libsemanage-2.5-4

- Fix multiple spelling errors
- genhomedircon: %{USERID} and %{USERNAME} support and code cleanup
This commit is contained in:
Petr Lautrbach 2016-05-06 16:16:42 +02:00
parent ef444a88f3
commit 218ea5cc02
2 changed files with 578 additions and 2 deletions

View File

@ -1,3 +1,575 @@
diff --git libsemanage-2.5/ChangeLog libsemanage-2.5/ChangeLog
index 9b4d5b7..209091f 100644
--- libsemanage-2.5/ChangeLog
+++ libsemanage-2.5/ChangeLog
@@ -1,3 +1,6 @@
+ * Fix multiple spelling errors, from Laurent Bigonville.
+ * genhomedircon: %{USERID} and %{USERNAME} support and code cleanups, from Jason Zaman.
+
2.5 2016-02-23
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api, from Nicolas Iooss.
diff --git libsemanage-2.5/include/semanage/handle.h libsemanage-2.5/include/semanage/handle.h
index 6cad529..c816590 100644
--- libsemanage-2.5/include/semanage/handle.h
+++ libsemanage-2.5/include/semanage/handle.h
@@ -130,7 +130,7 @@ int semanage_commit(semanage_handle_t *);
#define SEMANAGE_CAN_READ 1
#define SEMANAGE_CAN_WRITE 2
/* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable
- * or writable, respectively. <0 if an error occured */
+ * or writable, respectively. <0 if an error occurred */
int semanage_access_check(semanage_handle_t * sh);
/* returns 0 if not connected, 1 if connected */
diff --git libsemanage-2.5/src/database.h libsemanage-2.5/src/database.h
index e460379..6a4a164 100644
--- libsemanage-2.5/src/database.h
+++ libsemanage-2.5/src/database.h
@@ -148,7 +148,7 @@ typedef struct dbase_table {
* This function must be invoked before using
* any of the database functions above. It may be invoked
* multiple times, and will update the cache if a commit
- * occured between invocations */
+ * occurred between invocations */
int (*cache) (struct semanage_handle * handle, dbase_t * dbase);
/* Forgets all changes that haven't been written
diff --git libsemanage-2.5/src/genhomedircon.c libsemanage-2.5/src/genhomedircon.c
index 1a9e87e..c5ea436 100644
--- libsemanage-2.5/src/genhomedircon.c
+++ libsemanage-2.5/src/genhomedircon.c
@@ -73,29 +73,27 @@
which are searched for and replaced */
#define TEMPLATE_HOME_ROOT "HOME_ROOT"
#define TEMPLATE_HOME_DIR "HOME_DIR"
+/* these are legacy */
#define TEMPLATE_USER "USER"
#define TEMPLATE_ROLE "ROLE"
+/* new names */
+#define TEMPLATE_USERNAME "%{USERNAME}"
+#define TEMPLATE_USERID "%{USERID}"
+
#define TEMPLATE_SEUSER "system_u"
#define TEMPLATE_LEVEL "s0"
-#define FALLBACK_USER "user_u"
-#define FALLBACK_USER_PREFIX "user"
-#define FALLBACK_USER_LEVEL "s0"
+#define FALLBACK_SENAME "user_u"
+#define FALLBACK_PREFIX "user"
+#define FALLBACK_LEVEL "s0"
+#define FALLBACK_NAME "[^/]+"
+#define FALLBACK_UIDGID "[0-9]+"
#define DEFAULT_LOGIN "__default__"
-typedef struct {
- const char *fcfilepath;
- int usepasswd;
- const char *homedir_template_path;
- char *fallback_user;
- char *fallback_user_prefix;
- char *fallback_user_level;
- semanage_handle_t *h_semanage;
- sepol_policydb_t *policydb;
-} genhomedircon_settings_t;
-
typedef struct user_entry {
char *name;
+ char *uid;
+ char *gid;
char *sename;
char *prefix;
char *home;
@@ -104,6 +102,15 @@ typedef struct user_entry {
} genhomedircon_user_entry_t;
typedef struct {
+ const char *fcfilepath;
+ int usepasswd;
+ const char *homedir_template_path;
+ genhomedircon_user_entry_t *fallback;
+ semanage_handle_t *h_semanage;
+ sepol_policydb_t *policydb;
+} genhomedircon_settings_t;
+
+typedef struct {
const char *search_for;
const char *replace_with;
} replacement_pair_t;
@@ -461,8 +468,21 @@ static int HOME_DIR_PRED(const char *string)
return semanage_is_prefix(string, TEMPLATE_HOME_DIR);
