October 2005 - selinux - Fedora Mailing-Lists

by Paul Howarth

Having rebooted into kernel 2.6.13-1.1532_FC4 at the weekend, I found that I couldn't get a connection to my ISP (using pptp) until I added the following rule: allow pptp_t pppd_devpts_t:chr_file { read write }; I can't figure out what has changed that makes this necessary; pptp was working just fine until the reboot. (the machine had not been rebooted for several weeks so it's not easy to tell which policy or kernel update actually introduced this issue) Any ideas? Paul.

18 years, 6 months

1
0
0 / 0

New prompt at login time

by Allen, Jack

I have posted this on the redhat-list and the pam-list an no one responded. So I am trying here. Hopefully someone will have something to say that will help. I ran up2date yesterday (now a few days ago) and have my system completely up to date. I rebooted this morning (now a few days ago) and now when I login via telnet, yes that is just plain old telnet, not ssh, I get the following: ======== Red Hat Enterprise Linux AS release 4 (Nahant Update 2) Kernel 2.6.9-22.ELsmp on an i686 login: jca Password: Your default context is user_u:system_r:unconfined_t. Do you want to choose a different one? [n] ======== I just entered a CR and thought this would be a one time things. But it is not. While the prompt was being displayed I did a who and it does not show me logged in yet. I did a ps -ef | grep log and see a login process with the host name and -p option. So it appears the prompt is coming from the login program or its calls to some PAM routine. Does anybody know where this is controlled so I can set a default and not be prompted each time? Also exactly what is this controlling? If I do id, it shows context=user_u:system_r:unconfined_t Some things I have been able to find out and more questions. I did man -k context and discovered the get_default_context routine. Doing man get_default_context tells me about get_default_context_list get_ordered_context_list queries the SE Linux policy database in the kernel and some configuration files to determine an ordered list of contexts that may be used for login sessions. The list must be freed with freeconary. The possible roles and domains will be read from /etc/security/default_contexts and .default_contexts in the home directory of the user in question. My question now is what is the format of the files listed above? manual_user_enter_context allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon. So I assume this is why I am getting prompted. I found default_contexts in /etc/selinux/targeted/contexts and it contains: system_r:unconfined_t system_r:unconfined_t I also found that if I removed the multiple option for pam_selinux.so, in remote located in /etc/pam.d, I do not get the prompt. So is this the correct place to correct this? That is the next time I run up2date and there is an update to remote is it going to get replaced and I will have to remove it again? Or is there another place that controls this that would be better to change. Thanks: Jack Allen

