Update to 3.1.1

This commit is contained in:
Tomas Bzatek 2011-05-09 18:36:35 +02:00
parent 9bacde92fd
commit cba54626cb
5 changed files with 6 additions and 299 deletions

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ gnome-keyring-2.31.4.tar.bz2
/gnome-keyring-2.91.93.tar.bz2 /gnome-keyring-2.91.93.tar.bz2
/gnome-keyring-3.0.0.tar.bz2 /gnome-keyring-3.0.0.tar.bz2
/gnome-keyring-3.0.1.tar.bz2 /gnome-keyring-3.0.1.tar.bz2
/gnome-keyring-3.1.1.tar.bz2

View File

@ -1,186 +0,0 @@
diff -urp gnome-keyring-2.91.4.orig/configure.in gnome-keyring-2.91.4/configure.in
--- gnome-keyring-2.91.4.orig/configure.in 2011-01-13 08:24:04.000000000 -0500
+++ gnome-keyring-2.91.4/configure.in 2011-01-13 09:29:54.000000000 -0500
@@ -447,19 +447,19 @@ if test "$ASN1PARSER" = "no" ; then
fi
# -------------------------------------------------------------------
-# libcap2
+# libcap-ng
#
-AC_CHECK_LIB([cap], [cap_get_proc], have_libcap="yes", have_libcap="no")
+AC_CHECK_LIB([cap-ng], [capng_clear], have_libcapng="yes", have_libcapng="no")
-if test $have_libcap = yes; then
- AC_DEFINE(HAVE_LIBCAP, 1, [Have libcap2 package, libcap library])
- DAEMON_LIBS="$DAEMON_LIBS -lcap"
+if test $have_libcapng = yes; then
+ AC_DEFINE(HAVE_LIBCAPNG, 1, [Have libcap-ng package, libcap-ng library])
+ DAEMON_LIBS="$DAEMON_LIBS -lcap-ng"
else
- AC_MSG_WARN([libcap2 (or development headers) is not installed])
+ AC_MSG_WARN([libcap-ng (or development headers) is not installed])
fi
-libcap_status=$have_libcap
+libcapng_status=$have_libcapng
# --------------------------------------------------------------------
# Debug mode
@@ -748,7 +748,7 @@ ui/tests/Makefile
echo
echo "OPTIONAL DEPENDENCIES"
echo " PAM: $pam_status"
-echo " Linux capabilities: $libcap_status"
+echo " Linux capabilities: $libcapng_status"
echo
echo "CONFIGURATION"
echo " SSH Agent: $ssh_status"
diff -urp gnome-keyring-2.91.4.orig/daemon/gkd-capability.c gnome-keyring-2.91.4/daemon/gkd-capability.c
--- gnome-keyring-2.91.4.orig/daemon/gkd-capability.c 2011-01-13 08:24:04.000000000 -0500
+++ gnome-keyring-2.91.4/daemon/gkd-capability.c 2011-01-13 09:30:12.000000000 -0500
@@ -1,7 +1,7 @@
/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
/* gkd-capability.c - the security-critical initial phase of the daemon
*
- * Copyright (C) 2010 Yaron Sheffer
+ * Copyright (C) 2011 Steve Grubb
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
@@ -18,102 +18,62 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
- * Author: Yaron Sheffer <yaronf@gmx.com>
- * Author: Stef Walter <stef@thewalter.net>
+ * Author: Steve Grubb <sgrubb@redhat.com>
*/
#include "config.h"
#include "gkd-capability.h"
-#ifdef HAVE_LIBCAP
-#include <sys/capability.h>
+#ifdef HAVE_LIBCAPNG
+#include <cap-ng.h>
#endif
#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
#include <stdlib.h>
-/* Security note: this portion of the code is extremely sensitive.
- * DO NOT add any other include files.
- */
-
/*
* No logging, no gettext
*/
static void
early_error (const char *err_string)
