[packages/sudo.git] / sudo-selinux.patch

--- sudo-1.6.7p5/sesh.c.selinux	2004-07-08 13:18:28.000000000 -0400
+++ sudo-1.6.7p5/sesh.c	2004-07-08 13:18:28.000000000 -0400
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <errno.h>
+
+main (int argc, char **argv) {
+  char buf[PATH_MAX];
+  pid_t pid;
+  if ( argc < 2 ) {
+    fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
+    exit(-1);
+  }
+  if ( argv[1][0] != '/' ) {
+    fprintf(stderr,"%s: First argument must have a full path\n", argv[0]);
+    exit(-1);
+  }
+
+  if ((pid = fork()) < 0) {
+    snprintf(buf, sizeof(buf), "%s: Couldn't fork");
+    perror(buf);
+    exit(-1);
+  } else if (pid > 0) {
+    /* Parent */
+    int status;
+    int ret;
+
+    do {
+      if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
+        continue;
+      else if (ret < 0) {
+        perror("waitpid failed");
+        exit(1);
+      }
+    } while (0);
+
+    if (WIFEXITED(status))
+      exit(WEXITSTATUS(status));
+    else
+      exit(1);
+  } else {
+    /* Child */
+    execv(argv[1], &argv[1]);
+
+    snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
+    perror(buf);
+    exit(-1);
+  }
+}
--- sudo-1.6.9p3/configure.in.orig	2007-07-30 15:30:15.000000000 +0200
+++ sudo-1.6.9p3/configure.in	2007-08-04 22:13:39.950053015 +0200
@@ -101,7 +101,7 @@
 dnl Initial values for Makefile variables listed above
 dnl May be overridden by environment variables..
 dnl
-PROGS="sudo visudo"
+PROGS="sudo visudo sesh"
 : ${MANTYPE='man'}
 : ${mansrcdir='.'}
 : ${SUDOERS_MODE='0440'}
--- sudo-1.6.9p3/sudo.c.orig	2007-07-22 21:21:01.000000000 +0200
+++ sudo-1.6.9p3/sudo.c	2007-08-04 22:15:26.464122906 +0200
@@ -101,6 +101,17 @@
 #include "interfaces.h"
 #include "version.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/flask.h>             /* for SECCLASS_CHR_FILE */
+#include <selinux/selinux.h>           /* for is_selinux_enabled() */
+#include <selinux/context.h>           /* for context-mangling functions */
+#include <selinux/get_default_type.h>
+char *role_s = NULL;                  /* role spec'd by user in argv[] */
+char *type_s = NULL;                  /* type spec'd by user in argv[] */
+security_context_t new_tty_context=NULL; /* security context to change to while running command*/
+security_context_t tty_context=NULL;  /* current security context of tty */
+#endif
+
 #ifndef lint
 __unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.26 2007/07/22 19:21:01 millert Exp $";
 #endif /* lint */
@@ -154,7 +165,151 @@
 #endif /* HAVE_BSD_AUTH_H */
 sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
 
+#ifdef WITH_SELINUX
+security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
+  security_context_t tty_context=NULL;  /* current sid of tty */
+
+  tty_context = NULL;
+  if (fgetfilecon(fd,&tty_context) <0 ) 
+    fprintf(stderr, "Warning!  Could not get current context for %s, not relabeling.\n", ttyn);
+  
+#ifdef CANTSPELLGDB
+  if (tty_context)
+    printf("Your tty %s was labeled with context %s\n", ttyn, tty_context);
+#endif
+  
+  new_tty_context = NULL;
+  if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
+    fprintf(stderr, "Warning!  Could not get new context for %s, not relabeling.\n", ttyn);
+  
+#ifdef CANTSPELLGDB
+  if (new_tty_context)
+    printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
+#endif
+  
+  if (new_tty_context) {
+    if( fsetfilecon(fd,new_tty_context)!=0 ) {
+      fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
+    }
+  }
+  return tty_context;
+}
+security_context_t get_exec_context(char *role_s, char *type_s) {
+
+  security_context_t old_context=NULL;	/* our original securiy ID ("old_context") */
+  security_context_t new_context=NULL;  /* our target security ID ("sid") */
 
