diff options
| author | Panu Matilainen <pmatilai@redhat.com> | 2007-09-03 17:57:54 +0300 |
|---|---|---|
| committer | Panu Matilainen <pmatilai@redhat.com> | 2007-09-03 17:57:54 +0300 |
| commit | f9e641a65c1644217f8487e6a38df9a7ba062303 (patch) | |
| tree | 4a6afe3547fb30ffaee67826407697b179d38f97 /lib | |
| parent | 09bcd97b3a17609f97d82aed9f93b5c5c78bac1a (diff) | |
| parent | cec13226210a83fecdefbd21d0e81c640c23990c (diff) | |
| download | rpm-f9e641a65c1644217f8487e6a38df9a7ba062303.tar.gz rpm-f9e641a65c1644217f8487e6a38df9a7ba062303.tar.bz2 rpm-f9e641a65c1644217f8487e6a38df9a7ba062303.zip | |
Automated merge with file:/home/pmatilai/repos/rpm-whitespace
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.am | 41 | ||||
| -rw-r--r-- | lib/depends.c | 6 | ||||
| -rw-r--r-- | lib/formats.c | 75 | ||||
| -rw-r--r-- | lib/fsm.c | 32 | ||||
| -rw-r--r-- | lib/idtx.c | 190 | ||||
| -rw-r--r-- | lib/idtx.h | 93 | ||||
| -rw-r--r-- | lib/misc.c | 2 | ||||
| -rw-r--r-- | lib/poptALL.c | 7 | ||||
| -rw-r--r-- | lib/rpmcli.h | 88 | ||||
| -rw-r--r-- | lib/rpmfi.c | 206 | ||||
| -rw-r--r-- | lib/rpmfi.h | 41 | ||||
| -rw-r--r-- | lib/rpminstall.c | 196 | ||||
| -rw-r--r-- | lib/rpmlib.h | 2 | ||||
| -rw-r--r-- | lib/rpmlock.c | 2 | ||||
| -rw-r--r-- | lib/rpmrc.c | 35 | ||||
| -rw-r--r-- | lib/rpmsx.c | 709 | ||||
| -rw-r--r-- | lib/rpmsx.h | 277 | ||||
| -rw-r--r-- | lib/rpmts.c | 32 | ||||
| -rw-r--r-- | lib/rpmts.h | 22 | ||||
| -rw-r--r-- | lib/setfiles.c | 991 | ||||
| -rw-r--r-- | lib/tplatform.c | 6 | ||||
| -rw-r--r-- | lib/transaction.c | 20 | ||||
| -rw-r--r-- | lib/tre.c | 142 |
23 files changed, 341 insertions, 2874 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index 8c1d6783f..50150fab4 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,7 +1,5 @@ # Makefile for rpm library. -LINT = splint - AM_CPPFLAGS = -I. \ -I$(top_srcdir) \ -I$(top_srcdir)/rpmdb \ @@ -11,6 +9,9 @@ AM_CPPFLAGS = -I. \ -I$(top_srcdir)/misc AM_CPPFLAGS += -DLOCALEDIR="\"$(localedir)\"" AM_CPPFLAGS += -DSYSCONFDIR="\"$(sysconfdir)\"" +AM_CPPFLAGS += -DLOCALSTATEDIR="\"$(localstatedir)\"" +AM_CPPFLAGS += -DRPMCONFIGDIR="\"@RPMCONFIGDIR@\"" +AM_CPPFLAGS += -DLIBRPMALIAS_FILENAME="\"@RPMCONFIGDIR@/rpmpopt-${VERSION}\"" EXTRA_DIST = getdate.y @@ -18,23 +19,24 @@ check_PROGRAMS = pkgincdir = $(pkgincludedir) pkginc_HEADERS = \ - misc.h rpmcli.h rpmlib.h \ - rpmal.h rpmds.h rpmfi.h rpmgi.h rpmps.h rpmsx.h rpmte.h rpmts.h \ + idtx.h misc.h rpmcli.h rpmlib.h \ + rpmal.h rpmds.h rpmfi.h rpmgi.h rpmps.h rpmte.h rpmts.h \ stringbuf.h usrlibdir = $(libdir) usrlib_LTLIBRARIES = librpm.la librpm_la_SOURCES = \ cpio.c cpio.h depends.c formats.c fs.c fsm.c fsm.h getdate.c \ - manifest.c manifest.h misc.c package.c \ + idtx.c manifest.c manifest.h misc.c package.c \ poptALL.c poptI.c poptQV.c psm.c psm.h query.c \ rpmal.c rpmchecksig.c rpmds.c rpmfi.c rpmgi.c rpminstall.c \ - rpmlead.c rpmlead.h rpmlibprov.c rpmps.c rpmrc.c rpmsx.c rpmte.c rpmts.c \ + rpmlead.c rpmlead.h rpmlibprov.c rpmps.c rpmrc.c rpmte.c rpmts.c \ rpmvercmp.c signature.c signature.h stringbuf.c transaction.c \ verify.c rpmlock.c rpmlock.h librpm_la_LDFLAGS = -release 4.4 \ $(top_builddir)/rpmdb/librpmdb.la \ $(top_builddir)/rpmio/librpmio.la \ + @WITH_BEECRYPT_LIB@ \ @WITH_POPT_LIB@ \ @WITH_SELINUX_LIB@ \ @LIBINTL@ @@ -68,27 +70,7 @@ getdate.c: getdate.y fi ;\ fi -BUILT_SOURCES = getdate.c # rpmlib.lcd - -rpmlib.lcd: Makefile.am ${librpm_la_SOURCES} ${pkginc_HEADERS} - -lclint ${DEFS} ${AM_CPPFLAGS} ${librpm_la_SOURCES} -dump $@ 2>/dev/null - -.PHONY: sources -sources: - @echo $(librpm_la_SOURCES:%=lib/%) - -.PHONY: lint -lint: - $(LINT) $(DEFS) $(AM_CPPFLAGS) $(librpm_la_SOURCES) - -if SELINUX -check_PROGRAMS += setfiles -setfiles_SOURCES = setfiles.c -# setfiles_LDFLAGS = @LDFLAGS_STATIC@ -setfiles_LDADD = @WITH_SELINUX_LIB@ \ - ../rpmio/librpmio.la \ - @WITH_POPT_LIB@ -endif +BUILT_SOURCES = getdate.c check_PROGRAMS += tds tds_SOURCES = tds.c @@ -109,11 +91,6 @@ tsystem_SOURCES = tsystem.c tsystem_LDFLAGS = tsystem_LDADD = ../rpmio/librpmio.la @WITH_POPT_LIB@ -check_PROGRAMS += tre -tre_SOURCES = tre.c -tre_LDFLAGS = -tre_LDADD = librpm.la @WITH_SELINUX_LIB@ - check_PROGRAMS += tcpu tcpu_SOURCES = tcpu.c # tcpu_LDFLAGS = @LDFLAGS_STATIC@ diff --git a/lib/depends.c b/lib/depends.c index 39150d3a7..989cb6c21 100644 --- a/lib/depends.c +++ b/lib/depends.c @@ -474,7 +474,7 @@ static int unsatisfiedDepend(rpmts ts, rpmds dep, int adding) retry: rc = 0; /* assume dependency is satisfied */ -#if defined(DYING) || defined(__LCLINT__) +#if defined(DYING) { static /*@observer@*/ const char noProvidesString[] = "nada"; static /*@observer@*/ const char * rcProvidesString = noProvidesString; int_32 Flags = rpmdsFlags(dep); @@ -558,7 +558,7 @@ retry: } mi = rpmdbFreeIterator(mi); -#if defined(DYING) || defined(__LCLINT__) +#if defined(DYING) mi = rpmtsInitIterator(ts, RPMTAG_NAME, Name, 0); (void) rpmdbPruneIterator(mi, ts->removedPackages, ts->numRemovedPackages, 1); @@ -1746,7 +1746,7 @@ int rpmtsCheck(rpmts ts) rpmteNEVR(p), rpmteA(p), rpmteO(p), rpmteColor(p)); /*@=nullpass@*/ -#if defined(DYING) || defined(__LCLINT__) +#if defined(DYING) /* XXX all packages now have Provides: name = version-release */ /* Erasing: check name against requiredby matches. */ rc = checkDependentPackages(ts, rpmteN(p)); diff --git a/lib/formats.c b/lib/formats.c index d3f65b3af..afd0728be 100644 --- a/lib/formats.c +++ b/lib/formats.c @@ -859,78 +859,6 @@ static int fileclassTag(Header h, /*@out@*/ rpmTagType * type, } /** - * Retrieve file contexts from header. - * @param h header - * @retval *type tag type - * @retval *data tag value - * @retval *count no. of data items - * @retval *freeData data-was-malloc'ed indicator - * @return 0 on success - */ -static int filecontextsTag(Header h, /*@out@*/ rpmTagType * type, - /*@out@*/ const void ** data, /*@out@*/ int_32 * count, - /*@out@*/ int * freeData) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies h, *type, *data, *count, *freeData, - rpmGlobalMacroContext, fileSystem @*/ - /*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0 - /\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/ -{ - *type = RPM_STRING_ARRAY_TYPE; - rpmfiBuildFContexts(h, (const char ***) data, count); - *freeData = 1; - return 0; -} - -/** - * Retrieve file contexts from file system. - * @param h header - * @retval *type tag type - * @retval *data tag value - * @retval *count no. of data items - * @retval *freeData data-was-malloc'ed indicator - * @return 0 on success - */ -static int fscontextsTag(Header h, /*@out@*/ rpmTagType * type, - /*@out@*/ const void ** data, /*@out@*/ int_32 * count, - /*@out@*/ int * freeData) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies h, *type, *data, *count, *freeData, - rpmGlobalMacroContext, fileSystem @*/ - /*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0 - /\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/ -{ - *type = RPM_STRING_ARRAY_TYPE; - rpmfiBuildFSContexts(h, (const char ***) data, count); - *freeData = 1; - return 0; -} - -/** - * Retrieve file contexts from policy RE's. - * @param h header - * @retval *type tag type - * @retval *data tag value - * @retval *count no. of data items - * @retval *freeData data-was-malloc'ed indicator - * @return 0 on success - */ -static int recontextsTag(Header h, /*@out@*/ rpmTagType * type, - /*@out@*/ const void ** data, /*@out@*/ int_32 * count, - /*@out@*/ int * freeData) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies h, *type, *data, *count, *freeData, - rpmGlobalMacroContext, fileSystem @*/ - /*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0 - /\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/ -{ - *type = RPM_STRING_ARRAY_TYPE; - rpmfiBuildREContexts(h, (const char ***) data, count); - *freeData = 1; - return 0; -} - -/** * Retrieve file provides. * @param h header * @retval *type tag type @@ -1157,15 +1085,12 @@ const struct headerSprintfExtension_s rpmHeaderFormats[] = { { HEADER_EXT_TAG, "RPMTAG_DESCRIPTION", { descriptionTag } }, { HEADER_EXT_TAG, "RPMTAG_SUMMARY", { summaryTag } }, { HEADER_EXT_TAG, "RPMTAG_FILECLASS", { fileclassTag } }, - { HEADER_EXT_TAG, "RPMTAG_FILECONTEXTS", { filecontextsTag } }, { HEADER_EXT_TAG, "RPMTAG_FILENAMES", { filenamesTag } }, { HEADER_EXT_TAG, "RPMTAG_FILEPROVIDE", { fileprovideTag } }, { HEADER_EXT_TAG, "RPMTAG_FILEREQUIRE", { filerequireTag } }, - { HEADER_EXT_TAG, "RPMTAG_FSCONTEXTS", { fscontextsTag } }, { HEADER_EXT_TAG, "RPMTAG_FSNAMES", { fsnamesTag } }, { HEADER_EXT_TAG, "RPMTAG_FSSIZES", { fssizesTag } }, { HEADER_EXT_TAG, "RPMTAG_INSTALLPREFIX", { instprefixTag } }, - { HEADER_EXT_TAG, "RPMTAG_RECONTEXTS", { recontextsTag } }, { HEADER_EXT_TAG, "RPMTAG_TRIGGERCONDS", { triggercondsTag } }, { HEADER_EXT_TAG, "RPMTAG_TRIGGERTYPE", { triggertypeTag } }, { HEADER_EXT_FORMAT, "armor", { armorFormat } }, @@ -624,28 +624,17 @@ static int fsmMapFContext(FSM_t fsm) /*@modifies fsm @*/ { rpmts ts = fsmGetTs(fsm); - rpmfi fi = fsmGetFi(fsm); struct stat * st = &fsm->sb; /* * Find file security context (if not disabled). */ fsm->fcontext = NULL; - if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 && - !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) - { - rpmsx sx = rpmtsREContext(ts); - - if (sx != NULL) { - /* Get file security context from patterns. */ - fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); - sx = rpmsxFree(sx); - } else { - int i = fsm->ix; + if (ts != NULL && !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) { + security_context_t scon = NULL; - /* Get file security context from package. */ - if (fi && i >= 0 && i < fi->fc) - fsm->fcontext = (fi->fcontexts ? fi->fcontexts[i] : NULL); + if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 && scon != NULL) { + fsm->fcontext = scon; } } return 0; @@ -1276,7 +1265,7 @@ static int fsmMkdirs(/*@special@*/ /*@partial@*/ FSM_t fsm) /*@-compdef@*/ rpmts ts = fsmGetTs(fsm); /*@=compdef@*/ - rpmsx sx = rpmtsREContext(ts); + security_context_t scon = NULL; fsm->path = NULL; @@ -1340,10 +1329,14 @@ static int fsmMkdirs(/*@special@*/ /*@partial@*/ FSM_t fsm) if (!rc) { /* XXX FIXME? only new dir will have context set. */ /* Get file security context from patterns. */ - if (sx != NULL) { - fsm->fcontext = rpmsxFContext(sx, fsm->path, st->st_mode); - rc = fsmNext(fsm, FSM_LSETFCON); + if (! rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) { + if (matchpathcon(fsm->path, st->st_mode, &scon) == 0 && + scon != NULL) { + fsm->fcontext = scon; + rc = fsmNext(fsm, FSM_LSETFCON); + } } + if (fsm->fcontext == NULL) rpmMessage(RPMMESS_DEBUG, _("%s directory created with perms %04o, no context.