Bug#653491: schroot: Please support wildcards in users and groups

Wed, 28 Dec 2011 13:39:39 -0800 

Package: schroot
Version: 1.4.23-1
Severity: normal
Tags: patch

Please allow wildcards in users= and related keys.

Patch attached to permit the use of "*" to indicate that any
user/group or root-user/root-group matches all potential
users or groups, respectively.

Note that it will misbehave for a user or group named
"*", i.e. would grant additional privileges for other
users.  A regex would permit this to be escaped, due to
using ".*" in place of "*" and would also permit more
sophisticated matches e.g. "users.*".


Regards,
Roger

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (550, 'unstable'), (500, 'testing'), (400, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages schroot depends on:
ii  libboost-filesystem1.46.1       1.46.1-7+b1
ii  libboost-iostreams1.46.1        1.46.1-7+b1
ii  libboost-program-options1.46.1  1.46.1-7+b1
ii  libboost-regex1.46.1            1.46.1-7+b1
ii  libboost-system1.46.1           1.46.1-7+b1
ii  libc6                           2.13-24
ii  libgcc1                         1:4.6.2-9
ii  liblockdev1                     1.0.3-1.4+b2
ii  libpam0g                        1.1.3-6
ii  libstdc++6                      4.6.2-9
ii  libuuid1                        2.20.1-1
ii  schroot-common                  1.5.1-1

schroot recommends no packages.

Versions of packages schroot suggests:
ii  aufs-modules | unionfs-modules  <none>
ii  btrfs-tools                     0.19+20111105-2
ii  debootstrap                     1.0.38
ii  lvm2                            2.02.88-2

-- Configuration Files:
/etc/schroot/default/fstab changed [not included]
/etc/schroot/sbuild/fstab changed [not included]

-- no debconf information

diff --git a/sbuild/sbuild-session.cc b/sbuild/sbuild-session.cc
index bb407e8..d098d58 100644
--- a/sbuild/sbuild-session.cc
+++ b/sbuild/sbuild-session.cc
@@ -430,18 +430,30 @@ session::get_chroot_membership (chroot::ptr const& chroot,
     find(users.begin(), users.end(), this->authstat->get_ruser());
   if (upos != users.end())
     in_users = true;
+  else
+    {
+      upos = find(users.begin(), users.end(), "*");
+      if (upos != users.end())
+	in_users = true;
+    }
 
   string_list::const_iterator rupos =
     find(root_users.begin(), root_users.end(), this->authstat->get_ruser());
   if (rupos != root_users.end())
     in_root_users = true;
+  else
+    {
+      rupos = find(root_users.begin(), root_users.end(), "*");
+      if (rupos != root_users.end())
+	in_root_users = true;
+    }
 
   if (!groups.empty())
     {
       for (string_list::const_iterator gp = groups.begin();
 	   gp != groups.end();
 	   ++gp)
-	if (is_group_member(*gp))
+	if (*gp == "*" || is_group_member(*gp))
 	  in_groups = true;
     }
 
@@ -450,7 +462,7 @@ session::get_chroot_membership (chroot::ptr const& chroot,
       for (string_list::const_iterator gp = root_groups.begin();
 	   gp != root_groups.end();
 	   ++gp)
-	if (is_group_member(*gp))
+	if (*gp == "*" || is_group_member(*gp))
 	  in_root_groups = true;
     }

Reply via email to