update for 1.10
This commit is contained in:
Nalin Dahyabhai
parent
6d42ba9cb1
commit
efdfc3a244
@ -31,9 +31,8 @@ The selabel APIs for looking up the context should be thread-safe (per
|
||||
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
||||
which we used earlier, is some improvement.
|
||||
|
||||
diff -up krb5-1.8/src/aclocal.m4.selinux-label krb5-1.8/src/aclocal.m4
|
||||
--- krb5-1.8/src/aclocal.m4.selinux-label 2010-03-05 10:57:23.000000000 -0500
|
||||
+++ krb5-1.8/src/aclocal.m4 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/aclocal.m4
|
||||
+++ krb5/src/aclocal.m4
|
||||
@@ -103,6 +103,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
||||
dnl
|
||||
KRB5_AC_PRAGMA_WEAK_REF
|
||||
@ -94,9 +93,8 @@ diff -up krb5-1.8/src/aclocal.m4.selinux-label krb5-1.8/src/aclocal.m4
|
||||
+LIBS="$old_LIBS"
|
||||
+AC_SUBST(SELINUX_LIBS)
|
||||
+])dnl
|
||||
diff -up krb5-1.8/src/config/pre.in.selinux-label krb5-1.8/src/config/pre.in
|
||||
--- krb5-1.8/src/config/pre.in.selinux-label 2010-03-05 10:57:23.000000000 -0500
|
||||
+++ krb5-1.8/src/config/pre.in 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/config/pre.in
|
||||
+++ krb5/src/config/pre.in
|
||||
@@ -180,6 +180,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PREFIX@
|
||||
LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
|
||||
LDARGS = @LDARGS@
|
||||
@ -114,9 +112,8 @@ diff -up krb5-1.8/src/config/pre.in.selinux-label krb5-1.8/src/config/pre.in
|
||||
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
||||
GSS_LIBS = $(GSS_KRB5_LIB)
|
||||
# needs fixing if ever used on Mac OS X!
|
||||
diff -up krb5-1.8/src/configure.in.selinux-label krb5-1.8/src/configure.in
|
||||
--- krb5-1.8/src/configure.in.selinux-label 2010-03-05 10:57:23.000000000 -0500
|
||||
+++ krb5-1.8/src/configure.in 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/configure.in
|
||||
+++ krb5/src/configure.in
|
||||
@@ -1053,6 +1053,8 @@ fi
|
||||
|
||||
KRB5_WITH_PAM
|
||||
@ -126,9 +123,8 @@ diff -up krb5-1.8/src/configure.in.selinux-label krb5-1.8/src/configure.in
|
||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
||||
|
||||
V5_AC_OUTPUT_MANPAGE([
|
||||
diff -up krb5-1.8/src/include/k5-int.h.selinux-label krb5-1.8/src/include/k5-int.h
|
||||
--- krb5-1.8/src/include/k5-int.h.selinux-label 2010-01-04 14:59:16.000000000 -0500
|
||||
+++ krb5-1.8/src/include/k5-int.h 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/include/k5-int.h
|
||||
+++ krb5/src/include/k5-int.h
|
||||
@@ -133,6 +133,7 @@ typedef unsigned char u_char;
|
||||
typedef UINT64_TYPE krb5_ui_8;
|
||||
typedef INT64_TYPE krb5_int64;
|
||||
@ -137,9 +133,8 @@ diff -up krb5-1.8/src/include/k5-int.h.selinux-label krb5-1.8/src/include/k5-int
|
||||
|
||||
#define DEFAULT_PWD_STRING1 "Enter password"
|
||||
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
|
||||
diff -up krb5-1.8/src/include/k5-label.h.selinux-label krb5-1.8/src/include/k5-label.h
|
||||
--- krb5-1.8/src/include/k5-label.h.selinux-label 2010-03-05 10:57:23.000000000 -0500
|
||||
+++ krb5-1.8/src/include/k5-label.h 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/include/k5-label.h
|
||||
+++ krb5/src/include/k5-label.h
|
||||
@@ -0,0 +1,32 @@
|
||||
+#ifndef _KRB5_LABEL_H
|
||||
+#define _KRB5_LABEL_H
|
||||
@ -173,9 +168,8 @@ diff -up krb5-1.8/src/include/k5-label.h.selinux-label krb5-1.8/src/include/k5-l
