diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.29.2/scripts/genhomedircon

--- nsapolicycoreutils/scripts/genhomedircon	2005-12-07 07:28:00.000000000 -0500

+++ policycoreutils-1.29.2/scripts/genhomedircon	2005-12-19 18:17:05.000000000 -0500

@@ -26,64 +26,70 @@

 #

 #  

-import commands, sys, os, pwd, string, getopt, re

+import sys, os, pwd, string, getopt, re

 from semanage import *;

-fd=open("/etc/shells", 'r')

-VALID_SHELLS=fd.read().split('\n')

-fd.close()

-if "/sbin/nologin" in VALID_SHELLS:

-	VALID_SHELLS.remove("/sbin/nologin")

+try:

+	fd=open("/etc/shells", 'r')

+	VALID_SHELLS=fd.read().split('\n')

+	fd.close()

+	if "/sbin/nologin" in VALID_SHELLS:

+		VALID_SHELLS.remove("/sbin/nologin")

+except:

+	VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']

+

+def findval(file, var, delim=""):

+	val=""

+	fd=open(file, 'r')

+	for i in  fd.read().split('\n'):

+		if i.startswith(var) == 1:

+			if delim == "":

+				val = i.split()[1]

+			else:

+				val = i.split(delim)[1]

+			val = val.split("#")[0]

+			val = val.strip()

+	fd.close()

+	return val

 def getStartingUID():

 	starting_uid = sys.maxint

-	rc=commands.getstatusoutput("grep -h '^UID_MIN' /etc/login.defs")

-	if rc[0] == 0:

-		uid_min = re.sub("^UID_MIN[^0-9]*", "", rc[1])

-		#stip any comment from the end of the line

+	uid_min= findval("/etc/login.defs", "UID_MIN")

+	if uid_min != "":

 		uid_min = uid_min.split("#")[0]

 		uid_min = uid_min.strip()

 		if int(uid_min) < starting_uid:

 			starting_uid = int(uid_min)

-	rc=commands.getstatusoutput("grep -h '^LU_UIDNUMBER' /etc/libuser.conf")

-	if rc[0] == 0:

-		lu_uidnumber = re.sub("^LU_UIDNUMBER[^0-9]*", "", rc[1])

-		#stip any comment from the end of the line

-		lu_uidnumber = re.sub("[ \t].*", "", lu_uidnumber)

-		lu_uidnumber = lu_uidnumber.split("#")[0]

-		lu_uidnumber = lu_uidnumber.strip()

-		if int(lu_uidnumber) < starting_uid:

-			starting_uid = int(lu_uidnumber)

+

+	uid_min= findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")

+	if uid_min != "":

+		uid_min = uid_min.split("#")[0]

+		uid_min = uid_min.strip()

+		if int(uid_min) < starting_uid:

+			starting_uid = int(uid_min)

+

 	if starting_uid == sys.maxint:

 		starting_uid = 500

 	return starting_uid

 def getDefaultHomeDir():

 	ret = []

-	rc=commands.getstatusoutput("grep -h '^HOME' /etc/default/useradd")

-	if rc[0] == 0:

-		homedir = rc[1].split("=")[1]

-		homedir = homedir.split("#")[0]

-		homedir = homedir.strip()

-		if not homedir in ret:

-			ret.append(homedir)

-

-	rc=commands.getstatusoutput("grep -h '^LU_HOMEDIRECTORY' /etc/libuser.conf")

-	if rc[0] == 0:

-		homedir = rc[1].split("=")[1]

-		homedir = homedir.split("#")[0]

-		homedir = homedir.strip()

-		if not homedir in ret:

-			ret.append(homedir)

-

+	homedir=findval("/etc/default/useradd", "HOME", "=")

+	if homedir != "" and not homedir in ret:

+		ret.append(homedir)

+	

+	homedir=findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")

+	if homedir != "" and not homedir in ret:

+		ret.append(homedir)

+	

 	if ret == []:

 		ret.append("/home")

 	return ret

 def getSELinuxType(directory):

-	rc=commands.getstatusoutput("grep ^SELINUXTYPE= %s/config" % directory)

-	if rc[0]==0:

-		return rc[1].split("=")[-1].strip()

+	val=findval(directory+"/config", "SELINUXTYPE", "=")