+  /*
+   *	
+   * Step 1:  Handle command-line arguments.
+   *
+   */
+  
+  security_context_t context_s;      /* our security context as a string */
+  int context_length;
+  context_t context;                 /* manipulatable form of context_s */
+  
+  
+  /*
+   * Get the SID and context of the caller, and extract
+   * the username from the context.  Don't rely on the Linux
+   * uid information - it isn't trustworthy.
+   */
+  
+  /* Put the caller's SID into `old_context'. */
+  if( 0!=(getprevcon(&old_context)) ) {
+    fprintf(stderr,"failed to get old_context.\n");
+    exit(-1);
+  }
+  
+#ifdef CANTSPELLGDB
+  printf( "Your old context was %s\n", old_context );
+#endif
+  /* 
+   * Create a context structure so that we extract and modify 
+   * components easily. 
+   */
+  context=context_new(old_context);
+  
+  /*
+   *
+   * Step 3:  Construct a new SID based on our old SID and the
+   *          arguments specified on the command line.
+   *
+   */
+  
+  /* The first step in constructing a new SID for the new shell we  *
+   * plan to exec is to take our old context in `context' as a   *
+   * starting point, and modify it according to the options the user *
+   * specified on the command line.                                  */
+
+  /* Set the SELinux user identity to root */
+  context_user_set(context, "root");
+  
+  /* If the user specified a new role on the command line (if `role_s'   *
+   * is set), then replace the old role in `context' with this new role. */
+  if( role_s ) {
+    if( !type_s ) {
+      if( get_default_type(role_s,&type_s) )
+	{
+	  fprintf(stderr,"Couldn't get default type.\n");
+	  exit(-1);
+	}
+#ifdef CANTSPELLGDB
+      printf( "Your type will be %s.\n", type_s );
+#endif  
+    }
+    
+    if( context_role_set(context,role_s)) {
+      fprintf(stderr,"failed to set new role %s\n",role_s);
+      exit(-1);
+    }
+#ifdef CANTSPELLGDB
+    printf("Your new role is %s\n",context_role_get(context));
+#endif
+    
+    /* If the user specified a new type on the command line (if `type_s'   *
+     * is set), then replace the old type in `context' with this new type. */
+    if( type_s ) {
+      if( context_type_set(context,type_s)) {
+	fprintf(stderr,"failed to set new type %s\n",type_s);
+	exit(-1);
+      }
+#ifdef CANTSPELLGDB
+      printf("Your new type is %s\n",context_type_get(context));
+#endif
+    } /* if user specified new type */
+    
+    /* The second step in creating the new SID is to convert our modified *
+     * `context' structure back to a context string and then to a SID.    */
+    
+    /* Make `context_s' point to a string version of the new `context'.  */
+    if( !(new_context=strdup(context_str(context)))) {
+      fprintf(stderr,"failed to convert new context to string\n" );
+      exit(-1);
+    }
+    
+  } /* if user specified new role */
+  else {
+    if (get_default_context(context_user_get(context),
+			    NULL,
+			    &new_context)) {
+      fprintf(stderr,"failed to get default context\n" );
+      exit(-1);
+    }
+  }
+  context_free(context);
+  freecon(old_context);
+
+  if (security_check_context(new_context) < 0) {
+    fprintf(stderr, "%s is not a valid context\n", new_context);
+    exit(-1);
+  }
+
+  return new_context;
+}
+
+#endif
 int
 main(argc, argv, envp)
     int argc;
@@ -216,9 +371,6 @@
     /* Setup defaults data structures. */
     init_defaults();
 
