From 86ce8d44b1bda2e280968c22e44a5c0281c7cb10 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 1 Aug 2008 10:56:37 +0000 Subject: [PATCH] - Update to Upstream Merge ruby bindings from Dan Walsh. - Add support for Linux groups to getseuserbyname --- .cvsignore | 1 + libselinux-rhat.patch | 331 +++++++++++++++++++----------------------- libselinux.spec | 12 +- sources | 2 +- 4 files changed, 165 insertions(+), 181 deletions(-) diff --git a/.cvsignore b/.cvsignore index b37f6ae..c4ef604 100644 --- a/.cvsignore +++ b/.cvsignore @@ -154,3 +154,4 @@ libselinux-2.0.64.tgz libselinux-2.0.65.tgz libselinux-2.0.67.tgz libselinux-2.0.69.tgz +libselinux-2.0.70.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index e09a87a..d6ae833 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,29 +1,22 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.69/Makefile ---- nsalibselinux/Makefile 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.69/Makefile 2008-07-29 14:21:44.000000000 -0400 -@@ -29,6 +29,9 @@ - pywrap: - $(MAKE) -C src pywrap - -+rubywrap: -+ $(MAKE) -C src rubywrap -+ - install: - $(MAKE) -C include install - $(MAKE) -C src install -@@ -38,6 +41,9 @@ - install-pywrap: - $(MAKE) -C src install-pywrap - -+install-rubywrap: -+ $(MAKE) -C src install-rubywrap -+ - relabel: - $(MAKE) -C src relabel - -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.69/man/man8/selinuxconlist.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/ChangeLog libselinux-2.0.70/ChangeLog +--- nsalibselinux/ChangeLog 2008-08-01 06:48:06.000000000 -0400 ++++ libselinux-2.0.70/ChangeLog 2008-08-01 06:51:25.000000000 -0400 +@@ -1,6 +1,3 @@ +-2.0.70 2008-07-30 +- * Merge ruby bindings from Dan Walsh. +- + 2.0.69 2008-07-29 + * Handle duplicate file context regexes as a fatal error from Stephen Smalley. + This prevents adding them via semanage. +diff --exclude-from=exclude -N -u -r nsalibselinux/VERSION libselinux-2.0.70/VERSION +--- nsalibselinux/VERSION 2008-08-01 06:48:06.000000000 -0400 ++++ libselinux-2.0.70/VERSION 2008-08-01 06:51:25.000000000 -0400 +@@ -1 +1 @@ +-2.0.70 ++2.0.69 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.70/man/man8/selinuxconlist.8 --- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.69/man/man8/selinuxconlist.8 2008-07-29 14:07:37.000000000 -0400 ++++ libselinux-2.0.70/man/man8/selinuxconlist.8 2008-08-01 06:51:25.000000000 -0400 @@ -0,0 +1,18 @@ +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -43,9 +36,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib + +.SH "SEE ALSO" +secon(8), selinuxdefcon(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.69/man/man8/selinuxdefcon.8 +diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.70/man/man8/selinuxdefcon.8 --- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.69/man/man8/selinuxdefcon.8 2008-07-29 14:07:37.000000000 -0400 ++++ libselinux-2.0.70/man/man8/selinuxdefcon.8 2008-08-01 06:51:25.000000000 -0400 @@ -0,0 +1,19 @@ +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation" +.SH "NAME" @@ -66,110 +59,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs + +.SH "SEE ALSO" +secon(8), selinuxconlist(8) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.69/src/Makefile ---- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400 -+++ libselinux-2.0.69/src/Makefile 2008-07-29 14:15:39.000000000 -0400 -@@ -7,16 +7,24 @@ - PYINC ?= /usr/include/$(PYLIBVER) - PYLIB ?= /usr/lib/$(PYLIBVER) - PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) -+RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') -+RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') -+RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) -+RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) - - LIBVERSION = 1 - - LIBA=libselinux.a - TARGET=libselinux.so - SWIGIF= selinuxswig_python.i -+SWIGRUBYIF= selinuxswig_ruby.i - SWIGCOUT= selinuxswig_wrap.c -+SWIGRUBYCOUT= selinuxswig_ruby_wrap.c - SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) -+SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) - SWIGSO=_selinux.so - SWIGFILES=$(SWIGSO) selinux.py -+SWIGRUBYSO=_rubyselinux.so - LIBSO=$(TARGET).