LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

mariadb: update auth_pam handling 

With INSTALL_PAMDIR undefined some items necessary for the auth_pam
module aren't built. This adds the define so that configuration and
shared object become available.

This commit also tightens up the installation of the SUID tool. The
directory it is copied into gets created on the build host already with
u=rwx,g=rx,o=, so it cannot be accessed on target, except by root. The
post-install script then changes group ownership of the directory to the
"mariadb" group only if the directory is really a directory and owned by
"root:root".

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
lilik-openwrt-22.03
Sebastian Kemper 5 years ago
parent
19de52a044
commit
b16e9c1e2d
1 changed files with 22 additions and 4 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +22
    -4
      utils/mariadb/Makefile

+ 22
- 4
utils/mariadb/Makefile View File

@ -366,6 +366,7 @@ CMAKE_OPTIONS += \
-DINSTALL_MANDIR=share/man \
-DINSTALL_MYSQLSHAREDIR=share/mariadb \
-DINSTALL_MYSQLTESTDIR="" \
-DINSTALL_PAMDIR="/lib/security" \
-DINSTALL_PLUGINDIR=lib/mariadb/plugin \
-DINSTALL_SBINDIR=bin \
-DINSTALL_SCRIPTDIR=bin \
@ -544,8 +545,18 @@ This package provides the $(1) plugin.
$(INSTALL_DIR) $$(1)$(PLUGIN_DIR)
$(call Package/mariadb/install/plugin,$$(1),$(1))
ifeq ($(1),auth_pam)
$(CP) $(PKG_INSTALL_DIR)$(PLUGIN_DIR)/auth_pam_tool_dir \
$$(1)$(PLUGIN_DIR)
$(INSTALL_DIR) -m0750 $$(1)$(PLUGIN_DIR)/auth_pam_tool_dir
$(INSTALL_SUID) \
$(PKG_INSTALL_DIR)$(PLUGIN_DIR)/auth_pam_tool_dir/auth_pam_tool \
$$(1)$(PLUGIN_DIR)/auth_pam_tool_dir
$(INSTALL_DIR) $$(1)/etc/security
$(INSTALL_DATA) \
$(PKG_INSTALL_DIR)/etc/security/user_map.conf \
$$(1)/etc/security
$(INSTALL_DIR) $$(1)/lib/security
$(INSTALL_DATA) \
$(PKG_INSTALL_DIR)/lib/security/pam_user_map.so \
$$(1)/lib/security
endif
ifeq ($(1),ha_spider)
$(INSTALL_DIR) $$(1)$(SHARE_DIR)
@ -556,11 +567,18 @@ endif
$$(eval $$(call BuildPackage,mariadb-server-plugin-$(subst _,-,$(1))))
endef
# Directory "auth_pam_tool_dir" is installed with '-m0750' above and
# contains SUID binary "auth_pam_tool". Below post-install script
# changes the group of "auth_pam_tool_dir" to mariadb, so user mariadb
# can access the folder (and the SUID binary). The script only changes
# the group if the directory is currently owned by "root:root".
define Package/mariadb-server-plugin-auth-pam/postinst
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
chown root:mariadb /usr/lib/mariadb/plugin/auth_pam_tool_dir > /dev/null 2>&1
chmod 0750 /usr/lib/mariadb/plugin/auth_pam_tool_dir > /dev/null 2>&1
dir="/usr/lib/mariadb/plugin/auth_pam_tool_dir"
if ! [ -L "$$dir" ] && [ -d "$$dir" ] && [ -O "$$dir" ] && [ -G "$$dir" ]; then
chown :mariadb "$$dir"
fi
fi
exit 0
endef


Write Preview
Loading…
Cancel
Save