-    /* Load the list of local ip addresses and netmasks.  */
-    load_interfaces();
-
     pwflag = 0;
     if (ISSET(sudo_mode, MODE_SHELL))
 	user_cmnd = "shell";
@@ -233,6 +385,8 @@
 		    (void) printf("Sudoers path: %s\n", _PATH_SUDOERS);
 		    dump_auth_methods();
 		    dump_defaults();
+		    /* Load the list of local ip addresses and netmasks.  */
+		    load_interfaces();
 		    dump_interfaces();
 		}
 		exit(0);
@@ -442,7 +596,43 @@
 #ifndef PROFILING
 	if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
 	    exit(0);
-	else
+#ifdef WITH_SELINUX
+	if(is_selinux_enabled() > 0) {
+	  int fd;
+	  char *ttyn   = NULL;	                /* tty path */
+	  security_context_t new_context=NULL;  /* our target security ID ("sid") */
+	  security_context_t chk_tty_context= NULL;
+
+	  new_context=get_exec_context(role_s,type_s);
+#ifdef CANTSPELLGDB
+	  printf("Your new context is %s\n",new_context);
+#endif
+
+	  if (setexeccon(new_context) < 0) {
+	    fprintf(stderr, "Could not set exec context to %s.\n", new_context);
+	    exit(-1);
+	  }
+	  freecon(new_context);
+	  {
+	    /* 
+	       SELinux will only not transition properly with the following
+	       code.  Basically if the user chooses to use a different security
+	       context.  We need to start the selinux shell, before executing 
+	       the command.  This way the process transition will happen 
+	       correctly. For example if they user wants to run rpm from 
+	       sysadm_r.  Sudo will exec the /usr/sbin/sesh followed by the 
+	       specified command.*/
+	    char **dst, **src = NewArgv+1;
+	    NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *));
+	    NewArgv[0] = estrdup("sesh");
+	    NewArgv[1] = safe_cmnd;
+	    safe_cmnd = estrdup("/usr/sbin/sesh");
+	    /* copy the args from Argv */
+	    for (dst = NewArgv + 2; (*dst = *src) != NULL; ++src, ++dst)
+	      ;
+	  }
+	}
+#endif
 	    execve(safe_cmnd, NewArgv, environ);
 #else
 	exit(0);
@@ -766,6 +956,30 @@
 		    NewArgv++;
 		    break;
 #endif
+#ifdef WITH_SELINUX
+	    case 'r':
+		/* Must have an associated SELinux role. */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		role_s = NewArgv[1];
+
+		/* Shift Argv over and adjust Argc. */
+		NewArgc--;
+		NewArgv++;
+		break;
+	    case 't':
+		/* Must have an associated SELinux type. */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		type_s = NewArgv[1];
+
+		/* Shift Argv over and adjust Argc. */
+		NewArgc--;
+		NewArgv++;
+		break;
+#endif
 #ifdef HAVE_LOGIN_CAP_H
 		case 'c':
 		    /* Must have an associated login class. */
@@ -1247,6 +1461,9 @@
 #ifdef HAVE_LOGIN_CAP_H
 	" [-c class|-]",
 #endif
+#ifdef WITH_SELINUX
+	" [-r role] [-t type]",
+#endif
 	" [-p prompt]",
 	" [-u username|#uid]",
 	" [VAR=value]",
--- sudo-1.6.9p3/sudo.man.in.orig	2007-08-02 17:51:59.000000000 +0200
+++ sudo-1.6.9p3/sudo.man.in	2007-08-04 22:17:59.880865627 +0200
@@ -157,7 +157,8 @@
 \&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-l\fR | \fB\-V\fR | \fB\-v\fR
 .PP
 \&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR]
-[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+[\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
+[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
 [\fB\s-1VAR\s0\fR=\fIvalue\fR] {\fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
 .PP
 \&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
@@ -354,6 +355,16 @@
 .RE
 .RS 4
 .RE
+.IP "\-r" 4
+.IX Item "-r"
+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
+\fIROLE\fR.
+.IP "\-t" 4
+.IX Item "-t" 
+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
+specified by
+\fITYPE\fR.
+If no type is specified, the default type is derived from the specified role.
 .IP "\-S" 4
 .IX Item "-S"
 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
--- sudo-1.6.9p3/Makefile.in.orig	2007-08-02 17:51:59.000000000 +0200
+++ sudo-1.6.9p3/Makefile.in	2007-08-04 22:18:17.657878682 +0200
@@ -43,7 +43,8 @@
 # Libraries
 LIBS = @LIBS@
 NET_LIBS = @NET_LIBS@
-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
+SELINUX_LIBS = -lselinux 
+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
 
 # C preprocessor flags
 CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
@@ -90,7 +91,7 @@
 sudoers_mode = @SUDOERS_MODE@
 
 # Pass in paths and uid/gid + OS dependent defined
-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
 
 #### End of system configuration section. ####
 
@@ -104,7 +105,7 @@
        logging.c memrchr.c mkstemp.c parse.c parse.lex parse.yacc set_perms.c \
        sigaction.c snprintf.c strcasecmp.c strerror.c strlcat.c strlcpy.c \
        sudo.c sudo_noexec.c sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c \
-       utimes.c visudo.c zero_bytes.c $(AUTH_SRCS)
+       utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) sesh.c
 
 AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
 	    auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
@@ -126,6 +127,8 @@
 
 VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
 
+SESH_OBJS = sesh.o
+
 TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
 
 LIBOBJS = @LIBOBJS@ @ALLOCA@
@@ -146,7 +149,7 @@
 BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
 	  UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
 	  sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
-	  sudoers.pod visudo visudo.cat visudo.man visudo.pod
+	  sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
 
 BINSPECIAL= INSTALL.binary Makefile.binary libtool
 
@@ -178,6 +181,9 @@
 visudo: $(VISUDOBJS) $(LIBOBJS)
 	$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
 
+sesh: $(SESH_OBJS) 
+	$(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
+
 testsudoers: $(TESTOBJS) $(LIBOBJS)
 	$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
 
@@ -219,6 +225,7 @@
 set_perms.o: set_perms.c $(SUDODEP)
 tgetpass.o: tgetpass.c $(SUDODEP)
 visudo.o: visudo.c $(SUDODEP) version.h
+sesh.o: sesh.c 
 sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
 interfaces.o: interfaces.c $(SUDODEP) interfaces.h
 testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
@@ -314,6 +321,7 @@
 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
 
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
 
 install-noexec: sudo_noexec.la
 	$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
Commit	Line	Data
8620b293 JB	1	--- sudo-1.6.7p5/sesh.c.selinux 2004-07-08 13:18:28.000000000 -0400
	2	+++ sudo-1.6.7p5/sesh.c 2004-07-08 13:18:28.000000000 -0400
	3	@@ -0,0 +1,50 @@
	4	+#include <stdio.h>
	5	+#include <unistd.h>
	6	+#include <limits.h>
	7	+#include <sys/types.h>
	8	+#include <sys/wait.h>
	9	+#include <errno.h>
	10	+
	11	+main (int argc, char **argv) {
	12	+ char buf[PATH_MAX];
	13	+ pid_t pid;
	14	+ if ( argc < 2 ) {
	15	+ fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
	16	+ exit(-1);
	17	+ }
	18	+ if ( argv[1][0] != '/' ) {
	19	+ fprintf(stderr,"%s: First argument must have a full path\n", argv[0]);
	20	+ exit(-1);
	21	+ }
	22	+
	23	+ if ((pid = fork()) < 0) {
	24	+ snprintf(buf, sizeof(buf), "%s: Couldn't fork");
	25	+ perror(buf);
	26	+ exit(-1);
	27	+ } else if (pid > 0) {
	28	+ /* Parent */
	29	+ int status;
	30	+ int ret;
	31	+
	32	+ do {
	33	+ if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
	34	+ continue;
	35	+ else if (ret < 0) {
	36	+ perror("waitpid failed");
	37	+ exit(1);
	38	+ }
	39	+ } while (0);
	40	+
	41	+ if (WIFEXITED(status))
	42	+ exit(WEXITSTATUS(status));
	43	+ else
	44	+ exit(1);
	45	+ } else {
	46	+ /* Child */
	47	+ execv(argv[1], &argv[1]);
	48	+
	49	+ snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
	50	+ perror(buf);
	51	+ exit(-1);
	52	+ }
	53	+}
dc214b6e JB	54	--- sudo-1.6.9p3/configure.in.orig 2007-07-30 15:30:15.000000000 +0200
	55	+++ sudo-1.6.9p3/configure.in 2007-08-04 22:13:39.950053015 +0200
	56	@@ -101,7 +101,7 @@
8620b293 JB	57	dnl Initial values for Makefile variables listed above
	58	dnl May be overridden by environment variables..
	59	dnl
	60	-PROGS="sudo visudo"
	61	+PROGS="sudo visudo sesh"
dc214b6e JB	62	: ${MANTYPE='man'}
	63	: ${mansrcdir='.'}
	64	: ${SUDOERS_MODE='0440'}
	65	--- sudo-1.6.9p3/sudo.c.orig 2007-07-22 21:21:01.000000000 +0200
	66	+++ sudo-1.6.9p3/sudo.c 2007-08-04 22:15:26.464122906 +0200
	67	@@ -101,6 +101,17 @@
5cb05c03 AM	68	#include "interfaces.h"
