diff options
author | Ondrej Kos <okos@redhat.com> | 2013-06-26 14:56:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-09 23:47:49 +0200 |
commit | eca766c0801ed859a8b50e23cb94fa79acd866f4 (patch) | |
tree | 2e963713fa92877595af46f0ed557d12e5c57421 | |
parent | 93bd0fbd1147371122612af88ed8a3c4534112ae (diff) | |
download | sssd-eca766c0801ed859a8b50e23cb94fa79acd866f4.tar.gz sssd-eca766c0801ed859a8b50e23cb94fa79acd866f4.tar.bz2 sssd-eca766c0801ed859a8b50e23cb94fa79acd866f4.zip |
Do not copy special files when creating homedir
https://fedorahosted.org/sssd/ticket/1778
When trying to copy special file, only message is logged now.
-rw-r--r-- | src/man/sss_useradd.8.xml | 4 | ||||
-rw-r--r-- | src/tests/files-tests.c | 8 | ||||
-rw-r--r-- | src/tools/files.c | 71 |
3 files changed, 10 insertions, 73 deletions
diff --git a/src/man/sss_useradd.8.xml b/src/man/sss_useradd.8.xml index 2bbdd2fa..f937599f 100644 --- a/src/man/sss_useradd.8.xml +++ b/src/man/sss_useradd.8.xml @@ -140,6 +140,10 @@ created by <command>sss_useradd</command>. </para> <para> + Special files (block devices, character devices, named + pipes and unix sockets) will not be copied. + </para> + <para> This option is only valid if the <option>-m</option> (or <option>--create-home</option>) option is specified, or creation of home directories is set to TRUE diff --git a/src/tests/files-tests.c b/src/tests/files-tests.c index 4225098c..5851a721 100644 --- a/src/tests/files-tests.c +++ b/src/tests/files-tests.c @@ -245,7 +245,6 @@ START_TEST(test_copy_node) int ret; char origpath[PATH_MAX+1]; char *tmp; - struct stat statbuf; errno = 0; fail_unless(getcwd(origpath, PATH_MAX) == origpath, "Cannot getcwd\n"); @@ -267,14 +266,13 @@ START_TEST(test_copy_node) ret = copy_tree(dir_path, dst_path, 0700, uid, gid); fail_unless(ret == EOK, "copy_tree failed\n"); - /* check if really copied */ + /* check if really copied and without special files */ ret = access(dst_path, F_OK); fail_unless(ret == 0, "destination directory not there\n"); tmp = talloc_asprintf(test_ctx, "%s/testnode", dst_path); - ret = lstat(tmp, &statbuf); - fail_unless(ret == 0, "cannot stat the node %s\n", tmp); - fail_unless(S_ISFIFO(statbuf.st_mode), "%s not a char device??\n", tmp); + ret = access(tmp, F_OK); + fail_unless(ret == -1, "special file %s exists, it shouldn't\n", tmp); talloc_free(tmp); } END_TEST diff --git a/src/tools/files.c b/src/tools/files.c index 1c1b0855..ff04d09f 100644 --- a/src/tools/files.c +++ b/src/tools/files.c @@ -351,66 +351,6 @@ copy_symlink(int src_dir_fd, return EOK; } -/* Create a special file named file_name under a directory with file - * descriptor dst_dir_fd. full_path is used for both setting SELinux - * context and logging. The node is owned by uid/gid and its mode - * and device number is read from statp. - */ -static int copy_special(int dst_dir_fd, - const char *file_name, - const char *full_path, - const struct stat *statp, - uid_t uid, gid_t gid) -{ - int ret; - - ret = selinux_file_context(full_path); - if (ret != 0) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Failed to set SELinux context for [%s]\n", full_path)); - /* Not fatal */ - } - - ret = mknodat(dst_dir_fd, file_name, statp->st_mode & ~07777, - statp->st_rdev); - if (ret != 0) { - ret = errno; - DEBUG(SSSDBG_OP_FAILURE, - ("Cannot mknod special file '%s': [%d][%s].\n", - full_path, ret, strerror(ret))); - return ret; - } - - ret = fchownat(dst_dir_fd, file_name, uid, gid, 0); - if (ret != 0) { - ret = errno; - DEBUG(SSSDBG_CRIT_FAILURE, - ("fchownat failed for '%s': [%d][%s]\n", - full_path, ret, strerror(ret))); - return ret; - } - - ret = fchmodat(dst_dir_fd, file_name, statp->st_mode & 07777, 0); - if (ret != 0) { - ret = errno; - DEBUG(SSSDBG_CRIT_FAILURE, - ("fchmodat failed for '%s': [%d][%s]\n", - full_path, ret, strerror(ret))); - return ret; - } - - ret = sss_timeat_set(dst_dir_fd, file_name, statp, 0); - if (ret == -1) { - ret = errno; - DEBUG(SSSDBG_MINOR_FAILURE, - ("utimensat failed for '%s': [%d][%s]\n", - full_path, ret, strerror(ret))); - /* Do not fail, this shouldn't be fatal */ - } - - return EOK; -} - /* Copy bytes from input file descriptor ifd into file named * dst_named under directory with dest_dir_fd. Own the new file * by uid/gid @@ -602,14 +542,9 @@ copy_entry(struct copy_ctx *cctx, goto done; } } else { - /* Copy a special file */ - ret = copy_special(dest_dir_fd, ent_name, dest_ent_path, - &st, cctx->uid, cctx->gid); - if (ret) { - DEBUG(SSSDBG_OP_FAILURE, ("Cannot copy '%s' to '%s'\n", - src_ent_path, dest_ent_path)); - goto done; - } + /* Is a special file */ + DEBUG(SSSDBG_FUNC_DATA, ("'%s' is a special file, skipping.\n", + src_ent_path)); } ret = EOK; |