[ls PATCH] Re: ntsec odds and ends

Igor Pechtchanski pechtcha@cs.nyu.edu
Fri Feb 7 16:05:00 GMT 2003


On Thu, 6 Feb 2003, Igor Pechtchanski wrote:

> <WILD>
> I just had another really wild idea (feel free to ignore): since we want
> this visible in the "ls" output, suppose ls recognized these special names
> you are going to use (whatever they are), and used the existing
> "--color=auto" mechanism to output them in red to the terminal (and same
> with numeric values, I guess)?  I mean, ls *never* colors the user and
> group names, so it would be immediately visible...  Of course, the
> drawback is that we might need to allow the user to customize this (the
> color and all)...  Once the names for unknown user/group is decided, I
> might take a stab at making this patch to "ls".
> </WILD>

Well, I'm not at all sure this is the right list for it, but here's a
patch to ls that implements the above (except color control, but that can
be added).  The invalid user/group names will be colored bright white on
red if the output is to a tty (I tried to make it blink as well, but I
don't think you can do both bold and blink with ANSI color sequences).
This can be inhibited by the new '--inhibit-ntsec-warning' option (I
deliberately did not include a short option).

I'm sending it here, since it has to do with the recent ntsec changes that
are still in development.  Please let me know if this is too
inappropriate.  Otherwise, please evaluate it.  If it's useful, I can
re-send it to <cygwin at cygwin dot com> once 1.3.20 is released.
	Igor
P.S. This patch is against the fileutils-4.1-1 source.
========================================================================
2003-02-07  Igor Pechtchanski <pechtcha@cs.nyu.edu>

	* ls.c (print_long_format): Output color indicators for
	invalid users/groups (unless inhibit_ntsec_warning is in
	effect).
	(inhibit_ntsec_warning): New option.
	(main): Add "inhibit-ntsec-warning" option.
	(UNKNOWN_UID,UNKNOWN_GID,UNKNOWN_GROUP): New #defines.
	(copy_indicator): New function.

-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

Oh, boy, virtual memory! Now I'm gonna make myself a really *big* RAMdisk!
  -- /usr/games/fortune
-------------- next part --------------
--- src/ls.c-orig	2002-08-09 11:22:36.000000000 -0400
+++ src/ls.c	2003-02-07 10:44:53.000000000 -0500
@@ -304,6 +304,7 @@ static uintmax_t gobble_file PARAMS ((co
 static void print_color_indicator PARAMS ((const char *name, unsigned int mode,
 					   int linkok));
 static void put_indicator PARAMS ((const struct bin_str *ind));
+static int copy_indicator PARAMS ((char *dest, const struct bin_str *ind));
 static int length_of_file_name_and_frills PARAMS ((const struct fileinfo *f));
 static void add_ignore_pattern PARAMS ((const char *pattern));
 static void attach PARAMS ((char *dest, const char *dirname, const char *name));
@@ -551,6 +552,18 @@ static struct color_ext_type *color_ext_
 /* Buffer for color sequences */
 static char *color_buf;
 
+/* Nonzero means to not highlight invalid user/group with colors.  */
+
+static int inhibit_ntsec_warning;
+
+static struct bin_str ntsec_warn_color =
+  { LEN_STR_PAIR ("41;01;05;37") }; /* nw: ntsec warn: blinking white on red */
+
+/* Keep these in sync with cygwin's security.h/grp.cc */
+#define UNKNOWN_UID 65535
+#define UNKNOWN_GID 401
+#define UNKNOWN_GROUP "mkgroup"
+
 /* Nonzero means to check for orphaned symbolic link, for displaying
    colors.  */
 
