324 lines
10 KiB
Diff
324 lines
10 KiB
Diff
|
diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/genfs.c mpss-daemon-3.8.6/libmpssconfig/genfs.c
|
||
|
--- mpss-daemon-3.8.6.orig/libmpssconfig/genfs.c 2021-01-21 01:46:48.337522089 +0100
|
||
|
+++ mpss-daemon-3.8.6/libmpssconfig/genfs.c 2021-01-21 04:05:30.895228099 +0100
|
||
|
@@ -481,6 +481,8 @@
|
||
|
struct dirent *file;
|
||
|
DIR *dp;
|
||
|
|
||
|
+ printf("handle_common %s\n", dir);
|
||
|
+
|
||
|
switch (type) {
|
||
|
case SRCTYPE_DIR:
|
||
|
mpssut_filename(menv, NULL, comname, PATH_MAX, "%s", dir);
|
||
|
@@ -1682,10 +1684,10 @@
|
||
|
|
||
|
pid = fork();
|
||
|
if (pid == 0) {
|
||
|
- ifargv[0] = "/bin/gzip";
|
||
|
+ ifargv[0] = "/run/current-system/sw/bin/gzip";
|
||
|
ifargv[1] = name;
|
||
|
ifargv[2] = NULL;
|
||
|
- execve("/bin/gzip", ifargv, NULL);
|
||
|
+ execve("/run/current-system/sw/bin/gzip", ifargv, NULL);
|
||
|
}
|
||
|
|
||
|
waitpid(pid, &status, 0);
|
||
|
@@ -1699,11 +1701,11 @@
|
||
|
|
||
|
pid = fork();
|
||
|
if (pid == 0) {
|
||
|
- ifargv[0] = "/bin/gzip";
|
||
|
+ ifargv[0] = "/run/current-system/sw/bin/gzip";
|
||
|
ifargv[1] = "-d";
|
||
|
ifargv[2] = name;
|
||
|
ifargv[3] = NULL;
|
||
|
- execve("/bin/gzip", ifargv, NULL);
|
||
|
+ execve("/run/current-system/sw/bin/gzip", ifargv, NULL);
|
||
|
}
|
||
|
|
||
|
waitpid(pid, NULL, 0);
|
||
|
@@ -1724,7 +1726,7 @@
|
||
|
|
||
|
fclose(stdout);
|
||
|
fclose(stderr);
|
||
|
- ifargv[0] = "/bin/cpio";
|
||
|
+ ifargv[0] = "/run/current-system/sw/bin/cpio";
|
||
|
ifargv[1] = "-i";
|
||
|
ifargv[2] = "-F";
|
||
|
ifargv[3] = cfile;
|
||
|
@@ -1734,7 +1736,7 @@
|
||
|
} else {
|
||
|
ifargv[4] = NULL;
|
||
|
}
|
||
|
- execve("/bin/cpio", ifargv, NULL);
|
||
|
+ execve("/run/current-system/sw/bin/cpio", ifargv, NULL);
|
||
|
}
|
||
|
|
||
|
if (waitpid(pid, &status, 0) < 0)
|
||
|
diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/micenv.c mpss-daemon-3.8.6/libmpssconfig/micenv.c
|
||
|
--- mpss-daemon-3.8.6.orig/libmpssconfig/micenv.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/libmpssconfig/micenv.c 2021-01-21 02:27:02.788081574 +0100
|
||
|
@@ -106,6 +106,8 @@
|
||
|
menv->dist = DISTRIB_SUSE;
|
||
|
else if (!strcasecmp(dist, "ubuntu"))
|
||
|
menv->dist = DISTRIB_UBUNTU;
|
||
|
+ else if (!strcasecmp(dist, "nixos"))
|
||
|
+ menv->dist = DISTRIB_NIXOS;
|
||
|
else
|
||
|
return (SETENV_FUNC_DIST << 16) | SETENV_CMDLINE_DIST;
|
||
|
} else if ((dist = getenv("MPSS_DIST")) != NULL) {
|
||
|
@@ -117,6 +119,8 @@
|
||
|
menv->dist = DISTRIB_SUSE;
|
||
|
else if (!strcasecmp(dist, "ubuntu"))
|
||
|
menv->dist = DISTRIB_UBUNTU;
|
||
|
+ else if (!strcasecmp(dist, "nixos"))
|
||
|
+ menv->dist = DISTRIB_NIXOS;
|
||
|
else
|
||
|
return (SETENV_FUNC_DIST << 16) | SETENV_ENV_DIST;
|
||
|
} else {
|
||
|
@@ -126,12 +130,15 @@
|
||
|
menv->dist = DISTRIB_SUSE;
|
||
|
else if ((stat(UBUNTU_NETWORK_DIR, &sbuf) == 0) && S_ISDIR(sbuf.st_mode))
|
||
|
menv->dist = DISTRIB_UBUNTU;
|
||
|
