Libguestfs - Feb 2014 - [PATCH] mllib: hostname: on Debian replace it also in /etc/hosts (RHBZ#953907).

On Thursday 13 February 2014 13:33:16 Richard W.M. Jones
wrote:
> On Thu, Feb 13, 2014 at 02:15:31PM +0100, Pino Toscano wrote:
> > +    let expr = "/files/etc/hosts/*[label() !=
'#comment']/*[label()
> > != 'ipaddr'][. = '" ^ oldhost ^ "']" in
> Quoting?  If oldhost contains a ' character + some Augeas code, this
> might be exploitable.
Hm right. Gone back in manually checking the values.
> I thought it might be possible to iterate over the Augeas tree.  I'm
> fairly sure I used to have some code that did this, but I can't find
> it at the moment.
At least in libguestfs, the two files which do augeas match+iteration 
are sysprep/sysprep_operation_user_account.ml (which you mentioned 
earlier) and src/inspect-fs-unix.c.

-- 
Pino Toscano

In Debian/Ubuntu systems, read the previous hostname from /etc/hostname
before replacing it, and replace it in /etc/hosts with the new hostname.
---
 mllib/hostname.ml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/mllib/hostname.ml b/mllib/hostname.ml
index fce16ff..70ca934 100644
--- a/mllib/hostname.ml
+++ b/mllib/hostname.ml
@@ -42,7 +42,12 @@ let rec set_hostname (g : Guestfs.guestfs) root hostname     
true
 
   | "linux", ("debian"|"ubuntu"), _ ->
+    let old_hostname = read_etc_hostname g in
     update_etc_hostname g hostname;
+    (match old_hostname with
+    | Some old_hostname -> replace_host_in_etc_hosts g old_hostname hostname
+    | None -> ()
+    );
     true
 
   | "linux",
("fedora"|"rhel"|"centos"|"scientificlinux"|"redhat-based"),
_ ->
@@ -78,3 +83,28 @@ and update_etc_hostname g hostname  
 and update_etc_machine_info g hostname    replace_line_in_file g
"/etc/machine-info" "PRETTY_HOSTNAME" hostname
+
+and read_etc_hostname g +  let filename = "/etc/hostname" in
+  if g#is_file filename then (
+    let lines = Array.to_list (g#read_lines filename) in
+    match lines with
+    | hd :: _ -> Some hd
+    | [] -> None
+  ) else
+    None
+
+and replace_host_in_etc_hosts g oldhost newhost +  if g#is_file
"/etc/hosts" then (
+    let expr = "/files/etc/hosts/*[label() !=
'#comment']/*[label() != 'ipaddr']" in
+    g#aug_init "/" 0;
+    let matches = Array.to_list (g#aug_match expr) in
+    List.iter (
+      fun m ->
+        let value = g#aug_get m in
+        if value = oldhost then (
+          g#aug_set m newhost
+        )
+    ) matches;
+    g#aug_save ()
+  )
-- 
1.8.3.1

On Thu, Feb 13, 2014 at 03:10:41PM +0100, Pino Toscano
wrote:
> In Debian/Ubuntu systems, read the previous hostname from /etc/hostname
> before replacing it, and replace it in /etc/hosts with the new hostname.
> ---
>  mllib/hostname.ml | 30 ++++++++++++++++++++++++++++++
>  1 file changed, 30 insertions(+)
> 
> diff --git a/mllib/hostname.ml b/mllib/hostname.ml
> index fce16ff..70ca934 100644
> --- a/mllib/hostname.ml
> +++ b/mllib/hostname.ml
> @@ -42,7 +42,12 @@ let rec set_hostname (g : Guestfs.guestfs) root hostname
>      true
>  
>    | "linux", ("debian"|"ubuntu"), _ ->
> +    let old_hostname = read_etc_hostname g in
>      update_etc_hostname g hostname;
> +    (match old_hostname with
> +    | Some old_hostname -> replace_host_in_etc_hosts g old_hostname
hostname
> +    | None -> ()
> +    );
>      true
>  
>    | "linux",
("fedora"|"rhel"|"centos"|"scientificlinux"|"redhat-based"),
_ ->
> @@ -78,3 +83,28 @@ and update_etc_hostname g hostname >  
>  and update_etc_machine_info g hostname >    replace_line_in_file g
"/etc/machine-info" "PRETTY_HOSTNAME" hostname
> +
> +and read_etc_hostname g > +  let filename = "/etc/hostname"
in
> +  if g#is_file filename then (
> +    let lines = Array.to_list (g#read_lines filename) in
> +    match lines with
> +    | hd :: _ -> Some hd
> +    | [] -> None
> +  ) else
> +    None
> +
> +and replace_host_in_etc_hosts g oldhost newhost > +  if g#is_file
"/etc/hosts" then (
> +    let expr = "/files/etc/hosts/*[label() !=
'#comment']/*[label() != 'ipaddr']" in
> +    g#aug_init "/" 0;
> +    let matches = Array.to_list (g#aug_match expr) in
> +    List.iter (
> +      fun m ->
> +        let value = g#aug_get m in
> +        if value = oldhost then (
> +          g#aug_set m newhost
> +        )
> +    ) matches;
> +    g#aug_save ()
> +  )
Yup, third time lucky :-)

ACK.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top