@@ -663,7 +676,8 @@ enum
   SHOW_CONTROL_CHARS_OPTION,
   SI_OPTION,
   SORT_OPTION,
-  TIME_OPTION
+  TIME_OPTION,
+  INHIBIT_NTSEC_WARNING_OPTION
 };
 
 static struct option const long_options[] =
@@ -701,6 +715,7 @@ static struct option const long_options[
   {"time", required_argument, 0, TIME_OPTION},
   {"color", optional_argument, 0, COLOR_OPTION},
   {"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
+  {"inhibit-ntsec-warning", no_argument, 0, INHIBIT_NTSEC_WARNING_OPTION},
   {GETOPT_HELP_OPTION_DECL},
   {GETOPT_VERSION_OPTION_DECL},
   {NULL, 0, NULL, 0}
@@ -1334,6 +1349,10 @@ Use `--si' for the old meaning."));
 	  human_block_size (optarg, 1, &output_block_size);
 	  break;
 
+	case INHIBIT_NTSEC_WARNING_OPTION:
+	  inhibit_ntsec_warning = 1;
+	  break;
+
 	case_GETOPT_HELP_CHAR;
 
 	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
@@ -2506,6 +2525,14 @@ print_long_format (const struct fileinfo
   sprintf (p, "%s %3u ", modebuf, (unsigned int) f->stat.st_nlink);
   p += strlen (p);
 
+  if (!inhibit_ntsec_warning && f->stat.st_uid == UNKNOWN_UID &&
+      isatty (STDOUT_FILENO))
+    {
+      p += copy_indicator (p, &color_indicator[C_LEFT]);
+      p += copy_indicator (p, &ntsec_warn_color);
+      p += copy_indicator (p, &color_indicator[C_RIGHT]);
+    }
+
   user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid));
   if (user_name)
     sprintf (p, "%-8.8s ", user_name);
@@ -2513,14 +2540,42 @@ print_long_format (const struct fileinfo
     sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
   p += strlen (p);
 
+  if (!inhibit_ntsec_warning && f->stat.st_uid == UNKNOWN_UID &&
+      isatty (STDOUT_FILENO))
+    {
+      p += copy_indicator (p, &color_indicator[C_LEFT]);
+      p += copy_indicator (p, &color_indicator[C_NORM]);
+      p += copy_indicator (p, &color_indicator[C_RIGHT]);
+    }
+
   if (!inhibit_group)
     {
       char *group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid));
+      int unknown_group = (!inhibit_ntsec_warning && group_name && !strcmp(group_name, UNKNOWN_GROUP));
+
+      if (!inhibit_ntsec_warning &&
+	  (f->stat.st_gid == UNKNOWN_GID || unknown_group) &&
+	  isatty (STDOUT_FILENO))
+	{
+	  p += copy_indicator (p, &color_indicator[C_LEFT]);
+	  p += copy_indicator (p, &ntsec_warn_color);
+	  p += copy_indicator (p, &color_indicator[C_RIGHT]);
+	}
+
       if (group_name)
 	sprintf (p, "%-8.8s ", group_name);
       else
 	sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
       p += strlen (p);
+
+      if (!inhibit_ntsec_warning &&
+	  (f->stat.st_gid == UNKNOWN_GID || unknown_group) &&
+	  isatty (STDOUT_FILENO))
+	{
+	  p += copy_indicator (p, &color_indicator[C_LEFT]);
+	  p += copy_indicator (p, &color_indicator[C_NORM]);
+	  p += copy_indicator (p, &color_indicator[C_RIGHT]);
+	}
     }
 
   if (S_ISCHR (f->stat.st_mode) || S_ISBLK (f->stat.st_mode))
@@ -2924,6 +2979,22 @@ print_color_indicator (const char *name,
   put_indicator (&color_indicator[C_RIGHT]);
 }
 
+/* Copy a color indicator (which should not contain nulls) to a string.  */
+/* Return the number of characters copied.                               */
+static int
+copy_indicator (char *dest, const struct bin_str *ind)
+{
+  register int i;
+  register const char *p;
+
+  p = ind->string;
+
+  for (i = ind->len; i > 0; --i)
+    *(dest++) = *(p++);
+
+  return ind->len;
+}
+
 /* Output a color indicator (which may contain nulls).  */
 static void
 put_indicator (const struct bin_str *ind)


More information about the Cygwin-patches mailing list