From 4f49fff18387ef892066bfd01e05e03c2c75e61f Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 4 Jan 2005 21:47:55 +0000 Subject: [PATCH] - Change --context to use fnmatch instead of strcmp --- findutils-selinux.patch | 382 ++++++++++++++++++++-------------------- findutils.spec | 5 +- 2 files changed, 195 insertions(+), 192 deletions(-) diff --git a/findutils-selinux.patch b/findutils-selinux.patch index dff34fa..d15f759 100644 --- a/findutils-selinux.patch +++ b/findutils-selinux.patch @@ -1,74 +1,17 @@ ---- findutils-4.1.20/find/Makefile.am.selinux 2003-05-26 19:02:34.000000000 +0100 -+++ findutils-4.1.20/find/Makefile.am 2004-06-25 15:41:32.551569936 +0100 -@@ -3,8 +3,9 @@ - bin_PROGRAMS = find - find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c - EXTRA_DIST = defs.h $(man_MANS) -+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX - INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\" --LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux - man_MANS = find.1 - SUBDIRS = testsuite - ---- findutils-4.1.20/find/defs.h.selinux 2004-06-25 15:39:56.115013659 +0100 -+++ findutils-4.1.20/find/defs.h 2004-06-25 15:39:56.209995493 +0100 -@@ -127,6 +127,10 @@ - #define MODE_RWX (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW) - #define MODE_ALL (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX) - +--- findutils-4.1.20/find/util.c.selinux 2005-01-04 16:42:22.801468914 -0500 ++++ findutils-4.1.20/find/util.c 2005-01-04 16:42:23.006445691 -0500 +@@ -67,6 +67,9 @@ + last_pred->no_default_print = false; + last_pred->need_stat = PRED_NEED_STAT; + last_pred->args.str = NULL; +#ifdef WITH_SELINUX -+#include -+#endif /*WITH_SELINUX*/ -+ - /* Not char because of type promotion; NeXT gcc can't handle it. */ - typedef int boolean; - #define true 1 -@@ -278,6 +282,9 @@ - struct perm_val perm; /* perm */ - mode_t type; /* type */ - FILE *stream; /* fprint fprint0 */ -+#ifdef WITH_SELINUX -+ security_context_t scontext; /* scontext */ -+#endif /*WITH_SELINUX*/ - struct format_val printf_vec; /* printf fprintf */ - } args; - -@@ -323,6 +330,11 @@ - VOID *xmalloc PARAMS((size_t n)); - VOID *xrealloc PARAMS((VOID *p, size_t n)); - -+#ifdef WITH_SELINUX -+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); -+extern int (*x_getfilecon) (); -+#endif /*WITH_SELINUX*/ -+ - /* xstrdup.c */ - char *xstrdup PARAMS((char *string)); - ---- findutils-4.1.20/find/find.1.selinux 2004-06-25 15:39:56.087019013 +0100 -+++ findutils-4.1.20/find/find.1 2004-06-25 15:39:56.211995111 +0100 -@@ -230,6 +230,9 @@ - file of type \fIc\fR; if \-follow has been given, true if \fIc\fR is - `l'. In other words, for symbolic links, \-xtype checks the type of - the file that \-type does not check. -+.IP "\-context \fIscontext\fR" -+.IP "\--context \fIscontext\fR" -+(SELinux only) File has the security context \fIscontext\fR. - .SS ACTIONS - .IP "\-exec \fIcommand\fR ;" - Execute \fIcommand\fR; true if 0 status is returned. All following -@@ -419,6 +422,8 @@ - File's user name, or numeric user ID if the user has no name. - .IP %U - File's numeric user ID. -+.IP %Z -+(SELinux only) file's security context. - .PP - A `%' character followed by any other character is discarded (but the - other character is printed). ---- findutils-4.1.20/find/find.c.selinux 2004-06-25 15:39:56.123012130 +0100 -+++ findutils-4.1.20/find/find.c 2004-06-25 15:39:56.213994729 +0100 ++ last_pred->args.scontext = NULL; ++#endif + last_pred->pred_next = NULL; + last_pred->pred_left = NULL; + last_pred->pred_right = NULL; +--- findutils-4.1.20/find/find.c.selinux 