18 years, 7 months

2
1
0 / 0

zip unzip - restore xattr patches

by Debora Velarde

Below are patches to zip and unzip that will allow administrators to restore extended attributes. I understand star already does this, but this gives administrators another option. Usage: zip Will store extended attributes in the archive file by default unless the existing option: "-X eXclude eXtra file attributes" is used. unzip Will NOT restore extended attributes by default. Will only restore extended attributes if used with the new option: "-E restore extended attributes". The new -E option can only be used in conjunction with the existing: "-X restore UID/GID info" option. Users can still choose to restore only the UID/GID info with the existing '-X' option. Please send me any feedback. Thanks, debora diff -urpN zip-2.3.orig/unix/Makefile zip-2.3/unix/Makefile --- zip-2.3.orig/unix/Makefile 2005-10-10 13:55:45.000000000 -0500 +++ zip-2.3/unix/Makefile 2005-10-24 15:38:44.000000000 -0500 @@ -59,7 +59,7 @@ OBJN = zipnote.o $(OBJU) OBJC = zipcloak.o $(OBJU) crctab.o crypt_.o ttyio.o OBJS = zipsplit.o $(OBJU) -ZIP_H = zip.h ziperr.h tailor.h unix/osdep.h +ZIP_H = zip.h ziperr.h tailor.h unix/osdep.h unix/xattr.h # suffix rules .SUFFIXES: diff -urpN zip-2.3.orig/unix/unix.c zip-2.3/unix/unix.c --- zip-2.3.orig/unix/unix.c 2005-10-10 13:55:45.000000000 -0500 +++ zip-2.3/unix/unix.c 2005-10-24 15:38:44.000000000 -0500 @@ -11,6 +11,7 @@ #ifndef UTIL /* the companion #endif is a bit of ways down ... */ #include <time.h> +#include "xattr.h" #if defined(MINIX) || defined(__mpexl) # ifdef S_IWRITE @@ -40,6 +41,8 @@ # endif #endif /* HAVE_DIRENT_H || _POSIX_VERSION */ +#include <attr/xattr.h> + #define PAD 0 #define PATH_END '/' @@ -436,19 +439,80 @@ int set_extra_field(z, z_utim) struct stat s; #endif +char * xa_list; +char * xa_name; +char * xa_value; +ssize_t xa_list_len=0; +ssize_t xa_name_len=0; +ssize_t xa_value_len=0; +int value_len=0; +int largest_value_len=0; +int ext_index=0; +int xa_pairs_found=0; +int value_index=1; +int i=0, j=0; + /* For the full sized UT local field including the UID/GID fields, we * have to stat the file again. */ if (LSSTAT(z->name, &s)) return ZE_OPEN; + #define EB_L_UT_SIZE (EB_HEADSIZE + EB_UT_LEN(2)) #define EB_C_UT_SIZE (EB_HEADSIZE + EB_UT_LEN(1)) #define EB_L_UX2_SIZE (EB_HEADSIZE + EB_UX2_MINLEN) #define EB_C_UX2_SIZE EB_HEADSIZE -#define EF_L_UNIX_SIZE (EB_L_UT_SIZE + EB_L_UX2_SIZE) -#define EF_C_UNIX_SIZE (EB_C_UT_SIZE + EB_C_UX2_SIZE) +#define EB_L_XA_SIZE (EB_HEADSIZE + EB_XA_MINLEN) +#define EB_C_XA_SIZE EB_HEADSIZE - if ((z->extra = (char *)malloc(EF_L_UNIX_SIZE)) == NULL) + /* Get size of xattr name list */ + /* Calling listxattr with NULL and zero returns the size */ + xa_list_len = listxattr(z->name, NULL, 0); + + if (xa_list_len > 0) { + + /* now that we know the size, alloc space for list */ + if ((xa_list = malloc(xa_list_len+1)) == NULL) + return ZE_MEM; + + /* Get the list of xattr names */ + xa_list_len = listxattr(z->name, xa_list, xa_list_len); + if (xa_list_len < 0) + return ZE_XATTR; + xa_name = xa_list; + xa_name_len = xa_list_len; + + /* figure out how many xattr names there are in the list */ + xa_pairs_found=get_xattr_count(xa_list, xa_list_len); + if (xa_pairs_found < 1) + return ZE_XATTR; + + /* Need to figure out the largest value_len before calling malloc */ + /* also need the sum of all value_lens; store it in xa_value_len */ + for (value_index=1; value_index <= xa_pairs_found; value_index++) { + xa_name=get_xattr_name(xa_list, xa_list_len, value_index); + if (xa_name == (char *)NULL) + return ZE_XATTR; + value_len=getxattr(z->name, xa_name, xa_value, 0); + if (value_len < 0) + return ZE_XATTR; + if (value_len > largest_value_len) + largest_value_len = value_len; + xa_value_len=xa_value_len + value_len + 1; + } + if ((xa_value = malloc(largest_value_len+1)) == NULL) + return ZE_MEM; + } + +#define EB_L_XN_SIZE (EB_HEADSIZE + EB_XA_MINLEN + xa_name_len) +#define EB_C_XN_SIZE EB_HEADSIZE +#define EB_L_XV_SIZE (EB_HEADSIZE + EB_XA_MINLEN + xa_value_len) +#define EB_C_XV_SIZE EB_HEADSIZE +#define EF_L_UNIX_SIZE (EB_L_UT_SIZE + EB_L_UX2_SIZE + EB_L_XA_SIZE + EB_L_XN_SIZE + EB_L_XV_SIZE) +#define EF_C_UNIX_SIZE (EB_C_UT_SIZE + EB_C_UX2_SIZE + EB_C_XA_SIZE + EB_C_XN_SIZE + EB_C_XV_SIZE) + + z->ext = EF_L_UNIX_SIZE; + if ((z->extra = (char *)malloc(z->ext)) == NULL) return ZE_MEM; if ((z->cextra = (char *)malloc(EF_C_UNIX_SIZE)) == NULL) return ZE_MEM; @@ -474,7 +538,71 @@ int set_extra_field(z, z_utim) z->extra[18] = (char)(s.st_uid >> 8); z->extra[19] = (char)(s.st_gid); z->extra[20] = (char)(s.st_gid >> 8); - z->ext = EF_L_UNIX_SIZE; + z->extra[21] = 'X'; + z->extra[22] = 'A'; + z->extra[23] = (char) xa_pairs_found; /* Number of xattr attributes*/ + z->extra[24] = 0; + z->extra[25] = 'X'; + z->extra[26] = 'N'; + z->extra[27] = (char) xa_name_len; /* length of xattr name list*/ + z->extra[28] = 0; + + ext_index=29; + + if (xa_list_len > 0) { + +/* Put all the xattr names in extra field */ + for (i=1; i<=xa_pairs_found; i++) { + xa_name=get_xattr_name(xa_list, xa_list_len, i); + if (xa_name == (char *)NULL) + return ZE_XATTR; + xa_name_len=strlen(xa_name); + if (xa_name_len < 1) + return ZE_XATTR; + for (j=0; j<xa_name_len; j++) { + z->extra[ext_index+j]=(char) xa_name[j]; + } + ext_index = ext_index+j; + z->extra[ext_index] = '\0'; + ext_index++; + } + + z->extra[ext_index] = 'X'; + ext_index++; + z->extra[ext_index] = 'V'; + ext_index++; + z->extra[ext_index] = (char) xa_value_len; /* length of xattr value list*/ + ext_index++; + z->extra[ext_index] = 0; + ext_index++; + +/* Put all the xattr values in extra field */ + for (value_index=1; value_index <= xa_pairs_found; value_index++) { + xa_name=get_xattr_name(xa_list, xa_list_len, value_index); + if (xa_name == (char *)NULL) + return ZE_XATTR; + value_len=getxattr(z->name, xa_name, xa_value, 0); + if (value_len < 1) + return ZE_XATTR; + xa_value=memset(xa_value, 0, largest_value_len+1); + if (xa_value == (char *) NULL) + return ZE_MEM; + value_len=getxattr(z->name, xa_name, xa_value, value_len); + if (value_len < 1) + return ZE_XATTR; + + for (j=0; j<value_len; j++) { + z->extra[ext_index+j]=(char) xa_value[j]; + } + ext_index = ext_index+j; + z->extra[ext_index] = '\0'; + ext_index++; + } + + } /* if xa_list_len > 0 */ + + free(xa_list); + free(xa_value); memcpy(z->cextra, z->extra, EB_C_UT_SIZE); z->cextra[EB_LEN] = (char)EB_UT_LEN(1); diff -urpN zip-2.3.orig/unix/xattr.h zip-2.3/unix/xattr.h --- zip-2.3.orig/unix/xattr.h 1969-12-31 18:00:00.000000000 -0600 +++ zip-2.3/unix/xattr.h 2005-10-24 15:42:43.000000000 -0500 @@ -0,0 +1,67 @@ +/* + Copyright (C) 2005 IBM Corporation + Copyright (c) 1990-1999 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 1999-Oct-05 or later + (the contents of which are also included in zip.h) for terms of use. + If, for some reason, both of these files are missing, the Info-ZIP license + also may be found at: ftp://ftp.cdrom.com/pub/infozip/license.html +*/ + + +int get_xattr_count(char * xa_list, int xa_list_size) +{ +/* xattr names have the form name1.name2 */ +/* A file can have any number of xattr name pairs */ +/* This function returns the number of name pairs found */ +/* If list passed in is NULL or list size is less than 1 + function returns 