|
||||
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||
+#endif
|
||||
+#endif
|
||||
diff -up krb5-1.8/src/include/krb5/krb5.hin.selinux-label krb5-1.8/src/include/krb5/krb5.hin
|
||||
--- krb5-1.8/src/include/krb5/krb5.hin.selinux-label 2010-01-21 17:49:07.000000000 -0500
|
||||
+++ krb5-1.8/src/include/krb5/krb5.hin 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/include/krb5/krb5.hin
|
||||
+++ krb5/src/include/krb5/krb5.hin
|
||||
@@ -87,6 +87,12 @@
|
||||
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||
#endif
|
||||
@ -189,9 +183,17 @@ diff -up krb5-1.8/src/include/krb5/krb5.hin.selinux-label krb5-1.8/src/include/k
|
||||
#define KRB5_OLD_CRYPTO
|
||||
|
||||
#include <stdlib.h>
|
||||
diff -up krb5-1.8/src/kadmin/dbutil/dump.c.selinux-label krb5-1.8/src/kadmin/dbutil/dump.c
|
||||
--- krb5-1.8/src/kadmin/dbutil/dump.c.selinux-label 2009-10-30 20:48:38.000000000 -0400
|
||||
+++ krb5-1.8/src/kadmin/dbutil/dump.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/kadmin/dbutil/dump.c
|
||||
+++ krb5/src/kadmin/dbutil/dump.c
|
||||
@@ -346,7 +346,7 @@
|
||||
exit_status++;
|
||||
return;
|
||||
}
|
||||
- if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
||||
+ if ((fd = THREEPARAMOPEN(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
||||
com_err(progname, errno, _("while creating 'ok' file, '%s'"),
|
||||
file_ok);
|
||||
exit_status++;
|
||||
@@ -1274,7 +1274,7 @@ dump_db(argc, argv)
|
||||
* want to get into.
|
||||
*/
|
||||
@ -201,9 +203,8 @@ diff -up krb5-1.8/src/kadmin/dbutil/dump.c.selinux-label krb5-1.8/src/kadmin/dbu
|
||||
fprintf(stderr, ofopen_error,
|
||||
progname, ofile, error_message(errno));
|
||||
exit_status++;
|
||||
diff -up krb5-1.8/src/krb5-config.in.selinux-label krb5-1.8/src/krb5-config.in
|
||||
--- krb5-1.8/src/krb5-config.in.selinux-label 2010-01-21 17:49:01.000000000 -0500
|
||||
+++ krb5-1.8/src/krb5-config.in 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/krb5-config.in
|
||||
+++ krb5/src/krb5-config.in
|
||||
@@ -38,6 +38,7 @@ RPATH_FLAG='@RPATH_FLAG@'
|
||||
PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
|
||||
PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
|
||||
@ -212,18 +213,17 @@ diff -up krb5-1.8/src/krb5-config.in.selinux-label krb5-1.8/src/krb5-config.in
|
||||
|
||||
LIBS='@LIBS@'
|
||||
GEN_LIB=@GEN_LIB@
|
||||
@@ -214,7 +215,7 @@ if test -n "$do_libs"; then
|
||||
@@ -218,7 +219,7 @@
|
||||
fi
|
||||
|
||||
if test $library = 'krb5'; then
|
||||
- lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"
|
||||
+ lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
|
||||
fi
|
||||
# If we ever support a flag to generate output suitable for static
|
||||
- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
|
||||
+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
|
||||
# here.
|
||||
|
||||
echo $lib_flags
|
||||
diff -up krb5-1.8/src/lib/kadm5/logger.c.selinux-label krb5-1.8/src/lib/kadm5/logger.c
|
||||
--- krb5-1.8/src/lib/kadm5/logger.c.selinux-label 2009-12-28 21:42:51.000000000 -0500
|
||||
+++ krb5-1.8/src/lib/kadm5/logger.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/lib/kadm5/logger.c
|
||||
+++ krb5/src/lib/kadm5/logger.c
|
||||
@@ -425,7 +425,7 @@ krb5_klog_init(krb5_context kcontext, ch
|
||||
* Check for append/overwrite, then open the file.
