[packages/util-linux.git] / util-linux-selinux.patch

--- util-linux-2.12pre/login-utils/Makefile.selinux	2001-09-29 14:11:24.000000000 -0400
+++ util-linux-2.12pre/login-utils/Makefile	2004-01-26 08:07:45.156687235 -0500
@@ -48,6 +48,12 @@
 PAMFL=-DUSE_PAM=1
 endif
 
+ifeq "$(HAVE_SELINUX)" "yes"
+CFLAGS += -DWITH_SELINUX=1 -g
+SELINUXLLIB=-lselinux 
+SELINUXOBJS=selinux_utils.o
+endif
+
 ifeq "$(HAVE_SHADOW)" "no"
 ifeq "$(HAVE_PAM)" "no"
 ifeq "$(HAVE_PASSWD)" "no"
@@ -96,18 +102,18 @@
 wall.o: ttymsg.h $(LIB)/carefulputc.h
 
 agetty: agetty.o $(LIB)/xstrncpy.o
-chfn: chfn.o islocal.o setpwnam.o $(LIB)/env.o $(LIB)/xstrncpy.o
-	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM)
-chsh: chsh.o islocal.o setpwnam.o $(LIB)/env.o
-	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM)
+chfn: chfn.o islocal.o setpwnam.o $(SELINUXOBJS) $(LIB)/env.o $(LIB)/xstrncpy.o
+	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM) $(SELINUXLLIB)
+chsh: chsh.o islocal.o setpwnam.o $(SELINUXOBJS) $(LIB)/env.o
+	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM) $(SELINUXLLIB)
 last: last.o
 
 ifeq "$(HAVE_PAM)" "yes"
 login: login.o $(LIB)/setproctitle.o $(LIB)/xstrncpy.o
-	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM)
+	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM) $(SELINUXLLIB)
 else
 login: login.o $(LIB)/xstrncpy.o $(LIB)/setproctitle.o checktty.o 
-	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) 
+	$(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(SELINUXLLIB)
 endif
 
 mesg: mesg.o $(ERR_O)
@@ -124,6 +130,7 @@
 	$(CC) $(LDFLAGS) -o $@ $^
 
 vipw: vipw.o $(LIB)/xstrncpy.o
+	$(CC) $(LDFLAGS) -o $@ $^ $(SELINUXLLIB)
 
 newgrp.o: $(LIB)/pathnames.h
 	$(CC) -c $(CFLAGS) $(PAMFL) newgrp.c 
--- util-linux-2.12pre/login-utils/chfn.c.selinux	2004-01-26 08:07:43.716619491 -0500
+++ util-linux-2.12pre/login-utils/chfn.c	2004-01-26 08:08:31.588874751 -0500
@@ -40,6 +40,12 @@
 #include "nls.h"
 #include "env.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/av_permissions.h>
+#include "selinux_utils.h"
+#endif
+
 #if REQUIRE_PASSWORD && USE_PAM
 #include <security/pam_appl.h>
 #include <security/pam_misc.h>
@@ -136,6 +142,27 @@
        exit(1);
     }
 
+#ifdef WITH_SELINUX
+    if (is_selinux_enabled()>0) {
+      if(uid == 0) {
+	if (checkAccess(oldf.username,PASSWD__CHFN)!=0) {
+	  security_context_t user_context;
+	  if (getprevcon(&user_context) < 0)
+	    user_context=(security_context_t) strdup(_("Unknown user context"));
+	  fprintf(stderr, _("%s: %s is not authorized to change the finger info of %s\n"),
+		  whoami, user_context, oldf.username);
+	  freecon(user_context);
+	  exit(1);
+	}
+      }
+      if (setupDefaultContext("/etc/passwd") != 0) {
+	fprintf(stderr,_("%s: Can't set default context for /etc/passwd"),
+		whoami);
+	exit(1);
+      }
+    }
+#endif
+
     /* Reality check */
     if (uid != 0 && uid != oldf.pw->pw_uid) {
 	errno = EACCES;
--- util-linux-2.12pre/login-utils/vipw.c.selinux	2001-10-20 03:23:57.000000000 -0400
+++ util-linux-2.12pre/login-utils/vipw.c	2004-01-26 08:08:46.459576650 -0500
@@ -67,6 +67,10 @@
 #include "xstrncpy.h"
 #include "nls.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 #define FILENAMELEN 67
 
