it can run
+ standalone.
+Section: Admin
+
+Format: HTML
+Index: /usr/share/doc/become/html/become_toc.html
+Files: /usr/share/doc/become/html/become_*.html
--- /dev/null
+#! /bin/sh -e
+. /usr/share/debconf/confmodule
+db_version 2
+
+if test -f /etc/default/become; then
+ . /etc/default/become
+ db_set become/run-daemon $START
+fi
+
+if test -f /etc/become/become.server; then
+ db_set become/servers $(sed -n \
+ 'H; $!d; g; s/[[:space:]]\+/ /g; s/ \?: \?/:/g; s/^ //; s/ $//; p' \
+ /etc/become/become.server)
+fi
+
+db_input medium become/run-daemon || true
+db_input medium become/servers || true
+db_go || true
--- /dev/null
+#! /bin/sh
+#
+# skeleton example file to build /etc/init.d/ scripts.
+# This file should be used to construct scripts for /etc/init.d.
+#
+# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+# Modified for Debian GNU/Linux
+# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#
+# Version: @(#)skeleton 1.9.1 08-Apr-2002 miquels@cistron.nl
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/become
+NAME=become
+DESC="Become authentication server"
+
+test -x $DAEMON || exit 0
+START=false
+test -f /etc/default/$NAME && . /etc/default/$NAME
+if test "$START" != true; then
+ echo "Not starting $DESC -- disabled in /etc/default/$NAME."
+ exit 0
+fi
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: $NAME"
+ start-stop-daemon --start --quiet --pidfile /var/run/become.pid \
+ --exec $DAEMON -- --daemon
+ echo "."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: $NAME"
+ start-stop-daemon --stop --oknodo --quiet \
+ --pidfile /var/run/become.pid --exec $DAEMON
+ echo "."
+ ;;
+ reload|force-reload)
+ echo -n "Reloading $DESC configuration..."
+ start-stop-daemon --stop --signal 1 --quiet --pidfile \
+ /var/run/become.pid --exec $DAEMON
+ echo "done."
+ ;;
+ restart)
+ echo -n "Restarting $DESC: $NAME"
+ start-stop-daemon --stop --quiet --pidfile \
+ /var/run/become.pid --exec $DAEMON
+ sleep 1
+ start-stop-daemon --start --quiet --pidfile \
+ /var/run/become.pid --exec $DAEMON -- --daemon
+ echo "."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#! /bin/sh -e
+. /usr/share/debconf/confmodule
+db_version 2
+
+db_get become/run-daemon; run=$RET
+db_get become/servers; servers=$RET
+db_stop
+
+cat >/etc/default/become.new <<EOF
+## This file is read by /etc/init.d/become
+
+# Set START to \`true' if you want to start the daemon.
+START=$run
+EOF
+mv /etc/default/become.new /etc/default/become
+
+case $run in
+ true)
+ if [ ! -f /etc/become/become.key ]; then
+ echo "You don't seem to have a server key yet. Generating one..."
+ key -k/etc/become/become.key add -adsa -eforever become-dsa
+ key -k/etc/become/become.key \
+ extract -f-secret /etc/become/become.pubkey become-dsa
+ echo "OK. The public half is in /etc/become/become.pubkey."
+ fi
+ ;;
+esac
+
+case "$servers" in
+ STANDALONE)
+ rm -f /etc/become/become.server
+ ;;
+ *)
+ set -- $servers
+ for i in "$@"; do echo $i; done >/etc/become/become.server.new
+ mv /etc/become/become.server.new /etc/become/become.server
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
+#! /bin/sh
+
+set -e
+if test "$1" = purge; then
+ rm -f /etc/default/become
+ rm -f /etc/become/become.key
+ rm -f /etc/become/become.pubkey
+ rm -f /etc/become/become.key.old
+ rm -f /etc/become/become.pubkey.old
+ rm -f /etc/become/become.server
+ rm -f /etc/become/become.conf
+fi
+
+#DEBHELPER#
--- /dev/null
+Template: become/run-daemon
+Type: boolean
+Default: false
+Description: Run a become server?
