grr, fix patch

dbus-libcap.patch

@@ -1,378 +1,202 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-                      "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-  <head>
-    <title>Access Denied</title>
-    <meta name="verify-v1" content="1hLjVPyIYh2cX7CL+s5A0k6pKt2FRq7/FSQ/cqGi9J8="/>
-    <meta name="y_key" content="1cdf458efae704ba"> 
+--- dbus-1.2.16.orig/bus/selinux.c	2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/bus/selinux.c	2009-11-01 11:30:45.000000000 -0500
+@@ -1015,3 +1015,74 @@ bus_selinux_shutdown (void)
+ #endif /* HAVE_SELINUX */
+ }
+ 
++/**
++ * Changes the user and group the bus is running as.
++ *
++ * @param user the user to become
++ * @param error return location for errors
++ * @returns #FALSE on failure
++ */
++dbus_bool_t
++_dbus_change_to_daemon_user  (const char    *user,
++                              DBusError     *error)
++{
++  dbus_uid_t uid;
++  dbus_gid_t gid;
++  DBusString u;
++
++  _dbus_string_init_const (&u, user);
++
++  if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
++    {
++      dbus_set_error (error, DBUS_ERROR_FAILED,
++                      "User '%s' does not appear to exist?",
++                      user);
++      return FALSE;
++    }
++
++#ifdef HAVE_LIBAUDIT
++  /* If we were root */
++  if (_dbus_geteuid () == 0)
++    {
++      int rc;
++
++      capng_clear(CAPNG_SELECT_BOTH);
++      capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
++                   CAP_AUDIT_WRITE);
++      rc = capng_change_id(uid, gid, 0);
++      if (rc)
++        {
++          switch (rc) {
++            default:
++              dbus_set_error (error, DBUS_ERROR_FAILED,
++                          "Failed to drop capabilities: %s\n",
++                          _dbus_strerror (errno));
++              break;
++            case -4:
++              dbus_set_error (error, _dbus_error_from_errno (errno),
++                      "Failed to set GID to %lu: %s", gid,
++                      _dbus_strerror (errno));
++              break;
++            case -5:
++              _dbus_warn ("Failed to drop supplementary groups: %s\n",
++                _dbus_strerror (errno));
++              break;
++            case -6:
++              dbus_set_error (error, _dbus_error_from_errno (errno),
++                      "Failed to set UID to %lu: %s", uid,
++                      _dbus_strerror (errno));
++              break;
++            case -7:
++              dbus_set_error (error, _dbus_error_from_errno (errno),
++                          "Failed to unset keep-capabilities: %s\n",
++                          _dbus_strerror (errno));
++              break;
++          }
++          return FALSE;
++        }
++    }
++#endif /* HAVE_LIBAUDIT */
++
++ return TRUE;
++}
++
+--- dbus-1.2.16.orig/bus/selinux.h	2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/bus/selinux.h	2009-11-01 11:33:15.000000000 -0500
+@@ -68,5 +68,7 @@ BusSELinuxID* bus_selinux_init_connectio
+ 
+ 
+ void bus_selinux_audit_init(void);
++dbus_bool_t _dbus_change_to_daemon_user (const char *user,
++                                         DBusError  *error);
+ 
+ #endif /* BUS_SELINUX_H */
+--- dbus-1.2.16.orig/configure.in	2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/configure.in	2009-11-01 11:30:45.000000000 -0500
+@@ -852,8 +852,7 @@ fi
+ AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
+ 
+ if test x$have_libaudit = xyes ; then
+-    SELINUX_LIBS="$SELINUX_LIBS -laudit"
+-    LIBS="-lcap-ng $LIBS"
++    SELINUX_LIBS="$SELINUX_LIBS -laudit -lcap-ng"
+     AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
