Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-09-10 19:29:39
|
Revision: 2555
http://selinux.svn.sourceforge.net/selinux/?rev=2555&view=rev
Author: ssmalley
Date: 2007-09-10 12:29:37 -0700 (Mon, 10 Sep 2007)
Log Message:
-----------
Author: "Todd C. Miller"
Email: tm...@tr...
Subject: libsemanage: genhomedircon replacement
Date: Thu, 6 Sep 2007 15:16:24 -0400 (EDT)
Stephen Smalley wrote:
> BTW, the C code shouldn't be using getpwnam or getpwent - it should be
> using the _r versions of those functions since it is a library.
Below is a diff to use the _r versions. I sent this out some time ago
but apparently it didn't make it to the list.
- todd
genhomedircon.c | 32 +++++++++++++++++++++++++++-----
1 file changed, 27 insertions(+), 5 deletions(-)
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2007-09-10 19:25:54 UTC (rev 2554)
+++ trunk/libsemanage/src/genhomedircon.c 2007-09-10 19:29:37 UTC (rev 2555)
@@ -41,6 +41,7 @@
#include <fcntl.h>
#include <pwd.h>
#include <errno.h>
+#include <unistd.h>
/* paths used in get_home_dirs() */
#define PATH_ETC_USERADD "/etc/default/useradd"
@@ -145,11 +146,13 @@
{
semanage_list_t *homedir_list = NULL;
semanage_list_t *shells = NULL;
+ char *rbuf = NULL;
char *path = NULL;
+ long rbuflen;
size_t minuid = 0;
size_t minuid_set = 0;
size_t temp;
- struct passwd *pwbuf;
+ struct passwd pwstorage, *pwbuf;
struct stat buf;
shells = get_shell_list();
@@ -215,8 +218,14 @@
minuid_set = 1;
}
+ rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ goto fail;
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ goto fail;
setpwent();
- for (errno = 0; (pwbuf = getpwent()); errno = 0) {
+ for (errno = 0; getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf) == 0; errno = 0) {
if (pwbuf->pw_uid < minuid)
continue;
if (!semanage_list_find(shells, pwbuf->pw_shell))
@@ -244,6 +253,7 @@
"Returning list so far.");
}
endpwent();
+ free(rbuf);
semanage_list_destroy(&shells);
if (semanage_list_sort(&homedir_list))
goto fail;
@@ -251,6 +261,8 @@
return homedir_list;
fail:
+ endpwent();
+ free(rbuf);
semanage_list_destroy(&homedir_list);
semanage_list_destroy(&shells);
return NULL;
@@ -496,8 +508,10 @@
const char *name = NULL;
const char *seuname = NULL;
const char *prefix = NULL;
- struct passwd *pwent = NULL;
+ struct passwd pwstorage, *pwent = NULL;
unsigned int i;
+ long rbuflen;
+ char *rbuf = NULL;
int retval;
*errors = 0;
@@ -514,6 +528,14 @@
qsort(user_list, nusers, sizeof(semanage_user_t *),
(int (*)(const void *, const void *))&user_sort_func);
+ /* Allocate space for the getpwnam_r buffer */
+ rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ goto cleanup;
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ goto cleanup;
+
for (i = 0; i < nseusers; i++) {
name = semanage_seuser_get_name(seuser_list[i]);
seuname = semanage_seuser_get_sename(seuser_list[i]);
@@ -536,8 +558,7 @@
}
errno = 0;
- pwent = getpwnam(name);
- if (!pwent) {
+ if (getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent) != 0) {
if (errno != 0) {
*errors = STATUS_ERR;
goto cleanup;
@@ -561,6 +582,7 @@
}
cleanup:
+ free(rbuf);
if (*errors) {
for (; head; pop_user_entry(&head)) {
/* the pop function takes care of all the cleanup
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-28 13:38:21
|
Revision: 2621
http://selinux.svn.sourceforge.net/selinux/?rev=2621&view=rev
Author: ssmalley
Date: 2007-09-28 06:38:20 -0700 (Fri, 28 Sep 2007)
Log Message:
-----------
Author: "Todd C. Miller"
Email: tm...@tr...
