Univention Bugzilla – Attachment 10040 Details for
Bug 44054
{samba,nfs}-shares listener - take over any server as teacher/staff
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
1.diff
1.diff (text/plain), 4.75 KB, created by
Arvid Requate
on 2019-05-22 11:58:17 CEST
(
hide
)
Description:
1.diff
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2019-05-22 11:58:17 CEST
Size:
4.75 KB
patch
obsolete
>diff --git a/base/univention-lib/debian/python-univention-lib.postinst b/base/univention-lib/debian/python-univention-lib.postinst >index eda6bc7baa..05f521aded 100644 >--- a/base/univention-lib/debian/python-univention-lib.postinst >+++ b/base/univention-lib/debian/python-univention-lib.postinst >@@ -60,7 +60,7 @@ else: > for path in attr.get('univentionSharePath', []): > directory = os.path.realpath(path) > if univention.lib.listenerSharePath.is_blacklisted(directory, ucr): >- print('WARNING: the path %s for share %s matches a blacklisted path: You should execute: ucr set listener/shares/whitelist/%s=%s' % (path, dn, pipes.quote(univention.uldap.explodeDn(dn, True)[0]), pipes.quote(directory))) >+ print('WARNING: the path %s for share %s matches a blacklisted path: You should execute: "ucr set listener/shares/whitelist/%s=%s" and then restart univention-directory-listener.' % (path, dn, pipes.quote(univention.uldap.explodeDn(dn, True)[0]), pipes.quote(directory))) > EOL > > fi >diff --git a/base/univention-lib/debian/python-univention-lib.univention-config-registry-variables b/base/univention-lib/debian/python-univention-lib.univention-config-registry-variables >index 00b9527eda..9e8672e624 100644 >--- a/base/univention-lib/debian/python-univention-lib.univention-config-registry-variables >+++ b/base/univention-lib/debian/python-univention-lib.univention-config-registry-variables >@@ -12,8 +12,8 @@ Type=str > Categories=service-misc > > [listener/shares/whitelist/.*] >-Description[de]=StandardmäÃig wird die Erstellung von Freigaben für einige Systemverzeichnisse verhindert. Diese Variablen ermöglichen das Freigeben von Verzeichnissen, die sonst auf der Standard-Blackist stehen. Die Werte der Variablen können eine durch Doppelpunkte separierte Liste von erlaubten Verzeichnissen enthalten (z.B. /var/*:/usr/*). Die Variable listener/shares/whitelist/default liefert eine empfohlene Standardliste für UCS. >-Description[en]=For security reasons creating shares for some system directories is denied by default. This family of variables allows overriding the default blacklist. The values may contain a colon separated list of allowed directories (e.g. /var/*:/usr/*). The variable listener/shares/whitelist/default specifies the UCS recommended default whitelist. >+Description[de]=StandardmäÃig wird die Erstellung von Freigaben für einige Systemverzeichnisse verhindert. Diese Variablen ermöglichen das Freigeben von Verzeichnissen, die sonst auf der Standard-Blackist stehen. Die Werte der Variablen können eine durch Doppelpunkte separierte Liste von erlaubten Verzeichnissen enthalten (z.B. /var/*:/usr/*). Die Variable listener/shares/whitelist/default liefert eine empfohlene Standardliste für UCS. Nach Ãnderung der Variablen muss univention-directory-listener neu gestartet werden. >+Description[en]=For security reasons creating shares for some system directories is denied by default. This family of variables allows overriding the default blacklist. The values may contain a colon separated list of allowed directories (e.g. /var/*:/usr/*). The variable listener/shares/whitelist/default specifies the UCS recommended default whitelist. After changing the variables univention-directory-listener needs to be restarted. > Type=str > Categories=service-misc > >diff --git a/base/univention-lib/python/listenerSharePath.py b/base/univention-lib/python/listenerSharePath.py >index 843f683256..a4b3556da3 100644 >--- a/base/univention-lib/python/listenerSharePath.py >+++ b/base/univention-lib/python/listenerSharePath.py >@@ -172,9 +172,9 @@ def createOrRename(old, new, cr): > > # check blacklist > if is_blacklisted(newPath, cr): >- return "%r as destination for renaming not allowed! WARNING: the path %r for the share %r matches a blacklisted path. The whitelist can be extended via the URC variables listener/shares/whitelist/." % (newPath, newPath, share_name) >+ return "%r as destination for renaming not allowed! WARNING: the path %r for the share %r matches a blacklisted path. The whitelist can be extended via the URC variables listener/shares/whitelist/. After changing the variables univention-directory-listener needs to be restartet." % (newPath, newPath, share_name) > if is_blacklisted(oldPath, cr): >- return "%r as source for renaming not allowed! WARNING: the path %r for the share %r matches a blacklisted path. The whitelist can be extended via the URC variables listener/shares/whitelist/." % (oldPath, newPath, share_name) >+ return "%r as source for renaming not allowed! WARNING: the path %r for the share %r matches a blacklisted path. The whitelist can be extended via the URC variables listener/shares/whitelist/. After changing the variables univention-directory-listener needs to be restartet." % (oldPath, newPath, share_name) > > # check mount point > for i in [oldPath, newPath]:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10040">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 44054
:
10034
| 10040