From 792020b65d4f4b0141a07aa5bbac7d931b18d62f Mon Sep 17 00:00:00 2001 From: Mattia Biondi Date: Sun, 3 May 2020 15:34:22 +0200 Subject: [PATCH 1/3] Fix CADO_SPOOL_DIR path and change PostInstall flag --- CMakeLists.txt | 29 ++++++++++++++++------------- src/CMakeLists.txt | 44 ++++++++++++++++++++++---------------------- 2 files changed, 38 insertions(+), 35 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index e617bcd..5a8f43d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,34 +1,37 @@ cmake_minimum_required(VERSION 3.13) project(cado - VERSION 0.9.4 - DESCRIPTION "Capability Ambient DO. Provide users just the capabilities they need." - HOMEPAGE_URL "https://github.com/rd235/cado" - LANGUAGES C) + VERSION 0.9.4 + DESCRIPTION "Capability Ambient DO. Provide users just the capabilities they need." + HOMEPAGE_URL "https://github.com/rd235/cado" + LANGUAGES C) include(GNUInstallDirs) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_FORTIFY_SOURCE=2 -O2 -Wall -pedantic") set(LIBS_REQUIRED cap execs mhash pam pam_misc) +option(CADO_RUN_POST_INSTALL "Run PostInstall.cmake" ON) + foreach(THISLIB IN LISTS LIBS_REQUIRED) - find_library(${THISLIB}_library ${THISLIB}) - if(NOT ${THISLIB}_library) - message(FATAL_ERROR "library lib${THISLIB} not found") - endif() + find_library(${THISLIB}_library ${THISLIB}) + if(NOT ${THISLIB}_library) + message(FATAL_ERROR "library lib${THISLIB} not found") + endif() endforeach(THISLIB) if (WITHEDITOR) - set(EDITOR "${WITHEDITOR}") + set(EDITOR "${WITHEDITOR}") else (WITHEDITOR) - set(EDITOR "/usr/bin/vi") + set(EDITOR "/usr/bin/vi") endif (WITHEDITOR) # Spool dir for scado files -set(CADO_SPOOL_DIR "/usr/local/var/spool/cado") +set(CADO_SPOOL_DIR + "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/spool/${CMAKE_PROJECT_NAME}") configure_file( - "include/config.h.in" - "include/config.h" + "include/config.h.in" + "include/config.h" ) add_subdirectory(man) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 9a3562b..fb9d216 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,27 +1,27 @@ cmake_minimum_required(VERSION 3.13) add_executable( - cado cado.c pam_check.c get_user_groups.c capset_from_namelist.c - read_conf.c set_ambient_cap.c compute_digest.c file_utils.c - scado_parse.c cado_scado_check.c + cado cado.c pam_check.c get_user_groups.c capset_from_namelist.c + read_conf.c set_ambient_cap.c compute_digest.c file_utils.c + scado_parse.c cado_scado_check.c ) target_include_directories(cado PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries( - cado ${pam_library} ${pam_misc_library} ${cap_library} ${mhash_library} - ${execs_library}) + cado ${pam_library} ${pam_misc_library} ${cap_library} ${mhash_library} + ${execs_library}) add_executable(cadrop cadrop.c capset_from_namelist.c set_ambient_cap.c) target_include_directories(cadrop PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries(cadrop ${cap_library}) add_executable( - scado scado.c pam_check.c file_utils.c compute_digest.c - capset_from_namelist.c scado_parse.c + scado scado.c pam_check.c file_utils.c compute_digest.c + capset_from_namelist.c scado_parse.c ) target_include_directories(scado PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE_BINARY_DIR}/include) target_link_libraries( - scado ${pam_library} ${pam_misc_library} ${cap_library} ${mhash_library} - ${execs_library} + scado ${pam_library} ${pam_misc_library} ${cap_library} ${mhash_library} + ${execs_library} ) add_executable(caprint caprint.c) @@ -29,19 +29,19 @@ target_include_directories(caprint PRIVATE ${PROJECT_SOURCE_DIR}/include ${CMAKE target_link_libraries(caprint ${cap_library}) install( - TARGETS cado cadrop scado caprint - RUNTIME - DESTINATION ${CMAKE_INSTALL_BINDIR} + TARGETS cado cadrop scado caprint + RUNTIME + DESTINATION ${CMAKE_INSTALL_BINDIR} ) -if(NOT DEBUILD) - install( - CODE "execute_process( - COMMAND ${CMAKE_COMMAND} - -DBINDIR=${CMAKE_INSTALL_FULL_BINDIR} - -DLIBDIR=${CMAKE_INSTALL_FULL_LIBDIR} - -DCADO_SPOOL_DIR=${CADO_SPOOL_DIR} - -P ${PROJECT_SOURCE_DIR}/PostInstall.cmake - )" - ) +if(CADO_RUN_POST_INSTALL) + install( + CODE "execute_process( + COMMAND ${CMAKE_COMMAND} + -DBINDIR=${CMAKE_INSTALL_FULL_BINDIR} + -DLIBDIR=${CMAKE_INSTALL_FULL_LIBDIR} + -DCADO_SPOOL_DIR=${CADO_SPOOL_DIR} + -P ${PROJECT_SOURCE_DIR}/PostInstall.cmake + )" + ) endif() -- GitLab From c3bc6f56ddacc90b6b0c9ea06ce4a4ac927677de Mon Sep 17 00:00:00 2001 From: Mattia Biondi Date: Sun, 3 May 2020 15:37:15 +0200 Subject: [PATCH 2/3] Fix spelling and grammar errors --- man/cado.1 | 2 +- man/cadrop.1 | 2 +- man/scado.1 | 4 ++-- src/cado.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/man/cado.1 b/man/cado.1 index 7b3693f..3724f6c 100644 --- a/man/cado.1 +++ b/man/cado.1 @@ -15,7 +15,7 @@ cado \- Capability Ambient DO ] .SH DESCRIPTION -Cado permits to delegate capabilities to users. +Cado allows the system administrator to delegate capabilities to users. Cado is a capability based sudo. Sudo allows authorized users to run programs as root (or as another user), cado allows authorized users to run programs with specific (ambient) capabilities. diff --git a/man/cadrop.1 b/man/cadrop.1 index ec9d360..11aac7e 100644 --- a/man/cadrop.1 +++ b/man/cadrop.1 @@ -14,7 +14,7 @@ cadrop \- Capability Ambient Drop ] .SH DESCRIPTION -Cadrop permits to drop (ambient) capabilities. +Cadrop allows users to drop (ambient) capabilities. Cadrop launches the command indicated as a parameter ($SHELL if omitted) dropping all the capabilities listed in the capability_list. diff --git a/man/scado.1 b/man/scado.1 index 2b21d75..9b9a9de 100644 --- a/man/scado.1 +++ b/man/scado.1 @@ -20,8 +20,8 @@ scado \- Script Capability Ambient DO .SH DESCRIPTION -\fBcado(1)\fR permits to delegate capabilities to users. -Users can grant a subset of these ambient capabilities to trusted programs. +\fBcado(1)\fR allows the system administrator to delegate capabilities to users. +Users can grant a subset of these ambient capabilities to trusted programs. Each user can define their own list of trusted programs and which capabilities to grant, using a scado file. \fBcado -S\fR or \fBcado --scado\fR run those trusted programs without any further authentication. In this way it is also possible to run programs requiring specific capabilities within a bash script. diff --git a/src/cado.c b/src/cado.c index 8434334..06dcac2 100644 --- a/src/cado.c +++ b/src/cado.c @@ -71,7 +71,7 @@ void usage(char *progname) { fprintf(stderr," -f, --force do not display warnings, do what is allowed\n"); fprintf(stderr," -v, --verbose generate extra output\n"); fprintf(stderr," -S, --scado check scado pre-authorization for scripts\n"); - fprintf(stderr," -s, --setcap set the minimun caps for %s (root access)\n",progname); + fprintf(stderr," -s, --setcap set the minimum caps for %s (root access)\n",progname); exit(1); } -- GitLab From 942ec59c61ffe81a2a80e93eaa8e2a3d86565042 Mon Sep 17 00:00:00 2001 From: Mattia Biondi Date: Sun, 3 May 2020 15:50:32 +0200 Subject: [PATCH 3/3] Bump Version --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5a8f43d..73c58f7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,6 +1,6 @@ cmake_minimum_required(VERSION 3.13) project(cado - VERSION 0.9.4 + VERSION 0.9.5 DESCRIPTION "Capability Ambient DO. Provide users just the capabilities they need." HOMEPAGE_URL "https://github.com/rd235/cado" LANGUAGES C) @@ -27,7 +27,7 @@ endif (WITHEDITOR) # Spool dir for scado files set(CADO_SPOOL_DIR - "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/spool/${CMAKE_PROJECT_NAME}") + "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/spool/${CMAKE_PROJECT_NAME}") configure_file( "include/config.h.in" -- GitLab