0 */ + + int i=0; + int p=0; + + if ( (xa_list == (char *) NULL) || (xa_list_size < 1)) + return 0; + + while (i < xa_list_size) { + if ( xa_list[i] != '\0') { + i++; + } else { + i++; + p++; + } + } + return p; +} + +char * get_xattr_name(char * xa_list, int xa_list_size, int pair) +{ +/* xattr names have the form name1.name2 */ +/* A file can have any number of xattr name pairs */ +/* This function returns a pointer to the specified name pair */ +/* If list is NULL or size or pair are less than 1, then + function returns NULL */ + + int i=0; + int p=1; + char * tmp; + + tmp=NULL; + + if ( (xa_list == (char *) NULL) || (xa_list_size < 1) || (pair < 1) ) + return NULL; + + while ( (i < xa_list_size) && ( p != pair) ) { + if ( xa_list[i] != '\0') { + i++; + } else { + i++; + p++; + } + } + + if ( (p==pair) && (i < xa_list_size) ) + tmp=&xa_list[i]; + + return tmp; +} diff -urpN zip-2.3.orig/zip.c zip-2.3/zip.c --- zip-2.3.orig/zip.c 2005-10-10 14:11:49.000000000 -0500 +++ zip-2.3/zip.c 2005-10-24 15:38:44.000000000 -0500 @@ -980,7 +980,7 @@ char **argv; /* command line zp_tz_is_valid = VALID_TIMEZONE(p); #if (defined(AMIGA) || defined(DOS)) if (!zp_tz_is_valid) - extra_fields = 0; /* disable storing "UT" time stamps and xatter info*/ + extra_fields = 0; /* disable storing "UT" time stamps */ #endif /* AMIGA || DOS */ #endif /* IZ_CHECK_TZ && USE_EF_UT_TIME */ diff -urpN zip-2.3.orig/ziperr.h zip-2.3/ziperr.h --- zip-2.3.orig/ziperr.h 2005-10-10 13:55:45.000000000 -0500 +++ zip-2.3/ziperr.h 2005-10-24 15:38:44.000000000 -0500 @@ -31,8 +31,9 @@ #define ZE_CREAT 15 /* couldn't open to write */ #define ZE_PARMS 16 /* bad command line */ #define ZE_OPEN 18 /* could not open a specified file to read */ +#define ZE_XATTR 19 /* xattr error occurred */ -#define ZE_MAXERR 18 /* the highest error number */ +#define ZE_MAXERR 19 /* the highest error number */ /* Macro to determine whether to call perror() or not */ #define PERR(e) (e==ZE_READ||e==ZE_WRITE||e==ZE_CREAT||e==ZE_TEMP||e==ZE_OPEN) @@ -58,6 +59,7 @@ char *errors[ZE_MAXERR] = { /* 16 */ "Invalid command arguments", /* 17 */ "", /* 18 */ "File not found or no read permission" +/* 19 */ "Extended attributes failure" # ifdef AZTEC_C , /* extremely lame compiler bug workaround */ # endif diff -urpN zip-2.3.orig/zip.h zip-2.3/zip.h --- zip-2.3.orig/zip.h 2005-10-10 13:55:45.000000000 -0500 +++ zip-2.3/zip.h 2005-10-24 15:38:44.000000000 -0500 @@ -171,6 +171,9 @@ struct plist { #define EF_SPARK 0x4341 /* David Pilling's Acorn/SparkFS ("AC") */ #define EF_THEOS 0x6854 /* THEOS ("Th") */ #define EF_TANDEM 0x4154 /* Tandem NSK ("TA") */ +#define EF_XATTR 0x4158 /* XATTR ("XA") */ +#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */ +#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */ /* Definitions for extra field handling: */ #define EF_SIZE_MAX ((unsigned)0xFFFF) /* hard limit of total e.f. length */ @@ -199,6 +202,8 @@ struct plist { #define EB_UX2_GID 2 /* byte offset of GID in "Ux" field data */ #define EB_UX2_VALID (1 << 8) /* UID/GID present */ +#define EB_XA_MINLEN 4 /* minimal XA field contains count */ + /* ASCII definitions for line terminators in text files: */ #define LF 10 /* '\n' on ASCII machines; must be 10 due to EBCDIC */ #define CR 13 /* '\r' on ASCII machines; must be 13 due to EBCDIC */ diff -urpN zip-2.3.orig/zip.h.4gb zip-2.3/zip.h.4gb --- zip-2.3.orig/zip.h.4gb 2005-10-10 13:55:45.000000000 -0500 +++ zip-2.3/zip.h.4gb 2005-10-24 15:38:44.000000000 -0500 @@ -171,6 +171,9 @@ struct plist { #define EF_SPARK 0x4341 /* David Pilling's Acorn/SparkFS ("AC") */ #define EF_THEOS 0x6854 /* THEOS ("Th") */ #define EF_TANDEM 0x4154 /* Tandem NSK ("TA") */ +#define EF_XATTR 0x4158 /* XATTR ("XA") */ +#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */ +#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */ /* Definitions for extra field handling: */ #define EF_SIZE_MAX ((unsigned)0xFFFF) /* hard limit of total e.f. length */ @@ -199,6 +202,8 @@ struct plist { #define EB_UX2_GID 2 /* byte offset of GID in "Ux" field data */ #define EB_UX2_VALID (1 << 8) /* UID/GID present */ +#define EB_XA_MINLEN 4 /* minimal XA field contains count */ + /* ASCII definitions for line terminators in text files: */ #define LF 10 /* '\n' on ASCII machines; must be 10 due to EBCDIC */ #define CR 13 /* '\r' on ASCII machines; must be 13 due to EBCDIC */ diff -urpN zip-2.3.orig/zip.h.zip zip-2.3/zip.h.zip --- zip-2.3.orig/zip.h.zip 2005-10-10 13:55:45.000000000 -0500 +++ zip-2.3/zip.h.zip 2005-10-24 15:38:44.000000000 -0500 @@ -170,6 +170,10 @@ struct plist { #define EF_SPARK 0x4341 /* David Pilling's Acorn/SparkFS ("AC") */ #define EF_THEOS 0x6854 /* THEOS ("Th") */ #define EF_TANDEM 0x4154 /* Tandem NSK ("TA") */ +#define EF_XATTR 0x4158 /* XATTR ("XA") */ +#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */ +#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */ + /* Definitions for extra field handling: */ #define EF_SIZE_MAX ((unsigned)0xFFFF) /* hard limit of total e.f. length */ @@ -198,6 +202,8 @@ struct plist { #define EB_UX2_GID 2 /* byte offset of GID in "Ux" field data */ #define EB_UX2_VALID (1 << 8) /* UID/GID present */ +#define EB_XA_MINLEN 4 /* minimal XA field contains count */ + /* ASCII definitions for line terminators in text files: */ #define LF 10 /* '\n' on ASCII machines; must be 10 due to EBCDIC */ #define CR 13 /* '\r' on ASCII machines; must be 13 due to EBCDIC */ diff -urpN unzip-5.51.orig/extract.c unzip-5.51/extract.c --- unzip-5.51.orig/extract.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/extract.c 2005-10-24 16:09:09.000000000 -0500 @@ -1908,6 +1908,9 @@ static int TestExtraField(__G__ ef, ef_l case EF_ASIUNIX: case EF_IZVMS: case EF_IZUNIX: + case EF_XATTR: + case EF_XA_NAME: + case EF_XA_VALUE: case EF_VMCMS: case EF_MVS: case EF_SPARK: diff -urpN unzip-5.51.orig/fileio.c unzip-5.51/fileio.c --- unzip-5.51.orig/fileio.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/fileio.c 2005-10-24 16:09:09.000000000 -0500 @@ -1833,6 +1833,9 @@ int check_for_newer(__G__ filename) /* #ifdef USE_EF_UT_TIME iztimes z_utime; #endif +#ifdef USE_EF_XATTR + izxattr z_xattr; +#endif #ifdef AOS_VS long dyy, dmm, ddd, dhh, dmin, dss; @@ -1902,7 +1905,11 @@ int check_for_newer(__G__ filename) /* G.tz_is_valid && #endif (ef_scan_for_izux(G.extra_field, G.lrec.extra_field_length, 0, +#ifdef USE_EF_XATTR + G.lrec.last_mod_dos_datetime, &z_utime, NULL, &z_xattr) +#else G.lrec.last_mod_dos_datetime, &z_utime, NULL) +#endif & EB_UT_FL_MTIME)) { TTrace((stderr, "check_for_newer: using Unix extra field mtime\n")); diff -urpN unzip-5.51.orig/list.c unzip-5.51/list.c --- unzip-5.51.orig/list.