static void
set_base(struct da *da, int idx, int base)
{
printf( "set_base: idx:%d base: %d\n", idx, base );
ensure_array(da, idx + 1);
da->arr[idx].base = base;
}
void
add_level(char *e)
{
if (in_level(e))
return;
e = strdup(e);
if (e == 0)
{
perror("level entry alloc");
exit(1);
}
ensure_array((void**)&level, &nlevel);
level[nlevel++] = e;
}
static int
find_place(struct da *da, struct resolve_stat *rs)
{
int left, i;
for (left = 2; ; left ++) {
int conflict = 0;
ensure_array(da, left + 256);
for (i = 0; i < rs->nr; i++) {
if (get_check(da, rs->elm[i].c + left) > 0) {
conflict = 1;
}
}
if (!conflict) {
return left;
}
}
return 0;
}
static void
collect_child(struct da *da, struct resolve_stat *rs,
int parent, unsigned char c)
{
int i;
int base = get_base(da, parent);
rs->nr = 0;
ensure_array(da, base + 256);
for (i = 0; i < 256; i++) {
int idx = parent + base + i;
if (i == c) {
push_child(rs, c, 1);
} else if (get_check(da, idx) == parent) {
/* escape */
/*printf("idx=%d,base=%d, parent=%d,i=%d\n",
idx, base, parent, i);*/
push_child(rs, i, get_base(da, idx));
/* clear */
set_base(da, idx, 0);
set_check(da, idx, 0);
}
}
}
static void
set_check(struct da *da, int idx, int check)
{
ensure_array(da, idx + 1);
da->arr[idx].check = check;
}
static int
get_base(struct da *da, int idx)
{
ensure_array(da, idx + 1);
return da->arr[idx].base;
}
static int
get_check(struct da *da, int idx)
{
ensure_array(da, idx + 1);
return da->arr[idx].check;
}
static void
collect_permfiles()
{
int i;
DIR* dir;
ensure_array((void**)&permfiles, &npermfiles);
// 1. central fixed permissions file
permfiles[npermfiles++] = strdup("/etc/permissions");
// 2. central easy, secure paranoid as those are defined by SUSE
for (i = 0; i < nlevel; ++i)
{
if (!strcmp(level[i], "easy")
|| !strcmp(level[i], "secure")
|| !strcmp(level[i], "paranoid"))
{
char fn[4096];
snprintf(fn, sizeof(fn), "/etc/permissions.%s", level[i]);
if (access(fn, R_OK) == 0)
{
ensure_array((void**)&permfiles, &npermfiles);
permfiles[npermfiles++] = strdup(fn);
}
}
}
// 3. package specific permissions
dir = opendir("/etc/permissions.d");
if (dir)
{
char** files = NULL;
int nfiles = 0;
struct dirent* d;
while ((d = readdir(dir)))
{
char* p;
if (!strcmp("..", d->d_name) || !strcmp(".", d->d_name))
continue;
/* filter out backup files */
if ((strlen(d->d_name)>2) && (d->d_name[strlen(d->d_name)-1] == '~'))
continue;
if (strstr(d->d_name,".rpmnew") || strstr(d->d_name,".rpmsave"))
continue;
ensure_array((void**)&files, &nfiles);
if ((p = strchr(d->d_name, '.')))
{
*p = '\0';
}
files[nfiles++] = strdup(d->d_name);
}
closedir(dir);
if (nfiles)
{
qsort(files, nfiles, sizeof(char*), compare);
for (i = 0; i < nfiles; ++i)
{
char fn[4096];
int l;
// skip duplicates
if (i && !strcmp(files[i-1], files[i]))
continue;
snprintf(fn, sizeof(fn), "/etc/permissions.d/%s", files[i]);
if (access(fn, R_OK) == 0)
{
ensure_array((void**)&permfiles, &npermfiles);
permfiles[npermfiles++] = strdup(fn);
}
for (l = 0; l < nlevel; ++l)
{
snprintf(fn, sizeof(fn), "/etc/permissions.d/%s.%s", files[i], level[l]);
if (access(fn, R_OK) == 0)
{
ensure_array((void**)&permfiles, &npermfiles);
permfiles[npermfiles++] = strdup(fn);
}
}
}
}
}
// 4. central permissions files with user defined level incl 'local'
for (i = 0; i < nlevel; ++i)
{
char fn[4096];
if (!strcmp(level[i], "easy") || !strcmp(level[i], "secure") || !strcmp(level[i], "paranoid"))
continue;
snprintf(fn, sizeof(fn), "/etc/permissions.%s", level[i]);
if (access(fn, R_OK) == 0)
{
ensure_array((void**)&permfiles, &npermfiles);
permfiles[npermfiles++] = strdup(fn);
}
}
}
