1 |
commit: 16fa2fe4be80df6b61c0ecfa755ce7ad0ea9d358 |
2 |
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> |
3 |
AuthorDate: Sun Jan 31 20:50:27 2021 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 6 20:54:11 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=16fa2fe4 |
7 |
|
8 |
genhomedircon: improve error messages for min uid search |
9 |
|
10 |
Only grep if the files exist. |
11 |
grep returns 1 on no match, check against 1 instead of 256. |
12 |
|
13 |
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> |
14 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
15 |
|
16 |
support/genhomedircon.py | 56 +++++++++++++++++++++++++----------------------- |
17 |
1 file changed, 29 insertions(+), 27 deletions(-) |
18 |
|
19 |
diff --git a/support/genhomedircon.py b/support/genhomedircon.py |
20 |
index e4475f5c..2721bd7d 100644 |
21 |
--- a/support/genhomedircon.py |
22 |
+++ b/support/genhomedircon.py |
23 |
@@ -40,7 +40,7 @@ |
24 |
# are always "real" (including root, in the default configuration). |
25 |
# |
26 |
|
27 |
-import sys, pwd, getopt, re |
28 |
+import sys, pwd, getopt, re, os |
29 |
from subprocess import getstatusoutput |
30 |
|
31 |
EXCLUDE_LOGINS=["/sbin/nologin", "/bin/false"] |
32 |
@@ -71,32 +71,34 @@ def getStartingUID(): |
33 |
|
34 |
def getDefaultHomeDir(): |
35 |
ret = [] |
36 |
- rc=getstatusoutput("grep -h '^HOME' /etc/default/useradd") |
37 |
- if rc[0] == 0: |
38 |
- homedir = rc[1].split("=")[1] |
39 |
- homedir = homedir.split("#")[0] |
40 |
- homedir = homedir.strip() |
41 |
- if not homedir in ret: |
42 |
- ret.append(homedir) |
43 |
- else: |
44 |
- #rc[0] == 256 means the file was there, we read it, but the grep didn't match |
45 |
- if rc[0] != 256: |
46 |
- sys.stderr.write("%s\n" % rc[1]) |
47 |
- sys.stderr.write("You do not have access to /etc/default/useradd HOME=\n") |
48 |
- sys.stderr.flush() |
49 |
- rc=getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf") |
50 |
- if rc[0] == 0: |
51 |
- homedir = rc[1].split("=")[1] |
52 |
- homedir = homedir.split("#")[0] |
53 |
- homedir = homedir.strip() |
54 |
- if not homedir in ret: |
55 |
- ret.append(homedir) |
56 |
- else: |
57 |
- #rc[0] == 256 means the file was there, we read it, but the grep didn't match |
58 |
- if rc[0] != 256: |
59 |
- sys.stderr.write("%s\n" % rc[1]) |
60 |
- sys.stderr.write("You do not have access to /etc/libuser.conf LU_HOMEDIRECTORY=\n") |
61 |
- sys.stderr.flush() |
62 |
+ if os.path.isfile('/etc/default/useradd'): |
63 |
+ rc=getstatusoutput("grep -h '^HOME' /etc/default/useradd") |
64 |
+ if rc[0] == 0: |
65 |
+ homedir = rc[1].split("=")[1] |
66 |
+ homedir = homedir.split("#")[0] |
67 |
+ homedir = homedir.strip() |
68 |
+ if not homedir in ret: |
69 |
+ ret.append(homedir) |
70 |
+ else: |
71 |
+ #rc[0] == 1 means the file was there, we read it, but the grep didn't match |
72 |
+ if rc[0] != 1: |
73 |
+ sys.stderr.write("(%d): %s\n" % (rc[0], rc[1])) |
74 |
+ sys.stderr.write("You do not have access to /etc/default/useradd HOME=\n") |
75 |
+ sys.stderr.flush() |
76 |
+ if os.path.isfile('/etc/libuser.conf'): |
77 |
+ rc=getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf") |
78 |
+ if rc[0] == 0: |
79 |
+ homedir = rc[1].split("=")[1] |
80 |
+ homedir = homedir.split("#")[0] |
81 |
+ homedir = homedir.strip() |
82 |
+ if not homedir in ret: |
83 |
+ ret.append(homedir) |
84 |
+ else: |
85 |
+ #rc[0] == 1 means the file was there, we read it, but the grep didn't match |
86 |
+ if rc[0] != 1: |
87 |
+ sys.stderr.write("(%d): %s\n" % (rc[0], rc[1])) |
88 |
+ sys.stderr.write("You do not have access to /etc/libuser.conf LU_HOMEDIRECTORY=\n") |
89 |
+ sys.stderr.flush() |
90 |
if ret == []: |
91 |
ret.append("/home") |
92 |
return ret |