 char *progname;
@@ -189,6 +193,24 @@
 	sprintf(tmp, "%s%s", orig_file, ".OLD");
 	unlink(tmp);
 	link(orig_file, tmp);
+
+#ifdef WITH_SELINUX
+	if (is_selinux_enabled()>0) {
+	  security_context_t passwd_context=NULL;
+	  int ret=0;
+	  if (getfilecon(orig_file,&passwd_context) < 0) {
+	    (void) fprintf(stderr,_("%s: Can't get context for %s"),progname,orig_file);
+	    pw_error(orig_file, 1, 1);
+	  }
+	  ret=setfilecon(tmp_file,passwd_context);
+	  freecon(passwd_context);
+	  if (ret!=0) {
+	    (void) fprintf(stderr,_("%s: Can't set context for %s"),progname,tmp_file);
+	    pw_error(tmp_file, 1, 1);
+	  }
+	}
+#endif
+
 	if (rename(tmp_file, orig_file) == -1) {
 		int errsv = errno;
 		fprintf(stderr, 
@@ -266,7 +288,9 @@
 
 	if (stat(tmp_file, &begin))
 		pw_error(tmp_file, 1, 1);
+
 	pw_edit(0);
+
 	if (stat(tmp_file, &end))
 		pw_error(tmp_file, 1, 1);
 	if (begin.st_mtime == end.st_mtime) {
@@ -281,6 +305,7 @@
 		chmod(tmp_file, 0400);
 #endif
 	pw_unlock();
+
 }
 
 int main(int argc, char *argv[]) {
--- util-linux-2.12pre/login-utils/chsh.c.selinux	2004-01-26 08:07:45.016680649 -0500
+++ util-linux-2.12pre/login-utils/chsh.c	2004-01-26 08:08:56.480049975 -0500
@@ -47,6 +47,12 @@
 #include <security/pam_misc.h>
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/av_permissions.h>
+#include "selinux_utils.h"
+#endif
+
 typedef unsigned char boolean;
 #define false 0
 #define true 1
@@ -121,6 +127,27 @@
        exit(1);
     }
 
+#ifdef WITH_SELINUX
+    if (is_selinux_enabled()>0) {
+      if(uid == 0) {
+	if (checkAccess(pw->pw_name,PASSWD__CHSH)!=0) {
+	  security_context_t user_context;
+	  if (getprevcon(&user_context) < 0)
+	    user_context=(security_context_t) strdup(_("Unknown user context"));
+	  fprintf(stderr, _("%s: %s is not authorized to change the shell of %s\n"),
+		  whoami, user_context, pw->pw_name);
+	  freecon(user_context);
+	  exit(1);
+	}
+      }
+      if (setupDefaultContext("/etc/passwd") != 0) {
+	fprintf(stderr,_("%s: Can't set default context for /etc/passwd"),
+		whoami);
+	exit(1);
+      }
+    }
+#endif
+
     oldshell = pw->pw_shell;
     if (!oldshell[0]) oldshell = "/bin/sh";
 
--- /dev/null	2004-01-20 06:10:08.000000000 -0500
+++ util-linux-2.12pre/login-utils/selinux_utils.h	2004-01-26 08:07:45.156687235 -0500
@@ -0,0 +1,2 @@
+extern int checkAccess(char *name,int access);
+extern int setupDefaultContext(char *orig_file);
--- /dev/null	2004-01-20 06:10:08.000000000 -0500
+++ util-linux-2.12pre/login-utils/selinux_utils.c	2004-01-26 08:09:11.190745364 -0500
@@ -0,0 +1,55 @@
+#ifdef WITH_SELINUX
+#include <sys/types.h>
+#include <stdio.h>
+#include <selinux/selinux.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#include <selinux/context.h>
+#include "selinux_utils.h"
+
+int checkAccess(char *chuser, int access) {
+  int status=-1;
+  security_context_t user_context;
+  char *user=NULL;
+  if( getprevcon(&user_context)==0 ) {
+    context_t c=context_new(user_context);
+    user=context_user_get(c);
+    if (strcmp(chuser, user) == 0) {
+      status=0;
+    } else {
+      struct av_decision avd;
+      int retval = security_compute_av(user_context,
+				       user_context,
+				       SECCLASS_PASSWD,
+				       access,
+				       &avd);
+	  
+      if ((retval == 0) && 
+	  ((access & avd.allowed) == access)) {
+	status=0;
+      }
+    }
+    context_free(c);
+    freecon(user_context);
+  }
+  return status;
+}
+
+int setupDefaultContext(char *orig_file) {
+  if (is_selinux_enabled()>0) {
+    security_context_t scontext;
+    
+    if (getfilecon(orig_file,&scontext)<0) {
+      return 1;
+    }
+    
+    if (setfscreatecon(scontext) < 0) 
+      {
+	freecon(scontext);
+	return 1;
+      }
+    freecon(scontext);
+  }
+  return 0;
+}
+#endif
--- util-linux-2.12pre/MCONFIG.selinux	2004-01-26 08:07:44.006633133 -0500
+++ util-linux-2.12pre/MCONFIG	2004-01-26 08:07:45.156687235 -0500
@@ -18,6 +18,10 @@
 # installed as it is not PAM aware.
 HAVE_PAM=yes
 