}
+/* new names */
+static int USERNAME_CONTEXT_PRED(const char *string)
+{
+ return (int)(
+ (strstr(string, TEMPLATE_USERNAME) != NULL) ||
+ (strstr(string, TEMPLATE_USERID) != NULL)
+ );
+}
+
+/* This will never match USER if USERNAME or USERID are found. */
static int USER_CONTEXT_PRED(const char *string)
{
+ if (USERNAME_CONTEXT_PRED(string))
+ return 0;
+
return (int)(strstr(string, TEMPLATE_USER) != NULL);
}
@@ -548,23 +568,12 @@ static int check_line(genhomedircon_settings_t * s, Ustr *line)
return result;
}
-static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
- semanage_list_t * tpl, const char *user,
- const char *seuser, const char *home,
- const char *role_prefix, const char *level)
+static int write_replacements(genhomedircon_settings_t * s, FILE * out,
+ const semanage_list_t * tpl,
+ const replacement_pair_t *repl)
{
- replacement_pair_t repl[] = {
- {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
- {.search_for = TEMPLATE_HOME_DIR,.replace_with = home},
- {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
- {.search_for = TEMPLATE_LEVEL,.replace_with = level},
- {NULL, NULL}
- };
Ustr *line = USTR_NULL;
- if (fprintf(out, COMMENT_USER_HOME_CONTEXT, user) < 0)
- return STATUS_ERR;
-
for (; tpl; tpl = tpl->next) {
line = replace_all(tpl->data, repl);
if (!line)
@@ -582,6 +591,28 @@ static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
return STATUS_ERR;
}
+static int write_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl, const genhomedircon_user_entry_t *user)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_SEUSER,.replace_with = user->sename},
+ {.search_for = TEMPLATE_HOME_DIR,.replace_with = user->home},
+ {.search_for = TEMPLATE_ROLE,.replace_with = user->prefix},
+ {.search_for = TEMPLATE_LEVEL,.replace_with = user->level},
+ {NULL, NULL}
+ };
+
+ if (strcmp(user->name, FALLBACK_NAME) == 0) {
+ if (fprintf(out, COMMENT_USER_HOME_CONTEXT, FALLBACK_SENAME) < 0)
+ return STATUS_ERR;
+ } else {
+ if (fprintf(out, COMMENT_USER_HOME_CONTEXT, user->name) < 0)
+ return STATUS_ERR;
+ }
+
+ return write_replacements(s, out, tpl, repl);
+}
+
static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
semanage_list_t * tpl, char *homedir)
{
@@ -589,52 +620,36 @@ static int write_home_root_context(genhomedircon_settings_t * s, FILE * out,
{.search_for = TEMPLATE_HOME_ROOT,.replace_with = homedir},
{NULL, NULL}
};
- Ustr *line = USTR_NULL;
- for (; tpl; tpl = tpl->next) {
- line = replace_all(tpl->data, repl);
- if (!line)
- goto fail;
- if (check_line(s, line) == STATUS_SUCCESS) {
- if (!ustr_io_putfileline(&line, out))
- goto fail;
- }
- ustr_sc_free(&line);
- }
- return STATUS_SUCCESS;
+ return write_replacements(s, out, tpl, repl);
+}
- fail:
- ustr_sc_free(&line);
- return STATUS_ERR;
+static int write_username_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * tpl,
+ const genhomedircon_user_entry_t *user)
+{
+ replacement_pair_t repl[] = {
+ {.search_for = TEMPLATE_USERNAME,.replace_with = user->name},
+ {.search_for = TEMPLATE_USERID,.replace_with = user->uid},
+ {.search_for = TEMPLATE_ROLE,.replace_with = user->prefix},
+ {.search_for = TEMPLATE_SEUSER,.replace_with = user->sename},
+ {NULL, NULL}
+ };
+
+ return write_replacements(s, out, tpl, repl);
}
static int write_user_context(genhomedircon_settings_t * s, FILE * out,
- semanage_list_t * tpl, const char *user,
- const char *seuser, const char *role_prefix)
+ semanage_list_t * tpl, const genhomedircon_user_entry_t *user)
{
replacement_pair_t repl[] = {
- {.search_for = TEMPLATE_USER,.replace_with = user},
- {.search_for = TEMPLATE_ROLE,.replace_with = role_prefix},