\n"), @@ -1376,7 +1369,6 @@ static int fsmMkdirs(/*@special@*/ /*@partial@*/ FSM_t fsm) } /*@=boundswrite@*/ dnli = dnlFreeIterator(dnli); - sx = rpmsxFree(sx); /*@=observertrans =dependenttrans@*/ fsm->path = path; diff --git a/lib/idtx.c b/lib/idtx.c new file mode 100644 index 000000000..6f585416e --- /dev/null +++ b/lib/idtx.c @@ -0,0 +1,190 @@ + +#include "idtx.h" +#include "rpmlib.h" +#include "rpmdb.h" +#include "rpmts.h" +#include "rpmmacro.h" + +/*@unchecked@*/ +static int reverse = -1; + +/** + */ +static int IDTintcmp(const void * a, const void * b) + /*@*/ +{ + /*@-castexpose@*/ + return ( reverse * (((IDT)a)->val.u32 - ((IDT)b)->val.u32) ); + /*@=castexpose@*/ +} + +IDTX IDTXfree(IDTX idtx) +{ + if (idtx) { + int i; + if (idtx->idt) + for (i = 0; i < idtx->nidt; i++) { + IDT idt = idtx->idt + i; + idt->h = headerFree(idt->h); + idt->key = _free(idt->key); + } + idtx->idt = _free(idtx->idt); + idtx = _free(idtx); + } + return NULL; +} + +IDTX IDTXnew(void) +{ + IDTX idtx = xcalloc(1, sizeof(*idtx)); + idtx->delta = 10; + idtx->size = sizeof(*((IDT)0)); + return idtx; +} + +IDTX IDTXgrow(IDTX idtx, int need) +{ + if (need < 0) return NULL; + if (idtx == NULL) + idtx = IDTXnew(); + if (need == 0) return idtx; + + if ((idtx->nidt + need) > idtx->alloced) { + while (need > 0) { + idtx->alloced += idtx->delta; + need -= idtx->delta; + } + idtx->idt = xrealloc(idtx->idt, (idtx->alloced * idtx->size) ); + } + return idtx; +} + +IDTX IDTXsort(IDTX idtx) +{ + if (idtx != NULL && idtx->idt != NULL && idtx->nidt > 0) + qsort(idtx->idt, idtx->nidt, idtx->size, IDTintcmp); + return idtx; +} + +IDTX IDTXload(rpmts ts, rpmTag tag) +{ + IDTX idtx = NULL; + rpmdbMatchIterator mi; + HGE_t hge = (HGE_t) headerGetEntry; + Header h; + + /*@-branchstate@*/ + mi = rpmtsInitIterator(ts, tag, NULL, 0); +#ifdef NOTYET + (void) rpmdbSetIteratorRE(mi, RPMTAG_NAME, RPMMIRE_DEFAULT, '!gpg-pubkey'); +#endif + while ((h = rpmdbNextIterator(mi)) != NULL) { + rpmTagType type = RPM_NULL_TYPE; + int_32 count = 0; + int_32 * tidp; + + tidp = NULL; + if (!hge(h, tag, &type, (void **)&tidp, &count) || tidp == NULL) + continue; + + if (type == RPM_INT32_TYPE && (*tidp == 0 || *tidp == -1)) + continue; + + idtx = IDTXgrow(idtx, 1); + if (idtx == NULL) + continue; + if (idtx->idt == NULL) + continue; + + { IDT idt; + /*@-nullderef@*/ + idt = idtx->idt + idtx->nidt; + /*@=nullderef@*/ + idt->h = headerLink(h); + idt->key = NULL; + idt->instance = rpmdbGetIteratorOffset(mi); + idt->val.u32 = *tidp; + } + idtx->nidt++; + } + mi = rpmdbFreeIterator(mi); + /*@=branchstate@*/ + + return IDTXsort(idtx); +} + +IDTX IDTXglob(rpmts ts, const char * globstr, rpmTag tag) +{ + IDTX idtx = NULL; + HGE_t hge = (HGE_t) headerGetEntry; + Header h; + int_32 * tidp; + FD_t fd; + const char ** av = NULL; + int ac = 0; + rpmRC rpmrc; + int xx; + int i; + + av = NULL; ac = 0; + xx = rpmGlob(globstr, &ac, &av); + + if (xx == 0) + for (i = 0; i < ac; i++) { + rpmTagType type; + int_32 count; + int isSource; + + fd = Fopen(av[i], "r.ufdio"); + if (fd == NULL || Ferror(fd)) { + rpmError(RPMERR_OPEN, _("open of %s failed: %s\n"), av[i], + Fstrerror(fd)); + if (fd != NULL) (void) Fclose(fd); + continue; + } + + rpmrc = rpmReadPackageFile(ts, fd, av[i], &h); + (void) Fclose(fd); + switch (rpmrc) { + default: + goto bottom; + /*@notreached@*/ /*@switchbreak@*/ break; + case RPMRC_NOTTRUSTED: + case RPMRC_NOKEY: + case RPMRC_OK: + isSource = headerIsEntry(h, RPMTAG_SOURCEPACKAGE); + if (isSource) + goto bottom; + /*@switchbreak@*/ break; + } + + tidp = NULL; + /*@-branchstate@*/ + if (hge(h, tag, &type, (void **) &tidp, &count) && tidp != NULL) { + + idtx = IDTXgrow(idtx, 1); + if (idtx == NULL || idtx->idt == NULL) + goto bottom; + + { IDT idt; + idt = idtx->idt + idtx->nidt; + idt->h = headerLink(h); + idt->key = av[i]; + av[i] = NULL; + idt->instance = 0; + idt->val.u32 = *tidp; + } + idtx->nidt++; + } + /*@=branchstate@*/ +bottom: + h = headerFree(h); + } + + for (i = 0; i < ac; i++) + av[i] = _free(av[i]); + av = _free(av); ac = 0; + + return IDTXsort(idtx); +} + diff --git a/lib/idtx.h b/lib/idtx.h new file mode 100644 index 000000000..79276d031 --- /dev/null +++ b/lib/idtx.h @@ -0,0 +1,93 @@ +#ifndef H_RPMIDTX +#define H_RPMIDTX + +#include "system.h" +#include "rpmlib.h" + +/** + * * A rollback transaction id element. + * */ +/*@-fielduse@*/ +typedef /*@abstract@*/ struct IDT_s { + unsigned int instance; /*!< installed package transaction id. */ +/*@owned@*/ /*@null@*/ + const char * key; /*! removed package file name. */ + Header h; /*!< removed package header. */ + union { + uint_32 u32; /*!< install/remove transaction id */ + } val; +} * IDT; +/*@=fielduse@*/ + +/** + * A rollback transaction id index. + */ +typedef /*@abstract@*/ struct IDTindex_s { + int delta; /*!< no. elements to realloc as a chunk. */ + int size; /*!< size of id index element. */ + int alloced; /*!< current number of elements allocated. */ + int nidt; /*!< current number of elements initialized. */ +/*@only@*/ /*@null@*/ + IDT idt; /*!< id index elements. */ +} * IDTX; + +/** + * Destroy id index. + * @param idtx id index + * @return NULL always + */ +/*@null@*/ +IDTX IDTXfree(/*@only@*/ /*@null@*/ IDTX idtx) + /*@modifies idtx @*/; + +/** + * Create id index. + * @return new id index + */ +/*@only@*/ +IDTX IDTXnew(void) + /*@*/; + +/** + * Insure that index has room for "need" elements. + * @param idtx id index + * @param need additional no. of elements needed + * @return id index (with room for "need" elements) + */ +/*@only@*/ /*@null@*/ +IDTX IDTXgrow(/*@only@*/ /*@null@*/ IDTX idtx, int need) + /*@modifies idtx @*/; + +/** + * Sort tag (instance,value) pairs. + * @param idtx id index + * @return id index + */ +/*@only@*/ /*@null@*/ +IDTX IDTXsort(/*@only@*/ /*@null@*/ IDTX idtx) + /*@modifies idtx @*/; + +/** + * Load tag (instance,value) pairs from rpm databse, and return sorted id index. + * @param ts transaction set + * @param tag rpm tag + * @return id index + */ +/*@only@*/ /*@null@*/ +IDTX IDTXload(rpmts ts, rpmTag tag) + /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; + +/** + * Load tag (instance,value) pairs from packages, and return sorted id index. + * @param ts transaction set + * @param globstr glob expression + * @param tag rpm tag + * @return id index + */ +/*@only@*/ /*@null@*/ +IDTX IDTXglob(rpmts ts, const char * globstr, rpmTag tag) + /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ + /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; + +#endif /* H_RPMIDTX */ diff --git a/lib/misc.c b/lib/misc.c index 4c55d0bf2..686cc0c94 100644 --- a/lib/misc.c +++ b/lib/misc.c @@ -121,7 +121,7 @@ int dosetenv(const char * name, const char * value, int overwrite) int makeTempFile(const char * prefix, const char ** fnptr, FD_t * fdptr) { - const char * tpmacro = "%{?_tmppath:%{_tmppath}}%{!?_tmppath:/var/tmp}"; + const char * tpmacro = "%{?_tmppath:%{_tmppath}}%{!?_tmppath:" LOCALSTATEDIR "/tmp}"; const char * tempfn = NULL; const char * tfn = NULL; static int _initialized = 0; diff --git a/lib/poptALL.c b/lib/poptALL.c index e1c6e43fa..14b24619c 100644 --- a/lib/poptALL.c +++ b/lib/poptALL.c @@ -73,9 +73,6 @@ extern int _rpmps_debug; extern int _rpmsq_debug; /*@unchecked@*/ -extern int _rpmsx_debug; - -/*@unchecked@*/ extern int _rpmte_debug; /*@unchecked@*/ @@ -357,8 +354,6 @@ struct poptOption rpmcliAllPoptTable[] = { NULL, NULL}, { "rpmsqdebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmsq_debug, -1, NULL, NULL}, - { "rpmsxdebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmsx_debug, -1, - NULL, NULL}, { "rpmtedebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmte_debug, -1, NULL, NULL}, { "rpmtsdebug", '\0', POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN, &_rpmts_debug, -1, @@ -409,7 +404,7 @@ rpmcliInit(int argc, char *const argv[], struct poptOption * optionsTable) } /*@=globs =mods@*/ -#if defined(ENABLE_NLS) && !defined(__LCLINT__) +#if defined(ENABLE_NLS) (void) setlocale(LC_ALL, "" ); (void) bindtextdomain(PACKAGE, LOCALEDIR); (void) textdomain(PACKAGE); diff --git a/lib/rpmcli.h b/lib/rpmcli.h index c24f518de..d972d9a29 100644 --- a/lib/rpmcli.h +++ b/lib/rpmcli.h @@ -9,6 +9,7 @@ #include "rpmurl.h" #include "rpmmacro.h" #include "argv.h" +#include "idtx.h" /** \ingroup rpmcli * Should version 3 packages be produced? @@ -606,98 +607,13 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, * @param argv array of package file names (NULL terminated) * @return 0 on success */ + int rpmErase(rpmts ts, struct rpmInstallArguments_s * ia, /*@null@*/ const char ** argv) /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ /*@modifies ts, ia, rpmGlobalMacroContext, fileSystem, internalState @*/; -/** - * A rollback transaction id element. - */ -/*@-fielduse@*/ -typedef /*@abstract@*/ struct IDT_s { - unsigned int instance; /*!< installed package transaction id. */ -/*@owned@*/ /*@null@*/ - const char * key; /*! removed package file name. */ - Header h; /*!< removed package header. */ - union { - uint_32 u32; /*!< install/remove transaction id */ - } val; -} * IDT; -/*@=fielduse@*/ - -/** - * A rollback transaction id index. - */ -typedef /*@abstract@*/ struct IDTindex_s { - int delta; /*!< no. elements to realloc as a chunk. */ - int size; /*!< size of id index element. */ - int alloced; /*!< current number of elements allocated. */ - int nidt; /*!< current number of elements initialized. */ -/*@only@*/ /*@null@*/ - IDT idt; /*!< id index elements. */ -} * IDTX; - -/** - * Destroy id index. - * @param idtx id index - * @return NULL always - */ -/*@null@*/ -IDTX IDTXfree(/*@only@*/ /*@null@*/ IDTX idtx) - /*@modifies idtx @*/; - -/** - * Create id index. - * @return new id index - */ -/*@only@*/ -IDTX IDTXnew(void) - /*@*/; - -/** - * Insure that index has room for "need" elements. - * @param idtx id index - * @param need additional no. of elements needed - * @return id index (with room for "need" elements) - */ -/*@only@*/ /*@null@*/ -IDTX IDTXgrow(/*@only@*/ /*@null@*/ IDTX idtx, int need) - /*@modifies idtx @*/; - -/** - * Sort tag (instance,value) pairs. - * @param idtx id index - * @return id index - */ -/*@only@*/ /*@null@*/ -IDTX IDTXsort(/*@only@*/ /*@null@*/ IDTX idtx) - /*@modifies idtx @*/; - -/** - * Load tag (instance,value) pairs from rpm databse, and return sorted id index. - * @param ts transaction set - * @param tag rpm tag - * @return id index - */ -/*@only@*/ /*@null@*/ -IDTX IDTXload(rpmts ts, rpmTag tag) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; - -/** - * Load tag (instance,value) pairs from packages, and return sorted id index. - * @param ts transaction set - * @param globstr glob expression - * @param tag rpm tag - * @return id index - */ -/*@only@*/ /*@null@*/ -IDTX IDTXglob(rpmts ts, const char * globstr, rpmTag tag) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/ - /*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/; - /** \ingroup rpmcli * Rollback transactions, erasing new, reinstalling old, package(s). * @param ts transaction set diff --git a/lib/rpmfi.c b/lib/rpmfi.c index 3cca3bc18..acd4185f8 100644 --- a/lib/rpmfi.c +++ b/lib/rpmfi.c @@ -16,8 +16,6 @@ #define _RPMFI_INTERNAL #include "rpmfi.h" -#include "rpmsx.h" - #define _RPMTE_INTERNAL /* relocations */ #include "rpmte.h" #include "rpmts.h" @@ -1380,7 +1378,6 @@ if (fi->actions == NULL) xx = hge(h, RPMTAG_FILEMTIMES, NULL, (void **) &fi->fmtimes, NULL); xx = hge(h, RPMTAG_FILERDEVS, NULL, (void **) &fi->frdevs, NULL); xx = hge(h, RPMTAG_FILEINODES, NULL, (void **) &fi->finodes, NULL); - xx = hge(h, RPMTAG_FILECONTEXTS, NULL, (void **) &fi->fcontexts, NULL); fi->replacedSizes = xcalloc(fi->fc, sizeof(*fi->replacedSizes)); @@ -1561,209 +1558,6 @@ exit: if (fcp) *fcp = ac; } -void rpmfiBuildFContexts(Header h, - /*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp) -{ - int scareMem = 0; - rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem); - const