Hello community,
here is the log from the commit of package snapper for openSUSE:Factory checked
in at 2014-08-03 15:36:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/snapper (Old)
and /work/SRC/openSUSE:Factory/.snapper.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "snapper"
Changes:
--------
--- /work/SRC/openSUSE:Factory/snapper/snapper.changes 2014-07-28
06:31:08.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.snapper.new/snapper.changes 2014-08-03
15:36:33.000000000 +0200
@@ -1,0 +2,7 @@
+Thu Jul 31 15:38:16 CEST 2014 - aschn...@suse.de
+
+- also handle primary group of user when checking permissions
+ (see gh#openSUSE/snapper#100)
+- show id of user if username cannot be detected
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ snapper-0.2.3.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/client/misc.cc
new/snapper-0.2.3/client/misc.cc
--- old/snapper-0.2.3/client/misc.cc 2014-04-11 12:50:13.000000000 +0200
+++ new/snapper-0.2.3/client/misc.cc 2014-08-01 10:12:17.000000000 +0200
@@ -196,3 +196,16 @@
return configdata;
}
+
+
+string
+username(uid_t uid)
+{
+ string username;
+ gid_t gid;
+
+ if (!get_uid_username_gid(uid, username, gid))
+ return sformat("unknown (%d)", uid);
+
+ return username;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/client/misc.h
new/snapper-0.2.3/client/misc.h
--- old/snapper-0.2.3/client/misc.h 2014-04-11 12:50:13.000000000 +0200
+++ new/snapper-0.2.3/client/misc.h 2014-08-01 10:12:17.000000000 +0200
@@ -47,3 +47,5 @@
map<string, string>
read_configdata(const list<string>& l, const map<string, string>& old =
map<string, string>());
+string
+username(uid_t uid);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/server/Client.cc
new/snapper-0.2.3/server/Client.cc
--- old/snapper-0.2.3/server/Client.cc 2014-06-23 09:25:37.000000000 +0200
+++ new/snapper-0.2.3/server/Client.cc 2014-08-01 09:54:24.000000000 +0200
@@ -382,12 +382,33 @@
const MetaSnapper& meta_snapper) const
{
unsigned long uid = conn.get_unix_userid(msg);
+
+ // Check if the uid of the dbus-user is root.
if (uid == 0)
return;
- if (find(meta_snapper.uids.begin(), meta_snapper.uids.end(), uid) !=
meta_snapper.uids.end())
+ // Check if the uid of the dbus-user is included in the allowed uids.
+ if (contains(meta_snapper.uids, uid))
return;
+ string username;
+ gid_t gid;
+
+ if (get_uid_username_gid(uid, username, gid))
+ {
+ // Check if the primary gid of the dbus-user is included in the allowed
gids.
+ if (contains(meta_snapper.gids, gid))
+ return;
+
+ vector<gid_t> gids = getgrouplist(username.c_str(), gid);
+
+ // Check if any (primary or secondary) gid of the dbus-user is included
in the allowed
+ // gids.