{
- fprintf (stderr, "gnome-keyring-daemon: %s\n", err_string);
-}
-
-static void
-drop_privileges (void)
-{
- uid_t orig_uid;
- gid_t orig_gid;
-
- orig_uid = getuid ();
- orig_gid = getgid ();
-
- /* This is permanent, you cannot go back to root */
- setgid (orig_gid);
- setuid (orig_uid);
-
- /*
- * Check that the switch was ok
- * We do not allow programs to run without the drop being
- * successful as this would possibly run the program
- * using root-privs, when that is not what we want
- */
- if ((getegid () != orig_gid) || (geteuid () != orig_uid)) {
- early_error ("failed to drop privileges, aborting");
- exit (1);
- }
+ fprintf (stderr, "gnome-keyring-daemon: %s, aborting\n", err_string);
+ exit (1);
}
/*
- * Try to obtain the CAP_IPC_LOCK Linux capability.
- * Then, whether or not this is successful, drop root
- * privileges to run as the invoking user. The application is aborted
- * if for any reason we are unable to drop privileges. Note: even gettext
- * is unavailable!
+ * This program needs the CAP_IPC_LOCK posix capability.
+ * We want to allow either setuid root or file system based capabilies
+ * to work. If file system based capabilities, this is a no-op unless
+ * the root user is running the program. In that case we just drop
+ * capabilities down to IPC_LOCK. If we are setuid root, then change to the
+ * invoking user retaining just the IPC_LOCK capability. The application
+ * is aborted if for any reason we are unable to drop privileges.
+ * Note: even gettext is unavailable!
*/
void
gkd_capability_obtain_capability_and_drop_privileges (void)
{
-#ifdef HAVE_LIBCAP
- cap_t caps;
- cap_value_t cap_list[1];
-
- caps = cap_get_proc ();
- if (caps == NULL) {
- early_error ("capability state cannot be allocated");
- goto drop;
- }
-
- cap_list[0] = CAP_IPC_LOCK;
- if (cap_set_flag (caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET) == -1) {
- early_error ("error when manipulating capability sets");
- goto drop;
- }
-
- if (cap_set_proc (caps) == -1) {
- /* Only warn when it's root that's running */
- if (getuid () == 0)
- early_error ("cannot apply capabilities to process");
- goto drop;
- }
-
- if (cap_free (caps) == -1) {
- early_error ("failed to free capability structure");
- goto drop;
+#ifdef HAVE_LIBCAPNG
+ capng_get_caps_process ();
+ switch (capng_have_capabilities (CAPNG_SELECT_CAPS))
+ {
+ case CAPNG_FULL:
+ /* We are either setuid root or the root user */
+ capng_clear (CAPNG_SELECT_CAPS);
+ capng_update (CAPNG_ADD,
+ CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+ CAP_IPC_LOCK);
+ if (capng_change_id (getuid (), getgid (), 0))
+ early_error ("failed dropping capabilities");
+ break;
+ case CAPNG_FAIL:
+ case CAPNG_NONE:
+ early_error ("error getting process capabilities");
+ break;
+ case CAPNG_PARTIAL: /* File system based capabilities */
+ break;
}
-drop:
-
#endif
- /* Now finally drop the suid by becoming the invoking user */
- if (geteuid () != getuid() || getegid () != getgid ())
- drop_privileges ();
}