Subject: libsemanage: fix getpw*_r usage
Date: Thu, 27 Sep 2007 16:07:14 -0400
getpwnam_r() returns 0 when a user doesn't exist and just zeroes the
struct passwd pointer. However, getpwent_r() returns ENOENT when there
are no more users. This diff deals with both possible behaviors so that
if the two functions are brought in line nothing will break. We can
also remove the errno check and use the return value directly.
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2007-09-28 13:02:44 UTC (rev 2620)
+++ trunk/libsemanage/src/genhomedircon.c 2007-09-28 13:38:20 UTC (rev 2621)
@@ -154,6 +154,7 @@
size_t temp;
struct passwd pwstorage, *pwbuf;
struct stat buf;
+ int retval;
shells = get_shell_list();
assert(shells);
@@ -225,7 +226,7 @@
if (rbuf == NULL)
goto fail;
setpwent();
- for (errno = 0; getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf) == 0; errno = 0) {
+ while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) {
if (pwbuf->pw_uid < minuid)
continue;
if (!semanage_list_find(shells, pwbuf->pw_shell))
@@ -248,7 +249,7 @@
free(path);
}
- if (errno) {
+ if (retval && retval != ENOENT) {
WARN(s->h_semanage, "Error while fetching users. "
"Returning list so far.");
}
@@ -557,12 +558,13 @@
prefix = name;
}
- errno = 0;
- if (getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent) != 0) {
- if (errno != 0) {
+ retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval != 0 || pwent == NULL) {
+ if (retval != 0 && retval != ENOENT) {
*errors = STATUS_ERR;
goto cleanup;
}
+
WARN(s->h_semanage,
"user %s not in password file", name);
continue;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-09-28 18:20:36
|
Revision: 2625
http://selinux.svn.sourceforge.net/selinux/?rev=2625&view=rev
Author: ssmalley
Date: 2007-09-28 11:20:26 -0700 (Fri, 28 Sep 2007)
Log Message:
-----------
Author: "Todd C. Miller"
Email: tm...@tr...
Subject: libsemanage: genhomedircon regressions
Date: Fri, 28 Sep 2007 14:04:12 -0400
Daniel J Walsh wrote:
> Yes you are right.
>
> The problem is we need to find the failsafe account before writing the
> general account.
>
> How about this patch.
There is some missing frees in there and I don't think we really
need to get the full users list. I would write it like this.
- todd
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2007-09-28 13:43:19 UTC (rev 2624)
+++ trunk/libsemanage/src/genhomedircon.c 2007-09-28 18:20:26 UTC (rev 2625)
@@ -575,6 +575,57 @@
return STATUS_SUCCESS;
}
+static int setup_fallback_user(genhomedircon_settings_t * s)
+{
+ semanage_seuser_t **seuser_list = NULL;
+ unsigned int nseusers = 0;
+ semanage_user_key_t *key = NULL;
+ semanage_user_t *u = NULL;
+ const char *name = NULL;
+ const char *seuname = NULL;
+ const char *prefix = NULL;
+ unsigned int i;
+ int retval;
+ int errors = 0;
+
+ retval = semanage_seuser_list(s->h_semanage, &seuser_list, &nseusers);
+ if (retval < 0 || (nseusers < 1)) {
+ /* if there are no users, this function can't do any other work */
+ return errors;
+ }
+
+ for (i = 0; i < nseusers; i++) {
+ name = semanage_seuser_get_name(seuser_list[i]);
+ if (strcmp(name, DEFAULT_LOGIN) == 0) {
+ seuname = semanage_seuser_get_sename(seuser_list[i]);
+
+ /* find the user structure given the name */
+ if (semanage_user_key_create(s->h_semanage, seuname,
+ &key) < 0) {
+ errors = STATUS_ERR;
+ break;
+ }
+ if (semanage_user_query(s->h_semanage, key, &u) < 0)
+ prefix = name;
+ else
+ prefix = semanage_user_get_prefix(u);
+
+ if (set_fallback_user(s, seuname, prefix) != 0)
+ errors = STATUS_ERR;
+ semanage_user_key_free(key);
+ if (u)
+ semanage_user_free(u);
+ break;
+ }
+ }
+
+ for (i = 0; i < nseusers; i++)
+ semanage_seuser_free(seuser_list[i]);
+ free(seuser_list);
+
+ return errors;
+}
+
static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s,