	69	#include "version.h"
	70
	71	+#ifdef WITH_SELINUX
	72	+#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */
	73	+#include <selinux/selinux.h> /* for is_selinux_enabled() */
	74	+#include <selinux/context.h> /* for context-mangling functions */
	75	+#include <selinux/get_default_type.h>
ad1310e6 AM	76	+char role_s = NULL; / role spec'd by user in argv[] */
ad1310e6 AM	77	+char type_s = NULL; / type spec'd by user in argv[] */
8620b293 JB	78	+security_context_t new_tty_context=NULL; /* security context to change to while running command*/
8620b293 JB	79	+security_context_t tty_context=NULL; /* current security context of tty */
5cb05c03 AM	80	+#endif
	81	+
	82	#ifndef lint
dc214b6e	83	__unused __unused static const char rcsid[] = "$Sudo: sudo.c,v 1.369.2.26 2007/07/22 19:21:01 millert Exp $";
5cb05c03	84	#endif /* lint */
dc214b6e JB	85	@@ -154,7 +165,151 @@
dc214b6e JB	86	#endif /* HAVE_BSD_AUTH_H */
8620b293	87	sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
5cb05c03 AM	88
5cb05c03 AM	89	+#ifdef WITH_SELINUX
8620b293 JB	90	+security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
8620b293 JB	91	+ security_context_t tty_context=NULL; /* current sid of tty */
5cb05c03	92	+
8620b293 JB	93	+ tty_context = NULL;
	94	+ if (fgetfilecon(fd,&tty_context) <0 )
	95	+ fprintf(stderr, "Warning! Could not get current context for %s, not relabeling.\n", ttyn);
5cb05c03	96	+
5cb05c03	97	+#ifdef CANTSPELLGDB
8620b293 JB	98	+ if (tty_context)
	99	+ printf("Your tty %s was labeled with context %s\n", ttyn, tty_context);
	100	+#endif
	101	+
	102	+ new_tty_context = NULL;
	103	+ if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
	104	+ fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn);
	105	+
5cb05c03	106	+#ifdef CANTSPELLGDB
8620b293 JB	107	+ if (new_tty_context)
8620b293 JB	108	+ printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
5cb05c03	109	+#endif
8620b293 JB	110	+
	111	+ if (new_tty_context) {
	112	+ if( fsetfilecon(fd,new_tty_context)!=0 ) {
	113	+ fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
	114	+ }
	115	+ }
	116	+ return tty_context;
	117	+}
	118	+security_context_t get_exec_context(char role_s, char type_s) {
	119	+
	120	+ security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
	121	+ security_context_t new_context=NULL; /* our target security ID ("sid") */
dc214b6e	122
8620b293 JB	123	+ /*
	124	+ *
	125	+ * Step 1: Handle command-line arguments.
	126	+ *
	127	+ */
	128	+
	129	+ security_context_t context_s; /* our security context as a string */
	130	+ int context_length;
	131	+ context_t context; /* manipulatable form of context_s */
	132	+
	133	+
	134	+ /*
	135	+ * Get the SID and context of the caller, and extract
	136	+ * the username from the context. Don't rely on the Linux
	137	+ * uid information - it isn't trustworthy.
	138	+ */
	139	+
	140	+ /* Put the caller's SID into `old_context'. */
	141	+ if( 0!=(getprevcon(&old_context)) ) {
	142	+ fprintf(stderr,"failed to get old_context.\n");
	143	+ exit(-1);
	144	+ }
	145	+
5cb05c03	146	+#ifdef CANTSPELLGDB
8620b293	147	+ printf( "Your old context was %s\n", old_context );
5cb05c03	148	+#endif
8620b293 JB	149	+ /*
	150	+ * Create a context structure so that we extract and modify
	151	+ * components easily.
	152	+ */
	153	+ context=context_new(old_context);
	154	+
	155	+ /*
	156	+ *
	157	+ * Step 3: Construct a new SID based on our old SID and the
	158	+ * arguments specified on the command line.
	159	+ *
	160	+ */
	161	+