|
||||
*/
|
||||
@ -242,9 +242,8 @@ diff -up krb5-1.8/src/lib/kadm5/logger.c.selinux-label krb5-1.8/src/lib/kadm5/lo
|
||||
if (f) {
|
||||
set_cloexec_file(f);
|
||||
log_control.log_entries[lindex].lfu_filep = f;
|
||||
diff -up krb5-1.8/src/lib/krb5/keytab/kt_file.c.selinux-label krb5-1.8/src/lib/krb5/keytab/kt_file.c
|
||||
--- krb5-1.8/src/lib/krb5/keytab/kt_file.c.selinux-label 2009-11-10 14:59:39.000000000 -0500
|
||||
+++ krb5-1.8/src/lib/krb5/keytab/kt_file.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/lib/krb5/keytab/kt_file.c
|
||||
+++ krb5/src/lib/krb5/keytab/kt_file.c
|
||||
@@ -1050,7 +1050,7 @@ krb5_ktfileint_open(krb5_context context
|
||||
|
||||
KTCHECKLOCK(id);
|
||||
@ -263,9 +262,8 @@ diff -up krb5-1.8/src/lib/krb5/keytab/kt_file.c.selinux-label krb5-1.8/src/lib/k
|
||||
if (!KTFILEP(id))
|
||||
goto report_errno;
|
||||
writevno = 1;
|
||||
diff -up krb5-1.8/src/plugins/kdb/db2/adb_openclose.c.selinux-label krb5-1.8/src/plugins/kdb/db2/adb_openclose.c
|
||||
--- krb5-1.8/src/plugins/kdb/db2/adb_openclose.c.selinux-label 2009-11-24 18:52:25.000000000 -0500
|
||||
+++ krb5-1.8/src/plugins/kdb/db2/adb_openclose.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/plugins/kdb/db2/adb_openclose.c
|
||||
+++ krb5/src/plugins/kdb/db2/adb_openclose.c
|
||||
@@ -201,7 +201,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
|
||||
* POSIX systems
|
||||
*/
|
||||
@ -275,41 +273,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/adb_openclose.c.selinux-label krb5-1.8/src
|
||||
/*
|
||||
* maybe someone took away write permission so we could only
|
||||
* get shared locks?
|
||||
diff -up krb5-1.8/src/plugins/kdb/db2/kdb_db2.c.selinux-label krb5-1.8/src/plugins/kdb/db2/kdb_db2.c
|
||||
--- krb5-1.8/src/plugins/kdb/db2/kdb_db2.c.selinux-label 2009-11-25 09:36:05.000000000 -0500
|
||||
+++ krb5-1.8/src/plugins/kdb/db2/kdb_db2.c 2010-03-05 10:57:23.000000000 -0500
|
||||
@@ -326,8 +326,8 @@ krb5_db2_db_init(krb5_context context)
|
||||
* should be opened read/write so that write locking can work with
|
||||
* POSIX systems
|
||||
*/
|
||||
- if ((db_ctx->db_lf_file = open(filename, O_RDWR, 0666)) < 0) {
|
||||
- if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
|
||||
+ if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDWR, 0666)) < 0) {
|
||||
+ if ((db_ctx->db_lf_file = THREEPARAMOPEN(filename, O_RDONLY, 0666)) < 0) {
|
||||
retval = errno;
|
||||
goto err_out;
|
||||
}
|
||||
@@ -745,7 +745,7 @@ krb5_db2_db_create(krb5_context context,
|
||||
if (!okname)
|
||||
retval = ENOMEM;
|
||||
else {
|
||||
- fd = open(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
|
||||
+ fd = THREEPARAMOPEN(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
|
||||
if (fd < 0)
|
||||
retval = errno;
|
||||
else
|
||||
@@ -1925,7 +1925,7 @@ krb5_db2_db_rename(context, from, to, me
|
||||
retval = ENOMEM;
|
||||
goto errout;
|
||||
}
|
||||
- db_ctx->db_lf_file = open(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
|
||||
+ db_ctx->db_lf_file = THREEPARAMOPEN(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
|
||||
if (db_ctx->db_lf_file < 0) {
|
||||
retval = errno;
|
||||
goto errout;
|
||||
diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||
--- krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c.selinux-label 2009-10-30 20:48:38.000000000 -0400
