~ubuntu-branches/ubuntu/quantal/bacula/quantal

Viewing changes to debian/patches/fix_dump_resources_acl.patch

Committer: Package Import Robot
Author(s): James Page
Date: 2012-10-09 15:35:36 UTC
mfrom: (3.1.26 sid)
Revision ID: package-import@ubuntu.com-20121009153536-wvlgxuumstfebful

Tags: 5.2.6+dfsg-5ubuntu1

* Merge from Debian unstable (LP: #1064435).  Remaining changes:
  - d/control: Drop mt-st to suggests so that bacula goes back to main.
  - d/control: Make mysql the default, install bacula-[director|sd]-mysql
    instead of sqlite3 versions.
  - d/rules: Upgrade databases from 12->14 at 5.2.5-0ubuntu6.1 instead
    of 5.2.0 as this was missed in Ubuntu.
  - d/control: Add libncurses-dev to build-depends, as the console client
    insists on its presence to enable readline support, despite not using it.
  - d/rules: Disable fortify source since it was causing
    bacula-director to segfault.
  - d/control: Switch build-depends postgresql-server-dev-all ->
    postgresql-server-dev-9.1 as -all is not in main.
* Dropped changes, now in Debian:
  - d/control: Add liblzo2-dev to build-depends to enable LZO support.

