Added additonal check of backup file's owner

i9 changed/i9/crypto-policies-20230731-1.git94f0e2c.el9_3.1.1
Alexey Berezhok 11 months ago
parent 22955810ef
commit 9a21d8128a

@ -1,4 +1,4 @@
From e5a68f54ac324d218e3b9575eb0a096c8905aaf9 Mon Sep 17 00:00:00 2001
From 951bd751a2b30d2ada58468fd18f5f550d38e51b Mon Sep 17 00:00:00 2001
From: Alexey Berezhok <aberezhok@msvsphere-os.ru>
Date: Tue, 23 Jan 2024 23:01:57 +0300
Subject: [PATCH] Added GOST policy also added experimental PAM generator
@ -26,7 +26,7 @@ Subject: [PATCH] Added GOST policy also added experimental PAM generator
python/policygenerators/auth.py | 36 +++++
.../fedora-crypto-policies.code-workspace | 0
python/policygenerators/openssl.py | 23 +++
scripts/auth_apply.sh | 110 +++++++++++++
scripts/auth_apply.sh | 115 ++++++++++++++
tests/alternative-policies/GOST-ONLY.pol | 30 ++++
tests/alternative-policies/modules/GOST.pmod | 18 +++
tests/gnutls.pl | 2 +-
@ -104,7 +104,7 @@ Subject: [PATCH] Added GOST policy also added experimental PAM generator
tests/outputs/GOST-ONLY-sequoia.txt | 51 ++++++
tests/outputs/LEGACY-auth.txt | 0
.../outputs/LEGACY:AD-SUPPORT-LEGACY-auth.txt | 0
100 files changed, 1397 insertions(+), 10 deletions(-)
100 files changed, 1402 insertions(+), 10 deletions(-)
create mode 100644 authselect_policies/sssd_gost/README
create mode 100644 authselect_policies/sssd_gost/REQUIREMENTS
create mode 100644 authselect_policies/sssd_gost/dconf-db
@ -982,10 +982,10 @@ index 165a26b..75940d8 100644
s += 'Options = RHNoEnforceEMSinFIPS\n'
diff --git a/scripts/auth_apply.sh b/scripts/auth_apply.sh
new file mode 100755
index 0000000..ca5c3dc
index 0000000..0fa7192
--- /dev/null
+++ b/scripts/auth_apply.sh
@@ -0,0 +1,110 @@
@@ -0,0 +1,115 @@
+#!/usr/bin/bash
+# Скрипт настройки профиля authselect для crypto-policy
+# Примеры запуска:
@ -1062,7 +1062,12 @@ index 0000000..ca5c3dc
+# данный снимок создается при профиля через crypto-policy
+if [ "$EMPTY" = "1" ];then
+ if [ -e "$PATH_TO_AUTH_SEL_BAK" ];then
+ /usr/bin/mv -f "$PATH_TO_AUTH_SEL_BAK" "$PATH_TO_AUTH_CONFIG"
+# Только root может восстанавливать конфигурацию из резервной копии
+# дабыизбежать подлога и восстановления файла, созданного пользователем
+ OWNER_UID=$(/usr/bin/stat -c "%u" "$PATH_TO_AUTH_SEL_BAK")
+ if [ "$OWNER_UID" = "0" ];then
+ /usr/bin/mv -f "$PATH_TO_AUTH_SEL_BAK" "$PATH_TO_AUTH_CONFIG"
+ fi
+ fi
+ if [ -z "$TEST" ];then
+ $AUTH_SELECT_APPLY

Loading…
Cancel
Save