+ If you say `yes' here, I'll start a Become server. Client machines don't
+ want this, so `no' is usually the right answer.
+
+Template: become/servers
+Type: string
+Default:
+Description: List of server names and ports
+ Type a list of SERVER names or SERVER:PORT pairs, separated by spaces,
+ one for each Become server you've set up or will install. The default
+ port is 35523.
+ .
+ As a special case, if you say `STANDALONE', I'll remove the `become.server'
+ file, and `become' will read its local rules file rather than querying a
+ server.
--- /dev/null
+become (1.4.0) experimental; urgency=low
+
+ * Debianization!
+
+ -- Mark Wooding <mdw@nsict.org> Tue, 11 Nov 2003 13:54:54 +0000
--- /dev/null
+Source: become
+Section: admin
+Priority: extra
+Maintainer: Mark Wooding <mdw@nsict.org>
+Build-Depends: mlib (>= 2.0.2), catacomb (>= 2.0.1)
+Standards-Version: 3.1.1
+
+Package: become
+Architecture: any
+Depends: ${shlibs:Depends}, catacomb-bin
+Conflicts: become-nonet
+Suggests: become-doc
+Description: Controlled access to shared accounts
+ Become is a setuid-root program which allows users to `become' other
+ users -- typically shared accounts -- under the control of a configuration
+ file.
+ .
+ This is the client-server version. Clients will ask a server for
+ permission. The network protocol is authenticated using digitial
+ signatures, so the network needn't be trusted.
+
+Package: become-nonet
+Architecture: any
+Depends: ${shlibs:Depends}
+Provides: become
+Suggests: become-doc
+Conflicts: become
+Description: Controlled access to shared accounts
+ Become is a setuid-root program which allows users to `become' other
+ users -- typically shared accounts -- under the control of a configuration
+ file.
+ .
+ This is the standalone version. The program reads a locally-installed
+ configuration file to decide which users are authorized.
+
+Package: become-doc
+Architecture: all
+Description: Controlled access to shared accounts
+ Become is a setuid-root program which allows users to `become' other
+ users -- typically shared accounts -- under the control of a configuration
+ file.
+ .
+ This package contains the HTML and Info documentation for Become.
\ No newline at end of file
--- /dev/null
+become is copyright (c) 2003 EBI
+
+become is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+become is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have a copy of the GNU General Public License in
+/usr/share/common-licenses/GPL; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+USA.
--- /dev/null
+#! /usr/bin/make -f
+
+export DH_COMPAT = 4
+
+build:
+ rm -rf build deb-build deb-nonet
+ mkdir deb-build deb-nonet
+ cd deb-build; ../configure \
+ --prefix=/usr --infodir=/usr/share/info \
+ --with-pidfile=/var/run/become.pid \
+ --with-htmldir=/usr/share/doc/become/html
+ make -C deb-build
+ cd deb-nonet; ../configure \
+ --prefix=/usr --infodir=/usr/share/info \
+ --with-htmldir=/usr/share/doc/become/html \
+ --disable-network
+ make -C deb-nonet
+ touch build
+
+clean:
+ dh_clean
+ rm -rf deb-build deb-nonet build
+
+install: build
+ dh_clean