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/list.c 2005-10-24 16:09:09.000000000 -0500 @@ -104,6 +104,9 @@ int list_files(__G) /* return PK-type iztimes z_utime; struct tm *t; #endif +#ifdef USE_EF_XATTR + izxattr z_xattr; +#endif unsigned yr, mo, dy, hh, mm; ulg csiz; unsigned long long tot_csize=0, tot_ucsize=0; @@ -268,7 +271,12 @@ int list_files(__G) /* return PK-type G.tz_is_valid && #endif (ef_scan_for_izux(G.extra_field, G.crec.extra_field_length, 1, - G.crec.last_mod_dos_datetime, &z_utime, NULL) + G.crec.last_mod_dos_datetime, &z_utime, +#ifdef USE_EF_XATTR + NULL, &z_xattr) +#else + NULL) +#endif & EB_UT_FL_MTIME)) { TIMET_TO_NATIVE(z_utime.mtime) /* NOP unless MSC 7.0, Mac */ @@ -509,6 +517,9 @@ int get_time_stamp(__G__ last_modtime, n #ifdef USE_EF_UT_TIME iztimes z_utime; #endif +#ifdef USE_EF_XATTR + iztimes z_xattr; +#endif min_info info; @@ -594,7 +605,12 @@ int get_time_stamp(__G__ last_modtime, n G.tz_is_valid && #endif (ef_scan_for_izux(G.extra_field, G.crec.extra_field_length, 1, - G.crec.last_mod_dos_datetime, &z_utime, NULL) + G.crec.last_mod_dos_datetime, &z_utime, +#ifdef USE_EF_XATTR + NULL, &z_xattr) +#else + NULL) +#endif & EB_UT_FL_MTIME)) { if (*last_modtime < z_utime.mtime) diff -urpN unzip-5.51.orig/Makefile unzip-5.51/Makefile --- unzip-5.51.orig/Makefile 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/Makefile 2005-10-24 16:09:09.000000000 -0500 @@ -81,14 +81,14 @@ CRC32 = crc32 OSDEP_H = # object files -OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O +OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O xattr$O OBJS2 = extract$O fileio$O globals$O inflate$O list$O match$O OBJS3 = process$O ttyio$O unreduce$O unshrink$O zipinfo$O OBJS = $(OBJS1) $(OBJS2) $(OBJS3) $M$O LOBJS = $(OBJS) OBJSDLL = $(OBJS:.o=.pic.o) api.pic.o OBJX = unzipsfx$O $(CRC32)$O crctab_$O crypt_$O extract_$O fileio_$O \ - globals_$O inflate_$O match_$O process_$O ttyio_$O $M_$O + globals_$O inflate_$O match_$O process_$O ttyio_$O xattr_$O $M_$O LOBJX = $(OBJX) OBJF = funzip$O $(CRC32)$O cryptf$O globalsf$O inflatef$O ttyiof$O #OBJS_OS2 = $(OBJS1:.o=.obj) $(OBJS2:.o=.obj) os2.obj @@ -300,6 +300,7 @@ ttyio$O: ttyio.c $(UNZIP_H) zip.h crypt. unreduce$O: unreduce.c $(UNZIP_H) unshrink$O: unshrink.c $(UNZIP_H) unzip$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h +xattr$O: xattr.c $(UNZIP_H) zipinfo$O: zipinfo.c $(UNZIP_H) unzipsfx$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h # unzipsfx only @@ -342,6 +343,11 @@ match_$O: match.c $(UNZIP_H) # unzips $(CC) -c $(CF) -DSFX match_.c $(RM) match_.c +xattr_$O: xattr.c $(UNZIP_H) # unzipsfx only + -$(CP) xattr.c xattr_.c + $(CC) -c $(CF) -DSFX xattr_.c + $(RM) xattr_.c + process_$O: process.c $(UNZIP_H) # unzipsfx only -$(CP) process.c process_.c $(CC) -c $(CF) -DSFX process_.c diff -urpN unzip-5.51.orig/process.c unzip-5.51/process.c --- unzip-5.51.orig/process.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/process.c 2005-10-24 16:09:09.000000000 -0500 @@ -1300,15 +1300,22 @@ int process_local_file_hdr(__G) /* re /*******************************/ /* Function ef_scan_for_izux() */ /*******************************/ - +#ifdef USE_EF_XATTR +unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + z_utim, z_uidgid, z_xattr) +#else unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, z_utim, z_uidgid) +#endif ZCONST uch *ef_buf; /* buffer containing extra field */ unsigned ef_len; /* total length of extra field */ int ef_is_c; /* flag indicating "is central extra field" */ ulg dos_mdatetime; /* last_mod_file_date_time in DOS format */ iztimes *z_utim; /* return storage: atime, mtime, ctime */ ush *z_uidgid; /* return storage: uid and gid */ +#ifdef USE_EF_XATTR + izxattr *z_xattr; /* return storage: xattr names, values, lens, count */ +#endif { unsigned flags = 0; unsigned eb_id; @@ -1342,6 +1349,12 @@ unsigned ef_scan_for_izux(ef_buf, ef_len if (ef_len == 0 || ef_buf == NULL || (z_utim == 0 && z_uidgid == NULL)) return 0; +#ifdef USE_EF_XATTR + if (z_xattr == NULL) + return 0; + z_xattr->count=0; +#endif + TTrace((stderr,"\nef_scan_for_izux: scanning extra field of length %u\n", ef_len)); @@ -1358,6 +1371,56 @@ unsigned ef_scan_for_izux(ef_buf, ef_len } switch (eb_id) { +#ifdef USE_EF_XATTR + case EF_XATTR: + z_xattr->count=eb_len; + if (z_xattr->count > 0) { + ef_buf += EB_HEADSIZE; + ef_len -= EB_HEADSIZE; + eb_id = makeword(EB_ID + ef_buf); + } else { + break; + } + case EF_XA_NAME: + if (z_xattr->count > 0) { + ef_buf += EB_HEADSIZE; + ef_len -= EB_HEADSIZE; + if ((z_xattr->xa_name=malloc(ef_len)) == (char *)NULL) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(CannotAllocateBuffers))); + return 0; + } + z_xattr->xa_name_len=copy_xattr(ef_buf, z_xattr->xa_name, z_xattr->count); + if (z_xattr->xa_name_len < 0) { + TTrace((stderr, + " XATTR name error; ignore e.f.!\n")); + break; /* stop scanning this field */ + } + ef_buf += z_xattr->xa_name_len; + ef_len -= z_xattr->xa_name_len; + } else { + break; + } + case EF_XA_VALUE: + if (z_xattr->count > 0) { + ef_buf += EB_HEADSIZE; + ef_len -= EB_HEADSIZE; + if ((z_xattr->xa_value=malloc(ef_len)) == (char *)NULL) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(CannotAllocateBuffers))); + return 0; + } + z_xattr->xa_value_len=copy_xattr(ef_buf, z_xattr->xa_value, z_xattr->count); + if (z_xattr->xa_value_len <= 0) { + TTrace((stderr, + " XATTR value error; ignore e.f.!\n")); + break; /* stop scanning this field */ + } + ef_buf += z_xattr->xa_value_len; + ef_len -= z_xattr->xa_value_len; + } + break; +#endif case EF_TIME: flags &= ~0x0ff; /* ignore previous IZUNIX or EF_TIME fields */ have_new_type_eb = TRUE; diff -urpN unzip-5.51.orig/unix/Makefile unzip-5.51/unix/Makefile --- unzip-5.51.orig/unix/Makefile 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/unix/Makefile 2005-10-24 16:09:09.000000000 -0500 @@ -81,14 +81,14 @@ CRC32 = crc32 OSDEP_H = # object files -OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O +OBJS1 = unzip$O $(CRC32)$O crctab$O crypt$O envargs$O explode$O xattr$O OBJS2 = extract$O fileio$O globals$O inflate$O list$O match$O OBJS3 = process$O ttyio$O unreduce$O unshrink$O zipinfo$O OBJS = $(OBJS1) $(OBJS2) $(OBJS3) $M$O LOBJS = $(OBJS) OBJSDLL = $(OBJS:.o=.pic.o) api.pic.o OBJX = unzipsfx$O $(CRC32)$O crctab_$O crypt_$O extract_$O fileio_$O \ - globals_$O inflate_$O match_$O process_$O ttyio_$O $M_$O + globals_$O inflate_$O match_$O process_$O ttyio_$O xattr_$O $M_$O LOBJX = $(OBJX) OBJF = funzip$O $(CRC32)$O cryptf$O globalsf$O inflatef$O ttyiof$O #OBJS_OS2 = $(OBJS1:.o=.obj) $(OBJS2:.o=.obj) os2.obj @@ -300,6 +300,7 @@ ttyio$O: ttyio.c $(UNZIP_H) zip.h crypt. unreduce$O: unreduce.c $(UNZIP_H) unshrink$O: unshrink.c $(UNZIP_H) unzip$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h +xattr$O: xattr.c $(UNZIP_H) zipinfo$O: zipinfo.c $(UNZIP_H) unzipsfx$O: unzip.c $(UNZIP_H) crypt.h unzvers.h consts.h # unzipsfx only @@ -342,6 +343,11 @@ match_$O: match.c $(UNZIP_H) # unzips $(CC) -c $(CF) -DSFX match_.c $(RM) match_.c +xattr_$O: xattr.c $(UNZIP_H) # unzipsfx only + -$(CP) xattr.c xattr_.c + $(CC) -c $(CF) -DSFX xattr_.c + $(RM) xattr_.c + process_$O: process.c $(UNZIP_H) # unzipsfx only -$(CP) process.c process_.c $(CC) -c $(CF) -DSFX process_.c diff -urpN unzip-5.51.orig/unix/unix.c unzip-5.51/unix/unix.c --- unzip-5.51.orig/unix/unix.