+ fi
+ 
+--- dbus-1.2.16.orig/dbus/dbus-sysdeps.h	2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/dbus/dbus-sysdeps.h	2009-11-01 11:33:08.000000000 -0500
+@@ -418,8 +418,6 @@ dbus_bool_t _dbus_become_daemon   (const
+                                    dbus_bool_t       keep_umask);
+ 
+ dbus_bool_t _dbus_verify_daemon_user    (const char *user);
+-dbus_bool_t _dbus_change_to_daemon_user (const char *user,
+-                                         DBusError  *error);
+ 
+ dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile,
+                                               DBusPipe         *print_pid_pipe,
+--- dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c	2009-11-01 09:58:22.000000000 -0500
++++ dbus-1.2.16.orig/dbus/dbus-sysdeps-util-unix.c	2009-11-01 11:30:45.000000000 -0500
+@@ -45,10 +45,6 @@ 
+ #include <sys/un.h>
+ #include <syslog.h>
+ #include <syslog.h>
+-#ifdef HAVE_LIBAUDIT
+-#include <cap-ng.h>
+-#include <libaudit.h>
+-#endif /* HAVE_LIBAUDIT */
+ 
+ #ifdef HAVE_SYS_SYSLIMITS_H
+ #include <sys/syslimits.h>
+@@ -308,77 +304,6 @@ _dbus_verify_daemon_user (const char *us
+   return _dbus_get_user_id_and_primary_group (&u, NULL, NULL);
+ }
+ 
+-/**
+- * Changes the user and group the bus is running as.
+- *
+- * @param user the user to become
+- * @param error return location for errors
+- * @returns #FALSE on failure
+- */
+-dbus_bool_t
+-_dbus_change_to_daemon_user  (const char    *user,
+-                              DBusError     *error)
+-{
+-  dbus_uid_t uid;
+-  dbus_gid_t gid;
+-  DBusString u;
+-  
+-  _dbus_string_init_const (&u, user);
+-  
+-  if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
+-    {
+-      dbus_set_error (error, DBUS_ERROR_FAILED,
+-                      "User '%s' does not appear to exist?",
+-                      user);
+-      return FALSE;
+-    }
+-  
+-#ifdef HAVE_LIBAUDIT
+-  /* If we were root */
+-  if (_dbus_geteuid () == 0)
+-    {
+-      int rc;
+-
+-      capng_clear(CAPNG_SELECT_BOTH);
+-      capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+-                   CAP_AUDIT_WRITE);
+-      rc = capng_change_id(uid, gid, 0);
+-      if (rc)
+-        {
+-          switch (rc) {
+-            default:
+-              dbus_set_error (error, DBUS_ERROR_FAILED,
+-                          "Failed to drop capabilities: %s\n",
+-                          _dbus_strerror (errno));
+-              break;
+-            case -4:
+-              dbus_set_error (error, _dbus_error_from_errno (errno),
+-                      "Failed to set GID to %lu: %s", gid,
+-                      _dbus_strerror (errno));
+-              break;
+-            case -5:
+-              _dbus_warn ("Failed to drop supplementary groups: %s\n",
+-                _dbus_strerror (errno));
+-              break;
+-            case -6:
+-              dbus_set_error (error, _dbus_error_from_errno (errno),
+-                      "Failed to set UID to %lu: %s", uid,
+-                      _dbus_strerror (errno));
+-              break;
+-            case -7:
+-              dbus_set_error (error, _dbus_error_from_errno (errno),
+-                          "Failed to unset keep-capabilities: %s\n",
+-                          _dbus_strerror (errno));
+-              break;
+-          }
+-          return FALSE;
+-        }
+-    }
+-#endif /* HAVE_LIBAUDIT */
+-
+- return TRUE;
+-}
+-
+ void 
+ _dbus_init_system_log (void)
+ {
 
-
-<link rel="Top" href="https://bugzilla.redhat.com/">
-
-
-    
-
-    
-      <link href="skins/standard/global.css"
-            rel="stylesheet"
-            type="text/css">