+ make -C deb-build install DESTDIR=`pwd`/debian/become
+ make -C deb-nonet install DESTDIR=`pwd`/debian/become-nonet
+ mkdir -p debian/become-doc/usr/share/doc/become
+ mv debian/become/usr/share/doc/become/html \
+ debian/become-doc/usr/share/doc/become
+ mv debian/become/usr/share/info debian/become-doc/usr/share/info
+ rm -rf debian/become-nonet/usr/share/doc/become/html
+ rm -rf debian/become-nonet/usr/share/info
+
+binary-indep:
+ dh_testdir -i
+ dh_testroot -i
+ dh_installinfo -i manual/become.info
+ dh_compress -i
+ dh_installdocs -i
+ dh_gencontrol -i
+ dh_fixperms -i
+ dh_installdeb -i
+ dh_md5sums -i
+ dh_builddeb -i
+
+binary-arch:
+ dh_testdir -a
+ dh_testroot -a
+ dh_compress -a
+ dh_installdocs -a
+ dh_installdebconf -a
+ dh_strip -a
+ dh_shlibdeps -a
+ dh_installinit -a
+ dh_gencontrol -a
+ dh_fixperms -a -X usr/bin/become
+ dh_installdeb -a
+ dh_md5sums -a
+ dh_builddeb -a
+
+binary: install binary-indep binary-arch
+
+source:
+ rm -rf deb-build/*.tar.gz deb-build/=deb=
+ make -C deb-build dist
+ mkdir deb-build/=deb=
+ cd deb-build/=deb=; tar xvfz ../*.tar.gz
+ d=`pwd`; cd ..; dpkg-source -i -b $$d/deb-build/=deb=/*
+ rm -rf deb-build/=deb=
+
+.PHONY: binary binary-arch binary-indep clean install source
## Process this file with `automake' to generate `Makefile.in'
## -*-makefile-*-
##
-## $Id: Makefile.am,v 1.8 1999/05/04 16:24:42 mdw Exp $
+## $Id: Makefile.am,v 1.9 2003/11/29 23:39:16 mdw Exp $
##
## Makefile for `become'
##
##----- Revision history ----------------------------------------------------
##
## $Log: Makefile.am,v $
+## Revision 1.9 2003/11/29 23:39:16 mdw
+## Debianization.
+##
## Revision 1.8 1999/05/04 16:24:42 mdw
## Distribute the generated HTML files.
##
echo datestamp >$(srcdir)/stamp-html.in
install-data-local: stamp-html.in
- $(mkinstalldirs) $(htmldir)
+ $(mkinstalldirs) $(DESTDIR)$(htmldir)
for i in $(srcdir)/become_*.html; do \
- $(INSTALL_DATA) $$i $(htmldir); \
+ $(INSTALL_DATA) $$i $(DESTDIR)$(htmldir); \
done
uninstall-local:
\input texinfo @c -*-texinfo-*-
@c
-@c $Id: become.texi,v 1.6 2003/10/26 11:57:46 mdw Exp $
+@c $Id: become.texi,v 1.7 2003/11/29 23:39:16 mdw Exp $
@c
@c Documentation for `become'
@c
@c ----- Revision history ---------------------------------------------------
@c
@c $Log: become.texi,v $
+@c Revision 1.7 2003/11/29 23:39:16 mdw
+@c Debianization.
+@c
@c Revision 1.6 2003/10/26 11:57:46 mdw
@c Fix key reloading core dumps. Change advice on keys.
@c
@end iftex
@c %**end of header
+@dircategory Administration tools
+@direntry
+* Become: (become). Shared account administration tool
+@end direntry
+
@c ----- Useful macros ------------------------------------------------------
-@set version 1.3
+@set version 1.4
@c ----- Copyright matters --------------------------------------------------
/* -*-c-*-
*
- * $Id: bcquery.c,v 1.4 2003/10/12 00:14:55 mdw Exp $
+ * $Id: bcquery.c,v 1.5 2003/11/29 23:39:16 mdw Exp $
*
* Query and dump Become's configuration file
*
/*----- Revision history --------------------------------------------------*
*
* $Log: bcquery.c,v $
+ * Revision 1.5 2003/11/29 23:39:16 mdw
+ * Debianization.