+ else if ((stat(NIXOS_RUN_DIR, &sbuf) == 0) && S_ISDIR(sbuf.st_mode))
|
||
|
+ menv->dist = DISTRIB_NIXOS;
|
||
|
else
|
||
|
return (SETENV_FUNC_DIST << 16) | SETENV_PROBE_DIST;
|
||
|
}
|
||
|
|
||
|
switch(menv->dist) {
|
||
|
case DISTRIB_REDHAT:
|
||
|
+ case DISTRIB_NIXOS:
|
||
|
case DISTRIB_SUSE:
|
||
|
menv->lockfile = LSB_LOCK_FILENAME;
|
||
|
break;
|
||
|
diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/mpssconfig.h mpss-daemon-3.8.6/libmpssconfig/mpssconfig.h
|
||
|
--- mpss-daemon-3.8.6.orig/libmpssconfig/mpssconfig.h 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/libmpssconfig/mpssconfig.h 2021-01-21 02:10:37.013513734 +0100
|
||
|
@@ -218,6 +218,7 @@
|
||
|
#define REDHAT_NETWORK_DIR "/etc/sysconfig/network-scripts"
|
||
|
#define SUSE_NETWORK_DIR "/etc/sysconfig/network"
|
||
|
#define UBUNTU_NETWORK_DIR "/etc/network"
|
||
|
+#define NIXOS_RUN_DIR "/var/run/nixos"
|
||
|
|
||
|
/**
|
||
|
* Mic family
|
||
|
@@ -239,6 +240,7 @@
|
||
|
#define DISTRIB_REDHAT 1
|
||
|
#define DISTRIB_SUSE 2
|
||
|
#define DISTRIB_UBUNTU 3
|
||
|
+#define DISTRIB_NIXOS 4
|
||
|
char *home;
|
||
|
char *confdir;
|
||
|
char *destdir;
|
||
|
diff -ur mpss-daemon-3.8.6.orig/libmpssconfig/verify_bzimage.c mpss-daemon-3.8.6/libmpssconfig/verify_bzimage.c
|
||
|
--- mpss-daemon-3.8.6.orig/libmpssconfig/verify_bzimage.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/libmpssconfig/verify_bzimage.c 2021-01-21 03:00:35.816162608 +0100
|
||
|
@@ -173,17 +173,18 @@
|
||
|
do_gunzip(char *name)
|
||
|
{
|
||
|
pid_t pid;
|
||
|
- char *ifargv[4];
|
||
|
+ char *ifargv[5];
|
||
|
|
||
|
pid = fork();
|
||
|
if (pid == 0) {
|
||
|
fclose(stdout);
|
||
|
fclose(stderr);
|
||
|
- ifargv[0] = "/bin/gzip";
|
||
|
- ifargv[1] = "-d";
|
||
|
- ifargv[2] = name;
|
||
|
- ifargv[3] = NULL;
|
||
|
- execve("/bin/gzip", ifargv, NULL);
|
||
|
+ ifargv[0] = "/usr/bin/env";
|
||
|
+ ifargv[1] = "gzip";
|
||
|
+ ifargv[2] = "-d";
|
||
|
+ ifargv[3] = name;
|
||
|
+ ifargv[4] = NULL;
|
||
|
+ execve("/usr/bin/env", ifargv, NULL);
|
||
|
}
|
||
|
|
||
|
waitpid(pid, NULL, 0);
|
||
|
diff -ur mpss-daemon-3.8.6.orig/micctrl/init.c mpss-daemon-3.8.6/micctrl/init.c
|
||
|
--- mpss-daemon-3.8.6.orig/micctrl/init.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/micctrl/init.c 2021-01-21 01:52:24.195846483 +0100
|
||
|
@@ -1016,7 +1016,7 @@
|
||
|
}
|
||
|
|
||
|
fprintf(fp, defconf, mpssenv.vardir, DEF_SHUTDOWN_TIMEOUT, DEF_CRASHDUMP_DIR, DEF_CRASHDUMP_LIMITGB);
|
||
|
- fprintf(fp, kncextracmd);
|
||
|
+ fprintf(fp, "%s", kncextracmd);
|
||
|
fclose(fp);
|
||
|
display(PFS, "%s: Created %s\n", mic->name, filename);
|
||
|
} else {
|
||
|
diff -ur mpss-daemon-3.8.6.orig/micctrl/network.c mpss-daemon-3.8.6/micctrl/network.c
|
||
|
--- mpss-daemon-3.8.6.orig/micctrl/network.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/micctrl/network.c 2021-01-21 02:38:42.021016226 +0100
|
||
|
@@ -101,6 +101,13 @@
|
||
|
void ubuntu_unattach_hostbridge(char *name, char *bridge);
