[packages/sudo.git] / sudo-selinux.patch

--- sudo-1.6.7p5/sesh.c.selinux	2004-07-08 13:18:28.000000000 -0400
+++ sudo-1.6.7p5/sesh.c	2004-07-08 13:18:28.000000000 -0400
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <errno.h>
+
+main (int argc, char **argv) {
+  char buf[PATH_MAX];
+  pid_t pid;
+  if ( argc < 2 ) {
+    fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
+    exit(-1);
+  }
+  if ( argv[1][0] != '/' ) {
+    fprintf(stderr,"%s: First argument must have a full path\n", argv[0]);
+    exit(-1);
+  }
+
+  if ((pid = fork()) < 0) {
+    snprintf(buf, sizeof(buf), "%s: Couldn't fork");
+    perror(buf);
+    exit(-1);
+  } else if (pid > 0) {
+    /* Parent */
+    int status;
+    int ret;
+
+    do {
+      if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
+        continue;
+      else if (ret < 0) {
+        perror("waitpid failed");
+        exit(1);
+      }
+    } while (0);
+
+    if (WIFEXITED(status))
+      exit(WEXITSTATUS(status));
+    else
+      exit(1);
+  } else {
+    /* Child */
+    execv(argv[1], &argv[1]);
+
+    snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
+    perror(buf);
+    exit(-1);
+  }
+}
--- sudo-1.6.7p5/configure.in.selinux	2003-05-06 11:22:36.000000000 -0400
+++ sudo-1.6.7p5/configure.in	2004-07-08 13:18:28.000000000 -0400
@@ -90,7 +90,7 @@
 dnl Initial values for Makefile variables listed above
 dnl May be overridden by environment variables..
 dnl
-PROGS="sudo visudo"
+PROGS="sudo visudo sesh"
 test -n "$MANTYPE" || MANTYPE="man"
 test -n "$mansrcdir" || mansrcdir="."
 test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
--- sudo-1.6.8/sudo.c.orig	2004-08-07 01:42:52.000000000 +0200
+++ sudo-1.6.8/sudo.c	2004-08-29 20:45:31.556903000 +0200
@@ -92,6 +92,17 @@
 #include "interfaces.h"
 #include "version.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/flask.h>             /* for SECCLASS_CHR_FILE */
+#include <selinux/selinux.h>           /* for is_selinux_enabled() */
+#include <selinux/context.h>           /* for context-mangling functions */
+#include <selinux/get_default_type.h>
+char *role_s = NULL;                  /* role spec'd by user in argv[] */
+char *type_s = NULL;                  /* type spec'd by user in argv[] */
+security_context_t new_tty_context=NULL; /* security context to change to while running command*/
+security_context_t tty_context=NULL;  /* current security context of tty */
+#endif
+
 #ifndef lint
 static const char rcsid[] = "$Sudo: sudo.c,v 1.369 2004/08/06 23:42:52 millert Exp $";
 #endif /* lint */
@@ -141,7 +152,151 @@
 sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
 void (*set_perms) __P((int));
 