int *errors)
{
@@ -616,30 +667,6 @@
goto cleanup;
for (i = 0; i < nseusers; i++) {
- name = semanage_seuser_get_name(seuser_list[i]);
- if (strcmp(name, DEFAULT_LOGIN) == 0) {
- seuname = semanage_seuser_get_sename(seuser_list[i]);
-
- /* find the user structure given the name */
- u = bsearch(seuname, user_list, nusers,
- sizeof(semanage_user_t *),
- (int (*)(const void *, const void *))
- &name_user_cmp);
- if (u) {
- prefix = semanage_user_get_prefix(*u);
- } else {
- prefix = name;
- }
-
- if (set_fallback_user(s, seuname, prefix) != 0) {
- *errors = STATUS_ERR;
- goto cleanup;
- }
- break;
- }
- }
-
- for (i = 0; i < nseusers; i++) {
seuname = semanage_seuser_get_sename(seuser_list[i]);
if (strcmp(seuname, s->fallback_user) == 0)
@@ -769,12 +796,10 @@
goto done;
}
- if (write_gen_home_dir_context(s, out, user_context_tpl,
- homedir_context_tpl) != STATUS_SUCCESS) {
+ if (setup_fallback_user(s) != 0) {
retval = STATUS_ERR;
goto done;
}
-
for (h = homedirs; h; h = h->next) {
Ustr *temp = ustr_dup_cstr(h->data);
@@ -811,6 +836,11 @@
goto done;
}
+ if (write_gen_home_dir_context(s, out, user_context_tpl,
+ homedir_context_tpl) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ }
+
done:
/* Cleanup */
semanage_list_destroy(&homedirs);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-10-05 13:41:38
|
Revision: 2630
http://selinux.svn.sourceforge.net/selinux/?rev=2630&view=rev
Author: ssmalley
Date: 2007-10-05 06:40:36 -0700 (Fri, 05 Oct 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libsemanage: genhomedircon regressions
Date: Mon, 01 Oct 2007 12:31:09 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch makes sure /root gets labeled even if it is using the default
context.
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2007-10-05 13:39:39 UTC (rev 2629)
+++ trunk/libsemanage/src/genhomedircon.c 2007-10-05 13:40:36 UTC (rev 2630)
@@ -668,12 +668,11 @@
for (i = 0; i < nseusers; i++) {
seuname = semanage_seuser_get_sename(seuser_list[i]);
+ name = semanage_seuser_get_name(seuser_list[i]);
- if (strcmp(seuname, s->fallback_user) == 0)
+ if (strcmp(name,"root") && strcmp(seuname, s->fallback_user) == 0)
continue;
- name = semanage_seuser_get_name(seuser_list[i]);
-
if (strcmp(name, DEFAULT_LOGIN) == 0)
continue;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-24 20:16:03
|
Revision: 2752
http://selinux.svn.sourceforge.net/selinux/?rev=2752&view=rev
Author: ssmalley
Date: 2008-01-24 12:15:58 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Caleb Case
Email: cc...@tr...
Subject: libsemanage: genhomedircon remove error on missing HOME_DIR or HOME_ROOT
Date: Wed, 23 Jan 2008 08:53:56 -0500
Removing failure condition in write_context_file when HOME_DIR or
HOME_ROOT are not found in the contexts. This condition is not needed
(the case where the lists are empty is handled correctly) and stops
otherwise valid operations:
On a fresh policy store, without any modules loaded:
# semodule -s refpolicy -b /usr/share/selinux/refpolicy/base.pp
libsemanage.semanage_install_sandbox: semanage_genhomedircon returned
error code -1. No such file or directory.
semodule: Failed!
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-24 19:27:50 UTC (rev 2751)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-24 20:15:58 UTC (rev 2752)
@@ -792,10 +792,6 @@
homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
- if (!homedir_context_tpl || !homeroot_context_tpl) {
- retval = STATUS_ERR;
- goto done;
- }
if (setup_fallback_user(s) != 0) {
retval = STATUS_ERR;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-01-25 18:57:55
|
Revision: 2758
http://selinux.svn.sourceforge.net/selinux/?rev=2758&view=rev
Author: ssmalley
Date: 2008-01-25 10:57:54 -0800 (Fri, 25 Jan 2008)
Log Message:
-----------
Author: Caleb Case
Email: cc...@tr...
