Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hopefully fix Issue 1379 #1392

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Hopefully fix Issue 1379 #1392

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d60c64e
Issue 1379
ddpbsd Apr 3, 2018
0dd580b
AIX seems to prefer the user to come last as well.
ddpbsd Apr 3, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions src/init/adduser.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,14 @@ else
USERADD="/usr/sbin/useradd"
OSMYSHELL="/sbin/nologin"
else
# All current linux distributions should support system accounts for
# users/groups. If not, leave the GROUPADD/USERADD as it was before
# this change
sys_acct_chk () {
$1 --help 2>&1 | grep -e " *-r.*system account" >/dev/null 2>&1 && echo "$1 -r" || echo "$1"
}
GROUPADD=$(sys_acct_chk "/usr/sbin/groupadd -f")
USERADD=$(sys_acct_chk "/usr/sbin/useradd")
# All current linux distributions should support system accounts for
# users/groups. If not, leave the GROUPADD/USERADD as it was before
# this change
sys_acct_chk () {
$1 --help 2>&1 | grep -e " *-r.*system account" >/dev/null 2>&1 && echo "$1 -r" || echo "$1"
}
GROUPADD=$(sys_acct_chk "/usr/sbin/groupadd -f")
USERADD=$(sys_acct_chk "/usr/sbin/useradd")
OSMYSHELL="/sbin/nologin"
fi

Expand All @@ -83,7 +83,7 @@ else
for U in ${USER} ${USER_MAIL} ${USER_REM}; do
if [ -x /usr/bin/getent ]; then
if [ `getent passwd ${U} | wc -l` -lt 1 ]; then
if [ "$UNAME" = "OpenBSD" ] || [ "$UNAME" = "SunOS" ]; then
if [ "$UNAME" = "OpenBSD" ] || [ "$UNAME" = "SunOS" ] || [ "$UNAME" = "AIX" ]; then
${USERADD} -d "${DIR}" -s ${OSMYSHELL} -g "${GROUP}" "${U}"
else
${USERADD} "${U}" -d "${DIR}" -s ${OSMYSHELL} -g "${GROUP}"
Expand Down
12 changes: 6 additions & 6 deletions src/os_auth/check_cert.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,8 @@ int check_subject_cn(X509 *cert, const char *manager)
*/
int check_hostname(ASN1_STRING *cert_astr, const char *manager)
{
label c_labels[DNS_MAX_LABELS];
label m_labels[DNS_MAX_LABELS];
OS_label c_labels[DNS_MAX_LABELS];
OS_label m_labels[DNS_MAX_LABELS];
int c_label_num = 0;
int m_label_num = 0;
int wildcard_cert = 0;
Expand Down Expand Up @@ -209,7 +209,7 @@ int check_ipaddr(const ASN1_STRING *cert_astr, const char *manager)
* of labels found. strtok() is not used as we want to detect labels with
* length zero.
*/
int label_array(const char *domain_name, label result[DNS_MAX_LABELS])
int label_array(const char *domain_name, OS_label result[DNS_MAX_LABELS])
{
int label_count = 0;
const char *label_start = domain_name;
Expand All @@ -221,7 +221,7 @@ int label_array(const char *domain_name, label result[DNS_MAX_LABELS])
}

if (*label_end == '.' || *label_end == '\0') {
label *new_label = &result[label_count];
OS_label *new_label = &result[label_count];

if ((new_label->len = (size_t)(label_end - label_start)) > DNS_MAX_LABEL_LEN) {
return VERIFY_FALSE;
Expand Down Expand Up @@ -249,7 +249,7 @@ int label_array(const char *domain_name, label result[DNS_MAX_LABELS])
/* Validate a label according to the guidelines in RFC 1035. This could
* be relaxed if necessary.
*/
int label_valid(const label *l)
int label_valid(const OS_label *l)
{
size_t i;

Expand All @@ -272,7 +272,7 @@ int label_valid(const label *l)

/* Compare two labels and determine whether they match.
*/
int label_match(const label *label1, const label *label2)
int label_match(const OS_label *label1, const OS_label *label2)
{
size_t i;

Expand Down
10 changes: 5 additions & 5 deletions src/os_auth/check_cert.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,20 +37,20 @@
#define DNS_MAX_LABELS 127
#define DNS_MAX_LABEL_LEN 63

typedef struct label_t {
typedef struct OS_label_t {
char text[DNS_MAX_LABEL_LEN + 1];
size_t len;
}
label;
OS_label;

int check_x509_cert(const SSL *ssl, const char *manager);
int check_subject_alt_names(X509 *cert, const char *manager);
int check_subject_cn(X509 *cert, const char *manager);
int check_hostname(ASN1_STRING *cert_astr, const char *manager);
int check_ipaddr(const ASN1_STRING *cert_astr, const char *manager);
int label_array(const char *domain_name, label result[DNS_MAX_LABELS]);
int label_valid(const label *label);
int label_match(const label *label1, const label *label2);
int label_array(const char *domain_name, OS_label result[DNS_MAX_LABELS]);
int label_valid(const OS_label *label);
int label_match(const OS_label *label1, const OS_label *label2);
char *asn1_to_cstr(ASN1_STRING *astr);

#endif /* LIBOPENSSL_ENABLED */
Expand Down