+ *
* Revision 1.4 2003/10/12 00:14:55 mdw
* Major overhaul. Now uses DSA signatures rather than the bogus symmetric
* encrypt-and-hope thing. Integrated with mLib and Catacomb.
static void dumptree(qnode *q, int indent)
{
- if (!q)
+ if (!q) {
printf("<empty> -- magic query which matches everything\n");
+ return;
+ }
again:
printf("%*s", indent * 2, "");
/* -*-c-*-
*
- * $Id: become.c,v 1.24 2003/10/15 09:27:06 mdw Exp $
+ * $Id: become.c,v 1.25 2003/11/29 23:39:16 mdw Exp $
*
* Main code for `become'
*
/*----- Revision history --------------------------------------------------*
*
* $Log: become.c,v $
+ * Revision 1.25 2003/11/29 23:39:16 mdw
+ * Debianization.
+ *
* Revision 1.24 2003/10/15 09:27:06 mdw
* Make sure standard file descriptors are open before starting properly.
*
for (pp = banned; *pp; pp++) {
if (**pp == '-') {
p = *pp + 1;
- if (memcmp(e->_base.name, p, strlen(p)) == 0)
+ if (strncmp(e->_base.name, p, strlen(p)) == 0)
goto expunge;
} else if (strcmp(e->_base.name, *pp) == 0)
goto expunge;
/*----- Revision history --------------------------------------------------*
*
* $Log: become.h,v $
+ * Revision 1.4 2003/11/29 23:39:16 mdw
+ * Debianization.
+ *
* Revision 1.3 1998/04/23 13:21:28 mdw
* Disable trace constants for networking when it's not compiled in.
*
TRACE_DAEMON | TRACE_CHECK )
#define TRACE_ALL 0xFFFFu
+/*----- Other magic constants ---------------------------------------------*/
+
+#define SERVER_PORT 35523 /* Not allocated properly */
+
/*----- Type definitions --------------------------------------------------*/
/* --- Request buffer (plaintext) --- */
/* -*-c-*-
*
- * $Id: check.c,v 1.11 2003/10/12 00:14:55 mdw Exp $
+ * $Id: check.c,v 1.12 2003/11/29 23:39:16 mdw Exp $
*
* Check validity of requests
*
/*----- Revision history --------------------------------------------------*
*
* $Log: check.c,v $
+ * Revision 1.12 2003/11/29 23:39:16 mdw
+ * Debianization.
+ *
* Revision 1.11 2003/10/12 00:14:55 mdw
* Major overhaul. Now uses DSA signatures rather than the bogus symmetric
* encrypt-and-hope thing. Integrated with mLib and Catacomb.
{
struct servent *s = getservbyname(quis(), "udp");
- port = (s ? s->s_port : -1);
+ port = (s ? s->s_port : htons(SERVER_PORT));
}
/* --- Initialise for scanning the file --- */
/* -*-c-*-
*
- * $Id: daemon.c,v 1.15 2003/10/26 11:57:46 mdw Exp $
+ * $Id: daemon.c,v 1.16 2003/11/29 23:39:16 mdw Exp $
*
* Running a `become' daemon
*
/*----- Revision history --------------------------------------------------*
*
* $Log: daemon.c,v $
+ * Revision 1.16 2003/11/29 23:39:16 mdw
+ * Debianization.
+ *
* Revision 1.15 2003/10/26 11:57:46 mdw
* Fix key reloading core dumps. Change advice on keys.
*
/*----- Static variables --------------------------------------------------*/
static int daemon__port = -1; /* No particular port yet */
-static fwatch daemon__cwatch, daemon__kwatch; /* Watching key / config files */
+static fwatch daemon__cwatch, daemon__kwatch; /* Watching key/config files */
static sel_timer daemon__timer; /* Timer for reading */
static sel_state daemon__sel; /* Select context */
static sel_file daemon__listen; /* Listening socket selector */
if (daemon__port == 0) {
struct servent *se = getservbyname(quis(), "udp");
- if (!se)
- die(1, "no idea which port to listen to");
- daemon__port = se->s_port;
+ if (se)
+ daemon__port = se->s_port;
+ else
+ daemon__port = htons(SERVER_PORT);
}
/* --- Now set up a socket --- */
~mdw / become / commitdiff