-    <!--[if lte IE 7]>
-      
-      <link href="skins/standard/IE-fixes.css"
-            rel="stylesheet"
-            type="text/css">
-    <![endif]-->
-
-    
-        <link href="skins/standard/global.css"
-              rel="alternate stylesheet"
-              title="Classic"
-              type="text/css">
-      <!--[if lte IE 7]>
-      
-        <link href="skins/standard/IE-fixes.css"
-              rel="alternate stylesheet"
-              title="Classic"
-              type="text/css">
-      <![endif]-->
-
-    
-        
-            <link href="skins/contrib/Dusk/global.css"
-                  rel="alternate stylesheet"
-                  title="Dusk"
-                  type="text/css">
-        <!--[if lte IE 7]>
-          
-          <link href="skins/contrib/Dusk/IE-fixes.css"
-                rel="alternate stylesheet"
-                title="Dusk"
-                type="text/css">
-        <![endif]-->
-        
-            <link href="skins/contrib/RedHat/global.css"
-                  rel="stylesheet"
-                  title="RedHat"
-                  type="text/css">
-        <!--[if lte IE 7]>
-          
-          <link href="skins/contrib/RedHat/IE-fixes.css"
-                rel="stylesheet"
-                title="RedHat"
-                type="text/css">
-        <![endif]-->
-
-    
-
-    
-        <link href="skins/custom/global.css" rel="stylesheet" type="text/css">
-    <!--[if lte IE 7]>
-      
-      <link href="skins/custom/IE-fixes.css"
-            rel="stylesheet"
-            type="text/css">
-    <![endif]-->
-
-
-    
-    <script src="js/cookies.js" type="text/javascript" language="JavaScript"></script>
-    
-    <script src="js/yui/yahoo-dom-event.js" type="text/javascript"></script>
-    <script src="js/global.js" type="text/javascript"></script>
-    <script type="text/javascript">
-    <!--
-        YAHOO.namespace('bugzilla');
-        if (YAHOO.env.ua.gecko) {
-            YAHOO.util.Event._simpleRemove(window, "unload", 
-                                           YAHOO.util.Event._unload);
-        }
-        
-        var BUGZILLA = {
-            param: {
-                cookiepath: '\/'
-            }
-        };
-    // -->
-    </script>
-
-
-    <script type="text/javascript">
-      // REDHAT EXTENSION 441550
-      // Set use_ajax for use in the js files
-      var use_ajax = '1';
-      // REDHAT EXTENSION 426374
-      // Server URL is set here since we cannot access Param('sslbase')
-      // in the js/ files.
-      var server_url = 'https://bugzilla.redhat.com/xmlrpc.cgi';
-    </script>
-
-    
-
-    
-    <link rel="search" type="application/opensearchdescription+xml"
-                       title="Red Hat Bugzilla" href="./search_plugin.cgi">
-    <link rel="shortcut icon" href="images/favicon.ico" >
-  </head>
-
-
-
-  
-  <body onload="
-                setcookie('Bugzilla_javascript',1,1,'/','bugzilla.redhat.com',0);"
-        class="bugzilla-redhat-com">
-
-
-
-<div id="header">
-<div id="banner">
-  </div>
-
-<table border="0" cellspacing="0" cellpadding="0" id="titles">
-<tr>
-    <td id="title">
-      <p>Red Hat Bugzilla &ndash; Access Denied</p>
-    </td>
-
-
-</tr>
-</table>
-<ul class="links">
-  <li><a href="./">Home</a></li>
-  <li><span class="separator">| </span><a href="enter_bug.cgi">New</a></li>
-  <li><span class="separator">| </span><a href="query.cgi">Search</a></li>
-  <li><span class="separator">| </span><a href="browse.cgi">Browse</a></li>
-
-  <li class="form">
-    <span class="separator">| </span>
-    <form action="buglist.cgi" method="get"