+#ifdef WITH_SELINUX
+security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
+  security_context_t tty_context=NULL;  /* current sid of tty */
+
+  tty_context = NULL;
+  if (fgetfilecon(fd,&tty_context) <0 ) 
+    fprintf(stderr, "Warning!  Could not get current context for %s, not relabeling.\n", ttyn);
+  
+#ifdef CANTSPELLGDB
+  if (tty_context)
+    printf("Your tty %s was labeled with context %s\n", ttyn, tty_context);
+#endif
+  
+  new_tty_context = NULL;
+  if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
+    fprintf(stderr, "Warning!  Could not get new context for %s, not relabeling.\n", ttyn);
+  
+#ifdef CANTSPELLGDB
+  if (new_tty_context)
+    printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
+#endif
+  
+  if (new_tty_context) {
+    if( fsetfilecon(fd,new_tty_context)!=0 ) {
+      fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
+    }
+  }
+  return tty_context;
+}
+security_context_t get_exec_context(char *role_s, char *type_s) {
+
+  security_context_t old_context=NULL;	/* our original securiy ID ("old_context") */
+  security_context_t new_context=NULL;  /* our target security ID ("sid") */
+
+  /*
+   *	
+   * Step 1:  Handle command-line arguments.
+   *
+   */
+  
+  security_context_t context_s;      /* our security context as a string */
+  int context_length;
+  context_t context;                 /* manipulatable form of context_s */
+  
+  
+  /*
+   * Get the SID and context of the caller, and extract
+   * the username from the context.  Don't rely on the Linux
+   * uid information - it isn't trustworthy.
+   */
+  
+  /* Put the caller's SID into `old_context'. */
+  if( 0!=(getprevcon(&old_context)) ) {
+    fprintf(stderr,"failed to get old_context.\n");
+    exit(-1);
+  }
+  
+#ifdef CANTSPELLGDB
+  printf( "Your old context was %s\n", old_context );
+#endif
+  /* 
+   * Create a context structure so that we extract and modify 
+   * components easily. 
+   */
+  context=context_new(old_context);
+  
+  /*
+   *
+   * Step 3:  Construct a new SID based on our old SID and the
+   *          arguments specified on the command line.
+   *
+   */
+  
+  /* The first step in constructing a new SID for the new shell we  *
+   * plan to exec is to take our old context in `context' as a   *
+   * starting point, and modify it according to the options the user *
+   * specified on the command line.                                  */
+
+  /* Set the SELinux user identity to root */
+  context_user_set(context, "root");
+  
+  /* If the user specified a new role on the command line (if `role_s'   *
+   * is set), then replace the old role in `context' with this new role. */
+  if( role_s ) {
+    if( !type_s ) {
+      if( get_default_type(role_s,&type_s) )
+	{
+	  fprintf(stderr,"Couldn't get default type.\n");
+	  exit(-1);
+	}
+#ifdef CANTSPELLGDB
+      printf( "Your type will be %s.\n", type_s );
+#endif  
+    }
+    
+    if( context_role_set(context,role_s)) {
+      fprintf(stderr,"failed to set new role %s\n",role_s);
+      exit(-1);
+    }
+#ifdef CANTSPELLGDB
+    printf("Your new role is %s\n",context_role_get(context));
+#endif
+    
+    /* If the user specified a new type on the command line (if `type_s'   *
+     * is set), then replace the old type in `context' with this new type. */
+    if( type_s ) {
+      if( context_type_set(context,type_s)) {
+	fprintf(stderr,"failed to set new type %s\n",type_s);
+	exit(-1);
+      }
+#ifdef CANTSPELLGDB
+      printf("Your new type is %s\n",context_type_get(context));
+#endif
+    } /* if user specified new type */
+    
+    /* The second step in creating the new SID is to convert our modified *
+     * `context' structure back to a context string and then to a SID.    */
+    
+    /* Make `context_s' point to a string version of the new `context'.  */
+    if( !(new_context=strdup(context_str(context)))) {
+      fprintf(stderr,"failed to convert new context to string\n" );
+      exit(-1);
+    }
+    
+  } /* if user specified new role */
+  else {
+    if (get_default_context(context_user_get(context),
+			    NULL,
+			    &new_context)) {
+      fprintf(stderr,"failed to get default context\n" );
+      exit(-1);
+    }
+  }
+  context_free(context);
+  freecon(old_context);
+
+  if (security_check_context(new_context) < 0) {
+    fprintf(stderr, "%s is not a valid context\n", new_context);
+    exit(-1);
+  }
+
+  return new_context;
+}
 
+#endif
 int
 main(argc, argv, envp)
     int argc;
@@ -149,10 +304,10 @@
     char **envp;
 {
     int validated;
-    int fd;
     int cmnd_status;
     int sudo_mode;
     int pwflag;
+    int fd;
     char **new_environ;
     sigaction_t sa;
     extern int printmatches;
@@ -203,9 +358,6 @@
     /* Setup defaults data structures. */
     init_defaults();
 
