shadow-selinux.patch

   1 --- shadow-4.0.3/lib/commonio.h.selinux 2001-08-14 17:09:54.000000000 -0400
   2 +++ shadow-4.0.3/lib/commonio.h 2003-06-20 15:52:54.000000000 -0400
   3 @@ -1,5 +1,8 @@
   4  /* $Id$ */
   5
   6 +#ifdef WITH_SELINUX
   7 +#include <selinux/selinux.h>
   8 +#endif
   9  /*
  10   * Linked list entry.
  11   */
  12 @@ -70,6 +73,9 @@ struct commonio_db {
  13          */
  14         FILE *fp;
  15
  16 +#ifdef WITH_SELINUX
  17 +        security_context_t scontext;
  18 +#endif
  19         /*
  20          * Head, tail, current position in linked list.
  21          */
  22 --- shadow-4.0.3/lib/Makefile.am.selinux        2003-06-20 15:46:31.000000000 -0400
  23 +++ shadow-4.0.3/lib/Makefile.am        2003-06-20 15:51:00.000000000 -0400
  24 @@ -1,14 +1,14 @@
  25
  26  AUTOMAKE_OPTIONS = 1.0 foreign
  27
  28 -DEFS =
  29 +DEFS = -DWITH_SELINUX
  30  INCLUDES = -I$(top_srcdir)
  31
  32  noinst_LTLIBRARIES = libshadow.la
  33
  34  libshadow_la_LDFLAGS = -version-info 0:0:0
  35  libshadow_la_LIBADD = $(INTLLIBS) $(LIBCRYPT) $(LIBTCFS) $(LIBSKEY) $(LIBMD) \
  36 -       $(top_builddir)/libmisc/libmisc.la
  37 +       $(top_builddir)/libmisc/libmisc.la
  38
  39  libshadow_la_SOURCES = \
  40         commonio.c \
  41 --- shadow-4.0.3/lib/commonio.c.selinux 2003-06-20 15:53:16.000000000 -0400
  42 +++ shadow-4.0.3/lib/commonio.c 2003-07-08 13:53:32.033078008 -0400
  43 @@ -15,7 +15,10 @@ RCSID("$Id: commonio.c,v 1.22 2001/11/17
  44  #ifdef HAVE_SHADOW_H
  45  #include <shadow.h>
  46  #endif
  47 -
  48 +#ifdef WITH_SELINUX
  49 +#include <selinux/selinux.h>
  50 +static security_context_t old_context=NULL;
  51 +#endif
  52  #include "commonio.h"
  53
  54  /* local function prototypes */
  55 @@ -437,6 +440,15 @@ commonio_open(struct commonio_db *db, in
  56                 return 0;
  57         }
  58
  59 +#ifdef WITH_SELINUX
  60 +       db->scontext=NULL;
  61 +       if (is_selinux_enabled() &&  (! db->readonly)) {
  62 +         if (fgetfilecon(fileno(db->fp),&db->scontext) < 0) {
  63 +               goto cleanup;
  64 +         }
  65 +       }
  66 +#endif
  67 +
  68         buflen = BUFLEN;
  69         buf = (char *) malloc(buflen);
  70         if (!buf)
  71 @@ -492,6 +504,12 @@ cleanup_buf:
  72         free(buf);
  73  cleanup:
  74         free_linked_list(db);
  75 +#ifdef WITH_SELINUX
  76 +       if (db->scontext!= NULL) {
  77 +         freecon(db->scontext);
  78 +         db->scontext=NULL;
  79 +       }
  80 +#endif
  81         fclose(db->fp);
  82         db->fp = NULL;
  83         errno = ENOMEM;
  84 @@ -627,6 +645,19 @@ commonio_close(struct commonio_db *db)
  85                         goto fail;
  86                 }
  87
  88 +#ifdef WITH_SELINUX
  89 +               if (db->scontext != NULL) {
  90 +                 int stat=getfscreatecon(&old_context);
  91 +                 if (stat< 0) {
  92 +                   errors++;
  93 +                   goto fail;
  94 +                 }
  95 +                 if (setfscreatecon(db->scontext)<0) {
  96 +                   errors++;
  97 +                   goto fail;
  98 +                 }
  99 +               }
 100 +#endif
 101                 /*
 102                  * Create backup file.
 103                  */
 104 @@ -683,14 +714,26 @@ commonio_close(struct commonio_db *db)
 105                 goto fail;
 106
 107         nscd_need_reload = 1;
 108 -
 109 +       goto success;
 110 +fail:
 111 +       errors++;
 112  success:
 113 -       free_linked_list(db);
 114 -       return 1;
 115
 116 -fail:
 117 +#ifdef WITH_SELINUX
 118 +       if (db->scontext != NULL) {
 119 +         if (setfscreatecon(old_context)<0) {
 120 +           errors++;
 121 +         }
 122 +         if (old_context != NULL) {
 123 +           freecon(old_context);
 124 +           old_context=NULL;
 125 +         }
 126 +         freecon(db->scontext);
 127 +         db->scontext=NULL;
 128 +       }
 129 +#endif
 130         free_linked_list(db);
 131 -       return 0;
 132 +       return errors==0;
 133  }
 134
 135
 136 --- shadow-4.0.3/src/Makefile.am.selinux        2003-06-20 15:50:17.000000000 -0400
 137 +++ shadow-4.0.3/src/Makefile.am        2003-06-20 15:50:44.000000000 -0400
 138 @@ -4,7 +4,7 @@ EXTRA_DOST = .indent.pro
 139  ubindir = ${prefix}/bin
 140  usbindir = ${prefix}/sbin
 141
 142 -DEFS = -D_HAVE_CONFIG_H -DLOCALEDIR=\"$(datadir)/locale\"
 143 +DEFS = -D_HAVE_CONFIG_H -DLOCALEDIR=\"$(datadir)/locale\" -DWITH_SELINUX
 144
 145  INCLUDES = -I${top_srcdir} \
 146         -I${top_srcdir}/lib \
 147 @@ -35,7 +35,7 @@ suidbins = su
 148  suidubins = chage chfn chsh expiry gpasswd newgrp passwd
 149
 150  LDADD = $(top_builddir)/libmisc/libmisc.la \
 151 -       $(top_builddir)/lib/libshadow.la
 152 +       $(top_builddir)/lib/libshadow.la -lselinux
 153
 154  chpasswd_LDADD = $(LDADD) $(LIBPAM)
 155  chage_LDADD    = $(LDADD) $(LIBPAM)