From 95f461e7a8d254bcb592521041cf32bf12af974b Mon Sep 17 00:00:00 2001 From: Lennart Weller Date: Mon, 5 Sep 2016 10:54:46 +0200 Subject: copyright change for avl implementation. additional dependency on python re-add home directory in case user wants to use a registry updated systemd unit file Patches: - whitespace changes in patches - remove extra root uid/gid check in favour of config - maintain shebangs for scripts --- ...move-file-serve-restrictions-for-symlinks.patch | 72 ++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 debian/patches/0002-remove-file-serve-restrictions-for-symlinks.patch (limited to 'debian/patches/0002-remove-file-serve-restrictions-for-symlinks.patch') diff --git a/debian/patches/0002-remove-file-serve-restrictions-for-symlinks.patch b/debian/patches/0002-remove-file-serve-restrictions-for-symlinks.patch new file mode 100644 index 000000000..ecf97b65a --- /dev/null +++ b/debian/patches/0002-remove-file-serve-restrictions-for-symlinks.patch @@ -0,0 +1,72 @@ +From: Lennart Weller +Date: Mon, 5 Sep 2016 14:53:06 +0200 +Subject: remove file serve restrictions for symlinks + +--- + src/web_client.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/web_client.c b/src/web_client.c +index 4036d4c..a7cc424 100644 +--- a/src/web_client.c ++++ b/src/web_client.c +@@ -325,33 +325,33 @@ int mysendfile(struct web_client *w, char *filename) + snprintfz(webfilename, FILENAME_MAX, "%s/%s", web_dir, filename); + + // check if the file exists +- struct stat stat; +- if(lstat(webfilename, &stat) != 0) { ++ struct stat wstat; ++ if(stat(webfilename, &wstat) != 0) { + debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not found.", w->id, webfilename); + buffer_sprintf(w->response.data, "File '%s' does not exist, or is not accessible.", webfilename); + return 404; + } + + // check if the file is owned by expected user +- if(stat.st_uid != web_files_uid()) { +- error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); ++ if(wstat.st_uid != web_files_uid()) { ++ error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, wstat.st_uid, web_files_uid()); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; + } + + // check if the file is owned by expected group +- if(stat.st_gid != web_files_gid()) { +- error("%llu: File '%s' is owned by group %u (expected group %u). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid()); ++ if(wstat.st_gid != web_files_gid()) { ++ error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, wstat.st_gid, web_files_gid()); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; + } + +- if((stat.st_mode & S_IFMT) == S_IFDIR) { ++ if((wstat.st_mode & S_IFMT) == S_IFDIR) { + snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename); + return mysendfile(w, webfilename); + } + +- if((stat.st_mode & S_IFMT) != S_IFREG) { ++ if((wstat.st_mode & S_IFMT) != S_IFREG) { + error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; +@@ -399,14 +399,14 @@ int mysendfile(struct web_client *w, char *filename) + else if(strstr(filename, ".icns") != NULL) w->response.data->contenttype = CT_IMAGE_ICNS; + else w->response.data->contenttype = CT_APPLICATION_OCTET_STREAM; + +- debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, stat.st_size, w->ifd, w->ofd); ++ debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, wstat.st_size, w->ifd, w->ofd); + + w->mode = WEB_CLIENT_MODE_FILECOPY; + w->wait_receive = 1; + w->wait_send = 0; + buffer_flush(w->response.data); +- w->response.rlen = stat.st_size; +- w->response.data->date = stat.st_mtim.tv_sec; ++ w->response.rlen = wstat.st_size; ++ w->response.data->date = wstat.st_mtim.tv_sec; + + return 200; + } -- cgit v1.2.3