-    /* Load the list of local ip addresses and netmasks.  */
-    load_interfaces();
-
     pwflag = 0;
     if (ISSET(sudo_mode, MODE_SHELL))
 	user_cmnd = "shell";
@@ -219,6 +371,8 @@
 		    putchar('\n');
 		    dump_auth_methods();
 		    dump_defaults();
+		    /* Load the list of local ip addresses and netmasks.  */
+		    load_interfaces();
 		    dump_interfaces();
 		}
 		exit(0);
@@ -445,7 +599,43 @@
 #ifndef PROFILING
 	if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
 	    exit(0);
-	else
+#ifdef WITH_SELINUX
+	if(is_selinux_enabled() > 0) {
+	  int fd;
+	  char *ttyn   = NULL;	                /* tty path */
+	  security_context_t new_context=NULL;  /* our target security ID ("sid") */
+	  security_context_t chk_tty_context= NULL;
+
+	  new_context=get_exec_context(role_s,type_s);
+#ifdef CANTSPELLGDB
+	  printf("Your new context is %s\n",new_context);
+#endif
+
+	  if (setexeccon(new_context) < 0) {
+	    fprintf(stderr, "Could not set exec context to %s.\n", new_context);
+	    exit(-1);
+	  }
+	  freecon(new_context);
+	  {
+	    /* 
+	       SELinux will only not transition properly with the following
+	       code.  Basically if the user chooses to use a different security
+	       context.  We need to start the selinux shell, before executing 
+	       the command.  This way the process transition will happen 
+	       correctly. For example if they user wants to run rpm from 
+	       sysadm_r.  Sudo will exec the /usr/sbin/sesh followed by the 
+	       specified command.*/
+	    char **dst, **src = NewArgv+1;
+	    NewArgv = (char **) emalloc2((++NewArgc + 1), sizeof(char *));
+	    NewArgv[0] = estrdup("sesh");
+	    NewArgv[1] = safe_cmnd;
+	    safe_cmnd = estrdup("/usr/sbin/sesh");
+	    /* copy the args from Argv */
+	    for (dst = NewArgv + 2; (*dst = *src) != NULL; ++src, ++dst)
+	      ;
+	  }
+	}
+#endif
 	    EXECV(safe_cmnd, NewArgv);	/* run the command */
 #else
 	exit(0);
@@ -729,6 +919,30 @@
 		NewArgv++;
 		break;
 #endif
+#ifdef WITH_SELINUX
+	    case 'r':
+		/* Must have an associated SELinux role. */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		role_s = NewArgv[1];
+
+		/* Shift Argv over and adjust Argc. */
+		NewArgc--;
+		NewArgv++;
+		break;
+	    case 't':
+		/* Must have an associated SELinux type. */
+		if (NewArgv[1] == NULL)
+		    usage(1);
+
+		type_s = NewArgv[1];
+
+		/* Shift Argv over and adjust Argc. */
+		NewArgc--;
+		NewArgv++;
+		break;
+#endif
 #ifdef HAVE_LOGIN_CAP_H
 	    case 'c':
 		/* Must have an associated login class. */
@@ -1111,6 +1325,9 @@
 #ifdef HAVE_LOGIN_CAP_H
 	" [-c class|-]",
 #endif
+#ifdef WITH_SELINUX
+	" [-r role] [-t type]",
+#endif
 	" [-p prompt]",
 	" [-u username|#uid]",
 	" { -e file [...] | -i | -s | <command> }",
--- sudo-1.6.8/sudo.man.in.orig	2004-08-17 20:53:39.000000000 +0200
+++ sudo-1.6.8/sudo.man.in	2004-08-29 20:48:39.189378528 +0200
@@ -156,7 +156,7 @@
 .IX Header "SYNOPSIS"
 \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
 .PP
-\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
+\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
 [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
 {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
 .PP
@@ -235,6 +235,16 @@
 \&\fBsudo\fR will initialize the group vector to the list of groups the
 target user is in.  The real and effective group IDs, however, are
 still set to match the target user.
+.IP "\-r" 4
+.IX Item "-r"
+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
+\fIROLE\fR.
+.IP "\-t" 4
+.IX Item "-t" 
+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
+specified by
+\fITYPE\fR.
+If no type is specified, the default type is derived from the specified role.
 .IP "\-S" 4
 .IX Item "-S"
 The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
--- sudo-1.6.8p1/Makefile.in.orig	2004-09-15 22:11:22.000000000 +0200
+++ sudo-1.6.8p1/Makefile.in	2004-09-19 12:26:11.212233352 +0200
@@ -43,7 +43,8 @@
 # Libraries
 LIBS = @LIBS@
 NET_LIBS = @NET_LIBS@
-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
+SELINUX_LIBS = -lselinux 
+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
 
 # C preprocessor flags
 CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
@@ -90,7 +91,7 @@
 sudoers_mode = @SUDOERS_MODE@
 