+ for (vector<gid_t>::const_iterator it = gids.begin(); it != gids.end();
++it)
+ if (contains(meta_snapper.gids, *it))
+ return;
+ }
+
throw Permissions();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/server/MetaSnapper.cc
new/snapper-0.2.3/server/MetaSnapper.cc
--- old/snapper-0.2.3/server/MetaSnapper.cc 2014-01-29 16:48:30.000000000
+0100
+++ new/snapper-0.2.3/server/MetaSnapper.cc 2014-08-01 09:54:24.000000000
+0200
@@ -147,19 +147,24 @@
}
}
+ sort(uids.begin(), uids.end());
+ uids.erase(unique(uids.begin(), uids.end()), uids.end());
+
+ gids.clear();
+
vector<string> groups;
if (config_info.getValue(KEY_ALLOW_GROUPS, groups))
{
for (vector<string>::const_iterator it = groups.begin(); it !=
groups.end(); ++it)
{
- vector<uid_t> tmp;
- if (get_group_uids(it->c_str(), tmp))
- uids.insert(uids.end(), tmp.begin(), tmp.end());
+ gid_t tmp;
+ if (get_group_gid(it->c_str(), tmp))
+ gids.push_back(tmp);
}
}
- sort(uids.begin(), uids.end());
- uids.erase(unique(uids.begin(), uids.end()), uids.end());
+ sort(gids.begin(), gids.end());
+ gids.erase(unique(gids.begin(), gids.end()), gids.end());
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/server/MetaSnapper.h
new/snapper-0.2.3/server/MetaSnapper.h
--- old/snapper-0.2.3/server/MetaSnapper.h 2014-01-29 16:48:30.000000000
+0100
+++ new/snapper-0.2.3/server/MetaSnapper.h 2014-08-01 09:54:24.000000000
+0200
@@ -95,6 +95,7 @@
void setConfigInfo(const map<string, string>& raw);
vector<uid_t> uids;
+ vector<gid_t> gids;
Snapper* getSnapper();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/snapper/AppUtil.cc
new/snapper-0.2.3/snapper/AppUtil.cc
--- old/snapper-0.2.3/snapper/AppUtil.cc 2014-06-04 12:23:25.000000000
+0200
+++ new/snapper-0.2.3/snapper/AppUtil.cc 2014-08-01 10:12:17.000000000
+0200
@@ -262,8 +262,8 @@
}
- string
- username(uid_t uid)
+ bool
+ get_uid_username_gid(uid_t uid, string& username, gid_t& gid)
{
struct passwd pwd;
struct passwd* result;
@@ -272,11 +272,14 @@
char buf[bufsize];
if (getpwuid_r(uid, &pwd, buf, bufsize, &result) != 0 || result != &pwd)
- return "unknown";
+ return false;
memset(pwd.pw_passwd, 0, strlen(pwd.pw_passwd));
- return pwd.pw_name;
+ username = pwd.pw_name;
+ gid = pwd.pw_gid;
+
+ return true;
}
@@ -304,7 +307,7 @@
bool
- get_group_uids(const char* groupname, vector<uid_t>& uids)
+ get_group_gid(const char* groupname, gid_t& gid)
{
struct group grp;
struct group* result;
@@ -320,39 +323,30 @@
memset(grp.gr_passwd, 0, strlen(grp.gr_passwd));
- uids.clear();
-
- for (char** p = grp.gr_mem; *p != NULL; ++p)
- {
- uid_t uid;
- if (get_user_uid(*p, uid))
- uids.push_back(uid);
- }
+ gid = grp.gr_gid;
return true;
}
- bool
- get_group_gid(const char* groupname, gid_t& gid)
+ vector<gid_t>
+ getgrouplist(const char* username, gid_t gid)
{
- struct group grp;
- struct group* result;
-
- long bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
- char buf[bufsize];
+ int n = 16;
+ gid_t* buf = (gid_t*) malloc(sizeof(gid_t) * n);
- if (getgrnam_r(groupname, &grp, buf, bufsize, &result) != 0 || result
!= &grp)
+ if (::getgrouplist(username, gid, buf, &n) == -1)
{
- y2war("couldn't find groupname '" << groupname << "'");
- return false;
+ buf = (gid_t*) realloc(buf, sizeof(gid_t) * n);
+ ::getgrouplist(username, gid, buf, &n);
}
- memset(grp.gr_passwd, 0, strlen(grp.gr_passwd));
+ vector<gid_t> gids(&buf[0], &buf[n]);
+ sort(gids.begin(), gids.end());
- gid = grp.gr_gid;
+ free(buf);
- return true;
+ return gids;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/snapper-0.2.3/snapper/AppUtil.h
new/snapper-0.2.3/snapper/AppUtil.h
--- old/snapper-0.2.3/snapper/AppUtil.h 2014-06-04 12:23:25.000000000 +0200
+++ new/snapper-0.2.3/snapper/AppUtil.h 2014-08-01 10:12:17.000000000 +0200
@@ -85,11 +85,10 @@
string datetime(time_t time, bool utc, bool classic);
time_t scan_datetime(const string& str, bool utc);
- string username(uid_t uid);
-
+ bool get_uid_username_gid(uid_t uid, string& username, gid_t& gid);
bool get_user_uid(const char* username, uid_t& uid);
bool get_group_gid(const char* groupname, gid_t& gid);
- bool get_group_uids(const char* groupname, vector<uid_t>& uids);
+ vector<gid_t> getgrouplist(const char* username, gid_t gid);
class StopWatch
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
