Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-05-25 16:18:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions", Maintainer is "lnus...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-02-08
15:41:13.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-05-25 16:18:08.000000000 +0200
@@ -1,0 +2,6 @@
+Tue May 15 14:46:22 UTC 2012 - lnus...@suse.de
+
+- print warning when requested to check not listed files
+- Use credentials from within the root file system
+
+-------------------------------------------------------------------
Old:
----
permissions-2012.02.08.0914.tar.bz2
New:
----
permissions-2012.05.15.1646.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ permissions.spec ++++++
--- /var/tmp/diff_new_pack.zSDFuc/_old 2012-05-25 16:18:10.000000000 +0200
+++ /var/tmp/diff_new_pack.zSDFuc/_new 2012-05-25 16:18:10.000000000 +0200
@@ -24,7 +24,7 @@
License: GPL-2.0+
Group: Productivity/Security
AutoReqProv: on
-Version: 2012.02.08.0914
+Version: 2012.05.15.1646
Release: 1
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++++++ permissions-2012.02.08.0914.tar.bz2 ->
permissions-2012.05.15.1646.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.02.08.0914/chkstat.c
new/permissions-2012.05.15.1646/chkstat.c
--- old/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.000000000
+0100
+++ new/permissions-2012.05.15.1646/chkstat.c 2012-05-15 16:46:07.000000000
+0200
@@ -59,6 +59,128 @@
int npermfiles = 0;
char* force_level;
+static struct passwd*
+_getpwuid(uid_t uid)
+{
+ char fn[PATH_MAX];
+ struct passwd *pwd = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+ return getpwuid(uid);
+
+ // read the passwd from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ printf("trying %s\n", fn);
+
+ fp = fopen(fn, "r");
+ if (!fp)
+ goto out;
+
+ while ((pwd = fgetpwent(fp)))
+ {
+ if (pwd->pw_uid == uid)
+ goto out;
+ }
+
+out:
+ if (fp)
+ fclose(fp);
+ return pwd;
+}
+
+static struct passwd*
+_getpwnam(const char *name)
+{
+ char fn[PATH_MAX];
+ struct passwd *pwd = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+ return getpwnam(name);
+
+ // read the passwd from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ fp = fopen(fn, "r");
+ if (!fp)
+ goto out;
+
+ while ((pwd = fgetpwent(fp)))
+ {
+ if (strcmp(pwd->pw_name, name) == 0)
+ goto out;
+ }
+
+out:
+ if (fp)
+ fclose(fp);
+ return pwd;
+}
+
+static struct group*
+_getgrgid(gid_t gid)
+{
+ char fn[PATH_MAX];
+ struct group *grp = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+ return getgrgid(gid);
+
+ // read the group from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ fp = fopen(fn, "r");
+ if (!fp)
+ goto out;
+
+ while ((grp = fgetgrent(fp)))
+ {
+ if (grp->gr_gid == gid)
+ goto out;
+ }
+
+out:
+ if (fp)
+ fclose(fp);
+ return grp;
+}
+
+static struct group*
+_getgrnam(const char *name)
+{
+ char fn[PATH_MAX];
+ struct group *grp = 0;
+ FILE *fp = 0;
+
+ if (!rootl)
+ return getgrnam(name);
+
+ // read the group from the root instead
+ strcpy(fn, root);
+ strcpy(fn+rootl, "/etc/passwd");
+
+ fp = fopen(fn, "r");
+ if (!fp)
+ goto out;
+
+ while ((grp = fgetgrent(fp)))
+ {
+ if (strcmp(grp->gr_name, name) == 0)
+ goto out;
+ }
+
+out:
+ if (fp)
+ fclose(fp);
+ return grp;
+}
+
struct perm*
add_permlist(char *file, char *owner, char *group, mode_t mode)
{
@@ -770,6 +892,10 @@
if (do_set == -1)
do_set = 0;
+ // add fake list entries for all files to check
+ for (i = 0; i < nchecklist; i++)
+ add_permlist(checklist[i], "unknown", "unknown", 0);
+
for (i = 0; i < npermfiles; i++)
{
if ((fp = fopen(permfiles[i], "r")) == 0)
@@ -867,18 +993,36 @@
euid = geteuid();
for (e = permlist; e; e = e->next)
{
- if (use_checklist && !in_checklist(e->file))
+ if (use_checklist && !in_checklist(e->file+rootl))
continue;
if (lstat(e->file, &stb))
continue;
if (S_ISLNK(stb.st_mode))
continue;
- if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd =
getpwnam(e->owner)) == 0)
+ if (!e->mode && !strcmp(e->owner, "unknown"))
+ {
+ char uids[16], gids[16];
+ pwd = _getpwuid(stb.st_uid);
+ grp = _getgrgid(stb.st_gid);
+ if (!pwd)
+ sprintf(uids, "%d", stb.st_uid);
+ if (!grp)
+ sprintf(gids, "%d", stb.st_gid);
+ fprintf(stderr, "%s: cannot verify %s:%s %04o - not listed in
/etc/permissions\n",
+ e->file+rootl,
+ pwd?pwd->pw_name:uids,
+ grp?grp->gr_name:gids,
+ (int)(stb.st_mode&07777));
+ pwd = 0;
+ grp = 0;
+ continue;
+ }
+ if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd =
_getpwnam(e->owner)) == 0)
{
fprintf(stderr, "%s: unknown user %s\n", e->file+rootl, e->owner);
continue;
}
- if ((!grp || strcmp(grp->gr_name, e->group)) && (grp =
getgrnam(e->group)) == 0)
+ if ((!grp || strcmp(grp->gr_name, e->group)) && (grp =
_getgrnam(e->group)) == 0)
{
fprintf(stderr, "%s: unknown group %s\n", e->file+rootl, e->group);
continue;
@@ -940,8 +1084,8 @@
printf(". (wrong");
if (!owner_ok)
{
- pwd = getpwuid(stb.st_uid);
- grp = getgrgid(stb.st_gid);
+ pwd = _getpwuid(stb.st_uid);
+ grp = _getgrgid(stb.st_gid);
if (pwd)
printf(" owner/group %s", pwd->pw_name);
else
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
