[X2Go-Commits] x2goserver.git - build-main (branch) updated: 3.0.99-2-92-g9665542

X2Go dev team git-admin at x2go.org
Wed Dec 4 06:17:30 CET 2013


The branch, build-main has been updated
       via  96655427f63bf17cf244f44859c568366950680c (commit)
      from  30ba707a2402086c71eaf3061519a85662848aa1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                    |    1 +
 debian/x2goserver.postinst          |   24 ++++++++++++++----------
 x2goserver/lib/x2gosqlitewrapper.pl |   12 ++++++------
 x2goserver/sbin/x2godbadmin         |    8 ++++----
 4 files changed, 25 insertions(+), 20 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 01aa4fd..5d44ea4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,7 @@ x2goserver (3.0.99.5-0~x2go3) UNRELEASED; urgency=low
   * Use source format 3.0 (native).
   * Fix of Debian clean rules, fix of Makefile's clean rules.
   * Breaks/replaces packages: x2goserver-one, x2goserver-home, x2goprint (instead of Conflicts).
+  * Switch to setgid instead of setuid for SQLite wrapper.
 
   [Martin Oehler]
   * Removes old debug code fragment, fixes x2golistsessions parsing.
diff --git a/debian/x2goserver.postinst b/debian/x2goserver.postinst
index bed72b7..5cbd874 100755
--- a/debian/x2goserver.postinst
+++ b/debian/x2goserver.postinst
@@ -25,31 +25,35 @@ case "$1" in
     chmod 600 /etc/x2go/x2gosql/passwords/pgadmin
 
     # setup x2gouser and group
-    if ! getent group x2gousers >/dev/null; then
-        echo "Creating x2gouser user." >&2
-        addgroup --system x2gousers
+    if ! getent group x2gouser >/dev/null; then
+        echo "Creating x2gouser group." >&2
+        addgroup --system x2gouser
     else
-        echo "User x2gouser already exists." >&2
+        echo "Group x2gouser already exists." >&2
     fi
     if ! getent passwd x2gouser >/dev/null; then
         echo "Creating x2gouser user." >&2
         adduser --system --no-create-home \
             --disabled-password --disabled-login \
-            --shell /bin/false --group --home /var/lib/x2go x2gouser
+            --shell /bin/false --group --home /var/db/x2go x2gouser
     else
         echo "User x2gouser already exists." >&2
     fi
 
-    if [ ! -f /var/lib/x2go/x2go_sessions ]; then
+    if [ ! -f /var/db/x2go/x2go_sessions ]; then
         x2godbadmin --createdb
+    else
+        # make sure db permissions are set correctly
+        chown root:x2gouser /var/db/x2go -Rf
+        chmod 0750 /var/db/x2go
+        chmod 0660 /var/db/x2go/x2go_sessions
     fi
 
     # the sqlite db has to be accessed as uid x2gouser
-    dpkg-statoverride --add --update x2gouser x2gousers 6755 /usr/lib/x2go/x2gosqlitewrapper.pl || true
+    dpkg-statoverride --add --update root x2gouser 4755 /usr/bin/x2gosqlitewrapper || true
 
-    # we may be upgrading versions of x2goserver that used perlsuid, so make sure setuid is removed
-    # from /usr/bin/x2gosqlitewrapper
-    dpkg-statoverride --remove /usr/bin/x2gosqlitewrapper && chown root:root /usr/bin/x2gosqlitewrapper && chmod 0755 /usr/bin/x2gosqlitewrapper || true
+    # we may be upgrading versions of x2goserver that had /usr/lib/x2go/x2gosqlitewrapper.pl set to setuid user.
+    dpkg-statoverride --remove /usr/lib/x2go/x2gosqlitewrapper.pl && chown root:root /usr/lib/x2go/x2gosqlitewrapper.pl && chmod 0755 /usr/lib/x2go/x2gosqlitewrapper.pl || true
 
     ;;
 
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index 9cbf663..70ee4e5 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -25,14 +25,14 @@ use strict;
 use DBI;
 use POSIX;
 
-if ($< eq $>)
-{
-	die "Please install this program as SUID x2gouser!\n";
-}
+# retrieve home dir of x2gouser 
+my $x2gouser='x2gouser';
+my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($x2gouser);
+my $dbfile="$homedir/x2go_sessions";
 
+# retrieve account data of real user
 my $realuser=$<;
-my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwuid($>);
-my $dbfile="$homedir/x2go_sessions";
+my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($realuser);
 
 my $dbh=DBI->connect("dbi:SQLite:dbname=$dbfile","","",{AutoCommit => 1}) or die $_;
 
diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin
index 7dc98b6..00bb073 100755
--- a/x2goserver/sbin/x2godbadmin
+++ b/x2goserver/sbin/x2godbadmin
@@ -147,10 +147,10 @@ if($Config->param("backend") eq 'sqlite')
 	  
 	  $sth->finish();	  
 	  $dbh->disconnect();
-	  chmod(0700,"$dir");
-	  chown($uid,$pgid,"$dir");
-	  chmod(0600,"$dbfile");
-	  chown($uid,$pgid,"$dbfile");
+	  chmod(0750, "$dir");
+	  chown('root',$pgid,"$dir");
+	  chmod(0660, "$dbfile");
+	  chown('root',$pgid,"$dbfile");
 
 	  exit(0);
     }


hooks/post-receive
-- 
x2goserver.git (X2Go Server)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).




More information about the x2go-commits mailing list