+# If HAVE_SELINUX is set to "yes", the login will make sure the user is
+# logged into an appropriate security context
+HAVE_SELINUX=yes
+
 # If HAVE_SHADOW is set to "yes", then login, chfn, chsh, newgrp, passwd,
 # and vipw will not be built or installed from the login-utils
 # subdirectory.
Commit	Line	Data
42603c5f JB	1	--- util-linux-2.12pre/login-utils/Makefile.selinux 2001-09-29 14:11:24.000000000 -0400
42603c5f JB	2	+++ util-linux-2.12pre/login-utils/Makefile 2004-01-26 08:07:45.156687235 -0500
1b18e37f	3	@@ -48,6 +48,12 @@
	4	PAMFL=-DUSE_PAM=1
	5	endif
	6
	7	+ifeq "$(HAVE_SELINUX)" "yes"
	8	+CFLAGS += -DWITH_SELINUX=1 -g
	9	+SELINUXLLIB=-lselinux
	10	+SELINUXOBJS=selinux_utils.o
	11	+endif
	12	+
	13	ifeq "$(HAVE_SHADOW)" "no"
	14	ifeq "$(HAVE_PAM)" "no"
	15	ifeq "$(HAVE_PASSWD)" "no"
	16	@@ -96,18 +102,18 @@
	17	wall.o: ttymsg.h $(LIB)/carefulputc.h
	18
	19	agetty: agetty.o $(LIB)/xstrncpy.o
	20	-chfn: chfn.o islocal.o setpwnam.o $(LIB)/env.o $(LIB)/xstrncpy.o
	21	- $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM)
	22	-chsh: chsh.o islocal.o setpwnam.o $(LIB)/env.o
	23	- $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM)
	24	+chfn: chfn.o islocal.o setpwnam.o $(SELINUXOBJS) $(LIB)/env.o $(LIB)/xstrncpy.o
	25	+ $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM) $(SELINUXLLIB)
	26	+chsh: chsh.o islocal.o setpwnam.o $(SELINUXOBJS) $(LIB)/env.o
	27	+ $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM) $(SELINUXLLIB)
	28	last: last.o
	29
	30	ifeq "$(HAVE_PAM)" "yes"
	31	login: login.o $(LIB)/setproctitle.o $(LIB)/xstrncpy.o
	32	- $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM)
	33	+ $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(PAM) $(SELINUXLLIB)
	34	else
	35	login: login.o $(LIB)/xstrncpy.o $(LIB)/setproctitle.o checktty.o
	36	- $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT)
	37	+ $(CC) $(LDFLAGS) -o $@ $^ $(CRYPT) $(SELINUXLLIB)
	38	endif
	39
	40	mesg: mesg.o $(ERR_O)
	41	@@ -124,6 +130,7 @@
	42	$(CC) $(LDFLAGS) -o $@ $^
	43
	44	vipw: vipw.o $(LIB)/xstrncpy.o
	45	+ $(CC) $(LDFLAGS) -o $@ $^ $(SELINUXLLIB)
	46
	47	newgrp.o: $(LIB)/pathnames.h
	48	$(CC) -c $(CFLAGS) $(PAMFL) newgrp.c
42603c5f JB	49	--- util-linux-2.12pre/login-utils/chfn.c.selinux 2004-01-26 08:07:43.716619491 -0500
42603c5f JB	50	+++ util-linux-2.12pre/login-utils/chfn.c 2004-01-26 08:08:31.588874751 -0500
1b18e37f	51	@@ -40,6 +40,12 @@
	52	#include "nls.h"
	53	#include "env.h"
	54
	55	+#ifdef WITH_SELINUX
	56	+#include <selinux/selinux.h>
	57	+#include <selinux/av_permissions.h>
	58	+#include "selinux_utils.h"
	59	+#endif
	60	+
	61	#if REQUIRE_PASSWORD && USE_PAM
	62	#include <security/pam_appl.h>
	63	#include <security/pam_misc.h>
	64	@@ -136,6 +142,27 @@
	65	exit(1);
	66	}
	67
	68	+#ifdef WITH_SELINUX
42603c5f	69	+ if (is_selinux_enabled()>0) {
1b18e37f	70	+ if(uid == 0) {
	71	+ if (checkAccess(oldf.username,PASSWD__CHFN)!=0) {
	72	+ security_context_t user_context;
	73	+ if (getprevcon(&user_context) < 0)
