[Pkg-freeipa-devel] [Git][freeipa-team/oddjob][master] 10 commits: Read HOME_MODE and UMASK from /etc/login.defs

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Sun Mar 20 13:53:14 GMT 2022



Timo Aaltonen pushed to branch master at FreeIPA packaging / oddjob


Commits:
c51b28ad by Alexander Bokovoy at 2020-10-08T14:56:07+03:00
Read HOME_MODE and UMASK from /etc/login.defs

shadow-utils changed behavior of UMASK to only apply to runtime
processes. For home directories, HOME_MODE variable was introduced
instead.

Read HOME_MODE and fall back to UMASK if that does not exist.

Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
dfb0f7aa by Alexander Bokovoy at 2020-12-14T18:16:29+02:00
Enforce stable LC_ALL=C.UTF-8 in jobs environment

FreeIPA uses oddjobd to run Python scripts. It also expects that the
execution environment uses UTF-8 encoding. On RHEL 8.4 default
configuration changed to provide LC_ALL=en_US which uses ISO-8859-1
encoding instead of UTF-8.

Enforce C.UTF-8 to not depend on the system defaults.

Resolves: rhbz#1907481

Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
375f661f by Alexander Bokovoy at 2020-12-14T18:53:23+02:00
Initialize srv before use

- - - - -
c539e931 by Alexander Bokovoy at 2020-12-14T18:53:23+02:00
Release 0.34.7

- - - - -
c64cbce7 by Timo Aaltonen at 2021-01-07T08:56:08+02:00
Merge branch 'upstream'

- - - - -
ef43a16c by Timo Aaltonen at 2021-01-07T08:56:51+02:00
New upstream version.

- - - - -
80800b64 by Timo Aaltonen at 2022-03-20T15:44:02+02:00
control: Drop libldap2-dev from build-depends. (Closes: #1007972)

- - - - -
03cfbad7 by Timo Aaltonen at 2022-03-20T15:44:47+02:00
control: Bump policy to 4.6.0.

- - - - -
0f18110d by Timo Aaltonen at 2022-03-20T15:45:18+02:00
control: Bump debhelper-compat to 13.

- - - - -
7b467653 by Timo Aaltonen at 2022-03-20T15:52:37+02:00
releasing package oddjob version 0.34.7-1

- - - - -


10 changed files:

- configure.ac
- debian/changelog
- debian/control
- debian/rules
- oddjob.spec
- scripts/oddjobd.service.in
- src/mkhomedir.c
- src/oddjob_dbus.c
- src/oddjobd-mkhomedir.conf.5.in
- src/pam_oddjob_mkhomedir.8.in


Changes:

=====================================
configure.ac
=====================================
@@ -1,4 +1,4 @@
-AC_INIT(oddjob,0.34.4)
+AC_INIT(oddjob,0.34.7)
 AC_PREREQ(2.59)
 PACKAGE_NAME_CAPS=`echo $PACKAGE_NAME | tr '[a-z]' '[A-Z]'`
 AC_DEFINE_UNQUOTED(PACKAGE_NAME_CAPS,"$PACKAGE_NAME_CAPS",[Define to the package name, in caps.])


=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+oddjob (0.34.7-1) unstable; urgency=medium
+
+  * New upstream version.
+  * control: Drop libldap2-dev from build-depends. (Closes: #1007972)
+  * control: Bump policy to 4.6.0.
+  * control: Bump debhelper-compat to 13.
+
+ -- Timo Aaltonen <tjaalton at debian.org>  Sun, 20 Mar 2022 15:52:31 +0200
+
 oddjob (0.34.6-1) unstable; urgency=medium
 
   * New upstream release. (Closes: #956352, #960089)


=====================================
debian/control
=====================================
@@ -4,11 +4,10 @@ Priority: optional
 Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
 Uploaders: Timo Aaltonen <tjaalton at debian.org>
 Build-Depends:
- debhelper-compat (= 12),
+ debhelper-compat (= 13),
  dbus,
  libdbus-1-dev,
  libkrb5-dev,
- libldap2-dev,
  libpam-dev,
  libsasl2-dev,
  libselinux1-dev,
@@ -16,7 +15,7 @@ Build-Depends:
  pkg-config,
  systemd,
  xmlto,
-Standards-Version: 4.5.0
+Standards-Version: 4.6.0
 Homepage: https://pagure.io/oddjob/
 Vcs-Git: https://salsa.debian.org/freeipa-team/oddjob.git
 Vcs-Browser: https://salsa.debian.org/freeipa-team/oddjob


=====================================
debian/rules
=====================================
@@ -30,6 +30,3 @@ override_dh_install:
 		$(CURDIR)/debian/tmp/lib/${DEB_HOST_MULTIARCH}/
 
 	dh_install
-
-override_dh_missing:
-	dh_missing --fail-missing


=====================================
oddjob.spec
=====================================
@@ -21,7 +21,7 @@
 %endif
 