Subject: libsemanage: genhomedircon remove error on missing HOME_DIR or HOME_ROOT v2
Date: Thu, 24 Jan 2008 16:05:44 -0500
Replacing failure condition in write_context_file when HOME_DIR or
HOME_ROOT are not found in the contexts. This condition is not needed
(the case where the lists are empty is handled correctly) and stops
otherwise valid operations:
On a fresh policy store, without any modules loaded:
# semodule -s refpolicy -b /usr/share/selinux/refpolicy/base.pp
libsemanage.semanage_install_sandbox: semanage_genhomedircon returned
error code -1. No such file or directory.
semodule: Failed!
Failure is replaced with an early success return which happens when
HOME_DIR, HOME_ROOT, or USER are not found.
The list of homedirs is computed only if needed (HOME_DIR or HOME_ROOT
exist).
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-24 20:43:51 UTC (rev 2757)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-25 18:57:54 UTC (rev 2758)
@@ -779,52 +779,60 @@
semanage_list_t *homeroot_context_tpl = NULL;
int retval = STATUS_SUCCESS;
- homedirs = get_home_dirs(s);
- if (!homedirs) {
- WARN(s->h_semanage,
- "no home directories were available, exiting without writing");
- return STATUS_ERR; /* No homedirs so no output */
- }
-
- if (write_file_context_header(s, out) != STATUS_SUCCESS)
- return STATUS_ERR;
-
homedir_context_tpl = make_template(s, &HOME_DIR_PRED);
homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED);
user_context_tpl = make_template(s, &USER_CONTEXT_PRED);
+ if (!homedir_context_tpl && !homeroot_context_tpl && !user_context_tpl)
+ goto done;
+
+ if (write_file_context_header(s, out) != STATUS_SUCCESS) {
+ retval = STATUS_ERR;
+ goto done;
+ }
+
if (setup_fallback_user(s) != 0) {
retval = STATUS_ERR;
goto done;
}
- for (h = homedirs; h; h = h->next) {
- Ustr *temp = ustr_dup_cstr(h->data);
- if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
- ustr_sc_free(&temp);
- retval = STATUS_ERR;
+ if (homedir_context_tpl || homeroot_context_tpl) {
+ homedirs = get_home_dirs(s);
+ if (!homedirs) {
+ WARN(s->h_semanage,
+ "no home directories were available, exiting without writing");
goto done;
}
- if (write_home_dir_context(s, out,
- homedir_context_tpl,
- s->fallback_user, s->fallback_user,
- ustr_cstr(temp),
- s->fallback_user_prefix) !=
- STATUS_SUCCESS) {
+ for (h = homedirs; h; h = h->next) {
+ Ustr *temp = ustr_dup_cstr(h->data);
+
+ if (!temp || !ustr_add_cstr(&temp, "/[^/]*")) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
+ if (write_home_dir_context(s, out,
+ homedir_context_tpl,
+ s->fallback_user, s->fallback_user,
+ ustr_cstr(temp),
+ s->fallback_user_prefix) !=
+ STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+ if (write_home_root_context(s, out,
+ homeroot_context_tpl,
+ h->data) != STATUS_SUCCESS) {
+ ustr_sc_free(&temp);
+ retval = STATUS_ERR;
+ goto done;
+ }
+
ustr_sc_free(&temp);
- retval = STATUS_ERR;
- goto done;
}
- if (write_home_root_context(s, out,
- homeroot_context_tpl,
- h->data) != STATUS_SUCCESS) {
- ustr_sc_free(&temp);
- retval = STATUS_ERR;
- goto done;
- }
-
- ustr_sc_free(&temp);
}
if (user_context_tpl) {
if (write_user_context(s, out, user_context_tpl,
@@ -840,7 +848,7 @@
}
}
- done:
+done:
/* Cleanup */
semanage_list_destroy(&homedirs);
semanage_list_destroy(&user_context_tpl);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-31 16:03:52
|
Revision: 2772
http://selinux.svn.sourceforge.net/selinux/?rev=2772&view=rev
Author: millertc
Date: 2008-01-31 08:03:50 -0800 (Thu, 31 Jan 2008)
Log Message:
-----------
Check the homedir context against the file contexts list to make sure
we are not overriding an existing file context. This can happen when
people put home directories in non-standard places. If we find a problem,
ignore the conflicting context and print a warning to alert the user.