files added:
.pc/delegate-chuid-to-systemd.patch

.pc/delegate-chuid-to-systemd.patch/platforms

.pc/delegate-chuid-to-systemd.patch/platforms/systemd

.pc/delegate-chuid-to-systemd.patch/platforms/systemd/bacula-dir.service.in

.pc/delegate-chuid-to-systemd.patch/platforms/systemd/bacula-fd.service.in

.pc/delegate-chuid-to-systemd.patch/platforms/systemd/bacula-sd.service.in

.pc/fix-default-dbtype.patch

.pc/fix-default-dbtype.patch/platforms

.pc/fix-default-dbtype.patch/platforms/systemd

.pc/fix-default-dbtype.patch/platforms/systemd/bacula-dir.service.in

.pc/fix-default-dbtype.patch/src

.pc/fix-default-dbtype.patch/src/cats

.pc/fix-default-dbtype.patch/src/cats/make_catalog_backup.in

.pc/fix-save-only-one-xattr.patch

.pc/fix-save-only-one-xattr.patch/src

.pc/fix-save-only-one-xattr.patch/src/filed

.pc/fix-save-only-one-xattr.patch/src/filed/xattr.c

.pc/fix-systemd-daemon-user-group.patch

.pc/fix-systemd-daemon-user-group.patch/platforms

.pc/fix-systemd-daemon-user-group.patch/platforms/systemd

.pc/fix-systemd-daemon-user-group.patch/platforms/systemd/bacula-dir.service.in

.pc/fix-systemd-daemon-user-group.patch/platforms/systemd/bacula-fd.service.in

.pc/fix-systemd-daemon-user-group.patch/platforms/systemd/bacula-sd.service.in

.pc/fix_dump_resources_acl.patch

.pc/fix_dump_resources_acl.patch/src

.pc/fix_dump_resources_acl.patch/src/dird

.pc/fix_dump_resources_acl.patch/src/dird/dird_conf.c

.pc/fix_dump_resources_acl.patch/src/tools

.pc/fix_dump_resources_acl.patch/src/tools/Makefile.in

.pc/path-to-logdir.patch

.pc/path-to-logdir.patch/scripts

.pc/path-to-logdir.patch/scripts/logrotate.in

.pc/path-to-logdir.patch/scripts/logwatch

.pc/path-to-logdir.patch/scripts/logwatch/logfile.bacula.conf.in

.pc/path-to-logdir.patch/src

.pc/path-to-logdir.patch/src/dird

.pc/path-to-logdir.patch/src/dird/bacula-dir.conf.in

.pc/xattr-btrfs-crash.patch

.pc/xattr-btrfs-crash.patch/src

.pc/xattr-btrfs-crash.patch/src/filed

.pc/xattr-btrfs-crash.patch/src/filed/xattr.c

debian/bacula-common-db.links.in

debian/bacula-console-qt.postrm

debian/bacula-director-db.templates.in

debian/patches/delegate-chuid-to-systemd.patch

debian/patches/fix-default-dbtype.patch

debian/patches/fix-save-only-one-xattr.patch

debian/patches/fix-systemd-daemon-user-group.patch

debian/patches/fix_dump_resources_acl.patch

debian/patches/path-to-logdir.patch

debian/patches/xattr-btrfs-crash.patch

debian/po

debian/po/POTFILES.in

debian/po/templates.pot

files removed:
debian/bacula-director-mysql.templates

debian/bacula-director-pgsql.templates

files modified:
.pc/applied-patches

.pc/fix-mysql55-sql-syntax.patch/src/cats/make_mysql_tables.in

debian/README.Debian

debian/additions/common-functions.dpkg

debian/additions/common-functions.init

debian/bacula-common-db.install.in

debian/bacula-common.postrm

debian/bacula-common.preinst

debian/bacula-console-qt.postinst

debian/bacula-console.postinst

debian/bacula-console.postrm

debian/bacula-director-common.bacula-director.init

debian/bacula-director-db.postrm.in

debian/bacula-director-mysql.postinst

debian/bacula-director-pgsql.postinst

debian/bacula-director-sqlite3.postinst

debian/bacula-fd.init

debian/bacula-fd.postrm

debian/bacula-sd.init

debian/bacula-sd.postrm

debian/bacula-traymonitor.postinst

debian/bacula-traymonitor.postrm

debian/changelog

debian/control

debian/patches/fix-example-script-syntax

debian/patches/fix-manpages

debian/patches/remove-use-statement-for-mysql

debian/patches/series

debian/rules

platforms/systemd/bacula-dir.service.in

platforms/systemd/bacula-fd.service.in

platforms/systemd/bacula-sd.service.in

scripts/logrotate.in

scripts/logwatch/logfile.bacula.conf.in

src/cats/make_catalog_backup.in

src/cats/make_mysql_tables.in

src/cats/update_mysql_tables.in

src/dird/bacula-dir.conf.in

src/dird/dird_conf.c

src/filed/xattr.c

src/tools/Makefile.in

updatedb/update_mysql_tables_10_to_11.in

updatedb/update_mysql_tables_11_to_12.in

updatedb/update_mysql_tables_12_to_14.in

Show diffs side-by-side

added added

removed removed

debian/patches/fix_dump_resources_acl.patch

Description: Make dump_resource respect console ACL's

Bug-Debian: 687923

SA: CVE-2012-4430

Author: Kern Sibbald <kern@sibbald.com>

Last-Update: 2012-09-17

diff --git a/src/dird/dird_conf.c b/src/dird/dird_conf.c

index 7dcf591..2f2eb00 100644

--- a/src/dird/dird_conf.c

+++ b/src/dird/dird_conf.c

@@ -554,6 +554,7 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

bool recurse = true;

char ed1[100], ed2[100], ed3[100];

DEVICE *dev;

+ UAContext *ua = (UAContext *)sock;

if (res == NULL) {

sendit(sock, _("No %s resource defined\n"), res_to_str(type));

@@ -599,6 +600,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

break;

case R_CLIENT:

+ if (!acl_access_ok(ua, Client_ACL, res->res_client.hdr.name)) {

+ break;

+ }

sendit(sock, _("Client: name=%s address=%s FDport=%d MaxJobs=%u\n"),

res->res_client.hdr.name, res->res_client.address, res->res_client.FDport,

res->res_client.MaxConcurrentJobs);

@@ -626,6 +630,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

break;

case R_STORAGE:

+ if (!acl_access_ok(ua, Storage_ACL, res->res_store.hdr.name)) {

+ break;

+ }

sendit(sock, _("Storage: name=%s address=%s SDport=%d MaxJobs=%u\n"

" DeviceName=%s MediaType=%s StorageId=%s\n"),

res->res_store.hdr.name, res->res_store.address, res->res_store.SDport,

@@ -636,6 +643,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

break;

case R_CATALOG:

+ if (!acl_access_ok(ua, Catalog_ACL, res->res_cat.hdr.name)) {

+ break;

+ }

sendit(sock, _("Catalog: name=%s address=%s DBport=%d db_name=%s\n"

" db_driver=%s db_user=%s MutliDBConn=%d\n"),

res->res_cat.hdr.name, NPRT(res->res_cat.db_address),

@@ -646,6 +656,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

case R_JOB:

case R_JOBDEFS:

+ if (!acl_access_ok(ua, Job_ACL, res->res_job.hdr.name)) {

+ break;

+ }

sendit(sock, _("%s: name=%s JobType=%d level=%s Priority=%d Enabled=%d\n"),

type == R_JOB ? _("Job") : _("JobDefs"),

res->res_job.hdr.name, res->res_job.JobType,

@@ -767,6 +780,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

case R_FILESET:

{

int i, j, k;

+ if (!acl_access_ok(ua, FileSet_ACL, res->res_fs.hdr.name)) {

+ break;

+ }

sendit(sock, _("FileSet: name=%s\n"), res->res_fs.hdr.name);

for (i=0; i<res->res_fs.num_includes; i++) {

INCEXE *incexe = res->res_fs.include_items[i];

@@ -854,6 +870,9 @@ void dump_resource(int type, RES *reshdr, void sendit(void *sock, const char *fm

}

case R_SCHEDULE:

+ if (!acl_access_ok(ua, Schedule_ACL, res->res_sch.hdr.name)) {

+ break;

+ }

if (res->res_sch.run) {

int i;

RUN *run = res->res_sch.run;

@@ -942,6 +961,9 @@ next_run:

break;

case R_POOL:

+ if (!acl_access_ok(ua, Pool_ACL, res->res_pool.hdr.name)) {

+ break;

+ }

sendit(sock, _("Pool: name=%s PoolType=%s\n"), res->res_pool.hdr.name,

res->res_pool.pool_type);

sendit(sock, _(" use_cat=%d use_once=%d cat_files=%d\n"),

diff --git a/src/tools/Makefile.in b/bacula/src/tools/Makefile.in

index 0c3f305..5731140 100644

--- a/src/tools/Makefile.in

+++ b/src/tools/Makefile.in

@@ -29,12 +29,12 @@ dummy:

GETTEXT_LIBS = @LIBINTL@

-FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o

+FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/ua_acl.o ../dird/run_conf.o

100

# these are the objects that are changed by the .configure process

101

EXTRAOBJS = @OBJLIST@

102

103

-DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o

104

+DIRCONFOBJS = ../dird/dird_conf.o ../dird/ua_acl.o ../dird/run_conf.o ../dird/inc_conf.o

105

106

NODIRTOOLS = bsmtp

107

DIRTOOLS = bsmtp dbcheck drivetype fstype testfind testls bregex bwild bbatch bregtest bvfs_test ing_test

108

@@ -79,6 +79,9 @@ drivetype: Makefile drivetype.o ../lib/libbac$(DEFAULT_ARCHIVE_TYPE) ../findlib/

109

dird_conf.o: ../dird/dird_conf.c

110

$(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<

111

112

+ua_acl.o: ../dird/ua_acl.c

113

+ $(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<

114

115

run_conf.o: ../dird/run_conf.c

116

$(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<

117

Older »