|
||
|
void ubuntu_remove_bridges(void);
|
||
|
|
||
|
+void nixos_net_remove(char *name, char *bridge, int modhost);
|
||
|
+void nixos_br_remove(struct mbridge *br);
|
||
|
+void nixos_attach_hostbridge(char *name, char *bridge, char *mac, char *mtu, int saveresolv);
|
||
|
+void nixos_host_addif(char *name, char *ip, char *netbits, char *mtu, char *mac);
|
||
|
+void nixos_unattach_hostbridge(char *name, char *bridge);
|
||
|
+void nixos_remove_bridges(void);
|
||
|
+
|
||
|
struct netinfo {
|
||
|
char *netdir;
|
||
|
char *defnetdir;
|
||
|
@@ -141,7 +148,15 @@
|
||
|
ubuntu_br_remove,
|
||
|
ubuntu_attach_hostbridge,
|
||
|
ubuntu_host_addif,
|
||
|
- ubuntu_remove_bridges}
|
||
|
+ ubuntu_remove_bridges},
|
||
|
+ { "/tmp/notreally",
|
||
|
+ "/tmp/notreally",
|
||
|
+ "/tmp/yeahstillno",
|
||
|
+ nixos_net_remove,
|
||
|
+ nixos_br_remove,
|
||
|
+ nixos_attach_hostbridge,
|
||
|
+ nixos_host_addif,
|
||
|
+ nixos_remove_bridges}
|
||
|
};
|
||
|
|
||
|
#define MIC_DEFAULT_BIG_MTU "64512";
|
||
|
@@ -995,7 +1010,7 @@
|
||
|
(mic->config.rootdev.type == ROOT_TYPE_PFS)) {
|
||
|
mpssut_filename(&mpssenv, NULL, oname, PATH_MAX, "%s/etc/ssh/%s",
|
||
|
strchr(mic->config.rootdev.target, ':') + 1, name);
|
||
|
- if ((fd = open(oname, O_WRONLY|O_CREAT) & 0777) < 0) {
|
||
|
+ if (fd = open(oname, O_WRONLY|O_CREAT, 0755) < 0) {
|
||
|
display(PERROR, "%s: Could not open %s\n", mic->name, oname);
|
||
|
free(buffer);
|
||
|
return 0;
|
||
|
@@ -2571,6 +2586,37 @@
|
||
|
}
|
||
|
|
||
|
void
|
||
|
+nixos_net_remove(char *name, char *bridge, int modhost)
|
||
|
+{
|
||
|
+ printf("STUB: nixos_net_remove(%s, %s, %d)\n", name, bridge, modhost);
|
||
|
+}
|
||
|
+
|
||
|
+void
|
||
|
+nixos_br_remove(struct mbridge *br)
|
||
|
+{
|
||
|
+ printf("STUB: nixos_br_remove(%p)\n", br);
|
||
|
+}
|
||
|
+
|
||
|
+void
|
||
|
+nixos_attach_hostbridge(char *name, char *bridge, char *mac, char *mtu, int saveresolv)
|
||
|
+{
|
||
|
+ printf("STUB: nixos_attach_hostbridge(%s, %s, %s, %s, %d)\n", name, bridge, mac, mtu, saveresolv);
|
||
|
+}
|
||
|
+
|
||
|
+void
|
||
|
+nixos_host_addif(char *name, char *ip, char *netbits, char *mtu, char *mac)
|
||
|
+{
|
||
|
+ printf("STUB: nixos_host_addif(%s, %s, %s, %s, _)\n", name, ip, netbits, mtu, mac);
|
||
|
+}
|
||
|
+
|
||
|
+void
|
||
|
+nixos_remove_bridges(void)
|
||
|
+{
|
||
|
+ printf("STUB: nixos_remove_bridges()\n");
|
||
|
+ // TODO
|
||
|
+}
|
||
|
+
|
||
|
+void
|
||
|
common_host_addif(char *name, char *ip, char *netbits, char *mtu, char *mac)
|
||
|
{
|
||
|
char filename[PATH_MAX];
|
||
|
diff -ur mpss-daemon-3.8.6.orig/micctrl/user.c mpss-daemon-3.8.6/micctrl/user.c
|
||
|
--- mpss-daemon-3.8.6.orig/micctrl/user.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/micctrl/user.c 2021-01-21 03:36:40.330342110 +0100
|
||
|
@@ -2344,14 +2344,18 @@
|
||
|
|
||
|
if ((hpwfp = fopen("/etc/passwd", "r")) == NULL)
|
||
|
return;
|
||
|
+ printf("opened /etc/passwd\n");
|
||
|
|
||
|