2005-01-04 16:42:22.800469028 -0500 ++++ findutils-4.1.20/find/find.c 2005-01-04 16:42:22.997446710 -0500 @@ -154,6 +154,9 @@ /* Pointer to the function used to stat files. */ @@ -105,113 +48,29 @@ parse_function = find_parser (predicate_name); if (parse_function == NULL) /* Command line option not recognized */ ---- findutils-4.1.20/find/parser.c.selinux 2004-06-25 15:39:56.130010791 +0100 -+++ findutils-4.1.20/find/parser.c 2004-06-25 15:39:56.218993772 +0100 -@@ -25,6 +25,10 @@ - #include "modetype.h" - #include "xstrtol.h" - -+#ifdef WITH_SELINUX -+#include -+#endif /*WITH_SELINUX*/ -+ - #if ENABLE_NLS - # include - # define _(Text) gettext (Text) -@@ -115,6 +119,9 @@ - static boolean parse_version PARAMS((char *argv[], int *arg_ptr)); - static boolean parse_xdev PARAMS((char *argv[], int *arg_ptr)); - static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr)); -+#ifdef WITH_SELINUX -+static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr)); -+#endif /*WITH_SELINUX*/ - - static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case)); - static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )())); -@@ -217,7 +224,11 @@ - {"-version", parse_version}, /* GNU */ - {"xdev", parse_xdev}, - {"xtype", parse_xtype}, /* GNU */ -- {0, 0} -+#ifdef WITH_SELINUX -+ {"context", parse_scontext}, /* SELINUX */ -+ {"-context", parse_scontext}, /* SELINUX */ -+#endif /*WITH_SELINUX*/ -+ {0, 0} - }; - - /* Return a pointer to the parser function to invoke for predicate -@@ -467,7 +478,10 @@ - { - dereference = true; - xstat = stat; -- no_leaf_check = true; -+#ifdef WITH_SELINUX -+ x_getfilecon = getfilecon; -+#endif /* WITH_SELINUX */ -+ no_leaf_check = true; - return (true); - } - -@@ -572,6 +586,10 @@ - -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\ - -size N[bckw] -true -type [bcdpfls] -uid N -used N -user NAME\n\ - -xtype [bcdpfls]\n")); -+#ifdef WITH_SELINUX -+ puts (_("\ -+ -context CONTEXT\n")); -+#endif /*WITH_SELINUX*/ - puts (_("\ - actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\ - -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls\n")); -@@ -1204,6 +1222,32 @@ - return true; - } - -+#ifdef WITH_SELINUX -+ -+static boolean -+parse_scontext ( argv, arg_ptr ) -+ char *argv[]; -+ int *arg_ptr; -+{ -+ struct predicate *our_pred; -+ -+ if ( (argv == NULL) || (argv[*arg_ptr] == NULL) ) -+ return( false ); -+ -+ our_pred = insert_primary(pred_scontext); -+ our_pred->need_stat = 0; -+#ifdef DEBUG -+ our_pred->p_name = find_pred_name (pred_scontext); -+#endif /*DEBUG*/ -+ -+ our_pred->args.scontext = argv[*arg_ptr];; -+ -+ (*arg_ptr)++; -+ return( true ); -+} -+ -+#endif /*WITH_SELINUX*/ -+ - static boolean - parse_xtype (char **argv, int *arg_ptr) - { -@@ -1363,7 +1407,11 @@ - if (*scan2 == '.') - for (scan2++; ISDIGIT (*scan2); scan2++) - /* Do nothing. */ ; -- if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2)) -+#ifdef WITH_SELINUX -+ if (strchr ("abcdfFgGhHiklmnpPstuUZ", *scan2)) -+#else /* WITH_SELINUX */ -+ if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2)) -+#endif /* WITH_SELINUX */ - { - segmentp = make_segment (segmentp, format, scan2 - format, - (int) *scan2); ---- findutils-4.1.20/find/pred.c.selinux 2004-06-25 15:39:56.120012703 +0100 -+++ findutils-4.1.20/find/pred.c 2004-06-25 15:39:56.222993008 +0100 +--- findutils-4.1.20/find/find.1.selinux 2005-01-04 16:42:22.905457133 -0500 ++++ findutils-4.1.20/find/find.1 2005-01-04 16:42:22.995446937 -0500 +@@ -243,6 +243,9 @@ + file of type \fIc\fR; if \-follow has been given, true if \fIc\fR