|
||||
+++ krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||
+++ krb5/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
|
||||
|
||||
#include "k5-platform.h" /* mkstemp? */
|
||||
@ -327,9 +292,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/btree/bt_open.c.selinux-label krb5-
|
||||
goto err;
|
||||
|
||||
} else {
|
||||
diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||
--- krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c.selinux-label 2009-10-30 20:48:38.000000000 -0400
|
||||
+++ krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||
+++ krb5/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
|
||||
#include <assert.h>
|
||||
#endif
|
||||
@ -347,29 +311,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/hash/hash.c.selinux-label krb5-1.8/
|
||||
RETURN_ERROR(errno, error0);
|
||||
(void)fcntl(hashp->fp, F_SETFD, 1);
|
||||
}
|
||||
diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||
--- krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c.selinux-label 2007-10-22 15:18:53.000000000 -0400
|
||||
+++ krb5-1.8/src/plugins/kdb/db2/libdb2/recno/rec_open.c 2010-03-05 10:57:23.000000000 -0500
|
||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#include "k5-int.h"
|
||||
#include "db-int.h"
|
||||
#include "recno.h"
|
||||
|
||||
@@ -68,7 +69,7 @@ __rec_open(fname, flags, mode, openinfo,
|
||||
int rfd, sverrno;
|
||||
|
||||
/* Open the user's file -- if this fails, we're done. */
|
||||
- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
|
||||
+ if (fname != NULL && (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
|
||||
return (NULL);
|
||||
|
||||
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
||||
diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in.selinux-label krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||
--- krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in.selinux-label 2009-11-22 13:13:29.000000000 -0500
|
||||
+++ krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||
+++ krb5/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||
@@ -12,7 +12,8 @@ PROG_RPATH=$(KRB5_LIBDIR)
|
||||
|
||||
KRB5_RUN_ENV= @KRB5_RUN_ENV@
|
||||
@ -380,9 +323,8 @@ diff -up krb5-1.8/src/plugins/kdb/db2/libdb2/test/Makefile.in.selinux-label krb5
|
||||
DB_DEPLIB = ../libdb$(DEPLIBEXT)
|
||||
|
||||
all::
|
||||
diff -up krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-label krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||
--- krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-label 2009-11-24 18:52:25.000000000 -0500
|
||||
+++ krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||
+++ krb5/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||
@@ -1091,7 +1091,7 @@
|
||||
|
||||
/* Create a temporary file which contains all the entries except the
|
||||
@ -435,7 +377,7 @@ diff -up krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-la
|
||||
- pfile = fopen(file_name, "a+");
|
||||
+ pfile = WRITABLEFOPEN(file_name, "a+");
|
||||
if (pfile == NULL) {
|
||||
com_err(me, errno, "Failed to open file %s: %s", file_name,
|
||||
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
||||
strerror (errno));
|
||||
@@ -2069,7 +2069,7 @@
|
||||
}
|
||||
@ -445,10 +387,9 @@ diff -up krb5-1.8/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c.selinux-la
|
||||