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/unix/unix.c 2005-10-24 16:09:09.000000000 -0500 @@ -83,6 +83,7 @@ typedef struct uxdirattr { /* struc int have_uidgid; /* flag */ ush uidgid[2]; char fnbuf[1]; /* buffer stub for directory name */ + izxattr z_xattr; /* struct for xattr names and values */ } uxdirattr; #define UxAtt(d) ((uxdirattr *)d) /* typecast shortcut */ #endif /* SET_DIR_ATTRIB */ @@ -932,12 +933,13 @@ int mkdir(path, mode) #if (!defined(MTS) || defined(SET_DIR_ATTRIB)) -static int get_extattribs OF((__GPRO__ iztimes *pzt, ush z_uidgid[2])); +static int get_extattribs OF((__GPRO__ iztimes *pzt, ush z_uidgid[2], izxattr *pzxattr)); -static int get_extattribs(__G__ pzt, z_uidgid) +static int get_extattribs(__G__ pzt, z_uidgid, pzxattr) __GDEF iztimes *pzt; ush z_uidgid[2]; + izxattr *pzxattr; { /*--------------------------------------------------------------------------- Convert from MSDOS-format local time and date to Unix-format 32-bit GMT @@ -957,7 +959,13 @@ static int get_extattribs(__G__ pzt, z_u #else pzt, #endif - z_uidgid) : 0); + z_uidgid, +#ifdef USE_EF_XATTR + pzxattr) : 0); +#else + NULL) : 0); +#endif + if (eb_izux_flg & EB_UT_FL_MTIME) { TTrace((stderr, "\nget_extattribs: Unix e.f. modif. time = %ld\n", pzt->mtime)); @@ -1000,7 +1008,14 @@ void close_outfile(__G) /* GRR: chang ztimbuf t2; /* modtime, actime */ } zt; ush z_uidgid[2]; + izxattr z_xattr; int have_uidgid_flg; + int rc=0; + char *name; + char *value; + int i; + int value_len; + int largest_value_len=0; fchmod(fileno(G.outfile), 0400); @@ -1090,7 +1105,7 @@ void close_outfile(__G) /* GRR: chang } #endif - have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid); + have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid, &z_xattr); /* if -X option was specified and we have UID/GID info, restore it */ if (have_uidgid_flg) { @@ -1108,6 +1123,54 @@ void close_outfile(__G) /* GRR: chang } } +#ifdef USE_EF_XATTR +/* if -E option was specified attempt to restore extended attribute info */ + if (uO.E_flag && (!have_uidgid_flg)) { + Info(slide, 0x201, ((char *)slide, + " (warning) unable to restore extended attributes for %s\n", FnFilter1(G.filename))); + } + if (uO.E_flag && have_uidgid_flg) { + /* Restore extended attributes info */ + if (z_xattr.count > 0) { + /* Need to figure out the largest value_len before calling malloc */ + for (i=1; i<=z_xattr.count; i++) { + name = get_xattr_name(z_xattr.xa_name, z_xattr.xa_name_len, i); + value_len=getxattr(z_xattr.xa_name, name, value, 0); + if (value_len > largest_value_len) + largest_value_len = value_len; + } + if ((value = malloc(largest_value_len+1)) == (char *)NULL) { + Info(slide, 0x201, ((char *)slide, + "warning: xattr (%s) failed: no mem\n", + FnFilter1(G.filename))); + return; + } else { + /* Set all xattr name and value pairs */ + for (i=1; i<=z_xattr.count; i++) { + name = get_xattr_name(z_xattr.xa_name, z_xattr.xa_name_len, i); + if (name == (char *) NULL) { + Info(slide, 0x201, ((char *)slide, + " (warning) cannot restore extended attributes for %s\n", FnFilter1(G.filename))); + } + value = get_xattr_value(z_xattr.xa_value, z_xattr.xa_value_len, i); + if (value == (char *) NULL) { + Info(slide, 0x201, ((char *)slide, + " (warning) cannot restore extended attributes for %s\n", FnFilter1(G.filename))); + } + rc = setxattr(G.filename, name, value, strlen(value), 0); + if (rc != 0) { + Info(slide, 0x201, ((char *)slide, + " (warning) cannot restore extended attributes for %s\n", FnFilter1(G.filename))); + } + } + } + } else { + Info(slide, 0x201, ((char *)slide, + " (warning) cannot restore extended attributes for %s\n", FnFilter1(G.filename))); + } + } +#endif + /* set the file's access and modification times */ if (utime(G.filename, &(zt.t2))) { #ifdef AOS_VS @@ -1160,7 +1223,7 @@ int defer_dir_attribs(__G__ pd) d_entry->perms = G.pInfo->file_attr; d_entry->have_uidgid = get_extattribs(__G__ &(d_entry->u.t3), - d_entry->uidgid); + d_entry->uidgid, &(d_entry->z_xattr)); return PK_OK; } /* end function defer_dir_attribs() */ diff -urpN unzip-5.51.orig/unix/unxcfg.h unzip-5.51/unix/unxcfg.h --- unzip-5.51.orig/unix/unxcfg.h 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/unix/unxcfg.h 2005-10-24 16:09:09.000000000 -0500 @@ -122,6 +122,8 @@ #endif #define RESTORE_UIDGID +#define USE_EF_XATTR + /* Static variables that we have to add to Uz_Globs: */ #define SYSTEM_SPECIFIC_GLOBALS \ int created_dir, renamed_fullpath;\ diff -urpN unzip-5.51.orig/unzip.c unzip-5.51/unzip.c --- unzip-5.51.orig/unzip.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/unzip.c 2005-10-24 16:09:09.000000000 -0500 @@ -143,6 +143,8 @@ static ZCONST char Far InvalidOptionsMsg -fn or any combination of -c, -l, -p, -t, -u and -v options invalid\n"; static ZCONST char Far IgnoreOOptionMsg[] = "caution: both -n and -o specified; ignoring -o\n"; +static ZCONST char Far InvalidEModifierMsg[] = "error:\ + -E modifier cannot be used without -X modifier\n"; /* usage() strings */ #ifndef SFX @@ -238,12 +240,30 @@ M pipe through \"more\" pager #else /* !VMS */ #ifdef BEO_UNX static ZCONST char Far local2[] = " -X restore UID/GID info"; +#ifdef USE_EF_XATTR +#ifdef MORE + static ZCONST char Far local3[] = " \ +-E restore extended attributes -M pipe through \"more\" pager\n"; +#else /* !MORE */ + static ZCONST char Far local3[] = " \ +-E restore extended attributes\n"; +#endif +#else /* !USE_EF_XATTR */ +#ifdef MORE + static ZCONST char Far local3[] = "\ + -M pipe through \"more\" pager\n"; +#else /* !MORE */ + static ZCONST char Far local3[] = "\n"; +#endif +#endif +/* #ifdef MORE static ZCONST char Far local3[] = "\ -M pipe through \"more\" pager\n"; #else static ZCONST char Far local3[] = "\n"; #endif +*/ #else /* !BEO_UNX */ #ifdef TANDEM static ZCONST char Far local2[] = "\ @@ -1222,6 +1242,15 @@ int uz_opts(__G__ pargc, pargv) } break; #endif /* MACOS */ +#ifdef UNIX + case ('E'): /* -E [UNIX] restore extended attributes */ + if( negative ) { + uO.E_flag = FALSE, negative = 0; + } else { + uO.E_flag = TRUE; + } + break; +#endif /* MACOS */ case ('f'): /* "freshen" (extract only newer files) */ if (negative) uO.fflag = uO.uflag = FALSE, negative = 0; @@ -1521,6 +1550,13 @@ opts_done: /* yes, very ugly...but only Info(slide, 0x401, ((char *)slide, LoadFarString(InvalidOptionsMsg))); error = TRUE; } +#ifdef UNIX + if (uO.E_flag && (!uO.X_flag)) + { + Info(slide, 0x401, ((char *)slide, LoadFarString(InvalidEModifierMsg))); + error = TRUE; + } +#endif if (uO.aflag > 2) uO.aflag = 2; #ifdef VMS diff -urpN unzip-5.51.orig/unzip.h unzip-5.51/unzip.h --- unzip-5.51.orig/unzip.h 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/unzip.h 2005-10-24 16:09:09.000000000 -0500 @@ -438,6 +438,9 @@ typedef struct _UzpOpts { #ifdef MACOS int E_flag; /* -E: [MacOS] show Mac extra field during restoring */ #endif +#ifdef UNIX + int E_flag; /* -E: [Unix] restore extended attributes */ +#endif int fflag; /* -f: "freshen" (extract only newer files) */ #if (defined(RISCOS) || defined(ACORN_FTYPE_NFS)) int acorn_nfs_ext; /* -F: RISC OS types & NFS filetype extensions */ @@ -571,6 +574,7 @@ typedef struct central_directory_file_he #define PK_FIND 11 /* no files found */ #define PK_DISK 50 /* disk full */ #define PK_EOF 51 /* unexpected EOF */ +#define PK_XATTR 52 /* extended attributes error */ #define IZ_CTRLC 80 /* user hit ^C to terminate */ #define IZ_UNSUP 81 /* no files found: all unsup. compr/encrypt. */ diff -urpN unzip-5.51.orig/unzpriv.h unzip-5.51/unzpriv.h --- unzip-5.51.orig/unzpriv.h 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/unzpriv.h 2005-10-24 16:09:09.000000000 -0500 @@ -1433,6 +1433,9 @@ #define EF_THEOSO 0x4854 /* old Theos port */ #define EF_MD5 0x4b46 /* Fred Kantor's MD5 ("FK") */ #define EF_ASIUNIX 0x756e /* ASi's Unix ("nu") */ +#define EF_XATTR 0x4158 /* XATTR ("XA") */ +#define EF_XA_NAME 0x4e58 /* XATTR NAME ("XN") */ +#define EF_XA_VALUE 0x5658 /* XATTR VALUE ("XV") */ #define EB_HEADSIZE 4 /* length of extra field block header */ #define EB_ID 0 /* offset of block ID in header */ @@ -1459,6 +1462,8 @@ #define EB_UT_FL_ATIME (1 << 1) /* atime present */ #define EB_UT_FL_CTIME (1 << 2) /* ctime present */ +#define EB_XA_MINLEN 4 /* minimal XA size */ + #define EB_FLGS_OFFS 4 /* offset of flags area in generic compressed extra field blocks (BEOS, MAC, and others) */ #define EB_OS2_HLEN 4 /* size of OS2/ACL compressed data header */ @@ -1576,6 +1581,14 @@ typedef struct iztimes { time_t ctime; /* used for creation time; NOT same as st_ctime */ } iztimes; +typedef struct izxattr { + char *xa_name; /* xattr names list */ + char *xa_value; /* xattr values list */ + ssize_t xa_name_len; /* size of xa_names list */ + ssize_t xa_value_len; /* size of xa_value list */ + int count; /* number of xattr name and value pairs */ +} izxattr; + #ifdef SET_DIR_ATTRIB typedef struct direntry { /* head of system-specific struct holding */ struct direntry *next; /* defered directory attributes info */ @@ -1812,7 +1825,12 @@ int get_cdir_ent OF((__G int process_local_file_hdr OF((__GPRO)); unsigned ef_scan_for_izux OF((ZCONST uch *ef_buf, unsigned ef_len, int ef_is_c, ulg dos_mdatetime, +#ifdef USE_EF_XATTR + iztimes *z_utim, ush *z_uidgid, + izxattr *z_xattr)); +#else iztimes *z_utim, ush *z_uidgid)); +#endif #if (defined(RISCOS) || defined(ACORN_FTYPE_NFS)) zvoid *getRISCOSexfield OF((ZCONST uch *ef_buf, unsigned ef_len)); #endif @@ -1850,6 +1868,15 @@ void fnprint OF((__G #endif /* !SFX */ /*--------------------------------------------------------------------------- + Functions in xattr.c: + ---------------------------------------------------------------------------*/ + +int get_xattr_count(char *xa_list, int xa_list_size); +char * get_xattr_name(char *xa_list, int xa_list_size, int pair); +char * get_xattr_value(char *xa_list, int xa_list_size, int pair); +int copy_xattr(char *xa_list, char *new_list, int pair); + +/*--------------------------------------------------------------------------- Functions in fileio.c: ---------------------------------------------------------------------------*/ diff -urpN unzip-5.51.orig/xattr.c unzip-5.51/xattr.c --- unzip-5.51.orig/xattr.c 1969-12-31 18:00:00.000000000 -0600 +++ unzip-5.51/xattr.c 2005-10-24 16:12:01.000000000 -0500 @@ -0,0 +1,127 @@ +/* +*/ +/* xattr.c + * + * Author: Debora Velarde <dvelarde(a)us.ibm.com> + * Created: Sept 14, 2005 + */ + + +#define __XATTR_C /* identifies this source module */ +#define UNZIP_INTERNAL +#include "unzip.h" + +int get_xattr_count(char *xa_list, int xa_list_size) +{ +/* xattr names have the form name1.name2 */ +/* A file can have any number of xattr name pairs */ +/* This function returns the number of name pairs found */ +/* If list passed in is NULL or list size is less than 1 + function retunrs 0 */ + + int i=0; + int p=0; + + if ( (xa_list == (char *) NULL) || (xa_list_size < 1)) + return 0; + + + while (i < xa_list_size) { + if ( xa_list[i] != '\0') { + i++; + } else { + i++; //move index to one past \0 + p++; + } + } + + return p; +} + +char * get_xattr_name(char *xa_list, int xa_list_size, int pair) +{ +/* xattr names have the form name1.name2 */ +/* A file can have any number of xattr name pairs */ +/* This function returns a pointer to the specified name pair */ +/* If list is NULL or size or pair are less than 1, then + function returns NULL */ + + int i=0; + int p=1; + char *tmp; + + tmp=NULL; + + if ( (xa_list == (char *) NULL) || (xa_list_size < 1) || (pair < 1) ) + return NULL; + + while ( (i < xa_list_size) && ( p != pair) ) { + if ( xa_list[i] != '\0') { + i++; + } else { + i++; //move index to one past \0 + p++; + } + } + + if ( (p==pair) && (i < xa_list_size) ) + tmp=&xa_list[i]; + + return tmp; +} + +char * get_xattr_value(char *xa_list, int xa_list_size, int pair) +{ +/* A file can have any number of xattr name and value pairs */ +/* This function returns a pointer to the specified value pair */ +/* If list is NULL or size or pair are less than 1, then + function returns NULL */ + + int i=0; + int p=1; + char *tmp; + + tmp=NULL; + + if ( (xa_list == (char *) NULL) || (xa_list_size < 1) || (pair < 1) ) + return NULL; + + while ( (i < xa_list_size) && ( p != pair) ) { + if ( xa_list[i] != '\0') { + i++; + } else { + i++; //move index to one past \0 + p++; + } + } + + if ( (p==pair) && (i < xa_list_size) ) + tmp=&xa_list[i]; + + return tmp; +} + +int copy_xattr(char *xa_list, char *new_list, int pair) +{ +/* A file can have any number of xattr name and value pairs */ +/* This function copies all the names or value from xa_list to new_list */ +/* This function returns the size of new_list */ +/* If either list being copied or new list is NULL, then retunrs -1 */ +/* If pair is less than 1 returns -1 */ + + int i=0; + int p=0; + + if ( (xa_list == (char *) NULL) || (new_list == (char *) NULL) || (pair < 1) ) + return -1; + + while ( p < pair ) { + new_list[i] = xa_list[i]; + if ( xa_list[i] == '\0') { + p++; + } + i++; + } + + return i; +} diff -urpN unzip-5.51.orig/zipinfo.c unzip-5.51/zipinfo.c --- unzip-5.51.orig/zipinfo.c 2005-09-08 14:25:57.000000000 -0500 +++ unzip-5.51/zipinfo.c 2005-10-24 16:09:09.000000000 -0500 @@ -330,6 +330,8 @@ static ZCONST char Far efMD5[] = "Fred K static ZCONST char Far efASiUnix[] = "ASi Unix"; static ZCONST char Far efTandem[] = "Tandem NSK"; static ZCONST char Far efTheos[] = "Theos"; +static ZCONST char Far efXAname[] = "xattr name"; +static ZCONST char Far efXAvalue[] = "xattr value"; static ZCONST char Far efUnknown[] = "unknown"; static ZCONST char Far OS2EAs[] = ".\n\ @@ -935,6 +937,9 @@ static int zi_long(__G__ pEndprev) /* #ifdef USE_EF_UT_TIME iztimes z_utime; #endif +#ifdef USE_EF_XATTR + izxattr z_xattr; +#endif int error, error_in_archive=PK_COOL; unsigned hostnum, hostver, extnum, extver, methnum, xattr; char workspace[12], attribs[22]; @@ -1076,7 +1081,12 @@ static int zi_long(__G__ pEndprev) /* G.tz_is_valid && #endif (ef_scan_for_izux(G.extra_field, G.crec.extra_field_length, 1, - G.crec.last_mod_dos_datetime, &z_utime, NULL) + G.crec.last_mod_dos_datetime, &z_utime, +#ifdef USE_EF_XATTR + NULL, &z_xattr) +#else + NULL) +#endif & EB_UT_FL_MTIME)) { TIMET_TO_NATIVE(z_utime.mtime) /* NOP unless MSC 7.0 or Macintosh */ @@ -1422,6 +1432,12 @@ static int zi_long(__G__ pEndprev) /* #endif ef_fieldname = efTheos; break; + case EF_XA_NAME: + ef_fieldname = efXAname; + break; + case EF_XA_VALUE: + ef_fieldname = efXAvalue; + break; default: ef_fieldname = efUnknown; break; @@ -1755,6 +1771,9 @@ static int zi_short(__G) /* return PK- iztimes z_utime; time_t *z_modtim; #endif +#ifdef USE_EF_XATTR + izxattr z_xattr; +#endif int k, error, error_in_archive=PK_COOL; unsigned hostnum, hostver, methnum, xattr; char *p, workspace[12], attribs[16]; @@ -2053,7 +2072,12 @@ static int zi_short(__G) /* return PK- G.tz_is_valid && #endif (ef_scan_for_izux(G.extra_field, G.crec.extra_field_length, 1, - G.crec.last_mod_dos_datetime, &z_utime, NULL) + G.crec.last_mod_dos_datetime, &z_utime, +#ifdef USE_EF_XATTR + NULL, &z_xattr) +#else + NULL) +#endif & EB_UT_FL_MTIME) ? &z_utime.mtime : NULL; TIMET_TO_NATIVE(z_utime.mtime) /* NOP unless MSC 7.0 or Macintosh */