- {.search_for = TEMPLATE_SEUSER,.replace_with = seuser},
+ {.search_for = TEMPLATE_USER,.replace_with = user->name},
+ {.search_for = TEMPLATE_ROLE,.replace_with = user->prefix},
+ {.search_for = TEMPLATE_SEUSER,.replace_with = user->sename},
{NULL, NULL}
};
- Ustr *line = USTR_NULL;
-
- for (; tpl; tpl = tpl->next) {
- line = replace_all(tpl->data, repl);
- if (!line)
- goto fail;
- if (check_line(s, line) == STATUS_SUCCESS) {
- if (!ustr_io_putfileline(&line, out))
- goto fail;
- }
- ustr_sc_free(&line);
- }
- return STATUS_SUCCESS;
- fail:
- ustr_sc_free(&line);
- return STATUS_ERR;
+ return write_replacements(s, out, tpl, repl);
}
static int user_sort_func(semanage_user_t ** arg1, semanage_user_t ** arg2)
@@ -649,11 +664,13 @@ static int name_user_cmp(char *key, semanage_user_t ** val)
}
static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
- const char *sen, const char *pre, const char *h,
- const char *l)
+ const char *u, const char *g, const char *sen,
+ const char *pre, const char *h, const char *l)
{
genhomedircon_user_entry_t *temp = NULL;
char *name = NULL;
+ char *uid = NULL;
+ char *gid = NULL;
char *sename = NULL;
char *prefix = NULL;
char *home = NULL;
@@ -665,6 +682,12 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
name = strdup(n);
if (!name)
goto cleanup;
+ uid = strdup(u);
+ if (!uid)
+ goto cleanup;
+ gid = strdup(g);
+ if (!gid)
+ goto cleanup;
sename = strdup(sen);
if (!sename)
goto cleanup;
@@ -679,6 +702,8 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
goto cleanup;
temp->name = name;
+ temp->uid = uid;
+ temp->gid = gid;
temp->sename = sename;
temp->prefix = prefix;
temp->home = home;
@@ -690,6 +715,8 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
cleanup:
free(name);
+ free(uid);
+ free(gid);
free(sename);
free(prefix);
free(home);
@@ -708,6 +735,8 @@ static void pop_user_entry(genhomedircon_user_entry_t ** list)
temp = *list;
*list = temp->next;
free(temp->name);
+ free(temp->uid);
+ free(temp->gid);
free(temp->sename);
free(temp->prefix);
free(temp->home);
@@ -715,32 +744,6 @@ static void pop_user_entry(genhomedircon_user_entry_t ** list)
free(temp);
}
-static int set_fallback_user(genhomedircon_settings_t *s, const char *user,
- const char *prefix, const char *level)
-{
- char *fallback_user = strdup(user);
- char *fallback_user_prefix = strdup(prefix);
- char *fallback_user_level = NULL;
- if (level)
- fallback_user_level = strdup(level);
-
- if (fallback_user == NULL || fallback_user_prefix == NULL ||
- (fallback_user_level == NULL && level != NULL)) {
- free(fallback_user);
- free(fallback_user_prefix);
- free(fallback_user_level);
- return STATUS_ERR;
- }
-
- free(s->fallback_user);
- free(s->fallback_user_prefix);
- free(s->fallback_user_level);
- s->fallback_user = fallback_user;
- s->fallback_user_prefix = fallback_user_prefix;
- s->fallback_user_level = fallback_user_level;
- return STATUS_SUCCESS;
-}
-
static int setup_fallback_user(genhomedircon_settings_t * s)
{
semanage_seuser_t **seuser_list = NULL;
@@ -775,17 +778,19 @@ static int setup_fallback_user(genhomedircon_settings_t * s)
if (semanage_user_query(s->h_semanage, key, &u) < 0)
{
prefix = name;
- level = FALLBACK_USER_LEVEL;
+ level = FALLBACK_LEVEL;
}
else
{
prefix = semanage_user_get_prefix(u);
level = semanage_user_get_mlslevel(u);
if (!level)
- level = FALLBACK_USER_LEVEL;
+ level = FALLBACK_LEVEL;
}
- if (set_fallback_user(s, seuname, prefix, level) != 0)
+ if (push_user_entry(&(s->fallback), FALLBACK_NAME,
+ FALLBACK_UIDGID, FALLBACK_UIDGID,
+ seuname, prefix, "", level) != 0)
errors = STATUS_ERR;
semanage_user_key_free(key);
if (u)
@@ -814,6 +819,8 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