+ newfile = WRITABLEFOPEN(tmp_file, "w");
|
||||
umask (omask);
|
||||
if (newfile == NULL) {
|
||||
com_err(me, errno, "Error creating file %s", tmp_file);
|
||||
diff -up krb5-1.8/src/slave/kpropd.c.selinux-label krb5-1.8/src/slave/kpropd.c
|
||||
--- krb5-1.8/src/slave/kpropd.c.selinux-label 2009-12-31 17:25:11.000000000 -0500
|
||||
+++ krb5-1.8/src/slave/kpropd.c 2010-03-05 10:57:23.000000000 -0500
|
||||
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
||||
--- krb5/src/slave/kpropd.c
|
||||
+++ krb5/src/slave/kpropd.c
|
||||
@@ -328,7 +328,7 @@ retry:
|
||||
if (!debug && iproprole != IPROP_SLAVE)
|
||||
daemon(1, 0);
|
||||
@ -458,9 +399,34 @@ diff -up krb5-1.8/src/slave/kpropd.c.selinux-label krb5-1.8/src/slave/kpropd.c
|
||||
fprintf(pidfile, "%d\n", getpid());
|
||||
fclose(pidfile);
|
||||
} else
|
||||
diff -up krb5-1.8/src/util/profile/prof_file.c.selinux-label krb5-1.8/src/util/profile/prof_file.c
|
||||
--- krb5-1.8/src/util/profile/prof_file.c.selinux-label 2009-12-27 19:21:20.000000000 -0500
|
||||
+++ krb5-1.8/src/util/profile/prof_file.c 2010-03-05 10:57:23.000000000 -0500
|
||||
@@ -437,6 +437,9 @@ void doit(fd)
|
||||
krb5_enctype etype;
|
||||
int database_fd;
|
||||
char host[INET6_ADDRSTRLEN+1];
|
||||
+#ifdef USE_SELINUX
|
||||
+ void *selabel;
|
||||
+#endif
|
||||
|
||||
if (kpropd_context->kdblog_context &&
|
||||
kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) {
|
||||
@@ -515,9 +518,15 @@ void doit(fd)
|
||||
free(name);
|
||||
exit(1);
|
||||
}
|
||||
+#ifdef USE_SELINUX
|
||||
+ selabel = krb5int_push_fscreatecon_for(file);
|
||||
+#endif
|
||||
omask = umask(077);
|
||||
lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
|
||||
(void) umask(omask);
|
||||
+#ifdef USE_SELINUX
|
||||
+ krb5int_pop_fscreatecon(selabel);
|
||||
+#endif
|
||||
retval = krb5_lock_file(kpropd_context, lock_fd,
|
||||
KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
|
||||
if (retval) {
|
||||
--- krb5/src/util/profile/prof_file.c
|
||||
+++ krb5/src/util/profile/prof_file.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#endif
|
||||
|
||||
@ -478,9 +444,8 @@ diff -up krb5-1.8/src/util/profile/prof_file.c.selinux-label krb5-1.8/src/util/p
|
||||
if (!f) {
|
||||
retval = errno;
|
||||
if (retval == 0)
|
||||
diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/support/Makefile.in
|
||||
--- krb5-1.8/src/util/support/Makefile.in.selinux-label 2009-11-23 20:25:10.000000000 -0500
|
||||
+++ krb5-1.8/src/util/support/Makefile.in 2010-03-05 10:57:23.000000000 -0500
|
||||
--- krb5/src/util/support/Makefile.in
|
||||
+++ krb5/src/util/support/Makefile.in
|
||||
@@ -54,6 +54,7 @@ IPC_SYMS= \
|
||||
|
||||
STLIBOBJS= \
|
||||
@ -498,10 +463,9 @@ diff -up krb5-1.8/src/util/support/Makefile.in.selinux-label krb5-1.8/src/util/s
|
||||
SHLIB_DIRS=
|
||||
SHLIB_RDIRS=$(KRB5_LIBDIR)
|
||||
|
||||
diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/support/selinux.c
|
||||
--- krb5-1.8/src/util/support/selinux.c.selinux-label 2010-03-05 10:57:23.000000000 -0500
|
||||
+++ krb5-1.8/src/util/support/selinux.c 2010-03-05 10:57:23.000000000 -0500
|
||||
@@ -0,0 +1,362 @@
|
||||
--- krb5/src/util/support/selinux.c
|
||||
+++ krb5/src/util/support/selinux.c
|
||||
@@ -0,0 +1,374 @@
|
||||
+/*
|
||||
+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved.