while (fgets(line, PWBUF_SIZE, hpwfp)) {
|
||
|
user = line;
|
||
|
+ printf("line: %s\n", user);
|
||
|
if (parse_pwfile(user, &pw, &uid, &gid, &name, &home, &app))
|
||
|
continue;
|
||
|
+ printf("parsed pwfile\n");
|
||
|
|
||
|
if ((uid < get_min_uid()) || (uid == 65534))
|
||
|
continue;
|
||
|
+ printf("uid okay\n");
|
||
|
|
||
|
while (ulist) {
|
||
|
if (!strcmp(ulist->user, user)) {
|
||
|
@@ -2858,7 +2862,7 @@
|
||
|
if (pid == 0) {
|
||
|
fclose(stdout);
|
||
|
fclose(stderr);
|
||
|
- ifargv[0] = "/usr/bin/ssh-keygen";
|
||
|
+ ifargv[0] = "/run/current-system/sw/bin/ssh-keygen";
|
||
|
ifargv[1] = "-q";
|
||
|
ifargv[2] = "-t";
|
||
|
ifargv[3] = type;
|
||
|
@@ -2869,7 +2873,7 @@
|
||
|
ifargv[8] = "-N";
|
||
|
ifargv[9] = "";
|
||
|
ifargv[10] = NULL;
|
||
|
- execve("/usr/bin/ssh-keygen", ifargv, NULL);
|
||
|
+ execve("/run/current-system/sw/bin/ssh-keygen", ifargv, NULL);
|
||
|
exit(errno);
|
||
|
}
|
||
|
|
||
|
@@ -2885,9 +2889,9 @@
|
||
|
char *name;
|
||
|
char *type;
|
||
|
int optional;
|
||
|
-} hkeys[] = {{"ssh_host_key", "rsa1", FALSE},
|
||
|
+} hkeys[] = {/*{"ssh_host_key", "rsa1", FALSE},*/
|
||
|
{"ssh_host_rsa_key", "rsa", FALSE},
|
||
|
- {"ssh_host_dsa_key", "dsa", FALSE},
|
||
|
+ /*{"ssh_host_dsa_key", "dsa", FALSE},*/
|
||
|
{"ssh_host_ecdsa_key", "ecdsa", TRUE},
|
||
|
{NULL, NULL}};
|
||
|
|
||
|
diff -ur mpss-daemon-3.8.6.orig/micctrl/utilfuncs.c mpss-daemon-3.8.6/micctrl/utilfuncs.c
|
||
|
--- mpss-daemon-3.8.6.orig/micctrl/utilfuncs.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/micctrl/utilfuncs.c 2021-01-21 01:56:35.453755052 +0100
|
||
|
@@ -238,7 +238,7 @@
|
||
|
mpssut_filename(&mpssenv, NULL, permfile, PATH_MAX, "/permfile");
|
||
|
tmpname = mpssut_tempnam(permfile);
|
||
|
|
||
|
- if ((fd = open(tmpname, O_RDWR | O_CREAT)) < 0) {
|
||
|
+ if ((fd = open(tmpname, O_RDWR | O_CREAT, 0644)) < 0) {
|
||
|
free(tmpname);
|
||
|
display(PERROR, "Failed permissions test - cannot determine if %s is secure\n", mpssenv.destdir);
|
||
|
exit(errno);
|
||
|
diff -ur mpss-daemon-3.8.6.orig/mpssd/mpssd.c mpss-daemon-3.8.6/mpssd/mpssd.c
|
||
|
--- mpss-daemon-3.8.6.orig/mpssd/mpssd.c 2021-01-21 01:46:48.338522081 +0100
|
||
|
+++ mpss-daemon-3.8.6/mpssd/mpssd.c 2021-01-21 03:52:50.930892803 +0100
|
||
|
@@ -729,10 +729,10 @@
|
||
|
|
||
|
pid = fork();
|
||
|
if (pid == 0) {
|
||
|
- ifargv[0] = "/bin/gzip";
|
||
|
+ ifargv[0] = "/run/current-system/sw/bin/gzip";
|
||
|
ifargv[1] = name;
|
||
|
ifargv[2] = NULL;
|
||
|
- execve("/bin/gzip", ifargv, NULL);
|
||
|
+ execve("/run/current-system/sw/bin/gzip", ifargv, NULL);
|
||
|
}
|
||
|
|
||
|
return pid;
|
||
|
@@ -1418,7 +1418,7 @@
|
||
|
len = read(fd, cookie, MPSS_COOKIE_SIZE);
|
||
|
close(fd);
|
||
|
|
||
|
- if ((fd = open(cookiename, O_WRONLY|O_CREAT)) < 0) {
|
||
|
+ if ((fd = open(cookiename, O_WRONLY|O_CREAT, 0755)) < 0) {
|
||
|
mpsslog(PERROR, "Failed to open %s: %s\n", cookiename, strerror(errno));
|
||
|
goto cookie_done;
|
||
|
}
|