Date: Fri, 14 Jun 2019 13:50:26 +0000 (UTC) From: Larry Rosenman <ler@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r504192 - in head/sysutils/google-compute-engine-oslogin: . files Message-ID: <201906141350.x5EDoQDf077570@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ler Date: Fri Jun 14 13:50:25 2019 New Revision: 504192 URL: https://svnweb.freebsd.org/changeset/ports/504192 Log: sysutils/google-compute-engine-oslogin: fix OSLogin Larry Rosenman and Glen Barber from the FreeBSD team reported that the OSLogin feature has not been working since the last update I made to sysutils/google-compute-engine-oslogin ports package. I found out that the problem is in some modifications made by upstream in the shell script responsible to activate and deactivate the feature. I prepared the attached patch to fix it. With the patch applied in a FreeBSD 13 instance on GCE I was able to use the OSLogin feature without any problem. I also sent this same patch upstream. PR: 238561 Submitted by: lucas.kanashiro@collabora.com (maintainer) Added: head/sysutils/google-compute-engine-oslogin/files/ head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control (contents, props changed) Modified: head/sysutils/google-compute-engine-oslogin/Makefile Modified: head/sysutils/google-compute-engine-oslogin/Makefile ============================================================================== --- head/sysutils/google-compute-engine-oslogin/Makefile Fri Jun 14 13:32:16 2019 (r504191) +++ head/sysutils/google-compute-engine-oslogin/Makefile Fri Jun 14 13:50:25 2019 (r504192) @@ -2,6 +2,7 @@ PORTNAME= google-compute-engine-oslogin DISTVERSION= 1.5.3 +PORTREVISION= 1 CATEGORIES= sysutils MAINTAINER= lucas.kanashiro@collabora.com Added: head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/google-compute-engine-oslogin/files/patch-bin_google__oslogin__control Fri Jun 14 13:50:25 2019 (r504192) @@ -0,0 +1,103 @@ +--- bin/google_oslogin_control.orig 2019-06-14 12:36:44 UTC ++++ bin/google_oslogin_control +@@ -154,6 +154,7 @@ modify_pam_config() ( + pam_account_oslogin="account optional pam_oslogin_admin.so" + pam_account_admin="account requisite pam_oslogin_login.so" + pam_session_homedir="session optional pam_mkhomedir.so" ++ pam_account_su="account optional pam_oslogin_login.so" + fi + + local added_config="" +@@ -201,6 +202,11 @@ modify_pam_config() ( + # Get location of system-remote-login. + insert=$($sed -rn "/^auth\s+include\s+system-remote-login/=" "$pam_sshd_config") + # TODO: find su_insert point for arch linux. ++ elif is_freebsd; then ++ # Get location of the first auth occurrence. ++ insert=$($sed -rn '/^auth/=' "$pam_sshd_config" | head -1) ++ # Get location of the first account occurrence. ++ su_insert=$($sed -rn '/^account/=' "$pam_su_config" | head -1) + fi + + added_config="$added_comment" +@@ -223,7 +229,7 @@ modify_pam_config() ( + # Insert su blocker at top of `su:account` stack. + if [ -n "$su_insert" ] && ! grep -qE "$pam_account_su" "$pam_su_config"; then + added_su_config="${added_comment}\n${pam_account_su}" +- sed -i"" "${su_insert}i ${added_su_config}" "$pam_su_config" ++ $sed -i"" "${su_insert}i ${added_su_config}" "$pam_su_config" + fi + + # Append account modules at end of `sshd:account` stack. +@@ -314,16 +320,24 @@ restart_sshd() { + return 0 + fi + echo "Restarting SSHD" +- for svc in "ssh" "sshd"; do +- restart_service "$svc" +- done ++ if is_freebsd; then ++ restart_service "sshd" ++ else ++ for svc in "ssh" "sshd"; do ++ restart_service "$svc" ++ done ++ fi + } + + restart_svcs() { + echo "Restarting optional services." +- for svc in "nscd" "unscd" "systemd-logind" "cron" "crond"; do +- restart_service "$svc" +- done ++ if is_freebsd; then ++ restart_service "cron" ++ else ++ for svc in "nscd" "unscd" "systemd-logind" "cron" "crond"; do ++ restart_service "$svc" ++ done ++ fi + } + + setup_google_dirs() { +@@ -347,18 +361,34 @@ remove_google_dirs() { + } + + activate() { +- for func in modify_sshd_conf modify_nsswitch_conf \ +- modify_pam_config setup_google_dirs restart_svcs restart_sshd \ +- modify_group_conf; do ++ if is_freebsd; then ++ # In FreeBSD there is no pam_group config file similar to ++ # /etc/security/group.conf. ++ funcs="modify_sshd_conf modify_nsswitch_conf modify_pam_config \ ++ setup_google_dirs restart_svcs restart_sshd" ++ else ++ funcs="modify_sshd_conf modify_nsswitch_conf modify_pam_config \ ++ setup_google_dirs restart_svcs restart_sshd modify_group_conf" ++ fi ++ ++ for func in "$funcs"; do + $func + [ $? -eq 0 ] || return 1 + done + } + + deactivate() { +- for func in remove_google_dirs restore_nsswitch_conf \ +- restore_sshd_conf restore_pam_config restart_svcs restart_sshd \ +- restore_group_conf; do ++ if is_freebsd; then ++ # In FreeBSD there is no pam_group config file similar to ++ # /etc/security/group.conf. ++ funcs="remove_google_dirs restore_nsswitch_conf restore_sshd_conf \ ++ restore_pam_config restart_svcs restart_sshd" ++ else ++ funcs="remove_google_dirs restore_nsswitch_conf restore_sshd_conf \ ++ restore_pam_config restart_svcs restart_sshd restore_group_conf" ++ fi ++ ++ for func in "$funcs"; do + $func + done + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906141350.x5EDoQDf077570>