 # Pass in paths and uid/gid + OS dependent defined
-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
 
 #### End of system configuration section. ####
 
@@ -104,7 +105,7 @@
        parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
        strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
        sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
-       zero_bytes.c $(AUTH_SRCS)
+       zero_bytes.c $(AUTH_SRCS) sesh.c
 
 AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
 	    auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
@@ -126,6 +127,8 @@
 
 VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
 
+SESH_OBJS = sesh.o
+
 TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
 
 LIBOBJS = @LIBOBJS@ @ALLOCA@
@@ -145,7 +148,7 @@
 BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
 	  UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
 	  sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
-	  sudoers.pod visudo visudo.cat visudo.man visudo.pod
+	  sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
 
 BINSPECIAL= INSTALL.binary Makefile.binary libtool
 
@@ -177,6 +180,9 @@
 visudo: $(VISUDOBJS) $(LIBOBJS)
 	$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
 
+sesh: $(SESH_OBJS) 
+	$(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
+
 testsudoers: $(TESTOBJS) $(LIBOBJS)
 	$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
 
@@ -215,6 +221,7 @@
 set_perms.o: set_perms.c $(SUDODEP)
 tgetpass.o: tgetpass.c $(SUDODEP)
 visudo.o: visudo.c $(SUDODEP) version.h
+sesh.o: sesh.c 
 sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
 interfaces.o: interfaces.c $(SUDODEP) interfaces.h
 testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
@@ -306,6 +313,7 @@
 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
 
