rpms
/
crypto-policies
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added additonal check of backup file's owner

Browse Source
i9 changed/i9/crypto-policies-20230731-1.git94f0e2c.el9_3.1.1
Alexey Berezhok 10 months ago
parent 22955810ef
commit 9a21d8128a
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File

17
SOURCES/0001-Added-GOST-policy-also-added-experimental-PAM-genera.patch
Unescape View File

@ -1,4 +1,4 @@
From e5a68f54ac324d218e3b9575eb0a096c8905aaf9 Mon Sep 17 00:00:00 2001 From 951bd751a2b30d2ada58468fd18f5f550d38e51b Mon Sep 17 00:00:00 2001
From: Alexey Berezhok <aberezhok@msvsphere-os.ru> From: Alexey Berezhok <aberezhok@msvsphere-os.ru>
Date: Tue, 23 Jan 2024 23:01:57 +0300 Date: Tue, 23 Jan 2024 23:01:57 +0300
Subject: [PATCH] Added GOST policy also added experimental PAM generator Subject: [PATCH] Added GOST policy also added experimental PAM generator
@ -26,7 +26,7 @@ Subject: [PATCH] Added GOST policy also added experimental PAM generator
python/policygenerators/auth.py | 36 +++++ python/policygenerators/auth.py | 36 +++++
.../fedora-crypto-policies.code-workspace | 0 .../fedora-crypto-policies.code-workspace | 0
python/policygenerators/openssl.py | 23 +++ python/policygenerators/openssl.py | 23 +++
scripts/auth_apply.sh | 110 +++++++++++++ scripts/auth_apply.sh | 115 ++++++++++++++
tests/alternative-policies/GOST-ONLY.pol | 30 ++++ tests/alternative-policies/GOST-ONLY.pol | 30 ++++
tests/alternative-policies/modules/GOST.pmod | 18 +++ tests/alternative-policies/modules/GOST.pmod | 18 +++
tests/gnutls.pl | 2 +- tests/gnutls.pl | 2 +-
@ -104,7 +104,7 @@ Subject: [PATCH] Added GOST policy also added experimental PAM generator
tests/outputs/GOST-ONLY-sequoia.txt | 51 ++++++ tests/outputs/GOST-ONLY-sequoia.txt | 51 ++++++
tests/outputs/LEGACY-auth.txt | 0 tests/outputs/LEGACY-auth.txt | 0
.../outputs/LEGACY:AD-SUPPORT-LEGACY-auth.txt | 0 .../outputs/LEGACY:AD-SUPPORT-LEGACY-auth.txt | 0
100 files changed, 1397 insertions(+), 10 deletions(-) 100 files changed, 1402 insertions(+), 10 deletions(-)
create mode 100644 authselect_policies/sssd_gost/README create mode 100644 authselect_policies/sssd_gost/README
create mode 100644 authselect_policies/sssd_gost/REQUIREMENTS create mode 100644 authselect_policies/sssd_gost/REQUIREMENTS
create mode 100644 authselect_policies/sssd_gost/dconf-db create mode 100644 authselect_policies/sssd_gost/dconf-db
@ -982,10 +982,10 @@ index 165a26b..75940d8 100644
s += 'Options = RHNoEnforceEMSinFIPS\n' s += 'Options = RHNoEnforceEMSinFIPS\n'
diff --git a/scripts/auth_apply.sh b/scripts/auth_apply.sh diff --git a/scripts/auth_apply.sh b/scripts/auth_apply.sh
new file mode 100755 new file mode 100755
index 0000000..ca5c3dc index 0000000..0fa7192
--- /dev/null --- /dev/null
+++ b/scripts/auth_apply.sh +++ b/scripts/auth_apply.sh
@@ -0,0 +1,110 @@ @@ -0,0 +1,115 @@
+#!/usr/bin/bash +#!/usr/bin/bash
+# Скрипт настройки профиля authselect для crypto-policy +# Скрипт настройки профиля authselect для crypto-policy
+# Примеры запуска: +# Примеры запуска:
@ -1062,7 +1062,12 @@ index 0000000..ca5c3dc
+# данный снимок создается при профиля через crypto-policy +# данный снимок создается при профиля через crypto-policy
+if [ "$EMPTY" = "1" ];then +if [ "$EMPTY" = "1" ];then
+ if [ -e "$PATH_TO_AUTH_SEL_BAK" ];then + if [ -e "$PATH_TO_AUTH_SEL_BAK" ];then
+ /usr/bin/mv -f "$PATH_TO_AUTH_SEL_BAK" "$PATH_TO_AUTH_CONFIG" +# Только root может восстанавливать конфигурацию из резервной копии
+# дабыизбежать подлога и восстановления файла, созданного пользователем
+ OWNER_UID=$(/usr/bin/stat -c "%u" "$PATH_TO_AUTH_SEL_BAK")
+ if [ "$OWNER_UID" = "0" ];then
+ /usr/bin/mv -f "$PATH_TO_AUTH_SEL_BAK" "$PATH_TO_AUTH_CONFIG"
+ fi
+ fi + fi
+ if [ -z "$TEST" ];then + if [ -z "$TEST" ];then
+ $AUTH_SELECT_APPLY + $AUTH_SELECT_APPLY

Write Preview
Loading…
Cancel
Save