char * fcontext; - const char ** av; - int ac; - size_t nb; - char * t; - - if ((ac = rpmfiFC(fi)) <= 0) { - av = NULL; - ac = 0; - goto exit; - } - - /* Compute size of argv array blob. */ - nb = (ac + 1) * sizeof(*av); - fi = rpmfiInit(fi, 0); - if (fi != NULL) - while (rpmfiNext(fi) >= 0) { - fcontext = rpmfiFContext(fi); - if (fcontext && *fcontext != '\0') - nb += strlen(fcontext); - nb += 1; - } - - /* Create and load argv array. */ - av = xmalloc(nb); - t = ((char *) av) + ((ac + 1) * sizeof(*av)); - ac = 0; - fi = rpmfiInit(fi, 0); - if (fi != NULL) - while (rpmfiNext(fi) >= 0) { - fcontext = rpmfiFContext(fi); - av[ac++] = t; - if (fcontext && *fcontext != '\0') - t = stpcpy(t, fcontext); - *t++ = '\0'; - } - av[ac] = NULL; /* XXX tag arrays are not NULL terminated. */ - /*@=branchstate@*/ - -exit: - fi = rpmfiFree(fi); - /*@-branchstate@*/ - if (fcontextp) - *fcontextp = av; - else - av = _free(av); - /*@=branchstate@*/ - if (fcp) *fcp = ac; -} - -void rpmfiBuildFSContexts(Header h, - /*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp) -{ - int scareMem = 0; - rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem); - const char ** av; - int ac; - size_t nb; - char * t; - char * fctxt = NULL; - size_t fctxtlen = 0; - int * fcnb; - - if ((ac = rpmfiFC(fi)) <= 0) { - av = NULL; - ac = 0; - goto exit; - } - - /* Compute size of argv array blob, concatenating file contexts. */ - nb = ac * sizeof(*fcnb); - fcnb = memset(alloca(nb), 0, nb); - ac = 0; - fi = rpmfiInit(fi, 0); - if (fi != NULL) - while (rpmfiNext(fi) >= 0) { - const char * fn = rpmfiFN(fi); - security_context_t scon; - - fcnb[ac] = lgetfilecon(fn, &scon); -/*@-branchstate@*/ - if (fcnb[ac] > 0) { - fctxt = xrealloc(fctxt, fctxtlen + fcnb[ac]); - memcpy(fctxt+fctxtlen, scon, fcnb[ac]); - fctxtlen += fcnb[ac]; - freecon(scon); - } -/*@=branchstate@*/ - ac++; - } - - /* Create and load argv array from concatenated file contexts. */ - nb = (ac + 1) * sizeof(*av) + fctxtlen; - av = xmalloc(nb); - t = ((char *) av) + ((ac + 1) * sizeof(*av)); - if (fctxt != NULL && fctxtlen > 0) - (void) memcpy(t, fctxt, fctxtlen); - ac = 0; - fi = rpmfiInit(fi, 0); - if (fi != NULL) - while (rpmfiNext(fi) >= 0) { - av[ac] = ""; - if (fcnb[ac] > 0) { - av[ac] = t; - t += fcnb[ac]; - } - ac++; - } - av[ac] = NULL; /* XXX tag arrays are not NULL terminated. */ - -exit: - fi = rpmfiFree(fi); - /*@-branchstate@*/ - if (fcontextp) - *fcontextp = av; - else - av = _free(av); - /*@=branchstate@*/ - if (fcp) *fcp = ac; -} - -void rpmfiBuildREContexts(Header h, - /*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp) -{ - int scareMem = 0; - rpmfi fi = rpmfiNew(NULL, h, RPMTAG_BASENAMES, scareMem); - rpmsx sx = NULL; - const char ** av = NULL; - int ac; - size_t nb; - char * t; - char * fctxt = NULL; - size_t fctxtlen = 0; - int * fcnb; - - if ((ac = rpmfiFC(fi)) <= 0) { - ac = 0; - goto exit; - } - - /* Read security context patterns. */ - sx = rpmsxNew(NULL); - - /* Compute size of argv array blob, concatenating file contexts. */ - nb = ac * sizeof(*fcnb); - fcnb = memset(alloca(nb), 0, nb); - ac = 0; - fi = rpmfiInit(fi, 0); - if (fi != NULL) - while (rpmfiNext(fi) >= 0) { - const char * fn = rpmfiFN(fi); - mode_t fmode = rpmfiFMode(fi); - const char * scon; - - scon = rpmsxFContext(sx, fn, fmode); - if (scon != NULL) { - fcnb[ac] = strlen(scon) + 1; -/*@-branchstate@*/ - if (fcnb[ac] > 0) { - fctxt = xrealloc(fctxt, fctxtlen + fcnb[ac]); - memcpy(fctxt+fctxtlen, scon, fcnb[ac]); - fctxtlen += fcnb[ac]; - } -/*@=branchstate@*/ - } - ac++; - } - - /* Create and load argv array from concatenated file contexts. */ - nb = (ac + 1) * sizeof(*av) + fctxtlen; - av = xmalloc(nb); - t = ((char *) av) + ((ac + 1) * sizeof(*av)); - (void) memcpy(t, fctxt, fctxtlen); - ac = 0; - fi = rpmfiInit(fi, 0); - if (fi != NULL) - while (rpmfiNext(fi) >= 0) { - av[ac] = ""; - if (fcnb[ac] > 0) { - av[ac] = t; - t += fcnb[ac]; - } - ac++; - } - av[ac] = NULL; /* XXX tag arrays are not NULL terminated. */ - -exit: - fi = rpmfiFree(fi); - sx = rpmsxFree(sx); - /*@-branchstate@*/ - if (fcontextp) - *fcontextp = av; - else - av = _free(av); - /*@=branchstate@*/ - if (fcp) *fcp = ac; -} - void rpmfiBuildFDeps(Header h, rpmTag tagN, /*@out@*/ const char *** fdepsp, /*@out@*/ int * fcp) { diff --git a/lib/rpmfi.h b/lib/rpmfi.h index 2e28afece..f6135d598 100644 --- a/lib/rpmfi.h +++ b/lib/rpmfi.h @@ -533,47 +533,6 @@ void rpmfiBuildFClasses(Header h, /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ /*@modifies h, *fclassp, *fcp, rpmGlobalMacroContext, fileSystem @*/; -/** - * Retrieve file security contexts from header. - * - * This function is used to retrieve file contexts from the header. - * - * @param h header - * @retval *fcontextp array of file contexts - * @retval *fcp number of files - */ -void rpmfiBuildFContexts(Header h, - /*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies h, *fcontextp, *fcp, rpmGlobalMacroContext, fileSystem @*/; - -/** - * Retrieve file security contexts from file system. - * - * This function is used to retrieve file contexts from the file system. - * - * @param h header - * @retval *fcontextp array of file contexts - * @retval *fcp number of files - */ -void rpmfiBuildFSContexts(Header h, - /*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies h, *fcontextp, *fcp, rpmGlobalMacroContext, fileSystem @*/; - -/** - * Retrieve file security contexts from policy RE's. - * - * This function is used to retrieve file contexts from policy RE's. - * - * @param h header - * @retval *fcontextp array of file contexts - * @retval *fcp number of files - */ -void rpmfiBuildREContexts(Header h, - /*@out@*/ const char *** fcontextp, /*@out@*/ int * fcp) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies h, *fcontextp, *fcp, rpmGlobalMacroContext, fileSystem @*/; /** * Retrieve per-file dependencies from header. diff --git a/lib/rpminstall.c b/lib/rpminstall.c index 3d9906297..2606e89f1 100644 --- a/lib/rpminstall.c +++ b/lib/rpminstall.c @@ -307,19 +307,6 @@ int rpmInstall(rpmts ts, if (rpmExpandNumeric("%{?_repackage_all_erasures}")) ia->transFlags |= RPMTRANS_FLAG_REPACKAGE; - /* Initialize security context patterns (if not already done). */ - if (!(ia->transFlags & RPMTRANS_FLAG_NOCONTEXTS)) { - rpmsx sx = rpmtsREContext(ts); - if (sx == NULL) { - const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); - if (fn != NULL && *fn != '\0') { - sx = rpmsxNew(fn); - (void) rpmtsSetREContext(ts, sx); - } - fn = _free(fn); - } - sx = rpmsxFree(sx); - } (void) rpmtsSetFlags(ts, ia->transFlags); probFilter = ia->probFilter; @@ -905,189 +892,6 @@ int rpmInstallSource(rpmts ts, const char * arg, return rc; } -/*@unchecked@*/ -static int reverse = -1; - -/** - */ -static int IDTintcmp(const void * a, const void * b) - /*@*/ -{ - /*@-castexpose@*/ - return ( reverse * (((IDT)a)->val.u32 - ((IDT)b)->val.u32) ); - /*@=castexpose@*/ -} - -IDTX IDTXfree(IDTX idtx) -{ - if (idtx) { - int i; - if (idtx->idt) - for (i = 0; i < idtx->nidt; i++) { - IDT idt = idtx->idt + i; - idt->h = headerFree(idt->h); - idt->key = _free(idt->key); - } - idtx->idt = _free(idtx->idt); - idtx = _free(idtx); - } - return NULL; -} - -IDTX IDTXnew(void) -{ - IDTX idtx = xcalloc(1, sizeof(*idtx)); - idtx->delta = 10; - idtx->size = sizeof(*((IDT)0)); - return idtx; -} - -IDTX IDTXgrow(IDTX idtx, int need) -{ - if (need < 0) return NULL; - if (idtx == NULL) - idtx = IDTXnew(); - if (need == 0) return idtx; - - if ((idtx->nidt + need) > idtx->alloced) { - while (need > 0) { - idtx->alloced += idtx->delta; - need -= idtx->delta; - } - idtx->idt = xrealloc(idtx->idt, (idtx->alloced * idtx->size) ); - } - return idtx; -} - -IDTX IDTXsort(IDTX idtx) -{ - if (idtx != NULL && idtx->idt != NULL && idtx->nidt > 0) - qsort(idtx->idt, idtx->nidt, idtx->size, IDTintcmp); - return idtx; -} - -IDTX IDTXload(rpmts ts, rpmTag tag) -{ - IDTX idtx = NULL; - rpmdbMatchIterator mi; - HGE_t hge = (HGE_t) headerGetEntry; - Header h; - - /*@-branchstate@*/ - mi = rpmtsInitIterator(ts, tag, NULL, 0); -#ifdef NOTYET - (void) rpmdbSetIteratorRE(mi, RPMTAG_NAME, RPMMIRE_DEFAULT, '!gpg-pubkey'); -#endif - while ((h = rpmdbNextIterator(mi)) != NULL) { - rpmTagType type = RPM_NULL_TYPE; - int_32 count = 0; - int_32 * tidp; - - tidp = NULL; - if (!hge(h, tag, &type, (void **)&tidp, &count) || tidp == NULL) - continue; - - if (type == RPM_INT32_TYPE && (*tidp == 0 || *tidp == -1)) - continue; - - idtx = IDTXgrow(idtx, 1); - if (idtx == NULL) - continue; - if (idtx->idt == NULL) - continue; - - { IDT idt; - /*@-nullderef@*/ - idt = idtx->idt + idtx->nidt; - /*@=nullderef@*/ - idt->h = headerLink(h); - idt->key = NULL; - idt->instance = rpmdbGetIteratorOffset(mi); - idt->val.u32 = *tidp; - } - idtx->nidt++; - } - mi = rpmdbFreeIterator(mi); - /*@=branchstate@*/ - - return IDTXsort(idtx); -} - -IDTX IDTXglob(rpmts ts, const char * globstr, rpmTag tag) -{ - IDTX idtx = NULL; - HGE_t hge = (HGE_t) headerGetEntry; - Header h; - int_32 * tidp; - FD_t fd; - const char ** av = NULL; - int ac = 0; - rpmRC rpmrc; - int xx; - int i; - - av = NULL; ac = 0; - xx = rpmGlob(globstr, &ac, &av); - - if (xx == 0) - for (i = 0; i < ac; i++) { - rpmTagType type; - int_32 count; - int isSource; - - fd = Fopen(av[i], "r.ufdio"); - if (fd == NULL || Ferror(fd)) { - rpmError(RPMERR_OPEN, _("open of %s failed: %s\n"), av[i], - Fstrerror(fd)); - if (fd != NULL) (void) Fclose(fd); - continue; - } - - rpmrc = rpmReadPackageFile(ts, fd, av[i], &h); - (void) Fclose(fd); - switch (rpmrc) { - default: - goto bottom; - /*@notreached@*/ /*@switchbreak@*/ break; - case RPMRC_NOTTRUSTED: - case RPMRC_NOKEY: - case RPMRC_OK: - isSource = headerIsEntry(h, RPMTAG_SOURCEPACKAGE); - if (isSource) - goto bottom; - /*@switchbreak@*/ break; - } - - tidp = NULL; - /*@-branchstate@*/ - if (hge(h, tag, &type, (void **) &tidp, &count) && tidp != NULL) { - - idtx = IDTXgrow(idtx, 1); - if (idtx == NULL || idtx->idt == NULL) - goto bottom; - - { IDT idt; - idt = idtx->idt + idtx->nidt; - idt->h = headerLink(h); - idt->key = av[i]; - av[i] = NULL; - idt->instance = 0; - idt->val.u32 = *tidp; - } - idtx->nidt++; - } - /*@=branchstate@*/ -bottom: - h = headerFree(h); - } - - for (i = 0; i < ac; i++) - av[i] = _free(av[i]); - av = _free(av); ac = 0; - - return IDTXsort(idtx); -} - /** @todo Transaction handling, more, needs work. */ int rpmRollback(rpmts ts, struct rpmInstallArguments_s * ia, const char ** argv) { diff --git a/lib/rpmlib.h b/lib/rpmlib.h index 33daaa4c0..ea8794494 100644 --- a/lib/rpmlib.h +++ b/lib/rpmlib.h @@ -430,7 +430,7 @@ typedef enum rpmTag_e { RPMTAG_FILEDEPENDSN = 1144, /* i[] */ RPMTAG_DEPENDSDICT = 1145, /* i[] */ RPMTAG_SOURCEPKGID = 1146, /* x */ - RPMTAG_FILECONTEXTS = 1147, /* s[] */ + RPMTAG_FILECONTEXTS = 1147, /* s[] - obsolete */ RPMTAG_FSCONTEXTS = 1148, /* s[] extension */ RPMTAG_RECONTEXTS = 1149, /* s[] extension */ RPMTAG_POLICIES = 1150, /* s[] selinux *.te policy file. */ diff --git a/lib/rpmlock.c b/lib/rpmlock.c index 30a6c8852..c493e88ae 100644 --- a/lib/rpmlock.c +++ b/lib/rpmlock.c @@ -11,7 +11,7 @@ /* Internal interface */ -#define RPMLOCK_PATH "/var/lock/rpm/transaction" +#define RPMLOCK_PATH LOCALSTATEDIR "/lock/rpm/transaction" /*@unchecked@*/ /*@observer@*/ static const char * rpmlock_path_default = "%{?