	162	+ /* The first step in constructing a new SID for the new shell we *
	163	+ * plan to exec is to take our old context in `context' as a *
	164	+ * starting point, and modify it according to the options the user *
	165	+ * specified on the command line. */
	166	+
	167	+ /* Set the SELinux user identity to root */
	168	+ context_user_set(context, "root");
	169	+
	170	+ /* If the user specified a new role on the command line (if `role_s' *
	171	+ * is set), then replace the old role in `context' with this new role. */
	172	+ if( role_s ) {
	173	+ if( !type_s ) {
	174	+ if( get_default_type(role_s,&type_s) )
	175	+ {
	176	+ fprintf(stderr,"Couldn't get default type.\n");
	177	+ exit(-1);
	178	+ }
5cb05c03	179	+#ifdef CANTSPELLGDB
8620b293 JB	180	+ printf( "Your type will be %s.\n", type_s );
	181	+#endif
	182	+ }
	183	+
	184	+ if( context_role_set(context,role_s)) {
	185	+ fprintf(stderr,"failed to set new role %s\n",role_s);
	186	+ exit(-1);
	187	+ }
5cb05c03	188	+#ifdef CANTSPELLGDB
8620b293	189	+ printf("Your new role is %s\n",context_role_get(context));
5cb05c03	190	+#endif
8620b293 JB	191	+
	192	+ /* If the user specified a new type on the command line (if `type_s' *
	193	+ * is set), then replace the old type in `context' with this new type. */
	194	+ if( type_s ) {
	195	+ if( context_type_set(context,type_s)) {
	196	+ fprintf(stderr,"failed to set new type %s\n",type_s);
	197	+ exit(-1);
	198	+ }
5cb05c03	199	+#ifdef CANTSPELLGDB
8620b293	200	+ printf("Your new type is %s\n",context_type_get(context));
5cb05c03	201	+#endif
8620b293 JB	202	+ } /* if user specified new type */
	203	+
	204	+ /* The second step in creating the new SID is to convert our modified *
	205	+ * `context' structure back to a context string and then to a SID. */
	206	+
	207	+ /* Make `context_s' point to a string version of the new `context'. */
	208	+ if( !(new_context=strdup(context_str(context)))) {
	209	+ fprintf(stderr,"failed to convert new context to string\n" );
	210	+ exit(-1);
	211	+ }
	212	+
	213	+ } /* if user specified new role */
	214	+ else {
	215	+ if (get_default_context(context_user_get(context),
	216	+ NULL,
	217	+ &new_context)) {
	218	+ fprintf(stderr,"failed to get default context\n" );
	219	+ exit(-1);
	220	+ }
	221	+ }
	222	+ context_free(context);
	223	+ freecon(old_context);
5cb05c03	224	+
8620b293 JB	225	+ if (security_check_context(new_context) < 0) {
	226	+ fprintf(stderr, "%s is not a valid context\n", new_context);
	227	+ exit(-1);
	228	+ }
5cb05c03	229	+
8620b293 JB	230	+ return new_context;
8620b293 JB	231	+}
dc214b6e	232	+
5cb05c03	233	+#endif
8620b293 JB	234	int
	235	main(argc, argv, envp)
	236	int argc;
dc214b6e	237	@@ -216,9 +371,6 @@
8620b293 JB	238	/* Setup defaults data structures. */
	239	init_defaults();
	240
	241	- /* Load the list of local ip addresses and netmasks. */
	242	- load_interfaces();
	243	-
	244	pwflag = 0;
	245	if (ISSET(sudo_mode, MODE_SHELL))
	246	user_cmnd = "shell";
dc214b6e JB	247	@@ -233,6 +385,8 @@
dc214b6e JB	248	(void) printf("Sudoers path: %s\n", _PATH_SUDOERS);
8620b293 JB	249	dump_auth_methods();
	250	dump_defaults();
	251	+ /* Load the list of local ip addresses and netmasks. */
	252	+ load_interfaces();
	253	dump_interfaces();
	254	}
	255	exit(0);
dc214b6e	256	@@ -442,7 +596,43 @@
8620b293 JB	257	#ifndef PROFILING
	258	if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
	259	exit(0);
	260	- else
	261	+#ifdef WITH_SELINUX
	262	+ if(is_selinux_enabled() > 0) {
	263	+ int fd;
