[Pkg-freeipa-devel] [Git][freeipa-team/oddjob][upstream] 4 commits: Read HOME_MODE and UMASK from /etc/login.defs

Timo Aaltonen (@tjaalton) gitlab at salsa.debian.org
Sun Mar 20 13:53:18 GMT 2022 


Timo Aaltonen pushed to branch upstream at FreeIPA packaging / oddjob


Commits:
c51b28ad by Alexander Bokovoy at 2020-10-08T14:56:07+03:00
Read HOME_MODE and UMASK from /etc/login.defs

shadow-utils changed behavior of UMASK to only apply to runtime
processes. For home directories, HOME_MODE variable was introduced
instead.

Read HOME_MODE and fall back to UMASK if that does not exist.

Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
dfb0f7aa by Alexander Bokovoy at 2020-12-14T18:16:29+02:00
Enforce stable LC_ALL=C.UTF-8 in jobs environment

FreeIPA uses oddjobd to run Python scripts. It also expects that the
execution environment uses UTF-8 encoding. On RHEL 8.4 default
configuration changed to provide LC_ALL=en_US which uses ISO-8859-1
encoding instead of UTF-8.

Enforce C.UTF-8 to not depend on the system defaults.

Resolves: rhbz#1907481

Signed-off-by: Alexander Bokovoy <abokovoy at redhat.com>

- - - - -
375f661f by Alexander Bokovoy at 2020-12-14T18:53:23+02:00
Initialize srv before use

- - - - -
c539e931 by Alexander Bokovoy at 2020-12-14T18:53:23+02:00
Release 0.34.7

- - - - -


7 changed files:

- configure.ac
- oddjob.spec
- scripts/oddjobd.service.in
- src/mkhomedir.c
- src/oddjob_dbus.c
- src/oddjobd-mkhomedir.conf.5.in
- src/pam_oddjob_mkhomedir.8.in


Changes:

=====================================
configure.ac
=====================================
@@ -1,4 +1,4 @@
-AC_INIT(oddjob,0.34.4)
+AC_INIT(oddjob,0.34.7)
 AC_PREREQ(2.59)
 PACKAGE_NAME_CAPS=`echo $PACKAGE_NAME | tr '[a-z]' '[A-Z]'`
 AC_DEFINE_UNQUOTED(PACKAGE_NAME_CAPS,"$PACKAGE_NAME_CAPS",[Define to the package name, in caps.])


=====================================
oddjob.spec
=====================================
@@ -21,7 +21,7 @@
 %endif
 
 Name: oddjob
-Version: 0.34.6
+Version: 0.34.7
 Release: 1%{?dist}
 Source0: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz
 Source1: https://releases.pagure.org/oddjob/oddjob-%{version}.tar.gz.sig
@@ -246,6 +246,10 @@ fi
 exit 0
 
 %changelog
+* Mon Dec 14 18:44:51 EET 2020 Alexander Bokovoy <abokovoy at redhat.com> - 0.34.7-1
+- Read HOME_MODE and UMASK from /etc/login.defs
+- Default to LC_ALL=C.UTF-8 in systemd service environment
+
 * Thu May  7 2020 Nalin Dahyabhai <nalin at redhat.com> - 0.34.6-1
 - update license on src/buffer.h
 - change /var/run -> /run in systemd service file (Orion Poplawski)


=====================================
scripts/oddjobd.service.in
=====================================
@@ -5,6 +5,7 @@ After=syslog.target network.target dbus.service
 [Service]
 Type=simple
 PIDFile=/run/oddjobd.pid
+Environment=LC_ALL=C.UTF-8
 ExecStart=@sbindir@/oddjobd -n -p /run/oddjobd.pid -t 300
 
 [Install]