_rpmlock_path}"; /*@unchecked@*/ diff --git a/lib/rpmrc.c b/lib/rpmrc.c index beca93769..32b6e3204 100644 --- a/lib/rpmrc.c +++ b/lib/rpmrc.c @@ -535,16 +535,16 @@ static void setDefaults(void) { addMacro(NULL, "_usr", NULL, "/usr", RMIL_DEFAULT); - addMacro(NULL, "_var", NULL, "/var", RMIL_DEFAULT); + addMacro(NULL, "_var", NULL, LOCALSTATEDIR, RMIL_DEFAULT); addMacro(NULL, "_preScriptEnvironment",NULL, prescriptenviron,RMIL_DEFAULT); setVarDefault(-1, "_topdir", "/usr/src/redhat", "%{_usr}/src/redhat"); setVarDefault(-1, "_tmppath", - "/var/tmp", "%{_var}/tmp"); + LOCALSTATEDIR "/tmp", "%{_var}/tmp"); setVarDefault(-1, "_dbpath", - "/var/lib/rpm", "%{_var}/lib/rpm"); + LOCALSTATEDIR "/lib/rpm", "%{_var}/lib/rpm"); setVarDefault(-1, "_defaultdocdir", "/usr/doc", "%{_usr}/doc"); @@ -679,16 +679,6 @@ static int doReadRC( /*@killref@*/ FD_t fd, const char * urlfn) if (rc) return rc; continue; /* XXX don't save include value as var/macro */ } /*@notreached@*/ /*@switchbreak@*/ break; - case RPMVAR_MACROFILES: - fn = rpmGetPath(se, NULL); - if (fn == NULL || *fn == '\0') { - rpmError(RPMERR_RPMRC, _("%s expansion failed at %s:%d \"%s\"\n"), - option->name, urlfn, linenum, fn); - fn = _free(fn); - return 1; - } - se = (char *)fn; - /*@switchbreak@*/ break; case RPMVAR_PROVIDES: { char *t; s = rpmGetVar(RPMVAR_PROVIDES); @@ -905,9 +895,6 @@ exit: static inline void cpuid(unsigned int op, int *eax, int *ebx, int *ecx, int *edx) /*@modifies *eax, *ebx, *ecx, *edx @*/ { -#ifdef __LCLINT__ - *eax = *ebx = *ecx = *edx = 0; -#endif asm volatile ( "pushl %%ebx \n" "cpuid \n" @@ -1850,16 +1837,6 @@ static int rpmReadRC(/*@null@*/ const char * rcfiles) rpmSetMachine(NULL, NULL); /* XXX WTFO? Why bother? */ - { const char *mfpath; - /*@-branchstate@*/ - if ((mfpath = rpmGetVar(RPMVAR_MACROFILES)) != NULL) { - mfpath = xstrdup(mfpath); - rpmInitMacros(NULL, mfpath); - mfpath = _free(mfpath); - } - /*@=branchstate@*/ - } - return rc; } @@ -1873,6 +1850,12 @@ int rpmReadConfigFiles(const char * file, const char * target) /* Read the files */ if (rpmReadRC(file)) return -1; + if (macrofiles != NULL) { + const char *mf = rpmGetPath(macrofiles, NULL); + rpmInitMacros(NULL, mf); + _free(mf); + } + /* Reset target macros */ rpmRebuildTargetVars(&target, NULL); /*@=nullstate@*/ diff --git a/lib/rpmsx.c b/lib/rpmsx.c deleted file mode 100644 index 1eebaee68..000000000 --- a/lib/rpmsx.c +++ /dev/null @@ -1,709 +0,0 @@ -/** \ingroup rpmdep - * \file lib/rpmsx.c - */ -#include "system.h" - -#include <rpmlib.h> -#include <rpmmacro.h> /* for rpmGetPath() */ - -#define _RPMSX_INTERNAL -#include "rpmsx.h" - -#include "debug.h" - -/*@access regex_t @*/ - -/*@unchecked@*/ -int _rpmsx_debug = 0; - -/** - * Stable sort for policy specifications, patterns before paths. - * @param sx security context patterns - */ -static void rpmsxSort(rpmsx sx) - /*@modifies sx @*/ -{ - rpmsxp sxp; - int i, j; - - /* Stable sort for policy regex's and paths. */ - sxp = xmalloc(sizeof(*sxp) * sx->Count); - - /* Regex patterns first ... */ - j = 0; - for (i = 0; i < sx->Count; i++) { - if (!sx->sxp[i].hasMetaChars) - continue; - memcpy(sxp + j, sx->sxp + i, sizeof(*sxp)); - j++; - } - - /* ... then file paths. */ - for (i = 0; i < sx->Count; i++) { - if (sx->sxp[i].hasMetaChars) - continue; - memcpy(sxp + j, sx->sxp + i, sizeof(*sxp)); - j++; - } - - sx->sxp = _free(sx->sxp); - sx->sxp = sxp; -/*@-compdef@*/ /* XXX *(sx->sxp) annotation */ - return; -/*@=compdef@*/ -} - -/* Determine if the regular expression specification has any meta characters. */ -static void rpmsxpHasMetaChars(rpmsxp sxp) - /*@modifies sxp @*/ -{ - const char * s = sxp->pattern; - size_t ns = strlen(s); - const char * se = s + ns; - - sxp->hasMetaChars = 0; - - /* Look at each character in the RE specification string for a - * meta character. Return when any meta character reached. */ - while (s != se) { - switch(*s) { - case '.': - case '^': - case '$': - case '?': - case '*': - case '+': - case '|': - case '[': - case '(': - case '{': - sxp->hasMetaChars = 1; - return; - /*@notreached@*/ /*@switchbreak@*/ break; - case '\\': /* skip the next character */ - s++; - /*@switchbreak@*/ break; - default: - /*@switchbreak@*/ break; - - } - s++; - } - return; -} - -/** - * Return the length of the text that can be considered the stem. - * @return stem length, 0 if no identifiable stem - */ -static size_t rpmsxsPStem(const char * const buf) - /*@*/ -{ - /*@observer@*/ - static const char * const regex_chars = ".^$?*+|[({"; - const char * tmp = strchr(buf, '/'); - const char * ind; - - if (!tmp) - return 0; - - for (ind = buf; ind < tmp; ind++) { - if (strchr(regex_chars, (int)*ind)) - return 0; - } - return tmp - buf; -} - -/** - * Return the length of the text that is the stem of a file name. - * @return stem length, 0 if no identifiable stem - */ -static size_t rpmsxsFStem(const char * const buf) - /*@*/ -{ - const char * tmp = strchr(buf + 1, '/'); - - if (!tmp) - return 0; - return tmp - buf; -} - -/** - * Find (or create) the stem of a file spec. - * Error iff a file in the root directory or a regex that is too complex. - * - * @retval *bpp ptr to text after stem. - * @return stem index, -1 on error - */ -static int rpmsxAdd(rpmsx sx, const char ** bpp) - /*@modifies sx, *bpp @*/ -{ - size_t stem_len = rpmsxsPStem(*bpp); - rpmsxs sxs; - int i; - - if (!stem_len) - return -1; - for (i = 0; i < sx->nsxs; i++) { - sxs = sx->sxs + i; - if (stem_len != sxs->len) - continue; - if (strncmp(*bpp, sxs->stem, stem_len)) - continue; - *bpp += stem_len; - return i; - } - - if (sx->nsxs == sx->maxsxs) { - sx->maxsxs = sx->maxsxs * 2 + 16; - sx->sxs = xrealloc(sx->sxs, sizeof(*sx->sxs) * sx->maxsxs); - } - sxs = sx->sxs + sx->nsxs; - sxs->len = stem_len; -#ifdef HAVE_STRNDUP -/*@i@*/ sxs->stem = strndup(*bpp, stem_len); -#else - sxs->stem = xmalloc(stem_len+1); - strncpy(sxs->stem, *bpp, stem_len); -#endif - sx->nsxs++; - *bpp += stem_len; - return sx->nsxs - 1; -} - -/** - * Find the stem of a file name. - * Error iff a file in the root directory or a regex that is too complex. - * - * @param sx security context patterns - * @retval *bpp ptr to text after stem. - * @return stem index, -1 on error - */ -static int rpmsxFind(/*@null@*/ const rpmsx sx, const char ** bpp) - /*@modifies *bpp @*/ -{ - size_t stem_len = rpmsxsFStem(*bpp); - rpmsxs sxs; - int i; - - if (sx != NULL && stem_len > 0) - for (i = 0; i < sx->nsxs; i++) { - sxs = sx->sxs + i; - if (stem_len != sxs->len) - continue; -/*@i@*/ if (strncmp(*bpp, sxs->stem, stem_len)) - continue; - *bpp += stem_len; - return i; - } - return -1; -} - -rpmsx XrpmsxUnlink(rpmsx sx, const char * msg, const char * fn, unsigned ln) -{ - if (sx == NULL) return NULL; -/*@-modfilesys@*/ -if (_rpmsx_debug && msg != NULL) -fprintf(stderr, "--> sx %p -- %d %s at %s:%u\n", sx, sx->nrefs, msg, fn, ln); -/*@=modfilesys@*/ - sx->nrefs--; - return NULL; -} - -rpmsx XrpmsxLink(rpmsx sx, const char * msg, const char * fn, unsigned ln) -{ - if (sx == NULL) return NULL; - sx->nrefs++; - -/*@-modfilesys@*/ -if (_rpmsx_debug && msg != NULL) -fprintf(stderr, "--> sx %p ++ %d %s at %s:%u\n", sx, sx->nrefs, msg, fn, ln); -/*@=modfilesys@*/ - - /*@-refcounttrans@*/ return sx; /*@=refcounttrans@*/ -} - -rpmsx rpmsxFree(rpmsx sx) -{ - int i; - - if (sx == NULL) - return NULL; - - if (sx->nrefs > 1) - return rpmsxUnlink(sx, __func__); - -/*@-modfilesys@*/ -if (_rpmsx_debug < 0) -fprintf(stderr, "*** sx %p\t%s[%d]\n", sx, __func__, sx->Count); -/*@=modfilesys@*/ - - /*@-branchstate@*/ - if (sx->Count > 0) - for (i = 0; i < sx->Count; i++) { - rpmsxp sxp = sx->sxp + i; - sxp->pattern = _free(sxp->pattern); - sxp->type = _free(sxp->type); - sxp->context = _free(sxp->context); -/*@i@*/ regfree(sxp->preg); -/*@i@*/ sxp->preg = _free(sxp->preg); - } - sx->sxp = _free(sx->sxp); - - if (sx->nsxs > 0) - for (i = 0; i < sx->nsxs; i++) { - rpmsxs sxs = sx->sxs + i; - sxs->stem = _free(sxs->stem); - } - sx->sxs = _free(sx->sxs); - /*@=branchstate@*/ - - (void) rpmsxUnlink(sx, __func__); - /*@-refcounttrans -usereleased@*/ -/*@-boundswrite@*/ - memset(sx, 0, sizeof(*sx)); /* XXX trash and burn */ -/*@=boundswrite@*/ - sx = _free(sx); - /*@=refcounttrans =usereleased@*/ - return NULL; -} - -/** - * Check for duplicate specifications. If a duplicate specification is found - * and the context is the same, give a warning to the user. If a duplicate - * specification is found and the context is different, give a warning - * to the user (This could be changed to error). Return of non-zero is an error. - * - * @param sx security context patterns - * @return 0 on success - */ -static int rpmsxpCheckNoDupes(const rpmsx sx) - /*@*/ -{ - int i, j; - int rc = 0; - - for (i = 0; i < sx->Count; i++) { - rpmsxp sxpi = sx->sxp + i; - for (j = i + 1; j < sx->Count; j++) { - rpmsxp sxpj = sx->sxp + j; - - /* Check if same RE string */ - if (strcmp(sxpj->pattern, sxpi->pattern)) - /*@innercontinue@*/ continue; - if (sxpj->fmode && sxpi->fmode && sxpj->fmode != sxpi->fmode) - /*@innercontinue@*/ continue; - - /* Same RE string found */ - if (strcmp(sxpj->context, sxpi->context)) { - /* If different contexts, give warning */ -/*@-modfilesys@*/ - fprintf(stderr, - "ERROR: Multiple different specifications for %s (%s and %s).\n", - sxpi->pattern, sxpj->context, sxpi->context); -/*@=modfilesys@*/ - rc = -1; - } else { - /* If same contexts give warning */ -/*@-modfilesys@*/ - fprintf(stderr, - "WARNING: Multiple same specifications for %s.\n", - sxpi->pattern); -/*@=modfilesys@*/ - } - } - } - return rc; -} - -int rpmsxParse(rpmsx sx, const char * fn) -{ - FILE * fp; - char buf[BUFSIZ + 1]; - char * bp; - char * regex; - char * type; - char * context; - char * anchored_regex; - int items; - int len; - int lineno; - int pass; - int regerr; - int nerr = 0; - -#define inc_err() nerr++ - -/*@-branchstate@*/ - if (fn == NULL) - fn = "%{?