+	if val != "":

+		return val

 	return "targeted"

 def usage(error = ""):

@@ -129,11 +135,17 @@

 		return self.getFileContextDir()+"/homedir_template"

 	def getHomeRootContext(self, homedir):

-		rc=commands.getstatusoutput("grep HOME_ROOT  %s | sed -e \"s|^HOME_ROOT|%s|\"" % ( self.getHomeDirTemplate(), homedir))

-		if rc[0] == 0:

-			return rc[1]+"\n"

-		else:

-			errorExit("sed error %s" % rc[1])

+		ret=""

+		fd=open(self.getHomeDirTemplate(), 'r')

+

+		for i in  fd.read().split('\n'):

+			if i.find("HOME_ROOT") == 0:

+				i=i.replace("HOME_ROOT", homedir)

+				ret = i+"\n"

+		fd.close()

+		if ret=="":

+			errorExit("No Home Root Context Found")

+		return ret

 	def heading(self):

 		ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]

@@ -152,32 +164,40 @@

 				return "user_r"

 		return name

 	def getOldRole(self, role):

-		rc = commands.getstatusoutput('grep "^user %s" %s' % (role, self.selinuxdir+self.type+"/users/system.users"))

-		if rc[0] != 0:					    

-			rc = commands.getstatusoutput('grep "^user %s" %s' % (role, self.selinuxdir+self.type+"/users/local.users"))

-		if rc[0] == 0:

-			user=rc[1].split()

+		rc=findval(self.selinuxdir+self.type+"/users/system.users", 'grep "^user %s" %s' % role, "=")

+		if rc == "":					    

+			rc=findval(self.selinuxdir+self.type+"/users/local.users", 'grep "^user %s" %s' % role, "=")

+		if rc != "":

+			user=rc.split()

 			role = user[3]

 			if role == "{":

 				role = user[4]

 		return role

 	def adduser(self, udict, user, seuser, role):

+		if seuser == "user_u" or user == "__default__":

+			return

+		# !!! chooses first role in the list to use in the file context !!!

+		if role[-2:] == "_r" or role[-2:] == "_u":

+			role = role[:-2]

 		try:

-			if seuser == "user_u" or user == "__default__":

-				return

-			# !!! chooses first role in the list to use in the file context !!!

-			if role[-2:] == "_r" or role[-2:] == "_u":

-				role = role[:-2]

 			home = pwd.getpwnam(user)[5]

 			if home == "/":

-				return

-			prefs = {}

-			prefs["role"] = role

-			prefs["home"] = home

-			udict[seuser] = prefs

+				# Probably install so hard code to /root

+				if user == "root":

+					home="/root"

+				else:

+					return

 		except KeyError:

-			sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)

+			if user == "root":

+				home = "/root"

+			else:

+				sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)

+				return

+		prefs = {}

+		prefs["role"] = role

+		prefs["home"] = home

+		udict[seuser] = prefs

 	def getUsers(self):

 		udict = {}

@@ -190,30 +210,45 @@

 				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.defaultrole(seusername))

 		else:

-			rc = commands.getstatusoutput("grep -v '^ *#' %s" % self.selinuxdir+self.type+"/seusers")

-			if rc[0] == 0 and rc[1] != "":

-				ulist = rc[1].split("\n")

-				for u in ulist:

-					if len(u)==0:

-						continue

-					user = u.split(":")

-					if len(user) < 3:

-						continue

-					role=self.getOldRole(user[1])

-					self.adduser(udict, user[0], user[1], role)

+			fd =open(self.selinuxdir+self.type+"/seusers")

+			for u in  fd.read().split('\n'):

+				u=u.strip()

+				if len(u)==0 or u[0]=="#":

+					continue

+				user = u.split(":")

+				if len(user) < 3:

+					continue

+				role=self.getOldRole(user[1])

+				self.adduser(udict, user[0], user[1], role)

+			fd.close()

 		return udict

 	def getHomeDirContext(self, user, home, role):

 		ret="\n\n#\n# Home Context for user %s\n#\n\n" % user

-		rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))

-		return ret + rc[1] + "\n"

+		fd=open(self.getHomeDirTemplate(), 'r')

+		for i in  fd.read().split('\n'):

