[hamradio-commits] [dump1090-mutability] 95/172: Fix edge cases when specifying the user to run as.
Matteo F. Vescovi
mfv at moszumanska.debian.org
Sun Jan 28 13:45:49 UTC 2018
This is an automated email from the git hooks/post-receive script.
mfv pushed a commit to branch master
in repository dump1090-mutability.
commit d716a1164a747f2f5db7e0db0a92e4dedd918cf2
Author: Oliver Jowett <oliver at mutability.co.uk>
Date: Thu Feb 19 22:41:39 2015 +0000
Fix edge cases when specifying the user to run as.
* check the username fits the format expected by adduser;
* don't allow root;
* if the user exists, don't try to create it; usually, this is
harmless, but it fails if the user exists with a UID outside the
normal range for system users.
Fixes #24.
---
debian/changelog | 10 ++++++++++
debian/dump1090-mutability.config | 15 +++++++++++++--
debian/dump1090-mutability.init | 6 +++---
debian/dump1090-mutability.postinst | 5 ++++-
debian/dump1090-mutability.templates | 4 ++++
5 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3784aaa..5a61338 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+dump1090-mutability (1.15) UNRELEASED; urgency=medium
+
+ * In development.
+ * Validate that the username given to debconf is syntactically OK and
+ isn't root. (github issue #24)
+ * Don't fail on postinst if the given user exists but is outside
+ the usual system user UID range. (github issue #24)
+
+ -- Oliver Jowett <oliver at mutability.co.uk> Thu, 19 Feb 2015 22:39:19 +0000
+
dump1090-mutability (1.14) unstable; urgency=medium
* Position reporting:
diff --git a/debian/dump1090-mutability.config b/debian/dump1090-mutability.config
index 8901f89..b7bd76e 100644
--- a/debian/dump1090-mutability.config
+++ b/debian/dump1090-mutability.config
@@ -69,7 +69,7 @@ db_input_verify() {
while :
do
db_get $KEY
- if $VERIFY $RET; then return 0; fi
+ if $VERIFY "$RET"; then return 0; fi
if [ $RESULT -ne 0 ]; then
# db_input failed, and the existing value does not validate
if [ $RESULT = 30 ] && [ $ASKED = 0 ]
@@ -161,6 +161,17 @@ is_not_empty() {
if [ -z "$1" ]; then return 1; else return 0; fi
}
+# "adduser: To avoid problems, the username should consist only of
+# letters, digits, underscores, full stops, at signs and dashes, and not start with
+# a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
+# machine accounts $ is also supported at the end of the username"
+is_non_root_user() {
+ if [ -z "$1" ]; then return 1;
+ elif [ "$1" = "root" ]; then return 1;
+ elif echo "$1" | grep -Eq '^[a-zA-Z0-9_. at -]+\$?$'; then return 0;
+ else return 1; fi
+}
+
is_port_number() {
if is_unsigned_int "$1"; then
if [ "$1" -eq 0 ]; then return 0; fi
@@ -177,7 +188,7 @@ db_input high $NAME/auto-start || true
db_go || true; db_get $NAME/auto-start; if [ "$RET" = "true" ]; then
# all of these are only relevant if the init script is enabled
- db_input_verify low $NAME/run-as-user is_not_empty || true
+ db_input_verify low $NAME/run-as-user is_non_root_user || true
db_input_verify low $NAME/log-file is_not_empty || true
db_input medium $NAME/rtlsdr-device || true
diff --git a/debian/dump1090-mutability.init b/debian/dump1090-mutability.init
index dd57e82..3a81af3 100644
--- a/debian/dump1090-mutability.init
+++ b/debian/dump1090-mutability.init
@@ -119,7 +119,7 @@ do_start()
return 2
fi
- start-stop-daemon --start --quiet --pidfile $PIDFILE --user $DUMP1090_USER --exec $DAEMON --test > /dev/null \
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --user "$DUMP1090_USER" --exec $DAEMON --test > /dev/null \
|| return 1
# create JSON_DIR with the appropriate permissions
@@ -130,7 +130,7 @@ do_start()
fi
fi
- start-stop-daemon --start $NICELEVEL --quiet --pidfile $PIDFILE --user $DUMP1090_USER --chuid $DUMP1090_USER --make-pidfile --background --no-close --exec $DAEMON -- \
+ start-stop-daemon --start $NICELEVEL --quiet --pidfile $PIDFILE --user "$DUMP1090_USER" --chuid "$DUMP1090_USER" --make-pidfile --background --no-close --exec $DAEMON -- \
$ARGS >>$LOGFILE 2>&1 \
|| return 2
sleep 1
@@ -146,7 +146,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user $DUMP1090_USER --exec $DAEMON
+ start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user "$DUMP1090_USER" --exec $DAEMON
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
sleep 1
diff --git a/debian/dump1090-mutability.postinst b/debian/dump1090-mutability.postinst
index d33d600..2b48170 100644
--- a/debian/dump1090-mutability.postinst
+++ b/debian/dump1090-mutability.postinst
@@ -97,7 +97,10 @@ case "$1" in
db_get $NAME/auto-start
if [ "$RET" = "true" ]; then
db_get $NAME/run-as-user
- adduser --system --home /usr/share/$NAME --no-create-home --quiet "$RET"
+ if ! getent passwd "$RET" >/dev/null
+ then
+ adduser --system --home /usr/share/$NAME --no-create-home --quiet "$RET"
+ fi
fi
# -10 changed the lighttpd config file, but didn't arrange to restart it.
diff --git a/debian/dump1090-mutability.templates b/debian/dump1090-mutability.templates
index 5152930..0302d70 100644
--- a/debian/dump1090-mutability.templates
+++ b/debian/dump1090-mutability.templates
@@ -332,3 +332,7 @@ Type: error
Template: dump1090-mutability/invalid-is_valid_gain
Description: Value must be a numeric gain value, or "max", or "agc".
Type: error
+
+Template: dump1090-mutability/invalid-is_non_root_user
+Description: Value must be a username (without spaces) that isn't root.
+Type: error
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-hamradio/dump1090-mutability.git
More information about the pkg-hamradio-commits
mailing list