From 235a937b7ad16ef556555bb68f435d6c597a80b5 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mon, 19 Dec 2005 23:22:09 +0000
Subject: [PATCH] * Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-3 -
 Remove commands from genhomedircon for installer

---
 policycoreutils-rhat.patch | 271 ++++++++++++++++++++++++++++++++++++-
 policycoreutils.spec       |   5 +-
 2 files changed, 270 insertions(+), 6 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 5aa0a54..494f183 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,8 +1,12 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.1/scripts/genhomedircon
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon
 --- nsapolicycoreutils/scripts/genhomedircon	2005-12-07 07:28:00.000000000 -0500
-+++ policycoreutils-1.29.1/scripts/genhomedircon	2005-12-14 14:12:00.000000000 -0500
-@@ -29,11 +29,14 @@
- import commands, sys, os, pwd, string, getopt, re
++++ policycoreutils-1.29.2/scripts/genhomedircon	2005-12-19 18:17:05.000000000 -0500
+@@ -26,64 +26,70 @@
+ #
+ #  
+ 
+-import commands, sys, os, pwd, string, getopt, re
++import sys, os, pwd, string, getopt, re
  from semanage import *;
  
 -fd=open("/etc/shells", 'r')
@@ -18,10 +22,134 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
 +		VALID_SHELLS.remove("/sbin/nologin")
 +except:
 +	VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
++
++def findval(file, var, delim=""):
++	val=""
++	fd=open(file, 'r')
++	for i in  fd.read().split('\n'):
++		if i.startswith(var) == 1:
++			if delim == "":
++				val = i.split()[1]
++			else:
++				val = i.split(delim)[1]
++			val = val.split("#")[0]
++			val = val.strip()
++	fd.close()
++	return val
  
