ccdfc3b716
This work is part of Debian integration effort. This work only affects Debian. Cannot obtain password from keyring when doing 'source /etc/platform/openrc' from sysadmin user. Due to a comparison with a wrong octal permissions string, code that requires elevation is run. The code shouldn't run in the first place using sysadmin user. Fix the comparison string. Debian Bullseye tests: - PASS: build-pkgs and build-image - PASS: bootstrap - PASS: after bootstrap can source /etc/platform/openrc from sysadmin Story: 2009221 Task: 43438 Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com> Change-Id: I0c1f53c216f1a126280e0e27748fd50b2759f3c3
42 lines
1.8 KiB
Diff
42 lines
1.8 KiB
Diff
The upstream commit 1e422ed of keyring moves non-preferred keyring
|
|
backends to keyrings.alt package, so porting chmod_keyringlock2.patch
|
|
to package keyrings.alt
|
|
|
|
Index: keyring-5.3/keyrings/alt/file_base.py
|
|
===================================================================
|
|
--- keyring-5.3.orig/keyrings/alt/file_base.py
|
|
+++ keyring-5.3/keyrings/alt/file_base.py
|
|
@@ -97,6 +97,9 @@ class Keyring(FileBacked, KeyringBackend
|
|
service = escape_for_ini(service)
|
|
username = escape_for_ini(username)
|
|
|
|
+ # ensure the file exists
|
|
+ self._ensure_file_path()
|
|
+
|
|
# load the passwords from the file
|
|
config = configparser.RawConfigParser()
|
|
if os.path.exists(self.file_path):
|
|
@@ -191,12 +194,16 @@ class Keyring(FileBacked, KeyringBackend
|
|
user_read_write = 0o644
|
|
os.chmod(self.file_path, user_read_write)
|
|
if not os.path.isfile(lockdir + "/" + lockfile):
|
|
- import stat
|
|
- with open(lockdir + "/" + lockfile, 'w'):
|
|
- pass
|
|
- # must have the lock file with the correct group permissisions g+rw
|
|
- os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
|
|
- os.chown(lockdir + "/" + lockfile,-1,345)
|
|
+ with open(lockdir + "/" + lockfile, 'w'):
|
|
+ pass
|
|
+ if os.path.isfile(lockdir + "/" + lockfile):
|
|
+ import stat
|
|
+ import grp
|
|
+ if oct(stat.S_IMODE(os.stat(lockdir + "/" + lockfile).st_mode)) != '0o770':
|
|
+ # Must have the lock file with the correct group and permissisions g+rw
|
|
+ os.chmod(lockdir + "/" + lockfile, stat.S_IRWXG | stat.S_IRWXU)
|
|
+ groupinfo = grp.getgrnam('sys_protected')
|
|
+ os.chown(lockdir + "/" + lockfile,-1,groupinfo.gr_gid)
|
|
|
|
|
|
def delete_password(self, service, username):
|