=====================================
src/mkhomedir.c
=====================================
@@ -264,12 +264,13 @@ mkhomedir(const char *user, int flags)
 }
 
 static mode_t
-get_umask(int *configured)
+get_umask(int *configured, const char *variable)
 {
 	FILE *fp;
 	char buf[BUFSIZ], *p, *end;
 	mode_t mask = umask(0777);
 	long tmp;
+	size_t vlen = strlen(variable);
 
 	fp = fopen("/etc/login.defs", "r");
 	if (fp != NULL) {
@@ -279,10 +280,10 @@ get_umask(int *configured)
 			}
 			buf[strcspn(buf, "\r\n")] = '\0';
 			p = buf + strspn(buf, " \t");
-			if (strncmp(p, "UMASK", 5) != 0) {
+			if (strncmp(p, variable, vlen) != 0) {
 				continue;
 			}
-			p += 5;
+			p += vlen;
 			if (strspn(p, " \t") == 0) {
 				continue;
 			}
@@ -308,7 +309,11 @@ main(int argc, char **argv)
 	int i, configured_umask = 0, flags = FLAG_POPULATE;
 
 	openlog(PACKAGE "-mkhomedir", LOG_PID, LOG_DAEMON);
-	override_umask = get_umask(&configured_umask);
+	/* Unlike UMASK, HOME_MODE is the file mode, so needs to be reverted */
+	override_umask = 0777 & ~get_umask(&configured_umask, "HOME_MODE");
+	if (configured_umask == 0) {
+		override_umask = get_umask(&configured_umask, "UMASK");
+	}
 	umask(override_umask);
 	skel_dir = "/etc/skel";
 


=====================================
src/oddjob_dbus.c
=====================================
@@ -634,7 +634,7 @@ static DBusHandlerResult
 oddjob_dbus_filter(DBusConnection *conn, DBusMessage *message, void *user_data)
 {
 	struct oddjob_dbus_context *ctx;
-	struct oddjob_dbus_service *srv;
+	struct oddjob_dbus_service *srv = NULL;
 	struct oddjob_dbus_object *obj;
 	struct oddjob_dbus_interface *interface;
 	struct oddjob_dbus_method *method;


=====================================
src/oddjobd-mkhomedir.conf.5.in
=====================================
@@ -24,7 +24,8 @@ Override the location of the skeleton directory (by default: \fI/etc/skel\fR).
 -u
 Specify a umask whose bits are masked off of contents of the skeleton directory
 while they are copied to the user's new home directory.  The default is read
-from \fB/etc/login.defs\fR.
+from \fB/etc/login.defs\fR by taking \fBHOME_MODE\fR and \fBUMASK\fR values, in
+this order.  First found value persists.
 
 .SH SEE ALSO
 \fBoddjob.conf\fR(5)


=====================================
src/pam_oddjob_mkhomedir.8.in
=====================================
@@ -14,8 +14,9 @@ if the module is running with superuser privileges.  Otherwise, it invokes the
 \fImkmyhomedir\fR method.
 
 The location of the skeleton directory and the default umask are determined by
-the configuration for the corresponding service in \fBoddjobd-mkhomedir.conf\fR,
-so they can not be specified as arguments to this module.
+the values of \fBHOME_MODE\fR or \fBUMASK\fR (as a fallback) variables in
+\fI/etc/login.defs\fR, so they can not be specified as arguments to this
+module.
 
 If \fID-Bus\fR has not been configured to allow the calling application to
 invoke these methods provided as part of the \fI at NAMESPACE@.oddjob_mkhomedir\fR



View it on GitLab: https://salsa.debian.org/freeipa-team/oddjob/-/compare/aec160b331b637d1c97c0bb0aa603a378c3ddcd3...c539e931b6dac3f1dd51cd54696adf918fad0053

-- 
View it on GitLab: https://salsa.debian.org/freeipa-team/oddjob/-/compare/aec160b331b637d1c97c0bb0aa603a378c3ddcd3...c539e931b6dac3f1dd51cd54696adf918fad0053
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20220320/549fd9a9/attachment-0001.htm>

More information about the Pkg-freeipa-devel mailing list