  def getStartingUID():
  	starting_uid = sys.maxint
-@@ -163,21 +166,29 @@
+-	rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs")
+-	if rc[0] == 0:
+-		uid_min = re.sub("^UID_MIN[^0-9]*", "", rc[1])
+-		#stip any comment from the end of the line
++	uid_min= findval("/etc/login.defs", "UID_MIN")
++	if uid_min != "":
+ 		uid_min = uid_min.split("#")[0]
+ 		uid_min = uid_min.strip()
+ 		if int(uid_min) < starting_uid:
+ 			starting_uid = int(uid_min)
+-	rc=commands.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf")
+-	if rc[0] == 0:
+-		lu_uidnumber = re.sub("^LU_UIDNUMBER[^0-9]*", "", rc[1])
+-		#stip any comment from the end of the line
+-		lu_uidnumber = re.sub("[ \t].*", "", lu_uidnumber)
+-		lu_uidnumber = lu_uidnumber.split("#")[0]
+-		lu_uidnumber = lu_uidnumber.strip()
+-		if int(lu_uidnumber) < starting_uid:
+-			starting_uid = int(lu_uidnumber)
++
++	uid_min= findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
++	if uid_min != "":
++		uid_min = uid_min.split("#")[0]
++		uid_min = uid_min.strip()
++		if int(uid_min) < starting_uid:
++			starting_uid = int(uid_min)
++
+ 	if starting_uid == sys.maxint:
+ 		starting_uid = 500
+ 	return starting_uid
+ 
+ def getDefaultHomeDir():
+ 	ret = []
+-	rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")
+-	if rc[0] == 0:
+-		homedir = rc[1].split("=")[1]
+-		homedir = homedir.split("#")[0]
+-		homedir = homedir.strip()
+-		if not homedir in ret:
+-			ret.append(homedir)
+-
+-	rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")
+-	if rc[0] == 0:
+-		homedir = rc[1].split("=")[1]
+-		homedir = homedir.split("#")[0]
+-		homedir = homedir.strip()
+-		if not homedir in ret:
+-			ret.append(homedir)
+-
++	homedir=findval("/etc/default/useradd", "HOME", "=")
++	if homedir != "" and not homedir in ret:
++		ret.append(homedir)
++	
++	homedir=findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
++	if homedir != "" and not homedir in ret:
++		ret.append(homedir)
++	
+ 	if ret == []:
+ 		ret.append("/home")
+ 	return ret
+ 
+ def getSELinuxType(directory):
+-	rc=commands.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory)
+-	if rc[0]==0:
+-		return rc[1].split("=")[-1].strip()
++	val=findval(directory+"/config", "SELINUXTYPE", "=")
++	if val != "":
++		return val
+ 	return "targeted"
+ 
+ def usage(error = ""):
+@@ -129,11 +135,17 @@
+ 		return self.getFileContextDir()+"/homedir_template"
+ 
+ 	def getHomeRootContext(self, homedir):
+-		rc=commands.getstatusoutput("grep HOME_ROOT  %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir))
+-		if rc[0] == 0:
+-			return rc[1]+"\n"
+-		else:
+-			errorExit("sed error %s" % rc[1])
++		ret=""
++		fd=open(self.getHomeDirTemplate(), 'r')
++
++		for i in  fd.read().split('\n'):
++			if i.find("HOME_ROOT") == 0:
++				i=i.replace("HOME_ROOT", homedir)
++				ret = i+"\n"
++		fd.close()
++		if ret=="":
++			errorExit("No Home Root Context Found")
++		return ret
+ 
+ 	def heading(self):
+ 		ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
+@@ -152,32 +164,40 @@
+ 				return "user_r"
+ 		return name
+ 	def getOldRole(self, role):
+-		rc = commands.getstatusoutput('grep "^user %s" %s' % (role, self.selinuxdir+self.type+"/users/system.users"))
+-		if rc[0] != 0:					    
+-			rc = commands.getstatusoutput('grep "^user %s" %s' % (role, self.selinuxdir+self.type+"/users/local.users"))
+-		if rc[0] == 0:
+-			user=rc[1].split()
++		rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s" %s' % role, "=")
++		if rc == "":					    
++			rc=findval(self.selinuxdir+self.type+"/users/local.users", 'grep "^user %s" %s' % role, "=")
++		if rc != "":
++			user=rc.split()
+ 			role = user[3]
+ 			if role == "{":
+ 				role = user[4]
  		return role
  		
  	def adduser(self, udict, user, seuser, role):
@@ -62,3 +190,136 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon po
  
