x2goserver.git - master (branch) updated: 3.0.99-2-92-g9665542 - x2go-commits

18 Jul 2011

The branch, master has been updated
       via  96655427f63bf17cf244f44859c568366950680c (commit)
      from  30ba707a2402086c71eaf3061519a85662848aa1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 96655427f63bf17cf244f44859c568366950680c
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Mon Jul 18 21:19:21 2011 +0200

    Switch to setgid instead of setuid for SQLite wrapper.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                    |    1 +
 debian/x2goserver.postinst          |   24 ++++++++++++++----------
 x2goserver/lib/x2gosqlitewrapper.pl |   12 ++++++------
 x2goserver/sbin/x2godbadmin         |    8 ++++----
 4 files changed, 25 insertions(+), 20 deletions(-)

The diff of changes is:

diff --git a/debian/changelog b/debian/changelog
index 01aa4fd..5d44ea4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,7 @@ x2goserver (3.0.99.5-0~x2go3) UNRELEASED; urgency=low
   * Use source format 3.0 (native).
   * Fix of Debian clean rules, fix of Makefile's clean rules.
   * Breaks/replaces packages: x2goserver-one, x2goserver-home, x2goprint (instead of Conflicts).
+  * Switch to setgid instead of setuid for SQLite wrapper.
 
   [Martin Oehler]
   * Removes old debug code fragment, fixes x2golistsessions parsing.
diff --git a/debian/x2goserver.postinst b/debian/x2goserver.postinst
index bed72b7..5cbd874 100755
--- a/debian/x2goserver.postinst
+++ b/debian/x2goserver.postinst
@@ -25,31 +25,35 @@ case "$1" in
     chmod 600 /etc/x2go/x2gosql/passwords/pgadmin
 
     # setup x2gouser and group
-    if ! getent group x2gousers >/dev/null; then
-        echo "Creating x2gouser user." >&2
-        addgroup --system x2gousers
+    if ! getent group x2gouser >/dev/null; then
+        echo "Creating x2gouser group." >&2
+        addgroup --system x2gouser
     else
-        echo "User x2gouser already exists." >&2
+        echo "Group x2gouser already exists." >&2
     fi
     if ! getent passwd x2gouser >/dev/null; then
         echo "Creating x2gouser user." >&2
         adduser --system --no-create-home \
             --disabled-password --disabled-login \
-            --shell /bin/false --group --home /var/lib/x2go x2gouser
+            --shell /bin/false --group --home /var/db/x2go x2gouser
     else
         echo "User x2gouser already exists." >&2
     fi
 
-    if [ ! -f /var/lib/x2go/x2go_sessions ]; then
+    if [ ! -f /var/db/x2go/x2go_sessions ]; then
         x2godbadmin --createdb
+    else
+        # make sure db permissions are set correctly
+        chown root:x2gouser /var/db/x2go -Rf
+        chmod 0750 /var/db/x2go
+        chmod 0660 /var/db/x2go/x2go_sessions
     fi
 
     # the sqlite db has to be accessed as uid x2gouser
-    dpkg-statoverride --add --update x2gouser x2gousers 6755 /usr/lib/x2go/x2gosqlitewrapper.pl || true
+    dpkg-statoverride --add --update root x2gouser 4755 /usr/bin/x2gosqlitewrapper || true
 
-    # we may be upgrading versions of x2goserver that used perlsuid, so make sure setuid is removed
-    # from /usr/bin/x2gosqlitewrapper
-    dpkg-statoverride --remove /usr/bin/x2gosqlitewrapper && chown root:root /usr/bin/x2gosqlitewrapper && chmod 0755 /usr/bin/x2gosqlitewrapper || true
+    # we may be upgrading versions of x2goserver that had /usr/lib/x2go/x2gosqlitewrapper.pl set to setuid user.
+    dpkg-statoverride --remove /usr/lib/x2go/x2gosqlitewrapper.pl && chown root:root /usr/lib/x2go/x2gosqlitewrapper.pl && chmod 0755 /usr/lib/x2go/x2gosqlitewrapper.pl || true
 
     ;;
 
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index 9cbf663..70ee4e5 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -25,14 +25,14 @@ use strict;
 use DBI;
 use POSIX;
 
-if ($< eq $>)
-{
-	die "Please install this program as SUID x2gouser!\n";
-}
+# retrieve home dir of x2gouser 
+my $x2gouser='x2gouser';
+my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($x2gouser);
+my $dbfile="$homedir/x2go_sessions";
 
+# retrieve account data of real user
 my $realuser=$<;
-my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwuid($>);
-my $dbfile="$homedir/x2go_sessions";
+my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($realuser);
 
 my $dbh=DBI->connect("dbi:SQLite:dbname=$dbfile","","",{AutoCommit => 1}) or die $_;
 
diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin
index 7dc98b6..00bb073 100755
--- a/x2goserver/sbin/x2godbadmin
+++ b/x2goserver/sbin/x2godbadmin
@@ -147,10 +147,10 @@ if($Config->param("backend") eq 'sqlite')
 	  
 	  $sth->finish();	  
 	  $dbh->disconnect();
-	  chmod(0700,"$dir");
-	  chown($uid,$pgid,"$dir");
-	  chmod(0600,"$dbfile");
-	  chown($uid,$pgid,"$dbfile");
+	  chmod(0750, "$dir");
+	  chown('root',$pgid,"$dir");
+	  chmod(0660, "$dbfile");
+	  chown('root',$pgid,"$dbfile");
 
 	  exit(0);
     }


hooks/post-receive
-- 
x2goserver.git (X2go Server)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2go Server).

    