18 years, 7 months

1
0
0 / 0

dbusd and netlink_selinux_socket ?

by Tom London

Running targeted/enforcing, latest rawhide. dbusd on my system seems to be having problems starting: Oct 24 06:48:20 localhost dbus-daemon: Can't send to audit system: USER_AVC pid=2390 uid=0 loginuid=-1 message=avc: can't open netlink socket: 13 (Permission denied) and in audit.log: type=AVC msg=audit(1130161700.864:93): avc: denied { create } for pid=2390 comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=netlink_selinux_socket type=SYSCALL msg=audit(1130161700.864:93): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfbaa750 a2=2c2248 a3=19a items=0 pid=2390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="dbus-daemon" exe="/usr/bin/dbus-daemon" type=SOCKETCALL msg=audit(1130161700.864:93): nargs=3 a0=10 a1=3 a2=7 dbusd.te seems to want create_socket_perms (or create_netlink_socket_perms) for self:netlink_selinux_socket That right? Something else? tom -- Tom London

18 years, 7 months

2
1
0 / 0

AVC message problem

by Tom Diehl

Hi all, Since upgrading to EL4-U2 I am getting the following avc messages in my logs: Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Can someone tell me how to go about fixing this, short of turning off selinux? (pocono pts13) # rpm -qa | grep selinux libselinux-1.19.1-7 libselinux-1.19.1-7 selinux-policy-targeted-1.17.30-2.110 libselinux-devel-1.19.1-7 (pocono pts13) # rpm -qa dbus dbus-0.22-12.EL.5 (pocono pts13) # uname -r 2.6.9-22.ELsmp (pocono pts13) # I get hundreds of these a day. I have tried relabeling but no change. The system arch is x86_64 Regards, Tom Diehl tdiehl(a)rogueind.com Spamtrap address mtd123(a)rogueind.com

18 years, 7 months

2
3
0 / 0

NTPD vs SELinux question

by Martin Gregorie

I've had to disable SELinux protection on ntpd, which seems a bit drastic, and would like to know if there's a more restrictive approach. I'm using an MSF clock to pick up the Rugby (UK) time signal and a specialised daemon to interrogate the clock. This daemon communicates with ntpd via shared memory and is configured into ntpd as: server 127.127.28.0 #SHM reference clock fudge 127.127.1.0 stratum 2 refid "MSF" Both daemons are running under the same (ntp) user. This worked under Fedora Core 1 without any problems, but under Core 3 during boot the log contained: Oct 17 15:21:14 zoogz radioclkd[4639]: entering daemon mode Oct 17 15:21:14 zoogz radioclkd[4639]: error unable to set real time scheduling Oct 17 15:21:14 zoogz radioclkd[4639]: error unable to lock memory pages Oct 17 16:21:14 zoogz radioclkd: radioclkd startup succeeded Oct 17 16:21:30 zoogz ntpdate[4649]: step time server 192.36.143.150 offset -0.0Oct 17 16:21:30 zoogz ntpd: succeeded Oct 17 16:21:30 zoogz ntpd[4653]: ntpd 4.2.0a(a)1.1190-r Fri Aug 26 04:27:20 EDT 2Oct 17 16:21:30 zoogz ntpd: ntpd startup succeeded Oct 17 16:21:30 zoogz ntpd[4653]: precision = 3.000 usec Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface wildcard, 0.0.0.0#123 Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface wildcard, ::#123 Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface lo, 127.0.0.1#123 Oct 17 16:21:30 zoogz ntpd[4653]: Listening on interface eth0, 192.168.7.2#123 Oct 17 16:21:30 zoogz ntpd[4653]: kernel time sync status 0040 Oct 17 16:21:30 zoogz kernel: audit(1129562490.239:3): avc: denied { ipc_owner } for pid=4653 comm="ntpd" capability=15 scontext=root:system_r:ntpd_t tcontext=root:system_r:ntpd_t tclass=capability Oct 17 16:21:30 zoogz ntpd[4653]: SHM shmget (unit 0): Permission denied Oct 17 16:21:30 zoogz ntpd[4653]: configuration of 127.127.28.0 failed Oct 17 16:21:30 zoogz ntpd[4653]: frequency initialized 126.404 PPM from /var/liOct 17 16:24:49 zoogz ntpd[4653]: synchronized to 192.36.143.150, stratum 1 I can get the MSF to connect to ntpd if I turn off SELinux protection for ntpd, but this seems a bit drastic and in any case radioclkd is still complaining that it can't turn on realtime scheduling or lock the memory pages. Is there a way to: * allow radioclkd to set realtime scheduling * allow radioclkd to lock memory pages * allow ntpd to execute the shmget() call without turning off SELinux protection for ntpd? What about allowing radioclkd to set realtime scheduling and lock the required memory pages?. I apologise if I've sent this to the wrong list, but it seemed like the best one from the content of the Fedora SELinux documentation and would seen to be a general problem for at least some users who run ntpd. Best regards, Martin Gregorie