	264	+ char ttyn = NULL; / tty path */
	265	+ security_context_t new_context=NULL; /* our target security ID ("sid") */
	266	+ security_context_t chk_tty_context= NULL;
5cb05c03	267	+
8620b293	268	+ new_context=get_exec_context(role_s,type_s);
5cb05c03	269	+#ifdef CANTSPELLGDB
8620b293	270	+ printf("Your new context is %s\n",new_context);
5cb05c03 AM	271	+#endif
5cb05c03 AM	272	+
5cb05c03 AM	273	+ if (setexeccon(new_context) < 0) {
	274	+ fprintf(stderr, "Could not set exec context to %s.\n", new_context);
	275	+ exit(-1);
	276	+ }
	277	+ freecon(new_context);
8620b293 JB	278	+ {
	279	+ /*
	280	+ SELinux will only not transition properly with the following
	281	+ code. Basically if the user chooses to use a different security
	282	+ context. We need to start the selinux shell, before executing
	283	+ the command. This way the process transition will happen
	284	+ correctly. For example if they user wants to run rpm from
	285	+ sysadm_r. Sudo will exec the /usr/sbin/sesh followed by the
	286	+ specified command.*/
	287	+ char dst, src = NewArgv+1;
	288	+ NewArgv = (char *) emalloc2((++NewArgc + 1), sizeof(char ));
	289	+ NewArgv[0] = estrdup("sesh");
	290	+ NewArgv[1] = safe_cmnd;
	291	+ safe_cmnd = estrdup("/usr/sbin/sesh");
	292	+ /* copy the args from Argv */
	293	+ for (dst = NewArgv + 2; (dst = src) != NULL; ++src, ++dst)
	294	+ ;
5cb05c03 AM	295	+ }
	296	+ }
	297	+#endif
dc214b6e	298	execve(safe_cmnd, NewArgv, environ);
5cb05c03 AM	299	#else
5cb05c03 AM	300	exit(0);
dc214b6e JB	301	@@ -766,6 +956,30 @@
	302	NewArgv++;
	303	break;
5cb05c03 AM	304	#endif
	305	+#ifdef WITH_SELINUX
	306	+ case 'r':
	307	+ /* Must have an associated SELinux role. */
	308	+ if (NewArgv[1] == NULL)
	309	+ usage(1);
	310	+
	311	+ role_s = NewArgv[1];
	312	+
	313	+ /* Shift Argv over and adjust Argc. */
	314	+ NewArgc--;
	315	+ NewArgv++;
	316	+ break;
	317	+ case 't':
	318	+ /* Must have an associated SELinux type. */
	319	+ if (NewArgv[1] == NULL)
	320	+ usage(1);
	321	+
	322	+ type_s = NewArgv[1];
	323	+
	324	+ /* Shift Argv over and adjust Argc. */
	325	+ NewArgc--;
	326	+ NewArgv++;
	327	+ break;
	328	+#endif
	329	#ifdef HAVE_LOGIN_CAP_H
dc214b6e JB	330	case 'c':
	331	/* Must have an associated login class. */
	332	@@ -1247,6 +1461,9 @@
8620b293 JB	333	#ifdef HAVE_LOGIN_CAP_H
8620b293 JB	334	" [-c class\|-]",
ad1310e6 AM	335	#endif
ad1310e6 AM	336	+#ifdef WITH_SELINUX
8620b293	337	+ " [-r role] [-t type]",
ad1310e6	338	+#endif
8620b293 JB	339	" [-p prompt]",
8620b293 JB	340	" [-u username\|#uid]",
dc214b6e JB	341	" [VAR=value]",
	342	--- sudo-1.6.9p3/sudo.man.in.orig 2007-08-02 17:51:59.000000000 +0200
	343	+++ sudo-1.6.9p3/sudo.man.in 2007-08-04 22:17:59.880865627 +0200
	344	@@ -157,7 +157,8 @@
	345	\&\fBsudo\fR \fB\-h\fR \| \fB\-K\fR \| \fB\-k\fR \| \fB\-L\fR \| \fB\-l\fR \| \fB\-V\fR \| \fB\-v\fR
8620b293	346	.PP
dc214b6e JB	347	\&\fBsudo\fR [\fB\-bEHPS\fR] [\fB\-a\fR\ \fIauth_type\fR]
	348	-[\fB\-c\fR\ \fIclass\fR\|\fI\-\fR] [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR\|\fI#uid\fR]
	349	+[\fB\-c\fR\ \fIclass\fR\|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
	350	+[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR\|\fI#uid\fR]
	351	[\fB\s-1VAR\s0\fR=\fIvalue\fR] {\fB\-i\fR\ \|\ \fB\-s\fR\ \|\ \fIcommand\fR}
8620b293	352	.PP
dc214b6e JB	353	\&\fBsudoedit\fR [\fB\-S\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR\|\fI\-\fR]
	354	@@ -354,6 +355,16 @@
	355	.RE
	356	.RS 4
	357	.RE
5cb05c03 AM	358	+.IP "\-r" 4
	359	+.IX Item "-r"