__file_context_path}"; -/*@=branchstate@*/ - - { const char * myfn = rpmGetPath(fn, NULL); - - if (myfn == NULL || *myfn == '\0' - || (fp = fopen(myfn, "r")) == NULL) - { - myfn = _free(myfn); - return -1; - } - myfn = _free(myfn); - } - - /* - * Perform two passes over the specification file. - * The first pass counts the number of specifications and - * performs simple validation of the input. At the end - * of the first pass, the spec array is allocated. - * The second pass performs detailed validation of the input - * and fills in the spec array. - */ -/*@-branchstate@*/ - for (pass = 0; pass < 2; pass++) { - rpmsxp sxp; - - lineno = 0; - sx->Count = 0; - sxp = sx->sxp; - while (fgets(buf, sizeof(buf)-1, fp)) { - buf[sizeof(buf)-1] = '\0'; - lineno++; - len = strlen(buf); - if (buf[len - 1] != '\n') { - fprintf(stderr, - _("%s: no newline on line number %d (only read %s)\n"), - fn, lineno, buf); - inc_err(); - /*@innercontinue@*/ continue; - } - buf[len - 1] = 0; - bp = buf; - while (isspace(*bp)) - bp++; - /* Skip comment lines and empty lines. */ - if (*bp == '#' || *bp == 0) - /*@innercontinue@*/ continue; -/*@-formatcode@*/ - items = sscanf(buf, "%as %as %as", ®ex, &type, &context); -/*@=formatcode@*/ - if (items < 2) { - fprintf(stderr, - _("%s: line number %d is missing fields (only read %s)\n"), - fn, lineno, buf); - inc_err(); - if (items == 1) - free(regex); - /*@innercontinue@*/ continue; - } else if (items == 2) { - /* The type field is optional. */ - free(context); - context = type; - type = 0; - } - - /* On pass 2, compile and store the specification. */ - if (pass == 1) { - const char * reg_buf = regex; - sxp->fstem = rpmsxAdd(sx, ®_buf); - sxp->pattern = regex; - - /* Anchor the regular expression. */ - len = strlen(reg_buf); - anchored_regex = xmalloc(len + 3); - sprintf(anchored_regex, "^%s$", reg_buf); - - /* Compile the regular expression. */ -/*@i@*/ sxp->preg = xcalloc(1, sizeof(*sxp->preg)); - regerr = regcomp(sxp->preg, anchored_regex, - REG_EXTENDED | REG_NOSUB); - if (regerr < 0) { - char errbuf[BUFSIZ + 1]; - (void) regerror(regerr, sxp->preg, errbuf, sizeof(errbuf)-1); - errbuf[sizeof(errbuf)-1] = '\0'; - fprintf(stderr, - _("%s: unable to compile regular expression %s on line number %d: %s\n"), - fn, regex, lineno, - errbuf); - inc_err(); - } - free(anchored_regex); - - /* Convert the type string to a mode format */ - sxp->type = type; - sxp->fmode = 0; - if (!type) - goto skip_type; - len = strlen(type); - if (type[0] != '-' || len != 2) { - fprintf(stderr, - _("%s: invalid type specifier %s on line number %d\n"), - fn, type, lineno); - inc_err(); - goto skip_type; - } - switch (type[1]) { - case 'b': sxp->fmode = S_IFBLK; /*@switchbreak@*/ break; - case 'c': sxp->fmode = S_IFCHR; /*@switchbreak@*/ break; - case 'd': sxp->fmode = S_IFDIR; /*@switchbreak@*/ break; - case 'p': sxp->fmode = S_IFIFO; /*@switchbreak@*/ break; - case 'l': sxp->fmode = S_IFLNK; /*@switchbreak@*/ break; -/*@i@*/ case 's': sxp->fmode = S_IFSOCK; /*@switchbreak@*/ break; - case '-': sxp->fmode = S_IFREG; /*@switchbreak@*/ break; - default: - fprintf(stderr, - _("%s: invalid type specifier %s on line number %d\n"), - fn, type, lineno); - inc_err(); - /*@switchbreak@*/ break; - } - - skip_type: - - sxp->context = context; - - if (strcmp(context, "<<none>>")) { - if (security_check_context(context) < 0 && errno != ENOENT) { - fprintf(stderr, - _("%s: invalid context %s on line number %d\n"), - fn, context, lineno); - inc_err(); - } - } - - /* Determine if specification has - * any meta characters in the RE */ - rpmsxpHasMetaChars(sxp); - sxp++; - } - - sx->Count++; - if (pass == 0) { -/*@-kepttrans@*/ - free(regex); - if (type) - free(type); - free(context); -/*@=kepttrans@*/ - } - } - - if (nerr) { - (void) fclose(fp); - return -1; - } - - if (pass == 0) { - if (sx->Count == 0) { - (void) fclose(fp); - return 0; - } - sx->sxp = xcalloc(sx->Count, sizeof(*sx->sxp)); - rewind(fp); - } - } -/*@=branchstate@*/ - (void) fclose(fp); - - /* Stable sort for policy specifications, patterns before paths. */ - rpmsxSort(sx); - - /* Verify no exact duplicates */ - if (rpmsxpCheckNoDupes(sx) != 0) - return -1; - - return 0; - -} - -rpmsx rpmsxNew(const char * fn) -{ - rpmsx sx; - - sx = xcalloc(1, sizeof(*sx)); - sx->sxp = NULL; - sx->Count = 0; - sx->i = -1; - sx->sxs = NULL; - sx->nsxs = 0; - sx->maxsxs = 0; - sx->reverse = 0; - - (void) rpmsxLink(sx, __func__); - - if (rpmsxParse(sx, fn) != 0) - return rpmsxFree(sx); - - return sx; -} - -int rpmsxCount(const rpmsx sx) -{ - return (sx != NULL ? sx->Count : 0); -} - -int rpmsxIx(const rpmsx sx) -{ - return (sx != NULL ? sx->i : -1); -} - -int rpmsxSetIx(rpmsx sx, int ix) -{ - int i = -1; - - if (sx != NULL) { - i = sx->i; - sx->i = ix; - } - return i; -} - -const char * rpmsxPattern(const rpmsx sx) -{ - const char * pattern = NULL; - - if (sx != NULL && sx->i >= 0 && sx->i < sx->Count) - pattern = (sx->sxp + sx->i)->pattern; - return pattern; -} - -const char * rpmsxType(const rpmsx sx) -{ - const char * type = NULL; - - if (sx != NULL && sx->i >= 0 && sx->i < sx->Count) - type = (sx->sxp + sx->i)->type; - return type; -} - -const char * rpmsxContext(const rpmsx sx) -{ - const char * context = NULL; - - if (sx != NULL && sx->i >= 0 && sx->i < sx->Count) - context = (sx->sxp + sx->i)->context; - return context; -} - -regex_t * rpmsxRE(const rpmsx sx) -{ - regex_t * preg = NULL; - - if (sx != NULL && sx->i >= 0 && sx->i < sx->Count) - preg = (sx->sxp + sx->i)->preg; - return preg; -} - -mode_t rpmsxFMode(const rpmsx sx) -{ - mode_t fmode = 0; - - if (sx != NULL && sx->i >= 0 && sx->i < sx->Count) - fmode = (sx->sxp + sx->i)->fmode; - return fmode; -} - -int rpmsxFStem(const rpmsx sx) -{ - int fstem = -1; - - if (sx != NULL && sx->i >= 0 && sx->i < sx->Count) - fstem = (sx->sxp + sx->i)->fstem; - return fstem; -} - -int rpmsxNext(/*@null@*/ rpmsx sx) - /*@modifies sx @*/ -{ - int i = -1; - - if (sx != NULL) { - if (sx->reverse != 0) { - i = --sx->i; - if (sx->i < 0) { - sx->i = sx->Count; - i = -1; - } - } else { - i = ++sx->i; - if (sx->i >= sx->Count) { - sx->i = -1; - i = -1; - } - } - -/*@-modfilesys @*/ -if (_rpmsx_debug < 0 && i != -1) { -rpmsxp sxp = sx->sxp + i; -fprintf(stderr, "*** sx %p\t%s[%d]\t%s\t%s\n", sx, __func__, i, sxp->pattern, sxp->context); -/*@=modfilesys @*/ -} - - } - - return i; -} - -rpmsx rpmsxInit(/*@null@*/ rpmsx sx, int reverse) - /*@modifies sx @*/ -{ - if (sx != NULL) { - sx->reverse = reverse; - sx->i = (sx->reverse ? sx->Count : -1); - } - /*@-refcounttrans@*/ - return sx; - /*@=refcounttrans@*/ -} - -const char * rpmsxFContext(rpmsx sx, const char * fn, mode_t fmode) -{ - const char * fcontext = NULL; - const char * myfn = fn; -/*@-mods@*/ - int fstem = rpmsxFind(sx, &myfn); -/*@=mods@*/ - int i; - - sx = rpmsxInit(sx, 1); - if (sx != NULL) - while ((i = rpmsxNext(sx)) >= 0) { - regex_t * preg; - mode_t sxfmode; - int sxfstem; - int ret; - - sxfstem = rpmsxFStem(sx); - if (sxfstem != -1 && sxfstem != fstem) - continue; - - sxfmode = rpmsxFMode(sx); - if (sxfmode && (fmode & S_IFMT) != sxfmode) - continue; - - preg = rpmsxRE(sx); - if (preg == NULL) - continue; - - ret = regexec(preg, (sxfstem == -1 ? fn : myfn), 0, NULL, 0); - switch (ret) { - case REG_NOMATCH: - continue; - /*@notreached@*/ /*@switchbreak@*/ break; - case 0: - fcontext = rpmsxContext(sx); - /*@switchbreak@*/ break; - default: - { static char errbuf[BUFSIZ + 1]; - (void) regerror(ret, preg, errbuf, sizeof(errbuf)-1); -/*@-modfilesys -nullpass @*/ - errbuf[sizeof(errbuf)-1] = '\0'; - fprintf(stderr, "unable to match %s against %s: %s\n", - fn, rpmsxPattern(sx), errbuf); -/*@=modfilesys =nullpass @*/ - } /*@switchbreak@*/ break; - } - break; - } - - return fcontext; -} diff --git a/lib/rpmsx.h b/lib/rpmsx.h deleted file mode 100644 index 64001c981..000000000 --- a/lib/rpmsx.h +++ /dev/null @@ -1,277 +0,0 @@ -#ifndef H_RPMSX -#define H_RPMSX - -/** \ingroup rpmdep rpmtrans - * \file lib/rpmsx.h - * Structure(s) used for file security context pattern handling - */ - -#include <regex.h> - -/** - */ -/*@-exportlocal@*/ -/*@unchecked@*/ -extern int _rpmsx_debug; -/*@=exportlocal@*/ - -/** - */ -/*@-exportlocal@*/ -/*@unchecked@*/ -extern int _rpmsx_nopromote; -/*@=exportlocal@*/ - -typedef /*@abstract@*/ /*@refcounted@*/ struct rpmsx_s * rpmsx; -typedef struct rpmsxp_s * rpmsxp; -typedef struct rpmsxs_s * rpmsxs; - -#if defined(_RPMSX_INTERNAL) -/** - * File security context regex pattern. - */ -struct rpmsxp_s { -/*@only@*/ /*@relnull@*/ - const char * pattern; /*!< File path regex pattern. */ -/*@only@*/ /*@relnull@*/ - const char * type; /*!< File type string. */ -/*@only@*/ /*@relnull@*/ - const char * context; /*!< Security context. */ -/*@only@*/ /*@relnull@*/ - regex_t * preg; /*!< Compiled regex. */ - mode_t fmode; /*!< File type. */ - int matches; - int hasMetaChars; - int fstem; /*!< Stem id. */ -}; - -/** - * File/pattern stem. - */ -struct rpmsxs_s { -/*@only@*/ /*@relnull@*/ - const char * stem; - int len; -}; - -/** - * File security context patterns container. - */ -struct rpmsx_s { -/*@only@*/ /*@relnull@*/ - rpmsxp sxp; /*!< File context patterns. */ - int Count; /*!< No. of file context patterns. */ - int i; /*!< Current pattern index. */ -/*@only@*/ /*@relnull@*/ - rpmsxs sxs; /*!< File stems. */ - int nsxs; /*!< No. of file stems. */ - int maxsxs; /*!< No. of allocated file stems. */ - int reverse; /*!< Reverse traversal? */ -/*@refs@*/ - int nrefs; /*!< Reference count. */ -}; -#endif /* defined(_RPMSX_INTERNAL) */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Unreference a security context patterns instance. - * @param sx security context patterns - * @param msg - * @return NULL always - */ -/*@unused@*/ /*@null@*/ -rpmsx rpmsxUnlink (/*@killref@*/ /*@only@*/ /*@null@*/ rpmsx sx, - /*@null@*/ const char * msg) - /*@modifies sx @*/; - -/** @todo Remove debugging entry from the ABI. */ -/*@-exportlocal@*/ -/*@null@*/ -rpmsx XrpmsxUnlink (/*@killref@*/ /*@only@*/ /*@null@*/ rpmsx sx, - /*@null@*/ const char * msg, const char * fn, unsigned ln) - /*@modifies sx @*/; -/*@=exportlocal@*/ -#define rpmsxUnlink(_sx, _msg) XrpmsxUnlink(_sx, _msg, __FILE__, __LINE__) - -/** - * Reference a security context patterns instance. - * @param sx security context patterns - * @param msg - * @return new security context patterns reference - */ -/*@-exportlocal@*/ -/*@unused@*/ /*@newref@*/ /*@null@*/ -rpmsx rpmsxLink (/*@null@*/ rpmsx sx, /*@null@*/ const char * msg) - /*@modifies sx @*/; - -/** @todo Remove debugging entry from the ABI. */ -/*@newref@*/ /*@null@*/ -rpmsx XrpmsxLink (/*@null@*/ rpmsx sx, /*@null@*/ const char * msg, - const char * fn, unsigned ln) - /*@modifies sx @*/; -/*@=exportlocal@*/ -#define rpmsxLink(_sx, _msg) XrpmsxLink(_sx, _msg, __FILE__, __LINE__) - -/** - * Destroy a security context patterns. - * @param sx security context patterns - * @return NULL always - */ -/*@-exportlocal@*/ -/*@null@*/ -rpmsx rpmsxFree(/*@killref@*/ /*@only@*/ /*@null@*/ rpmsx sx) - /*@modifies sx@*/; -/*@=exportlocal@*/ - -/** - * Parse selinux file security context patterns. - * @param sx security context patterns - * @param fn file name to parse - * @return 0 on success - */ -/*@-exportlocal@*/ -int rpmsxParse(rpmsx sx, /*@null@*/ const char *fn) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies sx, rpmGlobalMacroContext, h_errno, fileSystem @*/; -/*@=exportlocal@*/ - -/** - * Create and load security context patterns. - * @param fn security context patterns file name - * @return new security context patterns - */ -/*@null@*/ -rpmsx rpmsxNew(const char * fn) - /*@globals rpmGlobalMacroContext, h_errno, fileSystem @*/ - /*@modifies rpmGlobalMacroContext, h_errno, fileSystem @*/; - -/** - * Return security context patterns count. - * @param sx security context patterns - * @return current count - */ -int rpmsxCount(/*@null@*/ const rpmsx sx) - /*@*/; - -/** - * Return security context patterns index. - * @param sx security context patterns - * @return current index - */ -int rpmsxIx(/*@null@*/ const rpmsx sx) - /*@*/; - -/** - * Set security context patterns index. - * @param sx security context patterns - * @param ix new index - * @return current index - */ -int rpmsxSetIx(/*@null@*/ rpmsx sx, int ix) - /*@modifies sx @*/; - -/** - * Return current pattern. - * @param sx security context patterns - * @return current pattern, NULL on invalid - */ -/*@-exportlocal@*/ -/*@observer@*/ /*@null@*/ -extern const char * rpmsxPattern(/*@null@*/ const rpmsx sx) - /*@*/; -/*@=exportlocal@*/ - -/** - * Return current type. - * @param sx security context patterns - * @return current type, NULL on invalid/missing - */ -/*@-exportlocal@*/ -/*@observer@*/ /*@null@*/ -extern const