const char *seuname = NULL;
const char *prefix = NULL;
const char *level = NULL;
+ char uid[11];
+ char gid[11];
struct passwd pwstorage, *pwent = NULL;
unsigned int i;
long rbuflen;
@@ -846,7 +853,7 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
seuname = semanage_seuser_get_sename(seuser_list[i]);
name = semanage_seuser_get_name(seuser_list[i]);
- if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
+ if (strcmp(name,"root") && strcmp(seuname, s->fallback->sename) == 0)
continue;
if (strcmp(name, DEFAULT_LOGIN) == 0)
@@ -867,10 +874,10 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
prefix = semanage_user_get_prefix(*u);
level = semanage_user_get_mlslevel(*u);
if (!level)
- level = FALLBACK_USER_LEVEL;
+ level = FALLBACK_LEVEL;
} else {
prefix = name;
- level = FALLBACK_USER_LEVEL;
+ level = FALLBACK_LEVEL;
}
retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
@@ -898,7 +905,19 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
}
if (ignore(pwent->pw_dir))
continue;
- if (push_user_entry(&head, name, seuname,
+
+ len = snprintf(uid, sizeof(uid), "%u", pwent->pw_uid);
+ if (len < 0 || len >= (int)sizeof(uid)) {
+ *errors = STATUS_ERR;
+ goto cleanup;
+ }
+ len = snprintf(gid, sizeof(gid), "%u", pwent->pw_gid);
+ if (len < 0 || len >= (int)sizeof(gid)) {
+ *errors = STATUS_ERR;
+ goto cleanup;
+ }
+
+ if (push_user_entry(&head, name, uid, gid, seuname,
prefix, pwent->pw_dir, level) != STATUS_SUCCESS) {
*errors = STATUS_ERR;
break;
@@ -927,6 +946,7 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
}
static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
+ semanage_list_t * username_context_tpl,
semanage_list_t * user_context_tpl,
semanage_list_t * homedir_context_tpl)
{
@@ -939,13 +959,11 @@ static int write_gen_home_dir_context(genhomedircon_settings_t * s, FILE * out,
}
for (; users; pop_user_entry(&users)) {
- if (write_home_dir_context(s, out, homedir_context_tpl,
- users->name,
- users->sename, users->home,
- users->prefix, users->level))
+ if (write_home_dir_context(s, out, homedir_context_tpl, users))
goto err;
- if (write_user_context(s, out, user_context_tpl, users->name,
- users->sename, users->prefix))
+ if (write_username_context(s, out, username_context_tpl, users))
+ goto err;
+ if (write_user_context(s, out, user_context_tpl, users))
goto err;
}
@@ -968,16 +986,21 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
{
semanage_list_t *homedirs = NULL;
semanage_list_t *h = NULL;
- semanage_list_t *user_context_tpl = NULL;
semanage_list_t *homedir_context_tpl = NULL;
semanage_list_t *homeroot_context_tpl = NULL;
+ semanage_list_t *username_context_tpl = NULL;
+ semanage_list_t *user_context_tpl = NULL;
int retval = STATUS_SUCCESS;
homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
+ username_context_tpl = make_template(s, &USERNAME_CONTEXT_PRED);
user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
- if (!homedir_context_tpl && !homeroot_context_tpl && !user_context_tpl)
+ if (!homedir_context_tpl
+ && !homeroot_context_tpl
+ && !username_context_tpl
+ && !user_context_tpl)
goto done;
if (write_file_context_header(out) != STATUS_SUCCESS) {
@@ -1001,19 +1024,19 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
for (h = homedirs; h; h = h->next) {
Ustr *temp = ustr_dup_cstr(h->data);
- if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
+ if (!temp || !ustr_add_cstr(&temp, "/" FALLBACK_NAME)) {
ustr_sc_free(&temp);
retval = STATUS_ERR;
goto done;
}
- if (write_home_dir_context(s, out,
- homedir_context_tpl,
- s->fallback_user, s->fallback_user,
- ustr_cstr(temp),
- s->fallback_user_prefix, s->fallback_user_level) !=