 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
 
 install-noexec: sudo_noexec.la
 	$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
Commit	Line	Data
8620b293 JB	1	--- sudo-1.6.7p5/sesh.c.selinux 2004-07-08 13:18:28.000000000 -0400
	2	+++ sudo-1.6.7p5/sesh.c 2004-07-08 13:18:28.000000000 -0400
	3	@@ -0,0 +1,50 @@
	4	+#include <stdio.h>
	5	+#include <unistd.h>
	6	+#include <limits.h>
	7	+#include <sys/types.h>
	8	+#include <sys/wait.h>
	9	+#include <errno.h>
	10	+
	11	+main (int argc, char **argv) {
	12	+ char buf[PATH_MAX];
	13	+ pid_t pid;
	14	+ if ( argc < 2 ) {
	15	+ fprintf(stderr,"%s: Requires at least one argument\n", argv[0]);
	16	+ exit(-1);
	17	+ }
	18	+ if ( argv[1][0] != '/' ) {
	19	+ fprintf(stderr,"%s: First argument must have a full path\n", argv[0]);
	20	+ exit(-1);
	21	+ }
	22	+
	23	+ if ((pid = fork()) < 0) {
	24	+ snprintf(buf, sizeof(buf), "%s: Couldn't fork");
	25	+ perror(buf);
	26	+ exit(-1);
	27	+ } else if (pid > 0) {
	28	+ /* Parent */
	29	+ int status;
	30	+ int ret;
	31	+
	32	+ do {
	33	+ if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
	34	+ continue;
	35	+ else if (ret < 0) {
	36	+ perror("waitpid failed");
	37	+ exit(1);
	38	+ }
	39	+ } while (0);
	40	+
	41	+ if (WIFEXITED(status))
	42	+ exit(WEXITSTATUS(status));
	43	+ else
	44	+ exit(1);
	45	+ } else {
	46	+ /* Child */
	47	+ execv(argv[1], &argv[1]);
	48	+
	49	+ snprintf(buf, sizeof(buf), "%s: Error execing %s", argv[0], argv[1]);
	50	+ perror(buf);
	51	+ exit(-1);
	52	+ }
	53	+}
	54	--- sudo-1.6.7p5/configure.in.selinux 2003-05-06 11:22:36.000000000 -0400
	55	+++ sudo-1.6.7p5/configure.in 2004-07-08 13:18:28.000000000 -0400
	56	@@ -90,7 +90,7 @@
	57	dnl Initial values for Makefile variables listed above
	58	dnl May be overridden by environment variables..
	59	dnl
	60	-PROGS="sudo visudo"
	61	+PROGS="sudo visudo sesh"
	62	test -n "$MANTYPE" \|\| MANTYPE="man"
	63	test -n "$mansrcdir" \|\| mansrcdir="."
	64	test -n "$SUDOERS_MODE" \|\| SUDOERS_MODE=0440
65	--- sudo-1.6.8/sudo.c.orig 2004-08-07 01:42:52.000000000 +0200
66	+++ sudo-1.6.8/sudo.c 2004-08-29 20:45:31.556903000 +0200
67	@@ -92,6 +92,17 @@
5cb05c03 AM	68	#include "interfaces.h"
	69	#include "version.h"
	70
	71	+#ifdef WITH_SELINUX
	72	+#include <selinux/flask.h> /* for SECCLASS_CHR_FILE */
	73	+#include <selinux/selinux.h> /* for is_selinux_enabled() */
	74	+#include <selinux/context.h> /* for context-mangling functions */
	75	+#include <selinux/get_default_type.h>
ad1310e6 AM	76	+char role_s = NULL; / role spec'd by user in argv[] */
ad1310e6 AM	77	+char type_s = NULL; / type spec'd by user in argv[] */
8620b293 JB	78	+security_context_t new_tty_context=NULL; /* security context to change to while running command*/
8620b293 JB	79	+security_context_t tty_context=NULL; /* current security context of tty */
5cb05c03 AM	80	+#endif
	81	+
	82	#ifndef lint
8620b293	83	static const char rcsid[] = "$Sudo: sudo.c,v 1.369 2004/08/06 23:42:52 millert Exp $";
5cb05c03	84	#endif /* lint */
8620b293 JB	85	@@ -141,7 +152,151 @@
	86	sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
	87	void (*set_perms) __P((int));
5cb05c03 AM	88
5cb05c03 AM	89	+#ifdef WITH_SELINUX
8620b293 JB	90	+security_context_t setup_tty_context(int fd, char *ttyn, security_context_t new_context) {
8620b293 JB	91	+ security_context_t tty_context=NULL; /* current sid of tty */
5cb05c03	92	+
8620b293 JB	93	+ tty_context = NULL;
	94	+ if (fgetfilecon(fd,&tty_context) <0 )
	95	+ fprintf(stderr, "Warning! Could not get current context for %s, not relabeling.\n", ttyn);
5cb05c03	96	+
5cb05c03	97	+#ifdef CANTSPELLGDB
8620b293 JB	98	+ if (tty_context)
	99	+ printf("Your tty %s was labeled with context %s\n", ttyn, tty_context);
	100	+#endif
	101	+
	102	+ new_tty_context = NULL;
	103	+ if (tty_context && security_compute_relabel(new_context,tty_context,SECCLASS_CHR_FILE,&new_tty_context) < 0)
	104	+ fprintf(stderr, "Warning! Could not get new context for %s, not relabeling.\n", ttyn);
	105	+
5cb05c03	106	+#ifdef CANTSPELLGDB
8620b293 JB	107	+ if (new_tty_context)