char * rpmsxType(/*@null@*/ const rpmsx sx) - /*@*/; -/*@=exportlocal@*/ - -/** - * Return current context. - * @param sx security context patterns - * @return current context, NULL on invalid - */ -/*@-exportlocal@*/ -/*@observer@*/ /*@null@*/ -extern const char * rpmsxContext(/*@null@*/ const rpmsx sx) - /*@*/; -/*@=exportlocal@*/ - -/** - * Return current regex. - * @param sx security context patterns - * @return current context, NULL on invalid - */ -/*@-exportlocal@*/ -/*@observer@*/ /*@null@*/ -extern regex_t * rpmsxRE(/*@null@*/ const rpmsx sx) - /*@*/; -/*@=exportlocal@*/ - -/** - * Return current file mode. - * @param sx security context patterns - * @return current file mode, 0 on invalid - */ -/*@-exportlocal@*/ -extern mode_t rpmsxFMode(/*@null@*/ const rpmsx sx) - /*@*/; -/*@=exportlocal@*/ - -/** - * Return current file stem. - * @param sx security context patterns - * @return current file stem, -1 on invalid - */ -/*@-exportlocal@*/ -extern int rpmsxFStem(/*@null@*/ const rpmsx sx) - /*@*/; -/*@=exportlocal@*/ - -/** - * Return next security context patterns iterator index. - * @param sx security context patterns - * @return security context patterns iterator index, -1 on termination - */ -/*@-exportlocal@*/ -int rpmsxNext(/*@null@*/ rpmsx sx) - /*@modifies sx @*/; -/*@=exportlocal@*/ - -/** - * Initialize security context patterns iterator. - * @param sx security context patterns - * @param reverse iterate in reverse order? - * @return security context patterns - */ -/*@-exportlocal@*/ -/*@null@*/ -rpmsx rpmsxInit(/*@null@*/ rpmsx sx, int reverse) - /*@modifies sx @*/; -/*@=exportlocal@*/ - -/** - * Find file security context from path and type. - * @param sx security context patterns - * @param fn file path - * @param fmode file mode - * @return file security context - */ -/*@owned@*/ /*@null@*/ -const char * rpmsxFContext(/*@null@*/ rpmsx sx, const char * fn, mode_t fmode) - /*@modifies sx @*/; - -#ifdef __cplusplus -} -#endif - -#endif /* H_RPMSX */ diff --git a/lib/rpmts.c b/lib/rpmts.c index 32f83e545..a456c9840 100644 --- a/lib/rpmts.c +++ b/lib/rpmts.c @@ -25,16 +25,8 @@ /* portability fiddles */ #if STATFS_IN_SYS_STATVFS /*@-incondefs@*/ -#if defined(__LCLINT__) -/*@-declundef -exportheader -protoparammatch @*/ /* LCL: missing annotation */ -extern int statvfs (const char * file, /*@out@*/ struct statvfs * buf) - /*@globals fileSystem @*/ - /*@modifies *buf, fileSystem @*/; -/*@=declundef =exportheader =protoparammatch @*/ -/*@=incondefs@*/ -#else -# include <sys/statvfs.h> -#endif +#include <sys/statvfs.h> + #else # if STATFS_IN_SYS_VFS # include <sys/vfs.h> @@ -55,7 +47,6 @@ extern int statvfs (const char * file, /*@out@*/ struct statvfs * buf) /*@access rpmps @*/ /*@access rpmDiskSpaceInfo @*/ -/*@access rpmsx @*/ /*@access rpmte @*/ /*@access rpmtsi @*/ /*@access fnpyKey @*/ @@ -863,8 +854,6 @@ rpmts rpmtsFree(rpmts ts) (void) rpmtsCloseSDB(ts); - ts->sx = rpmsxFree(ts->sx); - ts->removedPackages = _free(ts->removedPackages); ts->availablePackages = rpmalFree(ts->availablePackages); @@ -1084,23 +1073,6 @@ int rpmtsSetChrootDone(rpmts ts, int chrootDone) return ochrootDone; } -rpmsx rpmtsREContext(rpmts ts) -{ - return ( (ts && ts->sx ? rpmsxLink(ts->sx, __func__) : NULL) ); -} - -int rpmtsSetREContext(rpmts ts, rpmsx sx) -{ - int rc = -1; - if (ts != NULL) { - ts->sx = rpmsxFree(ts->sx); - ts->sx = rpmsxLink(sx, __func__); - if (ts->sx != NULL) - rc = 0; - } - return rc; -} - int_32 rpmtsGetTid(rpmts ts) { int_32 tid = 0; diff --git a/lib/rpmts.h b/lib/rpmts.h index 1948c1eb2..cb3ccf355 100644 --- a/lib/rpmts.h +++ b/lib/rpmts.h @@ -8,7 +8,6 @@ #include "rpmps.h" #include "rpmsw.h" -#include "rpmsx.h" /*@-exportlocal@*/ /*@unchecked@*/ @@ -283,9 +282,6 @@ struct rpmts_s { int numAvailablePackages; /*!< No. available package instances. */ #endif -/*@refcounted@*/ /*@null@*/ - rpmsx sx; /*!< Security context patterns. */ - /*@null@*/ rpmte relocateElement; /*!< Element to use when relocating packages. */ @@ -732,24 +728,6 @@ int rpmtsSetChrootDone(rpmts ts, int chrootDone) /*@modifies ts @*/; /** \ingroup rpmts - * Get file security context patterns. - * @param ts transaction set - * @return file security context patterns - */ -/*@null@*/ -rpmsx rpmtsREContext(const rpmts ts) - /*@modifies ts @*/; - -/** \ingroup rpmts - * Get file security context patterns. - * @param ts transaction set - * @param sx security context patterns - * @return 0 on success - */ -int rpmtsSetREContext(rpmts ts, rpmsx sx) - /*@modifies ts, sx @*/; - -/** \ingroup rpmts * Get transaction id, i.e. transaction time stamp. * @param ts transaction set * @return transaction id diff --git a/lib/setfiles.c b/lib/setfiles.c deleted file mode 100644 index 9f34a312f..000000000 --- a/lib/setfiles.c +++ /dev/null @@ -1,991 +0,0 @@ -/* - * setfiles - * - * AUTHOR: Stephen Smalley <sds@epoch.ncsc.mil> - * This program was derived in part from the setfiles.pl script - * developed by Secure Computing Corporation. - * - * PURPOSE: - * This program reads a set of file security context specifications - * based on pathname regular expressions and labels files - * accordingly, traversing a set of file systems specified by - * the user. The program does not cross file system boundaries. - * - * USAGE: - * setfiles [-dnpqsvW] spec_file pathname... - * - * -d Show what specification matched each file. - * -n Do not change any file labels. - * -q Be quiet (suppress non-error output). - * -r Use an alternate root path - * -s Use stdin for a list of files instead of searching a partition. - * -v Show changes in file labels. - * -W Warn about entries that have no matching file. - * - * spec_file The specification file. - * pathname... The file systems to label (omit if using -s). - * - * EXAMPLE USAGE: - * ./setfiles -v file_contexts `mount | awk '/ext3/{print $3}'` - * - * SPECIFICATION FILE: - * Each specification has the form: - * regexp [ -type ] ( context | <<none>> ) - * - * By default, the regexp is an anchored match on both ends (i.e. a - * caret (^) is prepended and a dollar sign ($) is appended automatically). - * This default may be overridden by using .* at the beginning and/or - * end of the regular expression. - * - * The optional type field specifies the file type as shown in the mode - * field by ls, e.g. use -d to match only directories or -- to match only - * regular files. - * - * The value of <<none> may be used to indicate that matching files - * should not be relabeled. - * - * The last matching specification is used. - * - * If there are multiple hard links to a file that match - * different specifications and those specifications indicate - * different security contexts, then a warning is displayed - * but the file is still labeled based on the last matching - * specification other than <<none>>. - */ - -#include "system.h" -const char *__progname; - -#include <regex.h> -#include <sys/vfs.h> -#define __USE_XOPEN_EXTENDED 1 /* nftw */ -#include <ftw.h> - -#include <selinux/selinux.h> -#include <popt.h> - -#include "debug.h" - -static int add_assoc = 1; - -/* - * Command-line options. - */ -static int debug = 0; -static int change = 1; -static int quiet = 0; -#define QPRINTF(args...) do { if (!quiet) printf(args); } while (0) -static int use_stdin = 0; -static int verbose = 0; -static int warn_no_match = 0; -static char *rootpath = NULL; -static int rootpathlen = 0; - -/* - * A file security context specification. - */ -typedef struct spec { -/*@only@*/ - char *pattern; /* regular expession string for diagnostic messages */ -/*@only@*/ - char *type_str; /* type string for diagnostic messages */ -/*@only@*/ - char *context; /* context string */ -/*@only@*/ - regex_t * preg; /* compiled regular expression */ - mode_t mode; /* mode format value */ - int matches; /* number of matching pathnames */ - int hasMetaChars; /* indicates whether the RE has - any meta characters. - 0 = no meta chars - 1 = has one or more meta chars */ - int stem_id; /* indicates which of the stem-compression - items it matches */ -} * spec_t; - -typedef struct stem { - char *buf; - int len; -} * stem_t; - -stem_t stem_arr = NULL; -int num_stems = 0; -int alloc_stems = 0; - -const char * const regex_chars = ".^$?*+|[({"; - -/* Return the length of the text that can be considered the stem, returns 0 - * if there is no identifiable stem */ -static int get_stem_from_spec(const char * const buf) -{ - const char *tmp = strchr(buf + 1, '/'); - const char *ind; - - if (!tmp) - return 0; - - for (ind = buf + 1; ind < tmp; ind++) { - if (strchr(regex_chars, (int)*ind)) - return 0; - } - return tmp - buf; -} - -/* return the length of the text that is the stem of a file name */ -static int get_stem_from_file_name(const char * const buf) -{ - const char *tmp = strchr(buf + 1, '/'); - - if (!tmp) - return 0; - return tmp - buf; -} - -/* find the stem of a file spec, returns the index into stem_arr for a new - * or existing stem, (or -1 if there is no possible stem - IE for a file in - * the root directory or a regex that is too complex for us). Makes buf - * point to the text AFTER the stem. */ -static int find_stem_from_spec(const char **buf) -{ - int stem_len = get_stem_from_spec(*buf); - int i; - - if (!stem_len) - return -1; - for (i = 0; i < num_stems; i++) { - if (stem_len != stem_arr[i].len) - continue; - if (strncmp(*buf, stem_arr[i].buf, stem_len)) - continue; - *buf += stem_len; - return i; - } - - if (num_stems == alloc_stems) { - alloc_stems = alloc_stems * 2 + 16; - stem_arr = xrealloc(stem_arr, sizeof(*stem_arr) * alloc_stems); - } - stem_arr[num_stems].len = stem_len; - stem_arr[num_stems].buf = xmalloc(stem_len + 1); - memcpy(stem_arr[num_stems].buf, *buf, stem_len); - stem_arr[num_stems].buf[stem_len] = '\0'; - num_stems++; - *buf += stem_len; - return num_stems - 1; -} - -/* find the stem of a file name, returns the index into stem_arr (or -1 if - * there is no match - IE for a file in the root directory or a regex that is - * too complex for us). Makes buf point to the text AFTER the stem. */ -static int find_stem_from_file(const char **buf) -{ - int stem_len = get_stem_from_file_name(*buf); - int i; - - if (stem_len) - for (i = 0; i < num_stems; i++) { - if (stem_len != stem_arr[i].len) - continue; - if (strncmp(*buf, stem_arr[i].buf, stem_len)) - continue; - *buf += stem_len; - return i; - } - return -1; -} - -/* - * The array of specifications, initially in the - * same order as in the specification file. - * Sorting occurs based on hasMetaChars - */ -static spec_t spec_arr; -static int nspec; - -/* - * An association between an inode and a - * specification. - */ -typedef struct file_spec * file_spec_t; -struct file_spec { - ino_t ino; /* inode number */ - int specind; /* index of specification in spec */ - char *file; /* full pathname for diagnostic messages about conflicts */ - file_spec_t next; /* next association in hash bucket chain */ -}; - -/* - * The hash table of associations, hashed by inode number. - * Chaining is used for collisions, with elements ordered - * by inode number in each bucket. Each hash bucket has a dummy - * header. - */ -#define HASH_BITS 16 -#define HASH_BUCKETS (1 << HASH_BITS) -#define HASH_MASK (HASH_BUCKETS-1) -static struct file_spec fl_head[HASH_BUCKETS]; - -/* - * Try to add an association between an inode and - * a specification. If there is already an association - * for the inode and it conflicts with this specification, - * then use the specification that occurs later in the - * specification array. - */ -static file_spec_t file_spec_add(ino_t ino, int specind, const char *file) -{ - file_spec_t prevfl; - file_spec_t fl; - int h, no_conflict, ret; - struct stat sb; - - h = (ino + (ino >> HASH_BITS)) & HASH_MASK; - for (prevfl = &fl_head[h], fl = fl_head[h].next; - fl != NULL; - prevfl = fl, fl = fl->next) - { - if (ino == fl->ino) { - ret = lstat(fl->file, &sb); - if (ret < 0 || sb.st_ino != ino) { - fl->specind = specind; - free(fl->file); - fl->file = xstrdup(file); - return fl; - } - - no_conflict = (strcmp(spec_arr[fl->specind].context,spec_arr[specind].context) == 0); - if (no_conflict) - return fl; - - fprintf(stderr, - "%s: conflicting specifications for %s and %s, using %s.