 Name: oddjob
-Version: 0.34.6
+Version: 0.34.7
 Release: 1%{?dist}
 Source0: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz
 Source1: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz.sig
@@ -246,6 +246,10 @@ fi
 exit 0
 
 %changelog
+* Mon Dec 14 18:44:51 EET 2020 Alexander Bokovoy <abokovoy at redhat.com> - 0.34.7-1
+- Read HOME_MODE and UMASK from /etc/login.defs
+- Default to LC_ALL=C.UTF-8 in systemd service environment
+
 * Thu May  7 2020 Nalin Dahyabhai <nalin at redhat.com> - 0.34.6-1
 - update license on src/buffer.h
 - change /var/run -> /run in systemd service file (Orion Poplawski)


=====================================
scripts/oddjobd.service.in
=====================================
@@ -5,6 +5,7 @@ After=syslog.target network.target dbus.service
 [Service]
 Type=simple
 PIDFile=/run/oddjobd.pid
+Environment=LC_ALL=C.UTF-8
 ExecStart=@sbindir@/oddjobd -n -p /run/oddjobd.pid -t 300
 
 [Install]


=====================================
src/mkhomedir.c
=====================================
@@ -264,12 +264,13 @@ mkhomedir(const char *user, int flags)
 }
 
 static mode_t
-get_umask(int *configured)
+get_umask(int *configured, const char *variable)
 {
 	FILE *fp;
 	char buf[BUFSIZ], *p, *end;
 	mode_t mask = umask(0777);
 	long tmp;
+	size_t vlen = strlen(variable);
 
 	fp = fopen("/etc/login.defs", "r");
 	if (fp != NULL) {
@@ -279,10 +280,10 @@ get_umask(int *configured)
 			}
 			buf[strcspn(buf, "\r\n")] = '\0';
 			p = buf + strspn(buf, " \t");
-			if (strncmp(p, "UMASK", 5) != 0) {
+			if (strncmp(p, variable, vlen) != 0) {
 				continue;
 			}
-			p += 5;
+			p += vlen;
 			if (strspn(p, " \t") == 0) {
 				continue;
 			}
@@ -308,7 +309,11 @@ main(int argc, char **argv)
 	int i, configured_umask = 0, flags = FLAG_POPULATE;
 
 	openlog(PACKAGE "-mkhomedir", LOG_PID, LOG_DAEMON);
-	override_umask = get_umask(&configured_umask);
+	/* Unlike UMASK, HOME_MODE is the file mode, so needs to be reverted */
+	override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
+	if (configured_umask == 0) {
+		override_umask = get_umask(&configured_umask, "UMASK");
+	}
 	umask(override_umask);
 	skel_dir = "/etc/skel";
 


=====================================
src/oddjob_dbus.c
=====================================
@@ -634,7 +634,7 @@ static DBusHandlerResult
 oddjob_dbus_filter(DBusConnection *conn, DBusMessage *message, void *user_data)
 {
 	struct oddjob_dbus_context *ctx;
-	struct oddjob_dbus_service *srv;
+	struct oddjob_dbus_service *srv = NULL;
 	struct oddjob_dbus_object *obj;
 	struct oddjob_dbus_interface *interface;
 	struct oddjob_dbus_method *method;


=====================================
src/oddjobd-mkhomedir.conf.5.in
=====================================
@@ -24,7 +24,8 @@ Override the location of the skeleton directory (by default: \fI/etc/skel\fR).
 -u
 Specify a umask whose bits are masked off of contents of the skeleton directory
 while they are copied to the user's new home directory.  The default is read
-from \fB/etc/login.defs\fR.
+from \fB/etc/login.defs\fR by taking \fBHOME_MODE\fR and \fBUMASK\fR values, in
+this order.  First found value persists.
 
 .SH SEE ALSO
 \fBoddjob.conf\fR(5)


=====================================
src/pam_oddjob_mkhomedir.8.in
=====================================
@@ -14,8 +14,9 @@ if the module is running with superuser privileges.  Otherwise, it invokes the
 \fImkmyhomedir\fR method.
 
 The location of the skeleton directory and the default umask are determined by
-the configuration for the corresponding service in \fBoddjobd-mkhomedir.conf\fR,
-so they can not be specified as arguments to this module.
+the values of \fBHOME_MODE\fR or \fBUMASK\fR (as a fallback) variables in
+\fI/etc/login.defs\fR, so they can not be specified as arguments to this
+module.
 
 If \fID-Bus\fR has not been configured to allow the calling application to
 invoke these methods provided as part of the \fI at NAMESPACE@.oddjob_mkhomedir\fR



View it on GitLab: https://salsa.debian.org/freeipa-team/oddjob/-/compare/86f18680b969915f3465c13c48122e94eed417bb...7b467653850e52877b733eac6429f9c6e347cc37

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/oddjob/-/compare/86f18680b969915f3465c13c48122e94eed417bb...7b467653850e52877b733eac6429f9c6e347cc37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20220320/10913da4/attachment-0001.htm>


More information about the Pkg-freeipa-devel mailing list