	74	+ user_context=(security_context_t) strdup(_("Unknown user context"));
	75	+ fprintf(stderr, _("%s: %s is not authorized to change the finger info of %s\n"),
	76	+ whoami, user_context, oldf.username);
	77	+ freecon(user_context);
	78	+ exit(1);
	79	+ }
	80	+ }
	81	+ if (setupDefaultContext("/etc/passwd") != 0) {
	82	+ fprintf(stderr,_("%s: Can't set default context for /etc/passwd"),
	83	+ whoami);
	84	+ exit(1);
	85	+ }
	86	+ }
	87	+#endif
	88	+
	89	/* Reality check */
	90	if (uid != 0 && uid != oldf.pw->pw_uid) {
	91	errno = EACCES;
42603c5f JB	92	--- util-linux-2.12pre/login-utils/vipw.c.selinux 2001-10-20 03:23:57.000000000 -0400
42603c5f JB	93	+++ util-linux-2.12pre/login-utils/vipw.c 2004-01-26 08:08:46.459576650 -0500
1b18e37f	94	@@ -67,6 +67,10 @@
	95	#include "xstrncpy.h"
	96	#include "nls.h"
	97
	98	+#ifdef WITH_SELINUX
	99	+#include <selinux/selinux.h>
	100	+#endif
	101	+
	102	#define FILENAMELEN 67
	103
	104	char *progname;
	105	@@ -189,6 +193,24 @@
	106	sprintf(tmp, "%s%s", orig_file, ".OLD");
	107	unlink(tmp);
	108	link(orig_file, tmp);
	109	+
	110	+#ifdef WITH_SELINUX
42603c5f	111	+ if (is_selinux_enabled()>0) {
1b18e37f	112	+ security_context_t passwd_context=NULL;
	113	+ int ret=0;
	114	+ if (getfilecon(orig_file,&passwd_context) < 0) {
	115	+ (void) fprintf(stderr,_("%s: Can't get context for %s"),progname,orig_file);
	116	+ pw_error(orig_file, 1, 1);
	117	+ }
	118	+ ret=setfilecon(tmp_file,passwd_context);
	119	+ freecon(passwd_context);
	120	+ if (ret!=0) {
	121	+ (void) fprintf(stderr,_("%s: Can't set context for %s"),progname,tmp_file);
	122	+ pw_error(tmp_file, 1, 1);
	123	+ }
	124	+ }
	125	+#endif
	126	+
	127	if (rename(tmp_file, orig_file) == -1) {
	128	int errsv = errno;
	129	fprintf(stderr,
	130	@@ -266,7 +288,9 @@
	131
	132	if (stat(tmp_file, &begin))
	133	pw_error(tmp_file, 1, 1);
	134	+
	135	pw_edit(0);
	136	+
	137	if (stat(tmp_file, &end))
	138	pw_error(tmp_file, 1, 1);
	139	if (begin.st_mtime == end.st_mtime) {
	140	@@ -281,6 +305,7 @@
	141	chmod(tmp_file, 0400);
	142	#endif
	143	pw_unlock();
	144	+
	145	}
	146
	147	int main(int argc, char *argv[]) {
42603c5f JB	148	--- util-linux-2.12pre/login-utils/chsh.c.selinux 2004-01-26 08:07:45.016680649 -0500
42603c5f JB	149	+++ util-linux-2.12pre/login-utils/chsh.c 2004-01-26 08:08:56.480049975 -0500
1b18e37f	150	@@ -47,6 +47,12 @@
	151	#include <security/pam_misc.h>
	152	#endif
	153
	154	+#ifdef WITH_SELINUX
	155	+#include <selinux/selinux.h>
	156	+#include <selinux/av_permissions.h>
	157	+#include "selinux_utils.h"
	158	+#endif
	159	+
	160	typedef unsigned char boolean;
	161	#define false 0
	162	#define true 1
	163	@@ -121,6 +127,27 @@
	164	exit(1);
	165	}
	166
	167	+#ifdef WITH_SELINUX
42603c5f	168	+ if (is_selinux_enabled()>0) {
1b18e37f	169	+ if(uid == 0) {
	170	+ if (checkAccess(pw->pw_name,PASSWD__CHSH)!=0) {
	171	+ security_context_t user_context;
	172	+ if (getprevcon(&user_context) < 0)
	173	+ user_context=(security_context_t) strdup(_("Unknown user context"));