8620b293 JB	108	+ printf("Relabeling tty %s to context %s\n", ttyn, new_tty_context);
5cb05c03	109	+#endif
8620b293 JB	110	+
	111	+ if (new_tty_context) {
	112	+ if( fsetfilecon(fd,new_tty_context)!=0 ) {
	113	+ fprintf(stderr,"sudo: error: setfilecon on %s to %s",ttyn,new_tty_context);
	114	+ }
	115	+ }
	116	+ return tty_context;
	117	+}
	118	+security_context_t get_exec_context(char role_s, char type_s) {
	119	+
	120	+ security_context_t old_context=NULL; /* our original securiy ID ("old_context") */
	121	+ security_context_t new_context=NULL; /* our target security ID ("sid") */
5cb05c03	122	+
8620b293 JB	123	+ /*
	124	+ *
	125	+ * Step 1: Handle command-line arguments.
	126	+ *
	127	+ */
	128	+
	129	+ security_context_t context_s; /* our security context as a string */
	130	+ int context_length;
	131	+ context_t context; /* manipulatable form of context_s */
	132	+
	133	+
	134	+ /*
	135	+ * Get the SID and context of the caller, and extract
	136	+ * the username from the context. Don't rely on the Linux
	137	+ * uid information - it isn't trustworthy.
	138	+ */
	139	+
	140	+ /* Put the caller's SID into `old_context'. */
	141	+ if( 0!=(getprevcon(&old_context)) ) {
	142	+ fprintf(stderr,"failed to get old_context.\n");
	143	+ exit(-1);
	144	+ }
	145	+
5cb05c03	146	+#ifdef CANTSPELLGDB
8620b293	147	+ printf( "Your old context was %s\n", old_context );
5cb05c03	148	+#endif
8620b293 JB	149	+ /*
	150	+ * Create a context structure so that we extract and modify
	151	+ * components easily.
	152	+ */
	153	+ context=context_new(old_context);
	154	+
	155	+ /*
	156	+ *
	157	+ * Step 3: Construct a new SID based on our old SID and the
	158	+ * arguments specified on the command line.
	159	+ *
	160	+ */
	161	+
	162	+ /* The first step in constructing a new SID for the new shell we *
	163	+ * plan to exec is to take our old context in `context' as a *
	164	+ * starting point, and modify it according to the options the user *
	165	+ * specified on the command line. */
	166	+
	167	+ /* Set the SELinux user identity to root */
	168	+ context_user_set(context, "root");
	169	+
	170	+ /* If the user specified a new role on the command line (if `role_s' *
	171	+ * is set), then replace the old role in `context' with this new role. */
	172	+ if( role_s ) {
	173	+ if( !type_s ) {
	174	+ if( get_default_type(role_s,&type_s) )
	175	+ {
	176	+ fprintf(stderr,"Couldn't get default type.\n");
	177	+ exit(-1);
	178	+ }
5cb05c03	179	+#ifdef CANTSPELLGDB
8620b293 JB	180	+ printf( "Your type will be %s.\n", type_s );
	181	+#endif
	182	+ }
	183	+
	184	+ if( context_role_set(context,role_s)) {
	185	+ fprintf(stderr,"failed to set new role %s\n",role_s);
	186	+ exit(-1);
	187	+ }
5cb05c03	188	+#ifdef CANTSPELLGDB
8620b293	189	+ printf("Your new role is %s\n",context_role_get(context));
5cb05c03	190	+#endif
8620b293 JB	191	+
	192	+ /* If the user specified a new type on the command line (if `type_s' *
	193	+ * is set), then replace the old type in `context' with this new type. */
	194	+ if( type_s ) {
	195	+ if( context_type_set(context,type_s)) {
	196	+ fprintf(stderr,"failed to set new type %s\n",type_s);
	197	+ exit(-1);
	198	+ }
5cb05c03	199	+#ifdef CANTSPELLGDB
8620b293	200	+ printf("Your new type is %s\n",context_type_get(context));
5cb05c03	201	+#endif
8620b293 JB	202	+ } /* if user specified new type */
	203	+
	204	+ /* The second step in creating the new SID is to convert our modified *
	205	+ * `context' structure back to a context string and then to a SID. */
	206	+
	207	+ /* Make `context_s' point to a string version of the new `context'. */
	208	+ if( !(new_context=strdup(context_str(context)))) {
	209	+ fprintf(stderr,"failed to convert new context to string\n" );
	210	+ exit(-1);
	211	+ }
	212	+
	213	+ } /* if user specified new role */
	214	+ else {
	215	+ if (get_default_context(context_user_get(context),
	216	+ NULL,
	217	+ &new_context)) {
	218	+ fprintf(stderr,"failed to get default context\n" );
	219	+ exit(-1);
	220	+ }
	221	+ }
	222	+ context_free(context);
	223	+ freecon(old_context);
5cb05c03	224	+