is + `l'. In other words, for symbolic links, \-xtype checks the type of + the file that \-type does not check. ++.IP "\-context \fIscontext\fR" ++.IP "\--context \fIscontext\fR" ++(SELinux only) File has the security context \fIscontext\fR. + .SS ACTIONS + .IP "\-exec \fIcommand\fR ;" + Execute \fIcommand\fR; true if 0 status is returned. All following +@@ -432,6 +435,8 @@ + File's user name, or numeric user ID if the user has no name. + .IP %U + File's numeric user ID. ++.IP %Z ++(SELinux only) file's security context. + .PP + A `%' character followed by any other character is discarded (but the + other character is printed). +--- findutils-4.1.20/find/pred.c.selinux 2005-01-04 16:42:22.799469141 -0500 ++++ findutils-4.1.20/find/pred.c 2005-01-04 16:44:56.582045621 -0500 @@ -29,6 +29,14 @@ #include "modetype.h" #include "wait.h" @@ -297,7 +156,7 @@ + return ( false ); + } + -+ rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 ); ++ rv = (fnmatch(pred_ptr->args.scontext, scontext,0)==0); + freecon(scontext); + return rv; +} @@ -307,8 +166,8 @@ /* 1) fork to get a child; parent remembers the child pid 2) child execs the command requested ---- findutils-4.1.20/find/Makefile.in.selinux 2003-05-26 19:18:11.000000000 +0100 -+++ findutils-4.1.20/find/Makefile.in 2004-06-25 15:42:30.881421141 +0100 +--- findutils-4.1.20/find/Makefile.in.selinux 2003-05-26 14:18:11.000000000 -0400 ++++ findutils-4.1.20/find/Makefile.in 2005-01-04 16:42:23.004445917 -0500 @@ -54,7 +54,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -327,15 +186,156 @@ man_MANS = find.1 SUBDIRS = testsuite subdir = find ---- findutils-4.1.20/find/util.c.selinux 2004-06-25 15:39:56.124011938 +0100 -+++ findutils-4.1.20/find/util.c 2004-06-25 15:39:56.228991860 +0100 -@@ -67,6 +67,9 @@ - last_pred->no_default_print = false; - last_pred->need_stat = PRED_NEED_STAT; - last_pred->args.str = NULL; +--- findutils-4.1.20/find/defs.h.selinux 2005-01-04 16:42:22.795469594 -0500 ++++ findutils-4.1.20/find/defs.h 2005-01-04 16:42:22.994447050 -0500 +@@ -127,6 +127,10 @@ + #define MODE_RWX (S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW) + #define MODE_ALL (S_ISUID | S_ISGID | S_ISVTX | MODE_RWX) + +#ifdef WITH_SELINUX -+ last_pred->args.scontext = NULL; -+#endif - last_pred->pred_next = NULL; - last_pred->pred_left = NULL; - last_pred->pred_right = NULL; ++#include ++#endif /*WITH_SELINUX*/ ++ + /* Not char because of type promotion; NeXT gcc can't handle it. */ + typedef int boolean; + #define true 1 +@@ -278,6 +282,9 @@ + struct perm_val perm; /* perm */ + mode_t type; /* type */ + FILE *stream; /* fprint fprint0 */ ++#ifdef WITH_SELINUX ++ security_context_t scontext; /* scontext */ ++#endif /*WITH_SELINUX*/ + struct format_val printf_vec; /* printf fprintf */ + } args; + +@@ -323,6 +330,11 @@ + VOID *xmalloc PARAMS((size_t n)); + VOID *xrealloc PARAMS((VOID *p, size_t n)); + ++#ifdef WITH_SELINUX ++boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)); ++extern int (*x_getfilecon) (); ++#endif /*WITH_SELINUX*/ ++ + /* xstrdup.c */ + char *xstrdup PARAMS((char *string)); + +--- findutils-4.1.20/find/Makefile.am.selinux 2003-05-26 14:02:34.000000000 -0400 ++++ findutils-4.1.20/find/Makefile.am 2005-01-04 16:42:22.992447277 -0500 +@@ -3,8 +3,9 @@ + bin_PROGRAMS = find + find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c + EXTRA_DIST = defs.h $(man_MANS) ++DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX + INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\" +-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ ++LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux + man_MANS = find.1 + SUBDIRS = testsuite + +--- findutils-4.1.20/find/parser.c.selinux 2005-01-04 16:42:22.971449656 -0500 ++++ findutils-4.1.20/find/parser.c 2005-01-04 16:42:23.000446370 -0500 +@@ -25,6 +25,10 @@ + #include "modetype.h" + #include "xstrtol.h" + ++#ifdef WITH_SELINUX ++#include ++#endif /*WITH_SELINUX*/ ++ + #if ENABLE_NLS + # include + # define _(Text) gettext (Text) +@@ -115,6 +119,9 @@ + static boolean parse_version PARAMS((char *argv[], int *arg_ptr)); + static boolean parse_xdev PARAMS((char *argv[], int *arg_ptr)); + static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr)); ++#ifdef WITH_SELINUX ++static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr)); ++#endif /*WITH_SELINUX*/ + + static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case)); + static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )())); +@@ -217,7 +224,11 @@ + {"-version", parse_version}, /* GNU */ + {"xdev", parse_xdev}, + {"xtype", parse_xtype}, /* GNU */ +- {0, 0} ++#ifdef WITH_SELINUX ++ {"context", parse_scontext}, /* SELINUX */ ++ {"-context", parse_scontext}, /* SELINUX */ ++#endif /*WITH_SELINUX*/ ++ {0, 0} + }; + + /* Return a pointer to the parser function to invoke for predicate +@@ -467,7 +478,10 @@ + { + dereference = true; + xstat = stat; +- no_leaf_check = true; ++#ifdef WITH_SELINUX ++ x_getfilecon = getfilecon; ++#endif /* WITH_SELINUX */ ++ no_leaf_check = true; + return (true); + } + +@@ -572,6 +586,10 @@ + -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\ + -size N[bckw] -true -type [bcdpfls] -uid N -used N -user NAME\n\ + -xtype [bcdpfls]\n")); ++#ifdef WITH_SELINUX ++ puts (_("\ ++ -context CONTEXT\n")); ++#endif /*WITH_SELINUX*/ + puts (_("\ + actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\ + -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls\n")); +@@ -1198,6 +1216,32 @@ + return true; + } + ++#ifdef WITH_SELINUX ++ ++static boolean ++parse_scontext ( argv, arg_ptr ) ++ char *argv[]; ++ int *arg_ptr; ++{ ++ struct predicate *our_pred; ++ ++ if ( (argv == NULL) || (argv[*arg_ptr] == NULL) ) ++ return( false ); ++ ++ our_pred = insert_primary(pred_scontext); ++ our_pred->need_stat = 0; ++#ifdef DEBUG ++ our_pred->p_name = find_pred_name (pred_scontext); ++#endif /*DEBUG*/ ++ ++ our_pred->args.scontext = argv[*arg_ptr];; ++ ++ (*arg_ptr)++; ++ return( true ); ++} ++ ++#endif /*WITH_SELINUX*/ ++ + static boolean + parse_xtype (char **argv, int *arg_ptr) + { +@@ -1357,7 +1401,11 @@ + if (*scan2 == '.') + for (scan2++; ISDIGIT (*scan2); scan2++) + /* Do nothing. */ ; +- if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2)) ++#ifdef WITH_SELINUX ++ if (strchr ("abcdfFgGhHiklmnpPstuUZ", *scan2)) ++#else /* WITH_SELINUX */ ++ if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2)) ++#endif /* WITH_SELINUX */ + { + segmentp = make_segment (segmentp, format, scan2 - format, + (int) *scan2); diff --git a/findutils.spec b/findutils.spec index 385d713..b422eec 100644 --- a/findutils.spec +++ b/findutils.spec @@ -4,7 +4,7 @@ Summary: The GNU versions of find utilities (find and xargs). Name: findutils Version: 4.1.20 -Release: 7 +Release: 8 Epoch: 1 License: GPL Group: Applications/File @@ -125,6 +125,9 @@ rm -rf %{buildroot} %{_infodir}/find.info* %changelog +* Tue Jan 4 2005 Dan Walsh 1:4.1.20-8 +- Change --context to use fnmatch instead of strcmp + * Tue Dec 7 2004 Tim Waugh - Removed "G" and "M" size qualifiers from man page, since support for those is not in the stable branch (bug #141987).