$(LIBVERSION) - AUDIT2WHYSO=audit2why.so - -@@ -29,7 +37,9 @@ - ifeq ($(DISABLE_RPM),y) - UNUSED_SRCS+=rpm.c - endif --SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c))) -+ -+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) -+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c))) - - OBJS= $(patsubst %.c,%.o,$(SRCS)) - LOBJS= $(patsubst %.c,%.lo,$(SRCS)) -@@ -44,12 +54,14 @@ - - SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ - --GENERATED=$(SWIGCOUT) -+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ - - all: $(LIBA) $(LIBSO) - - pywrap: all $(SWIGSO) $(AUDIT2WHYSO) - -+rubywrap: all $(SWIGRUBYSO) -+ - $(LIBA): $(OBJS) - $(AR) rcs $@ $^ - $(RANLIB) $@ -@@ -57,9 +69,15 @@ - $(SWIGLOBJ): $(SWIGCOUT) - $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< - -+$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) -+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< -+ - $(SWIGSO): $(SWIGLOBJ) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ - -+$(SWIGRUBYSO): $(SWIGRUBYLOBJ) -+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ -+ - $(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro - ln -sf $@ $(TARGET) -@@ -79,6 +97,9 @@ - $(SWIGCOUT): $(SWIGIF) - $(SWIG) $^ - -+$(SWIGRUBYCOUT): $(SWIGRUBYIF) -+ $(SWIGRUBY) $^ -+ - swigify: $(SWIGIF) - $(SWIG) $^ - -@@ -95,6 +116,10 @@ - install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux - install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py - -+install-rubywrap: rubywrap -+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) -+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so -+ - relabel: - /sbin/restorecon $(SHLIBDIR)/$(LIBSO) - -@@ -102,7 +127,7 @@ - -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ - - distclean: clean -- rm -f $(SWIGCOUT) $(SWIGFILES) -+ rm -f $(GENERATED) $(SWIGFILES) - - indent: - ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) -diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.69/src/callbacks.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.70/src/callbacks.c --- nsalibselinux/src/callbacks.c 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.69/src/callbacks.c 2008-07-29 14:07:37.000000000 -0400 ++++ libselinux-2.0.70/src/callbacks.c 2008-08-01 06:51:25.000000000 -0400 @@ -16,6 +16,7 @@ { int rc; @@ -178,9 +70,9 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2. va_start(ap, fmt); rc = vfprintf(stderr, fmt, ap); va_end(ap); -diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.69/src/matchpathcon.c +diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.70/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2008-06-12 23:25:14.000000000 -0400 -+++ libselinux-2.0.69/src/matchpathcon.c 2008-07-29 14:07:37.000000000 -0400 ++++ libselinux-2.0.70/src/matchpathcon.c 2008-08-01 06:51:25.000000000 -0400 @@ -2,6 +2,7 @@ #include #include @@ -198,59 +90,142 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux va_end(ap); } -diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_ruby.i libselinux-2.0.69/src/selinuxswig_ruby.i ---- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500 -+++ libselinux-2.0.69/src/selinuxswig_ruby.i 2008-07-29 14:17:14.000000000 -0400 -@@ -0,0 +1,52 @@ -+/* Author: Dan Walsh -+ Based on selinuxswig_python.i by James Athey -+ */ +diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-2.0.70/src/seusers.c +--- nsalibselinux/src/seusers.c 2008-06-12 23:25:14.000000000 -0400 ++++ libselinux-2.0.70/src/seusers.c 2008-08-01 06:53:03.000000000 -0400 +@@ -89,6 +89,62 @@ + + int require_seusers hidden = 0; + ++#include ++#include + -+%module selinux -+%{ -+ #include "selinux/selinux.h" -+%} ++static gid_t get_default_gid(const char *name) { ++ struct passwd pwstorage, *pwent = NULL; ++ gid_t gid = -1; ++ /* Allocate space for the getpwnam_r buffer */ ++ long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); ++ if (rbuflen <= 0) return -1; ++ char *rbuf = malloc(rbuflen); ++ if (rbuf == NULL) return -1; + -+/* return a sid along with the result */ -+%typemap(argout) (security_id_t * sid) { -+ if (*$1) { -+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); -+ } -+} -+ -+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { -+ $1 = &temp; -+} -+ -+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { -+ $1 = &temp; -+} -+%typemap(freearg,match="in") security_context_t * ""; -+%typemap(argout,noblock=1) security_context_t * { -+ if (*$1) { -+ %append_output(SWIG_FromCharPtr(*$1)); -+ freecon(*$1); ++ int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); ++ if (retval == 0 || pwent != NULL) { ++ gid = pwent->pw_gid; + } ++ free(rbuf); ++ return gid; +} + -+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { -+ $1 = &temp; -+} -+%typemap(freearg,match="in") char ** ""; -+%typemap(argout,noblock=1) char ** { -+ if (*$1) { -+ %append_output(SWIG_FromCharPtr(*$1)); -+ free(*$1); ++static int check_group(const char *group, const char *name, const gid_t gid) { ++ int match = 0; ++ int i, ng = 0; ++ gid_t *groups = NULL; ++ struct group gbuf, *grent = NULL; ++ ++ long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); ++ if (rbuflen <= 0) ++ return 0; ++ char *rbuf = malloc(rbuflen); ++ if (rbuf == NULL) ++ return 0; ++ ++ if (getgrnam_r(group, &gbuf, rbuf, rbuflen, ++ &grent) != 0) ++ goto done; ++ ++ if (getgrouplist(name, gid, NULL, &ng) < 0) { ++ groups = (gid_t *) malloc(sizeof (gid_t) * ng); ++ if (!groups) goto done; ++ if (getgrouplist(name, gid, groups, &ng) < 0) goto done; + } -+} + -+%typemap(freearg,match="in") char * const [] { -+ int i = 0; -+ while($1[i]) { -+ free($1[i]); -+ i++; ++ for (i = 0; i < ng; i++) { ++ if (grent->gr_gid == groups[i]) { ++ match = 1; ++ goto done; ++ } + } -+ free($1); ++ ++ done: ++ free(groups); ++ free(rbuf); ++ return match; +} + -+%include "selinuxswig.i" + int getseuserbyname(const char *name, char **r_seuser, char **r_level) + { + FILE *cfg = NULL; +@@ -101,9 +157,14 @@ + char *username = NULL; + char *seuser = NULL; + char *level = NULL; ++ char *groupseuser = NULL; ++ char *grouplevel = NULL; + char *defaultseuser = NULL; + char *defaultlevel = NULL; + ++ gid_t gid = get_default_gid(name); ++ if ( gid == (gid_t) -1 ) goto nomatch; ++ + cfg = fopen(selinux_usersconf_path(), "r"); + if (!cfg) + goto nomatch; +@@ -124,31 +185,48 @@ + if (!strcmp(username, name)) + break; + +- if (!defaultseuser && !strcmp(username, "__default__")) { +- free(username); +- defaultseuser = seuser; +- defaultlevel = level; ++ if (username[0] == '%' && ++ !groupseuser && ++ check_group(&username[1], name, gid)) { ++ groupseuser = seuser; ++ grouplevel = level; + } else { +- free(username); +- free(seuser); +- free(level); ++ if (!defaultseuser && ++ !strcmp(username, "__default__")) { ++ defaultseuser = seuser; ++ defaultlevel = level; ++ } else { ++ free(seuser); ++ free(level); ++ } + } ++ free(username); ++ username = NULL; + seuser = NULL; + } + +- if (buffer) +- free(buffer); ++ free(buffer); + fclose(cfg); + + if (seuser) { + free(username); + free(defaultseuser); + free(defaultlevel); ++ free(groupseuser); ++ free(grouplevel); + *r_seuser = seuser; + *r_level = level; + return 0; + } + ++ if (groupseuser) { ++ free(defaultseuser); ++ free(defaultlevel); ++ *r_seuser = groupseuser; ++ *r_level = grouplevel; ++ return 0; ++ } ++ + if (defaultseuser) { + *r_seuser = defaultseuser; + *r_level = defaultlevel; diff --git a/libselinux.spec b/libselinux.spec index ea09b37..912b8bb 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -4,8 +4,8 @@ Summary: SELinux library and simple utilities Name: libselinux -Version: 2.0.69 -Release: 2%{?dist} +Version: 2.0.70 +Release: 1%{?dist} License: Public Domain Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz @@ -152,6 +152,14 @@ exit 0 %{ruby_sitearch}/selinux.so %changelog +* Fri Aug 1 2008 Dan Walsh - 2.0.70-1 +- Update to Upstream + * Merge ruby bindings from Dan Walsh. +- Add support for Linux groups to getseuserbyname + +* Fri Aug 1 2008 Dan Walsh - 2.0.69-2 +- Allow group handling in getseuser call + * Tue Jul 29 2008 Dan Walsh - 2.0.69-1 - Update to Upstream * Handle duplicate file context regexes as a fatal error from Stephen Smalley. diff --git a/sources b/sources index 5512866..76357a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -df1da9cc1131fa5ce102928ce1cd910b libselinux-2.0.69.tgz +46464eff4dd1d432d9f74cebebe222c5 libselinux-2.0.70.tgz