+			if i.startswith("HOME_DIR") == 1:

+				i=i.replace("HOME_DIR", home)

+				i=i.replace("ROLE", role)

+				i=i.replace("system_u", user)

+				ret = ret+i+"\n"

+		fd.close()

+		return ret

 	def getUserContext(self, user, sel_user, role):

-		rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))

-		return rc[1] + "\n"

+		ret=""

+		fd=open(self.getHomeDirTemplate(), 'r')

+		for i in  fd.read().split('\n'):

+			if i.find("USER") == 1:

+				i=i.replace("USER", user)

+				i=i.replace("ROLE", role)

+				i=i.replace("system_u", sel_user)

+				ret=ret+i+"\n"

+		fd.close()

+		return ret

 	def genHomeDirContext(self):

-		if commands.getstatusoutput("grep -q 'ROLE' %s" % self.getHomeDirTemplate())[0] == 0 and self.semanaged:

+		if self.semanaged and findval(self.getHomeDirTemplate(), "ROLE", "=") != "":

 			warning("genhomedircon:  Warning!  No support yet for expanding ROLE macros in the %s file when using libsemanage." % self.getHomeDirTemplate());

 			warning("genhomedircon:  You must manually update file_contexts.homedirs for any non-user_r users (including root).");

 		users = self.getUsers()

@@ -225,40 +260,23 @@

 		return ret+"\n"

 	def checkExists(self, home):

-		if commands.getstatusoutput("grep -E '^%s[^[:alnum:]_-]' %s" % (home, self.getFileContextFile()))[0] == 0:

-			return 0

-		#this works by grepping the file_contexts for

-		# 1. ^/ makes sure this is not a comment

-		# 2. prints only the regex in the first column first cut on \t then on space

-		rc=commands.getstatusoutput("grep \"^/\" %s | cut -f 1 | cut -f 1 -d \" \" " %  self.getFileContextFile() )

-		if rc[0] == 0:

-			prefix_regex = rc[1].split("\n")

-		else:

-			warning("%s\nYou do not have access to read %s\n" % (rc[1], self.getFileContextFile()))

-

-		exists=1

-		for regex in prefix_regex:

-			#match a trailing (/*)? which is actually a bug in rpc_pipefs

-			regex = re.sub("\(/\*\)\?$", "", regex)

-			#match a trailing .+

-			regex = re.sub("\.+$", "", regex)

-			#match a trailing .*

-			regex = re.sub("\.\*$", "", regex)

-			#strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s

-			regex = re.sub("\(\/\.\*\)\?", "", regex)

-			regex = regex + "/*$"

-			if re.search(regex, home, 0):

-				exists = 0

-				break

-		if exists == 1:

-			return 1

-		else:

-			return 0

-

+		fd=open(self.getFileContextFile())

+                for i in  fd.read().split('\n'):

+                    if len(i)==0:

+                        return

+                    regex=i.split()[0]

+                    #match a trailing .+

+                    regex = re.sub("\.+$", "", regex)

+                    regex = re.sub("\.\*$", "", regex)

+                    #strip a (/.*)? which matches anything trailing to a /*$ which matches trailing /'s

+                    regex = re.sub("\(\/\.\*\)\?", "", regex)

+                    regex = regex + "/*$"

+                    if re.search(home, regex, 0):

+                        return 1

+		return 0

 	def getHomeDirs(self):

-		homedirs = []

-		homedirs = homedirs + getDefaultHomeDir()

+		homedirs = getDefaultHomeDir()

 		starting_uid=getStartingUID()

 		if self.usepwd==0:

 			return homedirs

@@ -270,7 +288,7 @@

 					string.count(u[5], "/") > 1:

 				homedir = u[5][:string.rfind(u[5], "/")]

 				if not homedir in homedirs:

-					if self.checkExists(homedir)==0:

+					if self.checkExists(homedir)==1:

 						warning("%s homedir %s or its parent directoy conflicts with a\ndefined context in %s,\n%s will not create a new context." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))

 					else:

 						homedirs.append(homedir)

@@ -336,4 +354,4 @@

 except ValueError, error:

 	errorExit("ValueError %s" % error)

 except IndexError, error:

-	errorExit("IndexError")

+	errorExit("IndexError %s" % error)