  	def getUsers(self):
  		udict = {}
+@@ -190,30 +210,45 @@
+ 				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername))
+ 				
+ 		else:
+-			rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.selinuxdir+self.type+"/seusers")
+-			if rc[0] == 0 and rc[1] != "":
+-				ulist = rc[1].split("\n")
+-				for u in ulist:
+-					if len(u)==0:
+-						continue
+-					user = u.split(":")
+-					if len(user) < 3:
+-						continue
+-					role=self.getOldRole(user[1])
+-					self.adduser(udict, user[0], user[1], role)
++			fd =open(self.selinuxdir+self.type+"/seusers")
++			for u in  fd.read().split('\n'):
++				u=u.strip()
++				if len(u)==0 or u[0]=="#":
++					continue
++				user = u.split(":")
++				if len(user) < 3:
++					continue
++				role=self.getOldRole(user[1])
++				self.adduser(udict, user[0], user[1], role)
++			fd.close()
+ 		return udict
+ 
+ 	def getHomeDirContext(self, user, home, role):
+ 		ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
+-		rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
+-		return ret + rc[1] + "\n"
++		fd=open(self.getHomeDirTemplate(), 'r')
++		for i in  fd.read().split('\n'):
++			if i.startswith("HOME_DIR") == 1:
++				i=i.replace("HOME_DIR", home)
++				i=i.replace("ROLE", role)
++				i=i.replace("system_u", user)
++				ret = ret+i+"\n"
++		fd.close()
++		return ret
+ 
+ 	def getUserContext(self, user, sel_user, role):
+-		rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))
+-		return rc[1] + "\n"
++		ret=""
++		fd=open(self.getHomeDirTemplate(), 'r')
++		for i in  fd.read().split('\n'):
++			if i.find("USER") == 1:
++				i=i.replace("USER", user)
++				i=i.replace("ROLE", role)
++				i=i.replace("system_u", sel_user)
++				ret=ret+i+"\n"
++		fd.close()
++		return ret
+ 
+ 	def genHomeDirContext(self):
+-		if commands.getstatusoutput("grep -q 'ROLE' %s" % self.getHomeDirTemplate())[0] == 0 and self.semanaged:
++		if self.semanaged and findval(self.getHomeDirTemplate(), "ROLE", "=") != "":
+ 			warning("genhomedircon:  Warning!  No support yet for expanding ROLE macros in the %s file when using libsemanage." % self.getHomeDirTemplate());
+ 			warning("genhomedircon:  You must manually update file_contexts.homedirs for any non-user_r users (including root).");
+ 		users = self.getUsers()
+@@ -225,40 +260,23 @@
+ 		return ret+"\n"
+ 
+ 	def checkExists(self, home):
+-		if commands.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0:
+-			return 0
+-		#this works by grepping the file_contexts for
+-		# 1. ^/ makes sure this is not a comment
+-		# 2. prints only the regex in the first column first cut on \t then on space
+-		rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " %  self.getFileContextFile() )
+-		if rc[0] == 0:
+-			prefix_regex = rc[1].split("\n")
+-		else:
+-			warning("%s\nYou do not have access to read %s\n" % (rc[1], self.getFileContextFile()))
+-
+-		exists=1
+-		for regex in prefix_regex:
+-			#match a trailing (/*)? which is actually a bug in rpc_pipefs
+-			regex = re.sub("\(/\*\)\?$", "", regex)
+-			#match a trailing .+
+-			regex = re.sub("\.+$", "", regex)
+-			#match a trailing .*
+-			regex = re.sub("\.\*$", "", regex)
+-			#strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
+-			regex = re.sub("\(\/\.\*\)\?", "", regex)
+-			regex = regex + "/*$"
+-			if re.search(regex, home, 0):
+-				exists = 0
+-				break
+-		if exists == 1:
+-			return 1
+-		else:
+-			return 0
+-
++		fd=open(self.getFileContextFile())
++                for i in  fd.read().split('\n'):
++                    if len(i)==0:
++                        return
++                    regex=i.split()[0]
++                    #match a trailing .+
++                    regex = re.sub("\.+$", "", regex)
++                    regex = re.sub("\.\*$", "", regex)
++                    #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s
++                    regex = re.sub("\(\/\.\*\)\?", "", regex)
++                    regex = regex + "/*$"
++                    if re.search(home, regex, 0):
++                        return 1
++		return 0
+ 
+ 	def getHomeDirs(self):
+-		homedirs = []
+-		homedirs = homedirs + getDefaultHomeDir()
++		homedirs = getDefaultHomeDir()
+ 		starting_uid=getStartingUID()
+ 		if self.usepwd==0:
+ 			return homedirs
+@@ -270,7 +288,7 @@
+ 					string.count(u[5], "/") > 1:
+ 				homedir = u[5][:string.rfind(u[5], "/")]
+ 				if not homedir in homedirs:
+-					if self.checkExists(homedir)==0:
++					if self.checkExists(homedir)==1:
+ 						warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
+ 					else:
+ 						homedirs.append(homedir)
+@@ -336,4 +354,4 @@
+ except ValueError, error:
+ 	errorExit("ValueError %s" % error)
+ except IndexError, error:
+-	errorExit("IndexError")
++	errorExit("IndexError %s" % error)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index ffb5904..861039d 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -4,7 +4,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.29.2
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -96,6 +96,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 
 %changelog
+* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-3
+- Remove commands from genhomedircon for installer
+
 * Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-1
 - Fix genhomedircon to work in installer
 - Update to match NSA