- STATUS_SUCCESS) {
+ free(s->fallback->home);
+ s->fallback->home = (char*) ustr_cstr(temp);
+
+ if (write_home_dir_context(s, out, homedir_context_tpl,
+ s->fallback) != STATUS_SUCCESS) {
ustr_sc_free(&temp);
+ s->fallback->home = NULL;
retval = STATUS_ERR;
goto done;
}
@@ -1021,23 +1044,31 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
homeroot_context_tpl,
h->data) != STATUS_SUCCESS) {
ustr_sc_free(&temp);
+ s->fallback->home = NULL;
retval = STATUS_ERR;
goto done;
}
ustr_sc_free(&temp);
+ s->fallback->home = NULL;
}
}
- if (user_context_tpl) {
+ if (user_context_tpl || username_context_tpl) {
+ if (write_username_context(s, out, username_context_tpl,
+ s->fallback) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
if (write_user_context(s, out, user_context_tpl,
- ".*", s->fallback_user,
- s->fallback_user_prefix) != STATUS_SUCCESS) {
+ s->fallback) != STATUS_SUCCESS) {
retval = STATUS_ERR;
goto done;
}
- if (write_gen_home_dir_context(s, out, user_context_tpl,
- homedir_context_tpl) != STATUS_SUCCESS) {
+ if (write_gen_home_dir_context(s, out, username_context_tpl,
+ user_context_tpl, homedir_context_tpl)
+ != STATUS_SUCCESS) {
retval = STATUS_ERR;
}
}
@@ -1045,6 +1076,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
done:
/* Cleanup */
semanage_list_destroy(&homedirs);
+ semanage_list_destroy(&username_context_tpl);
semanage_list_destroy(&user_context_tpl);
semanage_list_destroy(&homedir_context_tpl);
semanage_list_destroy(&homeroot_context_tpl);
@@ -1068,10 +1100,20 @@ int semanage_genhomedircon(semanage_handle_t * sh,
s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
SEMANAGE_FC_HOMEDIRS);
- s.fallback_user = strdup(FALLBACK_USER);
- s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
- s.fallback_user_level = strdup(FALLBACK_USER_LEVEL);
- if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) {
+ s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
+ if (s.fallback == NULL) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ s.fallback->name = strdup(FALLBACK_NAME);
+ s.fallback->sename = strdup(FALLBACK_SENAME);
+ s.fallback->prefix = strdup(FALLBACK_PREFIX);
+ s.fallback->level = strdup(FALLBACK_LEVEL);
+ if (s.fallback->name == NULL
+ || s.fallback->sename == NULL
+ || s.fallback->prefix == NULL
+ || s.fallback->level == NULL) {
retval = STATUS_ERR;
goto done;
}
@@ -1095,9 +1137,7 @@ done:
if (out != NULL)
fclose(out);
- free(s.fallback_user);
- free(s.fallback_user_prefix);
- free(s.fallback_user_level);
+ pop_user_entry(&(s.fallback));
ignore_free();
return retval;
diff --git libsemanage-2.5/utils/semanage_migrate_store libsemanage-2.5/utils/semanage_migrate_store
index 0ebd285..2bdcc05 100755
--- libsemanage-2.5/utils/semanage_migrate_store

View File

@ -7,14 +7,14 @@
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.5
Release: 2%{?dist}
Release: 4%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsemanage-2.5.tar.gz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# $ VERSION=2.5 ./make-fedora-selinux-patch.sh libsemanage
# HEAD https://github.com/fedora-selinux/selinux/commit/fcbe30acc1ab728944f06ee9df9dc007053b5781
# HEAD https://github.com/fedora-selinux/selinux/commit/b4fd6cda6dede7a90892aac8f138b86b3ebda3e8
Patch1: libsemanage-fedora.patch
URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf
@ -194,6 +194,10 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
* Fri May 06 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
- Fix multiple spelling errors
- genhomedircon: %{USERID} and %{USERNAME} support and code cleanup
* Sun Feb 28 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-2
- Use fully versioned arch-specific requires