	360	+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
	361	+\fIROLE\fR.
	362	+.IP "\-t" 4
	363	+.IX Item "-t"
	364	+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
	365	+specified by
	366	+\fITYPE\fR.
	367	+If no type is specified, the default type is derived from the specified role.
	368	.IP "\-S" 4
	369	.IX Item "-S"
	370	The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
dc214b6e JB	371	--- sudo-1.6.9p3/Makefile.in.orig 2007-08-02 17:51:59.000000000 +0200
dc214b6e JB	372	+++ sudo-1.6.9p3/Makefile.in 2007-08-04 22:18:17.657878682 +0200
8620b293 JB	373	@@ -43,7 +43,8 @@
	374	# Libraries
	375	LIBS = @LIBS@
	376	NET_LIBS = @NET_LIBS@
	377	-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
	378	+SELINUX_LIBS = -lselinux
	379	+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
	380
	381	# C preprocessor flags
	382	CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
	383	@@ -90,7 +91,7 @@
	384	sudoers_mode = @SUDOERS_MODE@
	385
	386	# Pass in paths and uid/gid + OS dependent defined
	387	-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
	388	+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
	389
	390	#### End of system configuration section. ####
	391
	392	@@ -104,7 +105,7 @@
dc214b6e JB	393	logging.c memrchr.c mkstemp.c parse.c parse.lex parse.yacc set_perms.c \
	394	sigaction.c snprintf.c strcasecmp.c strerror.c strlcat.c strlcpy.c \
	395	sudo.c sudo_noexec.c sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c \
	396	- utimes.c visudo.c zero_bytes.c $(AUTH_SRCS)
	397	+ utimes.c visudo.c zero_bytes.c $(AUTH_SRCS) sesh.c
8620b293 JB	398
	399	AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
	400	auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
	401	@@ -126,6 +127,8 @@
	402
dd44b34a	403	VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
8620b293 JB	404
	405	+SESH_OBJS = sesh.o
	406	+
	407	TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
	408
	409	LIBOBJS = @LIBOBJS@ @ALLOCA@
dc214b6e	410	@@ -146,7 +149,7 @@
8620b293 JB	411	BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
	412	UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
	413	sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
	414	- sudoers.pod visudo visudo.cat visudo.man visudo.pod
	415	+ sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
	416
dd44b34a	417	BINSPECIAL= INSTALL.binary Makefile.binary libtool
8620b293	418
dc214b6e	419	@@ -178,6 +181,9 @@
8620b293 JB	420	visudo: $(VISUDOBJS) $(LIBOBJS)
	421	$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
	422
	423	+sesh: $(SESH_OBJS)
	424	+ $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
	425	+
	426	testsudoers: $(TESTOBJS) $(LIBOBJS)
	427	$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
	428
dc214b6e	429	@@ -219,6 +225,7 @@
8620b293 JB	430	set_perms.o: set_perms.c $(SUDODEP)
	431	tgetpass.o: tgetpass.c $(SUDODEP)
	432	visudo.o: visudo.c $(SUDODEP) version.h
	433	+sesh.o: sesh.c
	434	sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
	435	interfaces.o: interfaces.c $(SUDODEP) interfaces.h
	436	testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
dc214b6e	437	@@ -314,6 +321,7 @@
dd44b34a	438	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
5cb05c03	439
8620b293 JB	440	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
8620b293 JB	441	+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
5cb05c03	442
8620b293 JB	443	install-noexec: sudo_noexec.la
8620b293 JB	444	$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)