[X2Go-Commits] x2goserver.git - build-main (branch) updated: 3.0.99-2-92-g9665542
X2Go dev team
git-admin at x2go.org
Wed Dec 4 06:17:30 CET 2013
The branch, build-main has been updated
via 96655427f63bf17cf244f44859c568366950680c (commit)
from 30ba707a2402086c71eaf3061519a85662848aa1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
debian/changelog | 1 +
debian/x2goserver.postinst | 24 ++++++++++++++----------
x2goserver/lib/x2gosqlitewrapper.pl | 12 ++++++------
x2goserver/sbin/x2godbadmin | 8 ++++----
4 files changed, 25 insertions(+), 20 deletions(-)
The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 01aa4fd..5d44ea4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,7 @@ x2goserver (3.0.99.5-0~x2go3) UNRELEASED; urgency=low
* Use source format 3.0 (native).
* Fix of Debian clean rules, fix of Makefile's clean rules.
* Breaks/replaces packages: x2goserver-one, x2goserver-home, x2goprint (instead of Conflicts).
+ * Switch to setgid instead of setuid for SQLite wrapper.
[Martin Oehler]
* Removes old debug code fragment, fixes x2golistsessions parsing.
diff --git a/debian/x2goserver.postinst b/debian/x2goserver.postinst
index bed72b7..5cbd874 100755
--- a/debian/x2goserver.postinst
+++ b/debian/x2goserver.postinst
@@ -25,31 +25,35 @@ case "$1" in
chmod 600 /etc/x2go/x2gosql/passwords/pgadmin
# setup x2gouser and group
- if ! getent group x2gousers >/dev/null; then
- echo "Creating x2gouser user." >&2
- addgroup --system x2gousers
+ if ! getent group x2gouser >/dev/null; then
+ echo "Creating x2gouser group." >&2
+ addgroup --system x2gouser
else
- echo "User x2gouser already exists." >&2
+ echo "Group x2gouser already exists." >&2
fi
if ! getent passwd x2gouser >/dev/null; then
echo "Creating x2gouser user." >&2
adduser --system --no-create-home \
--disabled-password --disabled-login \
- --shell /bin/false --group --home /var/lib/x2go x2gouser
+ --shell /bin/false --group --home /var/db/x2go x2gouser
else
echo "User x2gouser already exists." >&2
fi
- if [ ! -f /var/lib/x2go/x2go_sessions ]; then
+ if [ ! -f /var/db/x2go/x2go_sessions ]; then
x2godbadmin --createdb
+ else
+ # make sure db permissions are set correctly
+ chown root:x2gouser /var/db/x2go -Rf
+ chmod 0750 /var/db/x2go
+ chmod 0660 /var/db/x2go/x2go_sessions
fi
# the sqlite db has to be accessed as uid x2gouser
- dpkg-statoverride --add --update x2gouser x2gousers 6755 /usr/lib/x2go/x2gosqlitewrapper.pl || true
+ dpkg-statoverride --add --update root x2gouser 4755 /usr/bin/x2gosqlitewrapper || true
- # we may be upgrading versions of x2goserver that used perlsuid, so make sure setuid is removed
- # from /usr/bin/x2gosqlitewrapper
- dpkg-statoverride --remove /usr/bin/x2gosqlitewrapper && chown root:root /usr/bin/x2gosqlitewrapper && chmod 0755 /usr/bin/x2gosqlitewrapper || true
+ # we may be upgrading versions of x2goserver that had /usr/lib/x2go/x2gosqlitewrapper.pl set to setuid user.
+ dpkg-statoverride --remove /usr/lib/x2go/x2gosqlitewrapper.pl && chown root:root /usr/lib/x2go/x2gosqlitewrapper.pl && chmod 0755 /usr/lib/x2go/x2gosqlitewrapper.pl || true
;;
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index 9cbf663..70ee4e5 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -25,14 +25,14 @@ use strict;
use DBI;
use POSIX;
-if ($< eq $>)
-{
- die "Please install this program as SUID x2gouser!\n";
-}
+# retrieve home dir of x2gouser
+my $x2gouser='x2gouser';
+my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($x2gouser);
+my $dbfile="$homedir/x2go_sessions";
+# retrieve account data of real user
my $realuser=$<;
-my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwuid($>);
-my $dbfile="$homedir/x2go_sessions";
+my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($realuser);
my $dbh=DBI->connect("dbi:SQLite:dbname=$dbfile","","",{AutoCommit => 1}) or die $_;
diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin
index 7dc98b6..00bb073 100755
--- a/x2goserver/sbin/x2godbadmin
+++ b/x2goserver/sbin/x2godbadmin
@@ -147,10 +147,10 @@ if($Config->param("backend") eq 'sqlite')
$sth->finish();
$dbh->disconnect();
- chmod(0700,"$dir");
- chown($uid,$pgid,"$dir");
- chmod(0600,"$dbfile");
- chown($uid,$pgid,"$dbfile");
+ chmod(0750, "$dir");
+ chown('root',$pgid,"$dir");
+ chmod(0660, "$dbfile");
+ chown('root',$pgid,"$dbfile");
exit(0);
}
hooks/post-receive
--
x2goserver.git (X2Go Server)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).
More information about the x2go-commits
mailing list