|
||||
+ *
|
||||
@ -725,16 +689,28 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
|
||||
+krb5int_push_fscreatecon_for(const char *pathname)
|
||||
+{
|
||||
+ struct stat st;
|
||||
+ if (stat(pathname, &st) != 0) {
|
||||
+ st.st_mode = S_IRUSR | S_IWUSR;
|
||||
+ void *retval;
|
||||
+ k5_once(&labeled_once, label_mutex_init);
|
||||
+ if (k5_mutex_lock(&labeled_mutex) == 0) {
|
||||
+ if (stat(pathname, &st) != 0) {
|
||||
+ st.st_mode = S_IRUSR | S_IWUSR;
|
||||
+ }
|
||||
+ retval = push_fscreatecon(pathname, st.st_mode);
|
||||
+ return retval ? retval : (void *) -1;
|
||||
+ } else {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ return push_fscreatecon(pathname, st.st_mode);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+krb5int_pop_fscreatecon(void *con)
|
||||
+{
|
||||
+ pop_fscreatecon(con);
|
||||
+ if (con != NULL) {
|
||||
+ if (con != (void *) -1) {
|
||||
+ pop_fscreatecon(con);
|
||||
+ }
|
||||
+ k5_mutex_unlock(&labeled_mutex);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+FILE *
|
||||
@ -864,9 +840,8 @@ diff -up krb5-1.8/src/util/support/selinux.c.selinux-label krb5-1.8/src/util/sup
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
diff -up krb5-1.8/src/lib/krb5/rcache/rc_dfl.c krb5-1.8/src/lib/krb5/rcache/rc_dfl.c
|
||||
--- krb5-1.8/src/lib/krb5/rcache/rc_dfl.c 2011-06-13 21:04:04.994208850 -0400
|
||||
+++ krb5-1.8/src/lib/krb5/rcache/rc_dfl.c 2011-06-13 21:05:07.416208760 -0400
|
||||
--- krb5/src/lib/krb5/rcache/rc_dfl.c
|
||||
+++ krb5/src/lib/krb5/rcache/rc_dfl.c
|
||||
@@ -813,6 +813,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
||||
krb5_error_code retval = 0;
|
||||
krb5_rcache tmp;
|
||||
@ -895,3 +870,58 @@ diff -up krb5-1.8/src/lib/krb5/rcache/rc_dfl.c krb5-1.8/src/lib/krb5/rcache/rc_d
|
||||
if (retval)
|
||||
goto cleanup;
|
||||
for (q = t->a; q; q = q->na) {
|
||||
--- krb5/src/plugins/kdb/db2/kdb_db2.c
|
||||
+++ krb5/src/plugins/kdb/db2/kdb_db2.c
|
||||
@@ -683,8 +683,8 @@
|
||||
if (retval)
|
||||
return retval;
|
||||
|
||||
- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
|
||||
- 0600);
|
||||
+ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
|
||||
+ O_CREAT | O_RDWR | O_TRUNC, 0600);
|
||||
if (dbc->db_lf_file < 0) {
|
||||
retval = errno;
|
||||
goto cleanup;
|
||||
--- krb5/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||
+++ krb5/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||
@@ -51,6 +51,7 @@
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
|
||||
+#include "k5-int.h"
|
||||
#include "db-int.h"
|
||||
#include "recno.h"
|
||||
|
||||
@@ -68,7 +69,8 @@
|
||||
int rfd = -1, sverrno;
|
||||
|
||||
/* Open the user's file -- if this fails, we're done. */
|
||||
- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
|
||||
+ if (fname != NULL &&
|
||||
+ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
|
||||
return (NULL);
|
||||
|
||||
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
||||
--- krb5/src/kdc/main.c
|
||||
+++ krb5/src/kdc/main.c
|
||||
@@ -905,7 +905,7 @@ write_pid_file(const char *path)
|
||||
FILE *file;
|
||||
unsigned long pid;
|
||||
|
||||
- file = fopen(path, "w");
|
||||
+ file = WRITABLEFOPEN(path, "w");
|
||||
if (file == NULL)
|
||||
return errno;
|
||||
pid = (unsigned long) getpid();
|
||||
--- krb5/src/lib/kdb/kdb_log.c
|
||||
+++ krb5/src/lib/kdb/kdb_log.c
|
||||
@@ -566,7 +566,7 @@ ulog_map(krb5_context context, const cha
|
||||
return (errno);
|
||||
}
|
||||
|
||||
- if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) {
|
||||
+ if ((ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600)) == -1) {
|
||||
return (errno);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user