[evolvis-commits] r18357: change nss_{passwd,shadow} views to prevent '' or ':' in passwd column

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 12 20:40:36 CEST 2012


Author: mirabilos
Date: 2012-04-12 20:40:36 +0200 (Thu, 12 Apr 2012)
New Revision: 18357

Added:
   trunk/gforge_base/evolvisforge-5.1/src/db/20120412-better-nss.sql
Modified:
   trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl
   trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
Log:
change nss_{passwd,shadow} views to prevent '' or ':' in passwd column

Added: trunk/gforge_base/evolvisforge-5.1/src/db/20120412-better-nss.sql
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/db/20120412-better-nss.sql	                        (rev 0)
+++ trunk/gforge_base/evolvisforge-5.1/src/db/20120412-better-nss.sql	2012-04-12 18:40:36 UTC (rev 18357)
@@ -0,0 +1,7 @@
+-- ensure empty passwords behave
+
+DROP VIEW nss_passwd;
+DROP VIEW nss_shadow;
+CREATE VIEW nss_passwd AS SELECT unix_uid AS uid, unix_gid AS gid, user_name AS login, CASE unix_pw WHEN '' THEN 'x' WHEN ':' THEN 'x' ELSE unix_pw END AS passwd, realname AS gecos, shell, user_name AS homedir, status FROM users WHERE unix_status = 'A';
+CREATE VIEW nss_shadow AS SELECT user_name AS login, CASE unix_pw WHEN '' THEN 'x' WHEN ':' THEN 'x' ELSE unix_pw END AS passwd, 'n'::character(1) AS expired, 'n'::character(1) AS pwchange FROM users WHERE unix_status = 'A';
+GRANT SELECT ON nss_passwd TO gforge_nss;

Modified: trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl	2012-04-12 18:40:31 UTC (rev 18356)
+++ trunk/gforge_base/evolvisforge-5.1/src/deb-specific/db-upgrade.pl	2012-04-12 18:40:36 UTC (rev 18357)
@@ -2509,6 +2509,7 @@
     &update_with_sql("20120321-add-news-in-activity_vw","5.1-12");
     &update_with_sql("20120329-pfo-rbac", "5.1-12+ev1");
     &update_with_sql("20120412-nuke-md5", "5.1-12+ev2");
+    &update_with_sql("20120412-better-nss", "5.1-12+ev3");
 
     ########################### INSERT HERE #################################
 

Modified: trunk/gforge_base/evolvisforge-5.1/src/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/debian/changelog	2012-04-12 18:40:31 UTC (rev 18356)
+++ trunk/gforge_base/evolvisforge-5.1/src/debian/changelog	2012-04-12 18:40:36 UTC (rev 18357)
@@ -14,8 +14,9 @@
   * Ugh. “while (!$i = 16) {”. Need I say more?
   * [#2969] Fix errors in Perl scripts
   * Rewrite authentication system; adds {SSHA}, SHA-256, SHA-512
+  * Improve nss database view: prevent empty passwd, format problems
 
- -- Thorsten Glaser <t.glaser at tarent.de>  Thu, 12 Apr 2012 18:44:26 +0200
+ -- Thorsten Glaser <t.glaser at tarent.de>  Thu, 12 Apr 2012 19:55:06 +0200
 
 fusionforge (5.1.1+evolvis52) unstable; urgency=high
 



More information about the evolvis-commits mailing list