summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-08-01 13:32:08 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2009-08-01 13:32:08 -0400
commitcd341f153d21960fa9727de48c6f6a6b2c9bc684 (patch)
tree4dfc92d91a749d0ddb48c3f0463dd219e3314e2f
parentcb632251263ede89aca882f953fcb28dde88593b (diff)
switch to using new checkperms script.
-rwxr-xr-xMakefile1
-rw-r--r--packaging/debian/changelog4
-rw-r--r--src/share/common48
-rwxr-xr-xtests/basic2
4 files changed, 6 insertions, 49 deletions
diff --git a/Makefile b/Makefile
index 7db62e4..7ca73ef 100755
--- a/Makefile
+++ b/Makefile
@@ -58,6 +58,7 @@ install: all installman
install src/monkeysphere-host src/monkeysphere-authentication $(DESTDIR)$(PREFIX)/sbin
install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0644 src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
+ install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
ln -s ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 28b9637..eda81d8 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -7,8 +7,10 @@ monkeysphere (0.26~pre-1) unstable; urgency=low
permission-checking (closes MS #649)
- test scripts use STRICT_MODES to avoid failure when built under /tmp
(Closes: #527765)
+ - do permissions checks with a perl script instead of non-portable
+ readlink GNUisms
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Jul 2009 22:18:20 -0400
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 01 Aug 2009 13:21:43 -0400
monkeysphere (0.25-1) unstable; urgency=low
diff --git a/src/share/common b/src/share/common
index cad2572..87a30be 100644
--- a/src/share/common
+++ b/src/share/common
@@ -411,15 +411,6 @@ test_gpg_expire() {
check_key_file_permissions() {
local uname
local path
- local stat
- local access
- local gAccess
- local oAccess
-
- # function to check that the given permission corresponds to writability
- is_write() {
- [ "$1" = "w" ]
- }
uname="$1"
path="$2"
@@ -429,44 +420,7 @@ check_key_file_permissions() {
return 0
fi
log debug "checking path permission '$path'..."
-
- # rewrite path if it points to a symlink
- if [ -h "$path" ] ; then
- path=$(readlink -f "$path")
- log debug "checking path symlink '$path'..."
- fi
-
- # return 255 if cannot stat file
- if ! stat=$(ls -ld "$path" 2>/dev/null) ; then
- log error "could not stat path '$path'."
- return 255
- fi
-
- owner=$(echo "$stat" | awk '{ print $3 }')
- gAccess=$(echo "$stat" | cut -c6)
- oAccess=$(echo "$stat" | cut -c9)
-
- # return 1 if path has invalid owner
- if [ "$owner" != "$uname" -a "$owner" != 'root' ] ; then
- log error "improper ownership on path '$path':"
- log error " $owner != ($uname|root)"
- return 1
- fi
-
- # return 2 if path has group or other writability
- if is_write "$gAccess" || is_write "$oAccess" ; then
- log error "improper group or other writability on path '$path':"
- log error " group: $gAccess, other: $oAccess"
- return 2
- fi
-
- # return zero if all clear, or go to next path
- if [ "$path" = '/' ] ; then
- log debug "path ok."
- return 0
- else
- check_key_file_permissions "$uname" $(dirname "$path")
- fi
+ "${SYSSHAREDIR}/checkperms" "$uname" "$path"
}
# return a list of all users on the system
diff --git a/tests/basic b/tests/basic
index 159f9dc..6fe3237 100755
--- a/tests/basic
+++ b/tests/basic
@@ -159,7 +159,7 @@ export DISPLAY=monkeys
## we cannot do proper directory permissions checking if the current
## working directory has unsatisfactory permissions:
-if ( . "$MONKEYSPHERE_SYSSHAREDIR"/common && check_key_file_permissions $(whoami) "$TEMPDIR" ) ; then
+if "$MONKEYSPHERE_SYSSHAREDIR"/checkperms $(whoami) "$TEMPDIR"; then
echo "Permissions on temporary directory '$TEMPDIR' are OK for permissions checks."
TEMPDIR_PERMISSIONS_SAFE=yes
else