[Mageia-dev] [usrmove] Please Test: shadow-utils package (TCB auth related)

Colin Guthrie mageia at colin.guthr.ie
Thu Jul 12 17:20:28 CEST 2012 

Hiya Vincent,

Thanks for replying.


'Twas brillig, and Vincent Danen at 12/07/12 15:58 did gyre and gimble:
> * [2012-07-12 15:42:45 +0100] Colin Guthrie wrote:
> 
>> Hi
>>
>> I know pretty much nothing about TCB authentication stuff that was
>> initially spearheaded by Vincent Danen many years ago in the Mandriva
>> days (taking work from his Anvix project IIRC)
>>
>> Our shadow-utils package (basically no different to Mandriva's) had one
>> large patch relating to TCB that I've now dropped as upstream
>> shadow-utils now has it's own TCB support.
>>
>> It required a couple build fixes (nothing too crazy) and things seem to
>> work still for me.
>>
>> I've also dropped a few binaries we do not use or are provided by other
>> packages (sometimes in different paths e.g. /bin/login vs.
>> /usr/bin/login).
>>
>> Everything still seems to work for me. I can login, create users, su to
>> other users etc. etc (although only the creation of users actually uses
>> the stuff in this package and I didn't know how to provide an encrypted
>> password when testing that, so not sure if my tests are even vaguely
>> valid!)
>>
>> Please test before I release it on the rest of Cauldron.
>>
>> Anyone who has any specific knowledge of this package I would very much
>> appreciate a review.
>> http://svnweb.mageia.org/packages/cauldron/shadow-utils/current/
> 
> I've not looked at or used tcb for a few years; very cool that it's in
> upstream shadow-utils now though!  If you have specific questions or
> concerns, I'd suggest getting in touch with Solar Designer (the author
> of the tcb suite).  From what I know, not much in it has changed in the
> last few years, so provided that upstream's implementation is correct,
> there should be no problem.  If you can authenticate against it
> properly, which it sounds like, then I think you're ok (although a
> manual test of user creation and user removal, as well as password
> changes, would likely be viable tests to run as well).


The only issue is that the password changes come from the passwd package
(the passwd implementation from shadow-utils is basically dropped (same
as on fedora)), so I'm not sure how valid some of the tests are!! But by
the same token, if these are separate anyway then there is less in the
way of new stuff that needs testing anyway, so that's good :D

When I last looked at updating shadow (a good few months ago) the tcb
implementation upstream looked a bit different to the one from your
patch but it did use some of the same file names (tcbfuncs.c) and
function names.

All fun and games :)

Col




-- 

Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

More information about the Mageia-dev mailing list