\n", - __progname, file, fl->file, - ((specind > fl->specind) ? spec_arr[specind]. - context : spec_arr[fl->specind].context)); - fl->specind = - (specind > fl->specind) ? specind : fl->specind; - free(fl->file); - fl->file = xstrdup(file); - return fl; - } - - if (ino > fl->ino) - break; - } - - fl = xmalloc(sizeof(*fl)); - fl->ino = ino; - fl->specind = specind; - fl->file = xstrdup(file); - fl->next = prevfl->next; - prevfl->next = fl; - return fl; -} - -/* - * Evaluate the association hash table distribution. - */ -static void file_spec_eval(void) -{ - file_spec_t fl; - int h, used, nel, len, longest; - - used = 0; - longest = 0; - nel = 0; - for (h = 0; h < HASH_BUCKETS; h++) { - len = 0; - for (fl = fl_head[h].next; fl; fl = fl->next) { - len++; - } - if (len) - used++; - if (len > longest) - longest = len; - nel += len; - } - - QPRINTF ("%s: hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n", - __progname, nel, used, HASH_BUCKETS, longest); -} - - -/* - * Destroy the association hash table. - */ -static void file_spec_destroy(void) -{ - file_spec_t fl; - file_spec_t tmp; - int h; - - for (h = 0; h < HASH_BUCKETS; h++) { - fl = fl_head[h].next; - while (fl) { - tmp = fl; - fl = fl->next; - free(tmp->file); - free(tmp); - } - fl_head[h].next = NULL; - } -} - - -static int match(const char *name, struct stat *sb) -{ - static char errbuf[255 + 1]; - const char *fullname = name; - const char *buf = name; - int i, ret, file_stem; - - /* fullname will be the real file that gets labeled - * name will be what is matched in the policy */ - if (rootpath != NULL) { - if (strncmp(rootpath, name, rootpathlen) != 0) { - fprintf(stderr, "%s: %s is not located in %s\n", - __progname, name, rootpath); - return -1; - } - name += rootpathlen; - buf += rootpathlen; - } - - ret = lstat(fullname, sb); - if (ret) { - fprintf(stderr, "%s: unable to stat file %s\n", __progname, fullname); - return -1; - } - - file_stem = find_stem_from_file(&buf); - - /* - * Check for matching specifications in reverse order, so that - * the last matching specification is used. - */ - for (i = nspec - 1; i >= 0; i--) { - spec_t sp; - - sp = spec_arr + i; - - /* if the spec in question matches no stem or has the same - * stem as the file AND if the spec in question has no mode - * specified or if the mode matches the file mode then we do - * a regex check */ - if (sp->stem_id != -1 && sp->stem_id != file_stem) - continue; - if (sp->mode && (sb->st_mode & S_IFMT) != sp->mode) - continue; - - if (sp->stem_id == -1) - ret = regexec(sp->preg, name, 0, NULL, 0); - else - ret = regexec(sp->preg, buf, 0, NULL, 0); - if (ret == 0) - break; - - if (ret == REG_NOMATCH) - continue; - - /* else it's an error */ - regerror(ret, sp->preg, errbuf, sizeof errbuf); - fprintf(stderr, "%s: unable to match %s against %s: %s\n", - __progname, name, sp->pattern, errbuf); - return -1; - } - - /* Cound matches found. */ - if (i >= 0) - spec_arr[i].matches++; - - return i; -} - -/* Used with qsort to sort specs from lowest to highest hasMetaChars value */ -static int spec_compare(const void* specA, const void* specB) -{ - return ( - ((const spec_t)specB)->hasMetaChars - - ((const spec_t)specA)->hasMetaChars - ); -} - -/* - * Check for duplicate specifications. If a duplicate specification is found - * and the context is the same, give a warning to the user. If a duplicate - * specification is found and the context is different, give a warning - * to the user (This could be changed to error). Return of non-zero is an error. - */ -static int nodups_specs(void) -{ - int i, j; - - for (i = 0; i < nspec; i++) { - spec_t sip = spec_arr + i; - for (j = i + 1; j < nspec; j++) { - spec_t sjp = spec_arr + j; - - /* Check if same RE string */ - if (strcmp(sjp->pattern, sip->pattern)) - continue; - if (sjp->mode && sip->mode && sjp->mode != sip->mode) - continue; - - /* Same RE string found */ - if (strcmp(sjp->context, sip->context)) { - /* If different contexts, give warning */ - fprintf(stderr, - "ERROR: Multiple different specifications for %s (%s and %s).\n", - sip->pattern, sjp->context, sip->context); - } else { - /* If same contexts give warning */ - fprintf(stderr, - "WARNING: Multiple same specifications for %s.\n", - sip->pattern); - } - } - } - return 0; -} - -static void usage(const char * const name, poptContext optCon) -{ - fprintf(stderr, - "usage: %s [-dnqvW] spec_file pathname...\n" - "usage: %s -s [-dnqvW] spec_file\n", name, name); - poptPrintUsage(optCon, stderr, 0); - exit(1); -} - -/* Determine if the regular expression specification has any meta characters. */ -static void spec_hasMetaChars(spec_t sp) -{ - char * c = sp->pattern; - int len = strlen(c); - char * end = c + len; - - sp->hasMetaChars = 0; - - /* Look at each character in the RE specification string for a - * meta character. Return when any meta character reached. */ - while (c != end) { - switch(*c) { - case '.': - case '^': - case '$': - case '?': - case '*': - case '+': - case '|': - case '[': - case '(': - case '{': - sp->hasMetaChars = 1; - return; - break; - case '\\': /* skip the next character */ - c++; - break; - default: - break; - - } - c++; - } - return; -} - -/* - * Apply the last matching specification to a file. - * This function is called by nftw on each file during - * the directory traversal. - */ -static int apply_spec(const char *file, - const struct stat *sb_unused, int flag, struct FTW *s_unused) -{ - const char * my_file; - file_spec_t fl; - struct stat my_sb; - int i, ret; - char * context; - spec_t sp; - - /* Skip the extra slash at the beginning, if present. */ - if (file[0] == '/' && file[1] == '/') - my_file = &file[1]; - else - my_file = file; - - if (flag == FTW_DNR) { - fprintf(stderr, "%s: unable to read directory %s\n", - __progname, my_file); - return 0; - } - - i = match(my_file, &my_sb); - if (i < 0) - /* No matching specification. */ - return 0; - sp = spec_arr + i; - - /* - * Try to add an association between this inode and - * this specification. If there is already an association - * for this inode and it conflicts with this specification, - * then use the last matching specification. - */ - if (add_assoc) { - fl = file_spec_add(my_sb.st_ino, i, my_file); - if (!fl) - /* Insufficient memory to proceed. */ - return 1; - - if (fl->specind != i) - /* There was already an association and it took precedence. */ - return 0; - } - - if (debug) { - if (sp->type_str) { - printf("%s: %s matched by (%s,%s,%s)\n", __progname, - my_file, sp->pattern, - sp->type_str, sp->context); - } else { - printf("%s: %s matched by (%s,%s)\n", __progname, - my_file, sp->pattern, sp->context); - } - } - - /* Get the current context of the file. */ - ret = lgetfilecon(my_file, &context); - if (ret < 0) { - if (errno == ENODATA) { - context = xstrdup("<<none>>"); - } else { - perror(my_file); - fprintf(stderr, "%s: unable to obtain attribute for file %s\n", - __progname, my_file); - return -1; - } - } - - /* - * Do not relabel the file if the matching specification is - * <<none>> or the file is already labeled according to the - * specification. - */ - if ((strcmp(sp->context, "<<none>>") == 0) || - (strcmp(sp->context, context) == 0)) - { - freecon(context); - return 0; - } - - if (verbose) { - printf("%s: relabeling %s from %s to %s\n", __progname, - my_file, context, sp->context); - } - - freecon(context); - - /* - * Do not relabel the file if -n was used. - */ - if (!change) - return 0; - - /* - * Relabel the file to the specified context. - */ - ret = lsetfilecon(my_file, sp->context); - if (ret) { - perror(my_file); - fprintf(stderr, "%s: unable to relabel %s to %s\n", - __progname, my_file, sp->context); - return 1; - } - - return 0; -} - -static int nerr = 0; - -static void inc_err(void) -{ - nerr++; - if (nerr > 9 && !debug) { - fprintf(stderr, "Exiting after 10 errors.\n"); - exit(1); - } -} - -static -int parseREContexts(const char *fn) -{ - FILE * fp; - char errbuf[255 + 1]; - char buf[255 + 1]; - char * bp; - char * regex; - char * type; - char * context; - char * anchored_regex; - int items; - int len; - int lineno; - int pass; - int regerr; - spec_t sp; - - if ((fp = fopen(fn, "r")) == NULL) { - perror(fn); - return -1; - } - - /* - * Perform two passes over the specification file. - * The first pass counts the number of specifications and - * performs simple validation of the input. At the end - * of the first pass, the spec array is allocated. - * The second pass performs detailed validation of the input - * and fills in the spec array. - */ - for (pass = 0; pass < 2; pass++) { - lineno = 0; - nspec = 0; - sp = spec_arr; - while (fgets(buf, sizeof buf, fp)) { - lineno++; - len = strlen(buf); - if (buf[len - 1] != '\n') { - fprintf(stderr, - "%s: no newline on line number %d (only read %s)\n", - fn, lineno, buf); - inc_err(); - continue; - } - buf[len - 1] = 0; - bp = buf; - while (isspace(*bp)) - bp++; - /* Skip comment lines and empty lines. */ - if (*bp == '#' || *bp == 0) - continue; - items = sscanf(buf, "%as %as %as", ®ex, &type, &context); - if (items < 2) { - fprintf(stderr, - "%s: line number %d is missing fields (only read %s)\n", - fn, lineno, buf); - inc_err(); - if (items == 1) - free(regex); - continue; - } else if (items == 2) { - /* The type field is optional. */ - free(context); - context = type; - type = 0; - } - - if (pass == 1) { - /* On the second pass, compile and store the specification in spec. */ - const char *reg_buf = regex; - sp->stem_id = find_stem_from_spec(®_buf); - sp->pattern = regex; - - /* Anchor the regular expression. */ - len = strlen(reg_buf); - anchored_regex = xmalloc(len + 3); - sprintf(anchored_regex, "^%s$", reg_buf); - - /* Compile the regular expression. */ - sp->preg = xcalloc(1, sizeof(*sp->preg)); - regerr = regcomp(sp->preg, anchored_regex, - REG_EXTENDED | REG_NOSUB); - if (regerr < 0) { - regerror(regerr, sp->preg, errbuf, sizeof errbuf); - fprintf(stderr, - "%s: unable to compile regular expression %s on line number %d: %s\n", - fn, regex, lineno, - errbuf); - inc_err(); - } - free(anchored_regex); - - /* Convert the type string to a mode format */ - sp->type_str = type; - sp->mode = 0; - if (!type) - goto skip_type; - len = strlen(type); - if (type[0] != '-' || len != 2) { - fprintf(stderr, - "%s: invalid type specifier %s on line number %d\n", - fn, type, lineno); - inc_err(); - goto skip_type; - } - switch (type[1]) { - case 