packages/ukui-control-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!156 [sync] PR-154: fix createuser critical vulnerabilities

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @peijiankang 
Signed-off-by: @peijiankang
This commit is contained in:
openeuler-ci-bot 2023-05-22 09:31:29 +00:00 committed by Gitee
commit 78dd3b7204
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 91 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fix-changeOtherUserPasswd-critical-vulnerabilities.patch
View File

@ -6,7 +6,7 @@ Subject: [PATCH] fix changeOtherUserPasswd critical vulnerabilities
--- ---
registeredQDbus/sysdbusregister.cpp | 6 ++++-- registeredQDbus/sysdbusregister.cpp | 6 ++++--
registeredQDbus/sysdbusregister.h | 2 +- registeredQDbus/sysdbusregister.h | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-) 2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
index 8b05278..476923f 100644 index 8b05278..476923f 100644
@ -23,12 +23,13 @@ index 8b05278..476923f 100644
return 0; return 0;
} }
@@ -356,7 +358,7 @@ bool SysdbusRegister::checkCreateAuthorization() @@ -356,7 +358,8 @@ bool SysdbusRegister::checkCreateAuthorization()
} }
} }
-bool SysdbusRegister::checkAuthorization(){ -bool SysdbusRegister::checkAuthorization(){
+bool SysdbusRegister::checkAuthorization(qint64 id){ +bool SysdbusRegister::checkAuthorization(qint64 id){
+ _id = id;
if (_id == 0) if (_id == 0)
return false; return false;

82
fix-createuser-critical-vulnerabilities.patch Normal file
View File

@ -0,0 +1,82 @@
From 5b7f91085ed6f4fd6d5a5f3fe0a90fac17dfa64a Mon Sep 17 00:00:00 2001
From: peijiankang <peijiankang@kylinos.cn>
Date: Mon, 22 May 2023 14:38:31 +0800
Subject: [PATCH] fix createuser critical vulnerabilities
---
plugins/account/userinfo/changeuserpwd.cpp | 5 +----
plugins/account/userinfo/createusernew.cpp | 1 -
registeredQDbus/sysdbusregister.cpp | 7 +++++--
registeredQDbus/sysdbusregister.h | 2 +-
4 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/plugins/account/userinfo/changeuserpwd.cpp b/plugins/account/userinfo/changeuserpwd.cpp
index a216449..8017a9b 100644
--- a/plugins/account/userinfo/changeuserpwd.cpp
+++ b/plugins/account/userinfo/changeuserpwd.cpp
@@ -421,10 +421,7 @@ void ChangeUserPwd::setupConnect(){
return;
}
- QDBusReply<int> reply = tmpiface.call("setPid", QCoreApplication::applicationPid());
- if (reply.isValid()){
- tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text());
- }
+ tmpiface.call("changeOtherUserPasswd", name, newPwdLineEdit->text());
this->accept();
});
diff --git a/plugins/account/userinfo/createusernew.cpp b/plugins/account/userinfo/createusernew.cpp
index ae378bf..22542ba 100644
--- a/plugins/account/userinfo/createusernew.cpp
+++ b/plugins/account/userinfo/createusernew.cpp
@@ -376,7 +376,6 @@ void CreateUserNew::setConnect(){
if (tmpSysinterface.isValid()){
- tmpSysinterface.call("setPid", QCoreApplication::applicationPid());
tmpSysinterface.call("createUser", usernameLineEdit->text(), nicknameLineEdit->text(), typeBtnGroup->checkedId(), DEFAULTFACE, newPwdLineEdit->text());
} else {
diff --git a/registeredQDbus/sysdbusregister.cpp b/registeredQDbus/sysdbusregister.cpp
index 7f26c97..46766c3 100644
--- a/registeredQDbus/sysdbusregister.cpp
+++ b/registeredQDbus/sysdbusregister.cpp
@@ -303,7 +303,9 @@ int SysdbusRegister::changeOtherUserPasswd(QString username, QString pwd){
int SysdbusRegister::createUser(QString name, QString fullname, int accounttype, QString faceicon, QString pwd){
//密码校验
- if (!checkCreateAuthorization()){
+ QDBusConnection conn = connection();
+ QDBusMessage msg = message();
+ if (!checkCreateAuthorization(conn.interface()->servicePid(msg.service()).value())){
return 0;
}
@@ -336,8 +338,9 @@ int SysdbusRegister::createUser(QString name, QString fullname, int accounttype,
}
-bool SysdbusRegister::checkCreateAuthorization()
+bool SysdbusRegister::checkCreateAuthorization(qint64 id)
{
+ _id = id;
if (_id == 0)
return false;
diff --git a/registeredQDbus/sysdbusregister.h b/registeredQDbus/sysdbusregister.h
index 0aca90d..9c413e6 100644
--- a/registeredQDbus/sysdbusregister.h
+++ b/registeredQDbus/sysdbusregister.h
@@ -51,7 +51,7 @@ public:
~SysdbusRegister();
public:
- bool checkCreateAuthorization();
+ bool checkCreateAuthorization(qint64 id);
bool checkAuthorization(qint64 id);
bool authoriyLogin(qint64 id);
bool authoriyAutoLogin(qint64 id);
--
2.39.1

6
ukui-control-center.spec
View File

@ -1,6 +1,6 @@
Name: ukui-control-center Name: ukui-control-center
Version: 3.1.2 Version: 3.1.2
Release: 15 Release: 16
Summary: utilities to configure the UKUI desktop Summary: utilities to configure the UKUI desktop
License: GPL-2+ License: GPL-2+
URL: http://www.ukui.org URL: http://www.ukui.org
@ -17,6 +17,7 @@ Patch12: 0012-fix-add-group-failed-issue.patch
Patch13: 0013-Fix-terminal-garbled-characters-when-not-root-user-change-locale-language.patch Patch13: 0013-Fix-terminal-garbled-characters-when-not-root-user-change-locale-language.patch
Patch14: 0014-fix-memorysize-of-aboutinfo.patch Patch14: 0014-fix-memorysize-of-aboutinfo.patch
Patch15: fix-changeOtherUserPasswd-critical-vulnerabilities.patch Patch15: fix-changeOtherUserPasswd-critical-vulnerabilities.patch
Patch16: fix-createuser-critical-vulnerabilities.patch
BuildRequires: qt5-qtsvg-devel BuildRequires: qt5-qtsvg-devel
BuildRequires: gsettings-qt-devel BuildRequires: gsettings-qt-devel
@ -142,6 +143,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Mon May 22 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-16
- fix createuser critical vulnerabilities
* Mon May 22 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-15 * Mon May 22 2023 peijiankang <peijiankang@kylinos.cn> - 3.1.2-15
- fix changeOtherUserPasswd critical vulnerabilities - fix changeOtherUserPasswd critical vulnerabilities