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-29 13:19:00 UTC (rev 2771)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-31 16:03:50 UTC (rev 2772)
@@ -24,6 +24,8 @@
#include <semanage/seusers_policy.h>
#include <semanage/users_policy.h>
#include <semanage/user_record.h>
+#include <semanage/fcontext_record.h>
+#include <semanage/fcontexts_policy.h>
#include <sepol/context.h>
#include <sepol/context_record.h>
#include "semanage_store.h"
@@ -45,6 +47,7 @@
#include <pwd.h>
#include <errno.h>
#include <unistd.h>
+#include <regex.h>
/* paths used in get_home_dirs() */
#define PATH_ETC_USERADD "/etc/default/useradd"
@@ -101,6 +104,11 @@
const char *replace_with;
} replacement_pair_t;
+typedef struct {
+ const char *dir;
+ int matched;
+} fc_match_handle_t;
+
static semanage_list_t *default_shell_list(void)
{
semanage_list_t *list = NULL;
@@ -150,10 +158,66 @@
return list;
}
+/* Helper function called via semanage_fcontext_iterate() */
+static int fcontext_matches(const semanage_fcontext_t *fcontext, void *varg)
+{
+ const char *oexpr = semanage_fcontext_get_expr(fcontext);
+ fc_match_handle_t *handp = varg;
+ struct Ustr *expr;
+ regex_t re;
+ int type, retval = -1;
+
+ /* Only match ALL or DIR */
+ type = semanage_fcontext_get_type(fcontext);
+ if (type != SEMANAGE_FCONTEXT_ALL && type != SEMANAGE_FCONTEXT_ALL)
+ return 0;
+
+ /* Convert oexpr into a Ustr and anchor it at the beginning */
+ expr = ustr_dup_cstr("^");
+ if (expr == USTR_NULL)
+ goto done;
+ ustr_ins_cstr(&expr, 1, oexpr);
+ if (expr == USTR_NULL)
+ goto done;
+
+ /* Strip off trailing ".+" or ".*" */
+ if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
+ ustr_cmp_suffix_cstr_eq(expr, ".*")) {
+ if (!ustr_del_subustr(&expr, ustr_len(expr) - 1, 2))
+ goto done;
+ }
+
+ /* Strip off trailing "(/.*)?" */
+ if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
+ if (!ustr_del_subustr(&expr, ustr_len(expr) - 5, 6))
+ goto done;
+ }
+
+ /* Append pattern to eat up trailing slashes */
+ if (!ustr_ins_cstr(&expr, ustr_len(expr), "/*$"))
+ goto done;
+
+ /* Check dir against expr */
+ if (regcomp(&re, ustr_cstr(expr), REG_EXTENDED) != 0)
+ goto done;
+ if (regexec(&re, handp->dir, 0, NULL, 0) == 0)
+ handp->matched = 1;
+ regfree(&re);
+
+ retval = 0;
+
+done:
+ if (expr)
+ ustr_free(expr);
+
+ return retval;
+}
+
static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
{
semanage_list_t *homedir_list = NULL;
semanage_list_t *shells = NULL;
+ fc_match_handle_t hand;
char *rbuf = NULL;
char *path = NULL;
long rbuflen;
@@ -169,21 +233,18 @@
path = semanage_findval(PATH_ETC_USERADD, "HOME", "=");
if (path && *path) {
- if (semanage_list_push(&homedir_list, path)) {
- free(path);
+ if (semanage_list_push(&homedir_list, path))
goto fail;
- }
}
free(path);
path = semanage_findval(PATH_ETC_LIBUSER, "LU_HOMEDIRECTORY", "=");
if (path && *path) {
- if (semanage_list_push(&homedir_list, path)) {
- free(path);
+ if (semanage_list_push(&homedir_list, path))
goto fail;
- }
}
free(path);
+ path = NULL;
if (!homedir_list) {
if (semanage_list_push(&homedir_list, PATH_DEFAULT_HOME)) {
@@ -211,6 +272,7 @@
}
}
free(path);
+ path = NULL;
path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "=");
if (path && *path) {
@@ -221,6 +283,7 @@
}
}
free(path);
+ path = NULL;
if (!minuid_set) {
minuid = 500;
@@ -248,13 +311,28 @@
}
semanage_rtrim(path, '/');
+
if (!semanage_list_find(homedir_list, path)) {
- if (semanage_list_push(&homedir_list, path)) {
- free(path);
+ /*
+ * Now check for an existing file context that matches
+ * so we don't label a non-homedir as a homedir.