'b': - sp->mode = S_IFBLK; - break; - case 'c': - sp->mode = S_IFCHR; - break; - case 'd': - sp->mode = S_IFDIR; - break; - case 'p': - sp->mode = S_IFIFO; - break; - case 'l': - sp->mode = S_IFLNK; - break; - case 's': - sp->mode = S_IFSOCK; - break; - case '-': - sp->mode = S_IFREG; - break; - default: - fprintf(stderr, - "%s: invalid type specifier %s on line number %d\n", - fn, type, lineno); - inc_err(); - } - - skip_type: - - sp->context = context; - - if (strcmp(context, "<<none>>")) { - if (security_check_context(context) < 0 && errno != ENOENT) { - fprintf(stderr, - "%s: invalid context %s on line number %d\n", - fn, context, lineno); - inc_err(); - } - } - - /* Determine if specification has - * any meta characters in the RE */ - spec_hasMetaChars(sp); - sp++; - } - - nspec++; - if (pass == 0) { - free(regex); - if (type) - free(type); - free(context); - } - } - - if (nerr) - return -1; - - if (pass == 0) { - QPRINTF("%s: read %d specifications\n", fn, nspec); - if (nspec == 0) - return 0; - spec_arr = xcalloc(nspec, sizeof(*spec_arr)); - rewind(fp); - } - } - fclose(fp); - - /* Sort the specifications with most general first */ - qsort(spec_arr, nspec, sizeof(*spec_arr), spec_compare); - - /* Verify no exact duplicates */ - if (nodups_specs() != 0) - return -1; - return 0; -} - -static struct poptOption optionsTable[] = { - { "debug", 'd', POPT_ARG_VAL, &debug, 1, - N_("show what specification matched each file"), NULL }, - { "nochange", 'n', POPT_ARG_VAL, &change, 0, - N_("do not change any file labels"), NULL }, - { "quiet", 'q', POPT_ARG_VAL, &quiet, 1, - N_("be quiet (suppress non-error output)"), NULL }, - { "root", 'r', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT, &rootpath, 0, - N_("use an alternate root path"), N_("ROOT") }, - { "stdin", 's', POPT_ARG_VAL, &use_stdin, 1, - N_("use stdin for a list of files instead of searching a partition"), NULL }, - { "verbose", 'v', POPT_ARG_VAL, &warn_no_match, 1, - N_("show changes in file labels"), NULL }, - { "warn", 'W', POPT_ARG_VAL, &warn_no_match, 1, - N_("warn about entries that have no matching file"), NULL }, - - POPT_AUTOHELP - POPT_TABLEEND -}; - -int main(int argc, char **argv) -{ - poptContext optCon; - const char ** av; - const char * arg; - int ec = EXIT_FAILURE; /* assume failure. */ - int rc; - int i; - -#if HAVE_MCHECK_H && HAVE_MTRACE - /*@-noeffect@*/ - mtrace(); /* Trace malloc only if MALLOC_TRACE=mtrace-output-file. */ - /*@=noeffect@*/ -#endif - - setprogname(argv[0]); /* Retrofit glibc __progname */ - /* XXX glibc churn sanity */ - if (__progname == NULL) { - if ((__progname = strrchr(argv[0], '/')) != NULL) __progname++; - else __progname = argv[0]; - } - - (void) setlocale(LC_ALL, "" ); - (void) bindtextdomain(PACKAGE, LOCALEDIR); - (void) textdomain(PACKAGE); - - optCon = poptGetContext(__progname, argc, (const char **)argv, optionsTable, 0); - - /* Process all options, whine if unknown. */ - while ((rc = poptGetNextOpt(optCon)) > 0) { - switch (rc) { - default: -/*@-nullpass@*/ - fprintf(stderr, _("%s: option table misconfigured (%d)\n"), - __progname, rc); -/*@=nullpass@*/ - goto exit; - /*@notreached@*/ /*@switchbreak@*/ break; - } - } - - if (rc < -1) { -/*@-nullpass@*/ - fprintf(stderr, "%s: %s: %s\n", __progname, - poptBadOption(optCon, POPT_BADOPTION_NOALIAS), - poptStrerror(rc)); -/*@=nullpass@*/ - goto exit; - } - - /* trim trailing /, if present */ - if (rootpath != NULL) { - rootpathlen = strlen(rootpath); - while (rootpath[rootpathlen - 1] == '/') - rootpath[--rootpathlen] = 0; - } - - av = poptGetArgs(optCon); - if (use_stdin) { - add_assoc = 0; - /* Check exactly 1 arg */ - if (av == NULL || !(av[0] != NULL && av[1] == NULL)) { - usage(__progname, optCon); - } - } else { - /* Check at least 2 args */ - if (av == NULL || !(av[0] != NULL && av[1] != NULL)) - usage(__progname, optCon); - } - - /* Parse the specification file. */ - if (parseREContexts(*av) != 0) { - perror(*av); - goto exit; - } - av++; - - /* - * Apply the specifications to the file systems. - */ - if (use_stdin) { - char buf[PATH_MAX]; - struct stat sb; - int flag; - - while(fgets(buf, sizeof(buf), stdin)) { - strtok(buf, "\n"); - if (buf[0] == '\n') - continue; - if (stat(buf, &sb)) { - fprintf(stderr, "File \"%s\" not found.\n", buf); - continue; - } - switch(sb.st_mode) { - case S_IFDIR: - flag = FTW_D; - break; - case S_IFLNK: - flag = FTW_SL; - break; - default: - flag = FTW_F; - break; - } - apply_spec(buf, &sb, flag, NULL); - } - } - else while ((arg = *av++) != NULL) - { - if (rootpath != NULL) { - QPRINTF("%s: labeling files, pretending %s is /\n", - __progname, rootpath); - } - - QPRINTF("%s: labeling files under %s\n", __progname, arg); - - /* Walk the file tree, calling apply_spec on each file. */ - if (nftw(arg, apply_spec, 1024, FTW_PHYS | FTW_MOUNT)) { - fprintf(stderr, "%s: error while labeling files under %s\n", - __progname, arg); - goto exit; - } - - /* - * Evaluate the association hash table distribution for the - * directory tree just traversed. - */ - file_spec_eval(); - - /* Reset the association hash table for the next directory tree. */ - file_spec_destroy(); - } - - if (warn_no_match) { - for (i = 0; i < nspec; i++) { - spec_t sp; - - sp = spec_arr + i; - if (sp->matches > 0) - continue; - if (sp->type_str) { - printf("%s: Warning! No matches for (%s, %s, %s)\n", - __progname, sp->pattern, - sp->type_str, sp->context); - } else { - printf("%s: Warning! No matches for (%s, %s)\n", - __progname, sp->pattern, sp->context); - } - } - } - - QPRINTF("%s: Done.\n", __progname); - ec = 0; - -exit: - optCon = poptFreeContext(optCon); - -#if HAVE_MCHECK_H && HAVE_MTRACE - /*@-noeffect@*/ - muntrace(); /* Trace malloc only if MALLOC_TRACE=mtrace-output-file. */ - /*@=noeffect@*/ -#endif - - return ec; -} diff --git a/lib/tplatform.c b/lib/tplatform.c index 3857165f3..4fda9e2c2 100644 --- a/lib/tplatform.c +++ b/lib/tplatform.c @@ -1,10 +1,10 @@ #include "system.h" + +#include "rpmio_internal.h" #include <rpmlib.h> #include <rpmmacro.h> #include <rpmio.h> -extern int _rpmio_debug; - #define _ETC_RPM_PLATFORM "/etc/rpm/platform" static const char * platform = _ETC_RPM_PLATFORM; @@ -14,7 +14,7 @@ static int nplatpat = 0; static int rpmPlatform(void) { char *cpu = NULL, *vendor = NULL, *os = NULL, *gnu = NULL; - char * b = NULL; + byte * b = NULL; ssize_t blen = 0; int init_platform = 0; char * p, * pe; diff --git a/lib/transaction.c b/lib/transaction.c index 35d0ac084..4d743c102 100644 --- a/lib/transaction.c +++ b/lib/transaction.c @@ -32,12 +32,7 @@ #include "debug.h" -/* - * This is needed for the IDTX definitions. I think probably those need - * to be moved into a different source file (idtx.{c,h}), but that is up - * to Jeff Johnson. - */ -#include "rpmcli.h" +#include "idtx.h" /*@access Header @*/ /* XXX ts->notify arg1 is void ptr */ /*@access rpmps @*/ /* XXX need rpmProblemSetOK() */ @@ -1454,6 +1449,19 @@ int rpmtsRun(rpmts ts, rpmps okProbs, rpmprobFilterFlags ignoreSet) if (rpmtsFlags(ts) & RPMTRANS_FLAG_JUSTDB) (void) rpmtsSetFlags(ts, (rpmtsFlags(ts) | _noTransScripts | _noTransTriggers)); + /* if SELinux isn't enabled or init fails, don't bother... */ + if (!rpmtsSELinuxEnabled(ts)) { + rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS)); + } + + if (!rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS) { + const char *fn = rpmGetPath("%{?_install_file_context_path}", NULL); + if (matchpathcon_init(fn) == -1) { + rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS)); + } + _free(fn); + } + ts->probs = rpmpsFree(ts->probs); ts->probs = rpmpsCreate(); diff --git a/lib/tre.c b/lib/tre.c deleted file mode 100644 index eda4181b5..000000000 --- a/lib/tre.c +++ /dev/null @@ -1,142 +0,0 @@ -#include "system.h" - -#define _RPMSX_INTERNAL -#include <rpmsx.h> -#include <popt.h> - -#include "debug.h" - -static int add_assoc = 1; - -/* - * Command-line options. - */ -static int change = 1; -static int quiet = 0; -#define QPRINTF(args...) do { if (!quiet) printf(args); } while (0) -static int use_stdin = 0; -static int verbose = 0; -static int warn_no_match = 0; -static char *rootpath = NULL; -static int rootpathlen = 0; - -static struct poptOption optionsTable[] = { - { "debug", 'd', POPT_ARG_VAL, &_rpmsx_debug, -1, - N_("show what specification matched each file"), NULL }, - { "nochange", 'n', POPT_ARG_VAL, &change, 0, - N_("do not change any file labels"), NULL }, - { "quiet", 'q', POPT_ARG_VAL, &quiet, 1, - N_("be quiet (suppress non-error output)"), NULL }, - { "root", 'r', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT, &rootpath, 0, - N_("use an alternate root path"), N_("ROOT") }, - { "stdin", 's', POPT_ARG_VAL, &use_stdin, 1, - N_("use stdin for a list of files instead of searching a partition"), NULL }, - { "verbose", 'v', POPT_ARG_VAL, &warn_no_match, 1, - N_("show changes in file labels"), NULL }, - { "warn", 'W', POPT_ARG_VAL, &warn_no_match, 1, - N_("warn about entries that have no matching file"), NULL }, - - POPT_AUTOHELP - POPT_TABLEEND -}; - -int main(int argc, char **argv) -{ - poptContext optCon; - const char ** av; - const char * arg; - rpmsx sx; - int ec = EXIT_FAILURE; /* assume failure. */ - int rc; - int i; - -#if HAVE_MCHECK_H && HAVE_MTRACE - /*@-noeffect@*/ - mtrace(); /* Trace malloc only if MALLOC_TRACE=mtrace-output-file. */ - /*@=noeffect@*/ -#endif - - setprogname(argv[0]); /* Retrofit glibc __progname */ - /* XXX glibc churn sanity */ - if (__progname == NULL) { - if ((__progname = strrchr(argv[0], '/')) != NULL) __progname++; - else __progname = argv[0]; - } - - (void) setlocale(LC_ALL, "" ); - (void) bindtextdomain(PACKAGE, LOCALEDIR); - (void) textdomain(PACKAGE); - - optCon = poptGetContext(__progname, argc, (const char **)argv, optionsTable, 0); - - /* Process all options, whine if unknown. */ - while ((rc = poptGetNextOpt(optCon)) > 0) { - switch (rc) { - default: -/*@-nullpass@*/ - fprintf(stderr, _("%s: option table misconfigured (%d)\n"), - __progname, rc); -/*@=nullpass@*/ - goto exit; - /*@notreached@*/ /*@switchbreak@*/ break; - } - } - - if (rc < -1) { -/*@-nullpass@*/ - fprintf(stderr, "%s: %s: %s\n", __progname, - poptBadOption(optCon, POPT_BADOPTION_NOALIAS), - poptStrerror(rc)); -/*@=nullpass@*/ - goto exit; - } - - /* trim trailing /, if present */ - if (rootpath != NULL) { - rootpathlen = strlen(rootpath); - while (rootpath[rootpathlen - 1] == '/') - rootpath[--rootpathlen] = 0; - } - - av = poptGetArgs(optCon); - - /* Parse the specification file. */ - sx = rpmsxNew(NULL); - - if (_rpmsx_debug) { - sx = rpmsxInit(sx, 1); - if (sx != NULL) - while ((i = rpmsxNext(sx)) >= 0) { - const char * pattern = rpmsxPattern(sx); - const char * type = rpmsxType(sx); - const char * context = rpmsxContext(sx); - - fprintf(stderr, "%5d: %s\t%s\t%s\n", i, - pattern, (type ? type : ""), context); - } - } - - if (av != NULL) - while ((arg = *av++) != NULL) { - const char * context = rpmsxFContext(sx, arg, S_IFREG); - fprintf(stderr, "%s: %s\n", arg, context); - } - - sx = rpmsxFree(sx); - - /* - * Apply the specifications to the file systems. - */ - ec = 0; - -exit: - optCon = poptFreeContext(optCon); - -#if HAVE_MCHECK_H && HAVE_MTRACE - /*@-noeffect@*/ - muntrace(); /* Trace malloc only if MALLOC_TRACE=mtrace-output-file. */ - /*@=noeffect@*/ -#endif - - return ec; -} |