-        onsubmit="if (this.quicksearch.value == '')
-                  { alert('Please enter one or more search terms first.');
-                    return false; } return true;">
-    <input class="txt" type="text" id="quicksearch_top" name="quicksearch">
-    <input class="btn" type="submit" value="Search" 
-           id="find_top"></form></li>
-
-  <li><span class="separator">| </span><a href="report.cgi">Reports</a></li>
-
-  <li>
-      <span class="separator">| </span>
-        <a href="request.cgi">Requests</a></li>
-
-  
-    
-      <li id="new_account_container_top">
-        <span class="separator">| </span>
-        <a href="createaccount.cgi">New&nbsp;Account</a>
-      </li>
-
-    <li id="mini_login_container_top">
-  <span class="separator">| </span>
-  <a id="login_link_top" href="?GoAheadAndLogIn=1"
-     onclick="return show_mini_login_form('_top')">Log In</a>
-  <form action="https://bugzilla.redhat.com/attachment.cgi?id=383281&amp;action=diff" method="POST" 
-        class="mini_login bz_default_hidden"
-        id="mini_login_top"
-        onsubmit="return check_mini_login_fields( '_top' );"
-  >
-    <input id="Bugzilla_login_top" 
-           class="bz_login"
-           name="Bugzilla_login"
-           onfocus="mini_login_on_focus('_top')"
-    >
-    <input class="bz_password" 
-           id="Bugzilla_password_top" 
-           name="Bugzilla_password"
-           type="password"
-    >
-    <input class="bz_password bz_default_hidden bz_mini_login_help" type="text" 
-           id="Bugzilla_password_dummy_top" value="password"
-           onfocus="mini_login_on_focus('_top')"
-    >
-    <input type="submit" name="GoAheadAndLogIn" value="Log in" 
-            id="log_in_top">
-    <script type="text/javascript">
-      mini_login_constants = {
-          "login" : "login",
-          "warning" : "You must set the login and password before logging in."
-      };
-      
-      if (YAHOO.env.ua.gecko || YAHOO.env.ua.ie || YAHOO.env.ua.opera) {
-          YAHOO.util.Event.onDOMReady(function() {
-              init_mini_login_form('_top');
-          });
-      }
-      else {
-          YAHOO.util.Event.on(window, 'load', function () {
-              window.setTimeout(function() {
-                  init_mini_login_form('_top');
-              }, 200);
-          });
-    }
-    </script>
-    <a href="#" onclick="return hide_mini_login_form('_top')">[x]</a>
-  </form>
-</li>
-<li id="forgot_container_top">
-  <span class="separator">| </span>
-  <a id="forgot_link_top" href="?GoAheadAndLogIn=1#forgot"
-     onclick="return show_forgot_form('_top')">Forgot Password</a>
-  <form action="token.cgi" method="post" id="forgot_form_top"
-        class="mini_forgot bz_default_hidden">
-    <label>Login: <input type="text" name="loginname" size="20"></label>
-    <input id="forgot_button_top" value="Reset Password" 
-           type="submit">
-    <input type="hidden" name="a" value="reqpw">
-    <a href="#" onclick="return hide_forgot_form('_top')">[x]</a>
-  </form>
-</li>
-</ul>
-
-</div>
-
-<div id="bugzilla-body">
-<div id="docslinks">
-    <h2>Related documentation</h2>
-    <ul><li>
-      <a href="/docs/en/html/myaccount.html">Creating an account</a>
-    </li>
-    </ul>
-  </div>
-
-<table cellpadding="20">
-  <tr>
-    <td id="error_msg" class="throw_error">
-    You are not authorized to access bug #554785.
-    To see this bug, you must
-    first <a href="show_bug.cgi?id=554785&amp;GoAheadAndLogIn=1">log
-    in to an account</a> with the appropriate permissions.
-
-    </td>
-  </tr>
-</table>
-
-
-
-
-<p>
-  Please press <b>Back</b> and try again.
