Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-05-25 16:18:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions", Maintainer is "lnus...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-02-08 15:41:13.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-05-25 16:18:08.000000000 +0200 @@ -1,0 +2,6 @@ +Tue May 15 14:46:22 UTC 2012 - lnus...@suse.de + +- print warning when requested to check not listed files +- Use credentials from within the root file system + +------------------------------------------------------------------- Old: ---- permissions-2012.02.08.0914.tar.bz2 New: ---- permissions-2012.05.15.1646.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.zSDFuc/_old 2012-05-25 16:18:10.000000000 +0200 +++ /var/tmp/diff_new_pack.zSDFuc/_new 2012-05-25 16:18:10.000000000 +0200 @@ -24,7 +24,7 @@ License: GPL-2.0+ Group: Productivity/Security AutoReqProv: on -Version: 2012.02.08.0914 +Version: 2012.05.15.1646 Release: 1 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++++++ permissions-2012.02.08.0914.tar.bz2 -> permissions-2012.05.15.1646.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.02.08.0914/chkstat.c new/permissions-2012.05.15.1646/chkstat.c --- old/permissions-2012.02.08.0914/chkstat.c 2012-02-08 09:14:56.000000000 +0100 +++ new/permissions-2012.05.15.1646/chkstat.c 2012-05-15 16:46:07.000000000 +0200 @@ -59,6 +59,128 @@ int npermfiles = 0; char* force_level; +static struct passwd* +_getpwuid(uid_t uid) +{ + char fn[PATH_MAX]; + struct passwd *pwd = 0; + FILE *fp = 0; + + if (!rootl) + return getpwuid(uid); + + // read the passwd from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + printf("trying %s\n", fn); + + fp = fopen(fn, "r"); + if (!fp) + goto out; + + while ((pwd = fgetpwent(fp))) + { + if (pwd->pw_uid == uid) + goto out; + } + +out: + if (fp) + fclose(fp); + return pwd; +} + +static struct passwd* +_getpwnam(const char *name) +{ + char fn[PATH_MAX]; + struct passwd *pwd = 0; + FILE *fp = 0; + + if (!rootl) + return getpwnam(name); + + // read the passwd from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + fp = fopen(fn, "r"); + if (!fp) + goto out; + + while ((pwd = fgetpwent(fp))) + { + if (strcmp(pwd->pw_name, name) == 0) + goto out; + } + +out: + if (fp) + fclose(fp); + return pwd; +} + +static struct group* +_getgrgid(gid_t gid) +{ + char fn[PATH_MAX]; + struct group *grp = 0; + FILE *fp = 0; + + if (!rootl) + return getgrgid(gid); + + // read the group from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + fp = fopen(fn, "r"); + if (!fp) + goto out; + + while ((grp = fgetgrent(fp))) + { + if (grp->gr_gid == gid) + goto out; + } + +out: + if (fp) + fclose(fp); + return grp; +} + +static struct group* +_getgrnam(const char *name) +{ + char fn[PATH_MAX]; + struct group *grp = 0; + FILE *fp = 0; + + if (!rootl) + return getgrnam(name); + + // read the group from the root instead + strcpy(fn, root); + strcpy(fn+rootl, "/etc/passwd"); + + fp = fopen(fn, "r"); + if (!fp) + goto out; + + while ((grp = fgetgrent(fp))) + { + if (strcmp(grp->gr_name, name) == 0) + goto out; + } + +out: + if (fp) + fclose(fp); + return grp; +} + struct perm* add_permlist(char *file, char *owner, char *group, mode_t mode) { @@ -770,6 +892,10 @@ if (do_set == -1) do_set = 0; + // add fake list entries for all files to check + for (i = 0; i < nchecklist; i++) + add_permlist(checklist[i], "unknown", "unknown", 0); + for (i = 0; i < npermfiles; i++) { if ((fp = fopen(permfiles[i], "r")) == 0) @@ -867,18 +993,36 @@ euid = geteuid(); for (e = permlist; e; e = e->next) { - if (use_checklist && !in_checklist(e->file)) + if (use_checklist && !in_checklist(e->file+rootl)) continue; if (lstat(e->file, &stb)) continue; if (S_ISLNK(stb.st_mode)) continue; - if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd = getpwnam(e->owner)) == 0) + if (!e->mode && !strcmp(e->owner, "unknown")) + { + char uids[16], gids[16]; + pwd = _getpwuid(stb.st_uid); + grp = _getgrgid(stb.st_gid); + if (!pwd) + sprintf(uids, "%d", stb.st_uid); + if (!grp) + sprintf(gids, "%d", stb.st_gid); + fprintf(stderr, "%s: cannot verify %s:%s %04o - not listed in /etc/permissions\n", + e->file+rootl, + pwd?pwd->pw_name:uids, + grp?grp->gr_name:gids, + (int)(stb.st_mode&07777)); + pwd = 0; + grp = 0; + continue; + } + if ((!pwd || strcmp(pwd->pw_name, e->owner)) && (pwd = _getpwnam(e->owner)) == 0) { fprintf(stderr, "%s: unknown user %s\n", e->file+rootl, e->owner); continue; } - if ((!grp || strcmp(grp->gr_name, e->group)) && (grp = getgrnam(e->group)) == 0) + if ((!grp || strcmp(grp->gr_name, e->group)) && (grp = _getgrnam(e->group)) == 0) { fprintf(stderr, "%s: unknown group %s\n", e->file+rootl, e->group); continue; @@ -940,8 +1084,8 @@ printf(". (wrong"); if (!owner_ok) { - pwd = getpwuid(stb.st_uid); - grp = getgrgid(stb.st_gid); + pwd = _getpwuid(stb.st_uid); + grp = _getgrgid(stb.st_gid); if (pwd) printf(" owner/group %s", pwd->pw_name); else -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org