	174	+ fprintf(stderr, _("%s: %s is not authorized to change the shell of %s\n"),
	175	+ whoami, user_context, pw->pw_name);
	176	+ freecon(user_context);
	177	+ exit(1);
	178	+ }
	179	+ }
	180	+ if (setupDefaultContext("/etc/passwd") != 0) {
	181	+ fprintf(stderr,_("%s: Can't set default context for /etc/passwd"),
	182	+ whoami);
	183	+ exit(1);
	184	+ }
	185	+ }
	186	+#endif
	187	+
	188	oldshell = pw->pw_shell;
	189	if (!oldshell[0]) oldshell = "/bin/sh";
	190
42603c5f JB	191	--- /dev/null 2004-01-20 06:10:08.000000000 -0500
42603c5f JB	192	+++ util-linux-2.12pre/login-utils/selinux_utils.h 2004-01-26 08:07:45.156687235 -0500
1b18e37f	193	@@ -0,0 +1,2 @@
	194	+extern int checkAccess(char *name,int access);
	195	+extern int setupDefaultContext(char *orig_file);
42603c5f JB	196	--- /dev/null 2004-01-20 06:10:08.000000000 -0500
42603c5f JB	197	+++ util-linux-2.12pre/login-utils/selinux_utils.c 2004-01-26 08:09:11.190745364 -0500
1b18e37f	198	@@ -0,0 +1,55 @@
	199	+#ifdef WITH_SELINUX
	200	+#include <sys/types.h>
	201	+#include <stdio.h>
	202	+#include <selinux/selinux.h>
	203	+#include <selinux/flask.h>
	204	+#include <selinux/av_permissions.h>
	205	+#include <selinux/context.h>
	206	+#include "selinux_utils.h"
	207	+
	208	+int checkAccess(char *chuser, int access) {
	209	+ int status=-1;
	210	+ security_context_t user_context;
	211	+ char *user=NULL;
	212	+ if( getprevcon(&user_context)==0 ) {
	213	+ context_t c=context_new(user_context);
	214	+ user=context_user_get(c);
	215	+ if (strcmp(chuser, user) == 0) {
	216	+ status=0;
	217	+ } else {
	218	+ struct av_decision avd;
	219	+ int retval = security_compute_av(user_context,
	220	+ user_context,
	221	+ SECCLASS_PASSWD,
	222	+ access,
	223	+ &avd);
	224	+
	225	+ if ((retval == 0) &&
	226	+ ((access & avd.allowed) == access)) {
	227	+ status=0;
	228	+ }
	229	+ }
	230	+ context_free(c);
	231	+ freecon(user_context);
	232	+ }
	233	+ return status;
	234	+}
	235	+
	236	+int setupDefaultContext(char *orig_file) {
42603c5f	237	+ if (is_selinux_enabled()>0) {
1b18e37f	238	+ security_context_t scontext;
	239	+
	240	+ if (getfilecon(orig_file,&scontext)<0) {
	241	+ return 1;
	242	+ }
	243	+
	244	+ if (setfscreatecon(scontext) < 0)
	245	+ {
	246	+ freecon(scontext);
	247	+ return 1;
	248	+ }
	249	+ freecon(scontext);
	250	+ }
	251	+ return 0;
	252	+}
	253	+#endif
42603c5f JB	254	--- util-linux-2.12pre/MCONFIG.selinux 2004-01-26 08:07:44.006633133 -0500
42603c5f JB	255	+++ util-linux-2.12pre/MCONFIG 2004-01-26 08:07:45.156687235 -0500
1b18e37f	256	@@ -18,6 +18,10 @@
	257	# installed as it is not PAM aware.
	258	HAVE_PAM=yes
	259
	260	+# If HAVE_SELINUX is set to "yes", the login will make sure the user is
	261	+# logged into an appropriate security context
	262	+HAVE_SELINUX=yes
	263	+
	264	# If HAVE_SHADOW is set to "yes", then login, chfn, chsh, newgrp, passwd,
	265	# and vipw will not be built or installed from the login-utils
	266	# subdirectory.