8620b293 JB	225	+ if (security_check_context(new_context) < 0) {
	226	+ fprintf(stderr, "%s is not a valid context\n", new_context);
	227	+ exit(-1);
	228	+ }
5cb05c03	229	+
8620b293 JB	230	+ return new_context;
	231	+}
	232
5cb05c03	233	+#endif
8620b293 JB	234	int
	235	main(argc, argv, envp)
	236	int argc;
	237	@@ -149,10 +304,10 @@
	238	char **envp;
	239	{
	240	int validated;
	241	- int fd;
	242	int cmnd_status;
	243	int sudo_mode;
	244	int pwflag;
	245	+ int fd;
	246	char **new_environ;
	247	sigaction_t sa;
	248	extern int printmatches;
	249	@@ -203,9 +358,6 @@
	250	/* Setup defaults data structures. */
	251	init_defaults();
	252
	253	- /* Load the list of local ip addresses and netmasks. */
	254	- load_interfaces();
	255	-
	256	pwflag = 0;
	257	if (ISSET(sudo_mode, MODE_SHELL))
	258	user_cmnd = "shell";
	259	@@ -219,6 +371,8 @@
	260	putchar('\n');
	261	dump_auth_methods();
	262	dump_defaults();
	263	+ /* Load the list of local ip addresses and netmasks. */
	264	+ load_interfaces();
	265	dump_interfaces();
	266	}
	267	exit(0);
	268	@@ -445,7 +599,43 @@
	269	#ifndef PROFILING
	270	if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
	271	exit(0);
	272	- else
	273	+#ifdef WITH_SELINUX
	274	+ if(is_selinux_enabled() > 0) {
	275	+ int fd;
	276	+ char ttyn = NULL; / tty path */
	277	+ security_context_t new_context=NULL; /* our target security ID ("sid") */
	278	+ security_context_t chk_tty_context= NULL;
5cb05c03	279	+
8620b293	280	+ new_context=get_exec_context(role_s,type_s);
5cb05c03	281	+#ifdef CANTSPELLGDB
8620b293	282	+ printf("Your new context is %s\n",new_context);
5cb05c03 AM	283	+#endif
5cb05c03 AM	284	+
5cb05c03 AM	285	+ if (setexeccon(new_context) < 0) {
	286	+ fprintf(stderr, "Could not set exec context to %s.\n", new_context);
	287	+ exit(-1);
	288	+ }
	289	+ freecon(new_context);
8620b293 JB	290	+ {
	291	+ /*
	292	+ SELinux will only not transition properly with the following
	293	+ code. Basically if the user chooses to use a different security
	294	+ context. We need to start the selinux shell, before executing
	295	+ the command. This way the process transition will happen
	296	+ correctly. For example if they user wants to run rpm from
	297	+ sysadm_r. Sudo will exec the /usr/sbin/sesh followed by the
	298	+ specified command.*/
	299	+ char dst, src = NewArgv+1;
	300	+ NewArgv = (char *) emalloc2((++NewArgc + 1), sizeof(char ));
	301	+ NewArgv[0] = estrdup("sesh");
	302	+ NewArgv[1] = safe_cmnd;
	303	+ safe_cmnd = estrdup("/usr/sbin/sesh");
	304	+ /* copy the args from Argv */
	305	+ for (dst = NewArgv + 2; (dst = src) != NULL; ++src, ++dst)
	306	+ ;
5cb05c03 AM	307	+ }
	308	+ }
	309	+#endif
8620b293	310	EXECV(safe_cmnd, NewArgv); /* run the command */
5cb05c03 AM	311	#else
5cb05c03 AM	312	exit(0);
8620b293	313	@@ -729,6 +919,30 @@
5cb05c03 AM	314	NewArgv++;
	315	break;
	316	#endif
	317	+#ifdef WITH_SELINUX
	318	+ case 'r':
	319	+ /* Must have an associated SELinux role. */
	320	+ if (NewArgv[1] == NULL)
	321	+ usage(1);
	322	+
	323	+ role_s = NewArgv[1];
	324	+
	325	+ /* Shift Argv over and adjust Argc. */
	326	+ NewArgc--;
	327	+ NewArgv++;
	328	+ break;
	329	+ case 't':
	330	+ /* Must have an associated SELinux type. */
	331	+ if (NewArgv[1] == NULL)
	332	+ usage(1);
	333	+
	334	+ type_s = NewArgv[1];
	335	+
	336	+ /* Shift Argv over and adjust Argc. */
	337	+ NewArgc--;
	338	+ NewArgv++;
	339	+ break;
	340	+#endif
	341	#ifdef HAVE_LOGIN_CAP_H
	342	case 'c':
	343	/* Must have an associated login class. */
8620b293 JB	344	@@ -1111,6 +1325,9 @@
	345	#ifdef HAVE_LOGIN_CAP_H
	346	" [-c class\|-]",
ad1310e6 AM	347	#endif
ad1310e6 AM	348	+#ifdef WITH_SELINUX
8620b293	349	+ " [-r role] [-t type]",
ad1310e6	350	+#endif
8620b293 JB	351	" [-p prompt]",
	352	" [-u username\|#uid]",
	353	" { -e file [...] \| -i \| -s \| <command> }",
	354	--- sudo-1.6.8/sudo.man.in.orig 2004-08-17 20:53:39.000000000 +0200
	355	+++ sudo-1.6.8/sudo.man.in 2004-08-29 20:48:39.189378528 +0200
	356	@@ -156,7 +156,7 @@
5cb05c03	357	.IX Header "SYNOPSIS"