-</p>
-
-
-            
-</div>
-
-
-
-<div id="footer">
-  <div class="intro"></div>
-
-
-
-
-<ul id="useful-links">
-  <li id="links-actions"><ul class="links">
-  <li><a href="./">Home</a></li>
-  <li><span class="separator">| </span><a href="enter_bug.cgi">New</a></li>
-  <li><span class="separator">| </span><a href="query.cgi">Search</a></li>
-  <li><span class="separator">| </span><a href="browse.cgi">Browse</a></li>
-
-  <li class="form">
-    <span class="separator">| </span>
-    <form action="buglist.cgi" method="get"
-        onsubmit="if (this.quicksearch.value == '')
-                  { alert('Please enter one or more search terms first.');
-                    return false; } return true;">
-    <input class="txt" type="text" id="quicksearch_bottom" name="quicksearch">
-    <input class="btn" type="submit" value="Search" 
-           id="find_bottom"></form></li>
-
-  <li><span class="separator">| </span><a href="report.cgi">Reports</a></li>
-
-  <li>
-      <span class="separator">| </span>
-        <a href="request.cgi">Requests</a></li>
-
-  
-    
-      <li id="new_account_container_bottom">
-        <span class="separator">| </span>
-        <a href="createaccount.cgi">New&nbsp;Account</a>
-      </li>
-
-    <li id="mini_login_container_bottom">
-  <span class="separator">| </span>
-  <a id="login_link_bottom" href="?GoAheadAndLogIn=1"
-     onclick="return show_mini_login_form('_bottom')">Log In</a>
-  <form action="https://bugzilla.redhat.com/attachment.cgi?id=383281&amp;action=diff" method="POST" 
-        class="mini_login bz_default_hidden"
-        id="mini_login_bottom"
-        onsubmit="return check_mini_login_fields( '_bottom' );"
-  >
-    <input id="Bugzilla_login_bottom" 
-           class="bz_login"
-           name="Bugzilla_login"
-           onfocus="mini_login_on_focus('_bottom')"
-    >
-    <input class="bz_password" 
-           id="Bugzilla_password_bottom" 
-           name="Bugzilla_password"
-           type="password"
-    >
-    <input class="bz_password bz_default_hidden bz_mini_login_help" type="text" 
-           id="Bugzilla_password_dummy_bottom" value="password"
-           onfocus="mini_login_on_focus('_bottom')"
-    >
-    <input type="submit" name="GoAheadAndLogIn" value="Log in" 
-            id="log_in_bottom">
-    <script type="text/javascript">
-      mini_login_constants = {
-          "login" : "login",
-          "warning" : "You must set the login and password before logging in."
-      };
-      
-      if (YAHOO.env.ua.gecko || YAHOO.env.ua.ie || YAHOO.env.ua.opera) {
-          YAHOO.util.Event.onDOMReady(function() {
-              init_mini_login_form('_bottom');
-          });
-      }
-      else {
-          YAHOO.util.Event.on(window, 'load', function () {
-              window.setTimeout(function() {
-                  init_mini_login_form('_bottom');
-              }, 200);
-          });
-    }
-    </script>
-    <a href="#" onclick="return hide_mini_login_form('_bottom')">[x]</a>
-  </form>
-</li>
-<li id="forgot_container_bottom">
-  <span class="separator">| </span>
-  <a id="forgot_link_bottom" href="?GoAheadAndLogIn=1#forgot"
-     onclick="return show_forgot_form('_bottom')">Forgot Password</a>
-  <form action="token.cgi" method="post" id="forgot_form_bottom"
-        class="mini_forgot bz_default_hidden">
-    <label>Login: <input type="text" name="loginname" size="20"></label>
-    <input id="forgot_button_bottom" value="Reset Password" 
-           type="submit">
-    <input type="hidden" name="a" value="reqpw">
-    <a href="#" onclick="return hide_forgot_form('_bottom')">[x]</a>
-  </form>
-</li>
-</ul>
-  </li>
-
-  
-    
-
-  
-
-
-  
-</ul>
-
-  <div class="outro"></div>
-</div>
-
-</body>
-</html>