18 years, 7 months

2
1
0 / 0

Still issues with SElinux, NetworkManager, and ACPI suspend

by Matthew Saltzman

Recent versions of NetworkManager use dbus signals to control actions related to suspend/resume (among others). In enforcing mode, using selinux-policy-targeted-1.27.1-2.7. The suspend script runs without error when executed from the command line, but produces these errors when invoked by pressing the suspend key. On suspend, /var/log/debug reports: Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239 scontext=system_u:system_r:apmd_t tcontext=system_u:system_r:NetworkManager_t tclass=dbus On resume, /var/log/debug reports: Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239 scontext=system_u:system_r:apmd_t tcontext=system_u:system_r:NetworkManager_t tclass=dbus No messages appear in /var/log/audit/audit.log. The relevant section of the suspend script is: /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \ --type=method_call /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager.sleep sync echo -n "mem" > /sys/power/state /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \ --type=method_call /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager.wake Thanks. -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs

18 years, 7 months

1
0
0 / 0

alot of selinux messages after todays rawhide update

by Jason Dravet

After updating my system to todays rawhide I see alot selinux related messages. I am running selinux-policy-targeted-1.27.1-21. I see these messages during boot and shutdown. I did a touch /autorelabel and reboot to see if things got better but they remained the same. The first and third messages (hwclock and fsck) have me concerned the most. Here are the messages: Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use } for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied { read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841544.332:4): avc: denied { use } for pid=1204 comm="fsck" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:51 pcjason kernel: audit(1129841544.660:5): avc: denied { read } for pid=1214 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841544.948:6): avc: denied { read } for pid=1215 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841546.084:7): avc: denied { read } for pid=1257 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841546.456:8): avc: denied { read } for pid=1262 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841546.772:9): avc: denied { use } for pid=1263 comm="swapon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:51 pcjason kernel: audit(1129841551.160:10): avc: denied { read } for pid=1439 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.228:11): avc: denied { read } for pid=1441 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.256:12): avc: denied { read } for pid=1443 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.320:13): avc: denied { read } for pid=1445 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.360:14): avc: denied { read } for pid=1448 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.388:15): avc: denied { use } for pid=1449 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:51 pcjason kernel: audit(1129841551.392:16): avc: denied { read } for pid=1450 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.424:17): avc: denied { use } for pid=1452 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:51 pcjason kernel: audit(1129841551.436:18): avc: denied { read } for pid=1456 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.444:19): avc: denied { read } for pid=1458 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.584:20): avc: denied { read } for pid=1470 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.816:21): avc: denied { read } for pid=1508 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.828:22): avc: denied { read } for pid=1511 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.844:23): avc: denied { read } for pid=1514 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.856:24): avc: denied { read } for pid=1516 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.868:25): avc: denied { read } for pid=1518 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.884:26): avc: denied { read } for pid=1521 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841551.892:27): avc: denied { use } for pid=1522 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:51 pcjason kernel: audit(1129841553.480:28): avc: denied { use } for pid=1523 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:51 pcjason kernel: audit(1129841555.920:29): avc: denied { read } for pid=1524 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841555.932:30): avc: denied { read } for pid=1526 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:51 pcjason kernel: audit(1129841555.936:31): avc: denied { use } for pid=1527 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:52 pcjason kernel: audit(1129841555.960:32): avc: denied { read } for pid=1532 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:52 pcjason kernel: audit(1129841555.968:33): avc: denied { read } for pid=1533 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:52 pcjason kernel: audit(1129841555.976:34): avc: denied { read } for pid=1535 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:52 pcjason kernel: audit(1129841556.048:35): avc: denied { read } for pid=1546 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file Oct 20 15:52:52 pcjason kernel: audit(1129841556.308:36): avc: denied { use } for pid=1563 comm="syslogd" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:52 pcjason kernel: audit(1129841556.444:37): avc: denied { use } for pid=1566 comm="klogd" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:52 pcjason kernel: audit(1129841556.748:38): avc: denied { use } for pid=1583 comm="portmap" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:portmap_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Oct 20 15:52:52 pcjason kernel: audit(1129841557.492:39): avc: denied { use } for pid=1592 comm="auditd" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd Thanks, Jason

18 years, 7 months

2
4
0 / 0

[RFC} sectioned package format

by Chad Sellers

Currently, module package files store policy modules and their corresponding file_contexts in a format that is not extensible. Eventually, we would like to be able to add other components to the package (e.g. default_contexts), or modify the package file format. This was discussed on fedora-selinux-list a few days ago. To accomplish this, we are proposing the following simple module package file format. Policy Package Header The package begins with the package header. This contains the following fields: uint32_t magic_number; uint32_t package_file_version; uint32_t num_sections; uint32_t section_offset; ... uint32_t is a 4-byte datum stored in little-endian format. magic_number identifies the file as a module package, and has a value of 0xf97c668f. package_file_version identifies the version of the package file, and this first version will be 1. num_sections gives the total number of sections in this file, which is also the number of section_offset entries that follow. section_offset identifies the offset in bytes from the beginning of the file to the beginning of the section. These sections are always listed in sequence, so the length of a given section is the difference between its offset and the following offset, except the final section which ends with the end of the file. Sections Sections are generic areas for data from the package perspective. They are identified by a magic number at the beginning of the section, just as current policy modules begin with a magic number. We will add a magic number to the top of the file_contexts section as well to identify it. Different kinds of sections can be added later simply by assigning them a new magic number. Please let us know what you think of this format, and if you see any problems with it. Thanks, Chad Sellers ---------------------- Chad Sellers Tresys Technology, LLC csellers(a)tresys.com (410)290-1411 x117 http://www.tresys.com

18 years, 7 months

1
0
0 / 0

Preserving Context with tar

by W. Scott wilburn

Sorry to be asking such a simple question. Is it possible to preserve file contexts using tar? I would have thought -p would do this, but it appears no, atleast on RHEL4 and FC4. The reason to do this is a use tar to install modified config files on new machines. Having to relabel after doing this is somewhat slow. Perhaps there is a better solution? Thanks, Scott Wilburn

18 years, 7 months

3
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux October 2005