View File

@ -1,101 +0,0 @@
diff --git a/configure.in b/configure.in
index a5a434d..1d3801e 100644
--- a/configure.in
+++ b/configure.in
@@ -572,6 +572,24 @@ AC_SUBST(GCOV)
AC_SUBST(GENHTML)
# ----------------------------------------------------------------------
+# selinux
+
+LIBSELINUX=""
+selinux_status="no"
+AC_ARG_ENABLE([selinux],
+ AC_HELP_STRING([--disable-selinux],[do not use SELinux]))
+if test "x$enable_selinux" != "xno"; then
+ AC_CHECK_LIB([selinux],[getfilecon],
+ [AC_CHECK_LIB([selinux],[setexeccon],
+ [AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
+ LIBSELINUX="-lselinux"
+ selinux_status="yes"])
+ ])
+fi
+AC_SUBST(LIBSELINUX)
+AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"])
+
+# ----------------------------------------------------------------------
# Valgrind
AC_ARG_ENABLE(valgrind,
@@ -742,6 +760,7 @@ echo
echo "OPTIONAL DEPENDENCIES"
echo " PAM: $pam_status"
echo " Linux capabilities: $libcapng_status"
+echo " SELinux: $selinux_status"
echo
echo "CONFIGURATION"
echo " SSH Agent: $ssh_status"
diff --git a/pam/Makefile.am b/pam/Makefile.am
index 81bda13..2e6362d 100644
--- a/pam/Makefile.am
+++ b/pam/Makefile.am
@@ -16,6 +16,7 @@ pam_gnome_keyring_la_LIBADD = \
$(top_builddir)/egg/libegg-buffer.la \
$(top_builddir)/egg/libegg-creds.la \
$(top_builddir)/egg/libegg-secure.la \
+ $(LIBSELINUX) \
-lpam
pam_gnome_keyring_la_LDFLAGS = \
diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c
index e63c917..8ad814c 100644
--- a/pam/gkr-pam-module.c
+++ b/pam/gkr-pam-module.c
@@ -317,6 +317,36 @@ cleanup_free_password (pam_handle_t *ph, void *data, int pam_end_status)
free_password (data);
}
+#ifdef WITH_SELINUX
+#include <selinux/flask.h>
+#include <selinux/selinux.h>
+/* Attempt to set SELinux Context. We are ignoring failure and just going
+ with default behaviour default behaviour
+*/
+static void setup_selinux_context(const char *command) {
+ security_context_t fcon = NULL, newcon = NULL, execcon = NULL;
+
+ if (is_selinux_enabled() != 1) return;
+
+ int ret = getexeccon(&execcon);
+ if ((ret < 0) || (! execcon)) goto err;
+
+ ret = getfilecon(command, &fcon);
+ if (ret < 0) goto err;
+
+ ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon);
+ if (ret < 0) goto err;
+
+ setexeccon(newcon);
+
+err:
+ freecon(newcon);
+ freecon(fcon);
+ freecon(execcon);
+ return;
+}
+#endif
+
static void
setup_child (int inp[2], int outp[2], int errp[2], pam_handle_t *ph, struct passwd *pwd)
{
@@ -329,6 +359,10 @@ setup_child (int inp[2], int outp[2], int errp[2], pam_handle_t *ph, struct pass
char *args[] = { GNOME_KEYRING_DAEMON, "--daemonize", "--login", NULL};
#endif
+#ifdef WITH_SELINUX
+ setup_selinux_context(GNOME_KEYRING_DAEMON);
+#endif
+
assert (pwd);
assert (pwd->pw_dir);

View File

@ -7,7 +7,7 @@
Summary: Framework for managing passwords and other secrets Summary: Framework for managing passwords and other secrets
Name: gnome-keyring Name: gnome-keyring
Version: 3.0.1 Version: 3.1.1
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
Group: System Environment/Libraries Group: System Environment/Libraries
@ -15,14 +15,6 @@ Group: System Environment/Libraries
Source: http://download.gnome.org/sources/gnome-keyring/3.0/gnome-keyring-%{version}.tar.bz2 Source: http://download.gnome.org/sources/gnome-keyring/3.0/gnome-keyring-%{version}.tar.bz2
URL: http://www.gnome.org URL: http://www.gnome.org
# why is gnome-keyring-daemon setuid root?
# https://bugzilla.redhat.com/show_bug.cgi?id=668831
Patch4: file-caps.patch
# gnome keyring pam module is starting gnome-keyring with the wrong SELinux context.
# https://bugzilla.redhat.com/show_bug.cgi?id=684225
Patch5: gnome-keyring-2.91.93-pam-selinux.patch
BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: gtk3-devel >= %{gtk3_version} BuildRequires: gtk3-devel >= %{gtk3_version}
BuildRequires: dbus-devel >= %{dbus_version} BuildRequires: dbus-devel >= %{dbus_version}
@ -73,8 +65,6 @@ automatically unlock the "login" keyring when the user logs in.
%prep %prep
%setup -q -n gnome-keyring-%{version} %setup -q -n gnome-keyring-%{version}
%patch4 -p1 -b .file-caps
%patch5 -p1 -b .pam-selinux
%build %build
autoreconf -i -f autoreconf -i -f
@ -148,6 +138,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas
%changelog %changelog
* Mon May 9 2011 Tomas Bzatek <tbzatek@redhat.com> - 3.1.1-1
- Update to 3.1.1
* Mon Apr 25 2011 Matthias Clasen <mclasen@redhat.com> - 3.0.1-1 * Mon Apr 25 2011 Matthias Clasen <mclasen@redhat.com> - 3.0.1-1
- Update to 3.0.1 - Update to 3.0.1

View File

@ -1 +1 @@
9d65defd527919107c72e298f6660473 gnome-keyring-3.0.1.tar.bz2 38e163106401d1685079a4ef54798944 gnome-keyring-3.1.1.tar.bz2