8620b293 JB	358	\&\fBsudo\fR \fB\-K\fR \| \fB\-L\fR \| \fB\-V\fR \| \fB\-h\fR \| \fB\-k\fR \| \fB\-l\fR \| \fB\-v\fR
	359	.PP
	360	-\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR\|\fI\-\fR]
	361	+\&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR\|\fI\-\fR] [\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
	362	[\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR\|\fI#uid\fR]
	363	{\fB\-e\fR\ file\ [...]\ \|\ \fB\-i\fR\ \|\ \fB\-s\fR\ \|\ \fIcommand\fR}
	364	.PP
	365	@@ -235,6 +235,16 @@
	366	\&\fBsudo\fR will initialize the group vector to the list of groups the
	367	target user is in. The real and effective group IDs, however, are
	368	still set to match the target user.
5cb05c03 AM	369	+.IP "\-r" 4
	370	+.IX Item "-r"
	371	+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
	372	+\fIROLE\fR.
	373	+.IP "\-t" 4
	374	+.IX Item "-t"
	375	+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
	376	+specified by
	377	+\fITYPE\fR.
	378	+If no type is specified, the default type is derived from the specified role.
	379	.IP "\-S" 4
	380	.IX Item "-S"
	381	The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
dd44b34a JB	382	--- sudo-1.6.8p1/Makefile.in.orig 2004-09-15 22:11:22.000000000 +0200
dd44b34a JB	383	+++ sudo-1.6.8p1/Makefile.in 2004-09-19 12:26:11.212233352 +0200
8620b293 JB	384	@@ -43,7 +43,8 @@
	385	# Libraries
	386	LIBS = @LIBS@
	387	NET_LIBS = @NET_LIBS@
	388	-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
	389	+SELINUX_LIBS = -lselinux
	390	+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
	391
	392	# C preprocessor flags
	393	CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
	394	@@ -90,7 +91,7 @@
	395	sudoers_mode = @SUDOERS_MODE@
	396
	397	# Pass in paths and uid/gid + OS dependent defined
	398	-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
	399	+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
	400
	401	#### End of system configuration section. ####
	402
	403	@@ -104,7 +105,7 @@
dd44b34a JB	404	parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
	405	strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
	406	sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
	407	- zero_bytes.c $(AUTH_SRCS)
	408	+ zero_bytes.c $(AUTH_SRCS) sesh.c
8620b293 JB	409
	410	AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
	411	auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
	412	@@ -126,6 +127,8 @@
	413
dd44b34a	414	VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
8620b293 JB	415
	416	+SESH_OBJS = sesh.o
	417	+
	418	TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
	419
	420	LIBOBJS = @LIBOBJS@ @ALLOCA@
	421	@@ -145,7 +148,7 @@
	422	BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
	423	UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
	424	sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
	425	- sudoers.pod visudo visudo.cat visudo.man visudo.pod
	426	+ sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
	427
dd44b34a	428	BINSPECIAL= INSTALL.binary Makefile.binary libtool
8620b293 JB	429
	430	@@ -177,6 +180,9 @@
	431	visudo: $(VISUDOBJS) $(LIBOBJS)
	432	$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
	433
	434	+sesh: $(SESH_OBJS)
	435	+ $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
	436	+
	437	testsudoers: $(TESTOBJS) $(LIBOBJS)
	438	$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
	439
	440	@@ -215,6 +221,7 @@
	441	set_perms.o: set_perms.c $(SUDODEP)
	442	tgetpass.o: tgetpass.c $(SUDODEP)
	443	visudo.o: visudo.c $(SUDODEP) version.h
	444	+sesh.o: sesh.c
	445	sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
	446	interfaces.o: interfaces.c $(SUDODEP) interfaces.h
	447	testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
dd44b34a JB	448	@@ -306,6 +313,7 @@
dd44b34a JB	449	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
5cb05c03	450
8620b293 JB	451	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
8620b293 JB	452	+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
5cb05c03	453
8620b293 JB	454	install-noexec: sudo_noexec.la
8620b293 JB	455	$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)