+ */
+ hand.dir = path;
+ hand.matched = 0;
+ if (semanage_fcontext_iterate(s->h_semanage,
+ fcontext_matches, &hand) == STATUS_ERR)
goto fail;
+
+ /* NOTE: old genhomedircon printed a warning on match */
+ if (hand.matched) {
+ WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid);
+ } else {
+ if (semanage_list_push(&homedir_list, path))
+ goto fail;
}
}
free(path);
+ path = NULL;
}
if (retval && retval != ENOENT) {
@@ -272,6 +350,7 @@
fail:
endpwent();
free(rbuf);
+ free(path);
semanage_list_destroy(&homedir_list);
semanage_list_destroy(&shells);
return NULL;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-31 19:43:03
|
Revision: 2774
http://selinux.svn.sourceforge.net/selinux/?rev=2774&view=rev
Author: millertc
Date: 2008-01-31 11:42:58 -0800 (Thu, 31 Jan 2008)
Log Message:
-----------
Use correct types for minuid, minuid_set and temp.
Fixes a 64-bit problem with the recent genhomedircon changes.
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-01-31 16:06:18 UTC (rev 2773)
+++ trunk/libsemanage/src/genhomedircon.c 2008-01-31 19:42:58 UTC (rev 2774)
@@ -221,9 +221,8 @@
char *rbuf = NULL;
char *path = NULL;
long rbuflen;
- size_t minuid = 0;
- size_t minuid_set = 0;
- size_t temp;
+ uid_t temp, minuid = 0;
+ int minuid_set = 0;
struct passwd pwstorage, *pwbuf;
struct stat buf;
int retval;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-06 15:08:23
|
Revision: 2791
http://selinux.svn.sourceforge.net/selinux/?rev=2791&view=rev
Author: millertc
Date: 2008-02-06 07:08:20 -0800 (Wed, 06 Feb 2008)
Log Message:
-----------
Author: own...@ty...
Email: own...@ty...
Subject: RE: genhomedircon is broken in libsemanage
James Antill wrote:
> Mostly FYI, although there is one minor error dealing with a malloc()
> error case.
Thanks for the feedback. I wasn't sure from the ustr API docs whether
the add/del functions applied to the end of the string. The following
diff addresses the things you pointed out.
Signed-off-by: Todd C. Miller <tm...@tr...>
- todd
genhomedircon.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
Modified Paths:
--------------
trunk/libsemanage/src/genhomedircon.c
Modified: trunk/libsemanage/src/genhomedircon.c
===================================================================
--- trunk/libsemanage/src/genhomedircon.c 2008-02-05 21:18:52 UTC (rev 2790)
+++ trunk/libsemanage/src/genhomedircon.c 2008-02-06 15:08:20 UTC (rev 2791)
@@ -176,25 +176,24 @@
expr = ustr_dup_cstr("^");
if (expr == USTR_NULL)
goto done;
- ustr_ins_cstr(&expr, 1, oexpr);
- if (expr == USTR_NULL)
+ if (!ustr_add_cstr(&expr, oexpr))
goto done;
/* Strip off trailing ".+" or ".*" */
if (ustr_cmp_suffix_cstr_eq(expr, ".+") ||
ustr_cmp_suffix_cstr_eq(expr, ".*")) {
- if (!ustr_del_subustr(&expr, ustr_len(expr) - 1, 2))
+ if (!ustr_del(&expr, 2))
goto done;
}
/* Strip off trailing "(/.*)?" */
if (ustr_cmp_suffix_cstr_eq(expr, "(/.*)?")) {
- if (!ustr_del_subustr(&expr, ustr_len(expr) - 5, 6))
+ if (!ustr_del(&expr, 6))
goto done;
}
/* Append pattern to eat up trailing slashes */
- if (!ustr_ins_cstr(&expr, ustr_len(expr), "/*$"))
+ if (!ustr_add_cstr(&expr, "/*$"))
goto done;
/* Check dir against expr */
@@ -207,8 +206,7 @@
retval = 0;
done:
- if (expr)
- ustr_free(expr);
+ ustr_free(expr);
return retval;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X