2005-09-29 02:12:47 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.27.1/include/selinux/selinux.h
|
2005-09-12 15:52:30 +00:00
|
|
|
--- nsalibselinux/include/selinux/selinux.h 2005-09-01 11:17:40.000000000 -0400
|
2005-09-29 02:12:47 +00:00
|
|
|
+++ libselinux-1.27.1/include/selinux/selinux.h 2005-09-28 14:37:04.000000000 -0400
|
|
|
|
@@ -354,6 +354,25 @@
|
|
|
|
extern int selinux_raw_to_trans_context(security_context_t raw,
|
|
|
|
security_context_t *transp);
|
2005-09-12 15:52:30 +00:00
|
|
|
|
2005-09-29 02:12:47 +00:00
|
|
|
+
|
|
|
|
+/* the following functions are used to retrieve the SELinux user and their
|
|
|
|
+ security level via the Linux usernames selinux */
|
|
|
|
+
|
|
|
|
+#define SEUSERFILE "/etc/selinux/seusers.conf"
|
|
|
|
+
|
|
|
|
+/* Define data structures */
|
|
|
|
+typedef struct seuser {
|
|
|
|
+ char* username;
|
|
|
|
+ char* seusername;
|
|
|
|
+ char* level;
|
|
|
|
+} seuser_t;
|
|
|
|
+
|
|
|
|
+/* read /etc/selinux/seusers.conf file an return selinux user info */
|
|
|
|
+
|
|
|
|
+extern void freeseuser(seuser_t *seuser);
|
|
|
|
+
|
|
|
|
+extern int getseuserbyname(const char *name, seuser_t **r_seuser);
|
|
|
|
+
|
|
|
|
#ifdef __cplusplus
|
2005-09-19 17:36:11 +00:00
|
|
|
}
|
2005-09-29 02:12:47 +00:00
|
|
|
#endif
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/seuser.h libselinux-1.27.1/include/selinux/seuser.h
|
|
|
|
--- nsalibselinux/include/selinux/seuser.h 1969-12-31 19:00:00.000000000 -0500
|
|
|
|
+++ libselinux-1.27.1/include/selinux/seuser.h 2005-09-28 14:32:11.000000000 -0400
|
|
|
|
@@ -0,0 +1,32 @@
|
|
|
|
+#ifndef _SEUSER_H_
|
|
|
|
+#define _SEUSER_H_
|
|
|
|
+
|
|
|
|
+#include <sys/types.h>
|
|
|
|
+#include <stdarg.h>
|
|
|
|
+
|
|
|
|
+#ifdef __cplusplus
|
|
|
|
+extern "C"
|
2005-09-19 17:36:11 +00:00
|
|
|
+{
|
2005-09-29 02:12:47 +00:00
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
+#define SEUSERFILE "/etc/selinux/seusers.conf"
|
|
|
|
+
|
|
|
|
+/* Define data structures */
|
|
|
|
+typedef struct seuser {
|
|
|
|
+ char* username;
|
|
|
|
+ char* seusername;
|
|
|
|
+ char* sensitivity;
|
|
|
|
+ char* categories;
|
|
|
|
+} seuser_t;
|
|
|
|
+
|
|
|
|
+/* read /etc/selinux/seusers.conf file an return selinux user info */
|
|
|
|
+
|
|
|
|
+extern void free_seuser(seuser_t *seuser);
|
|
|
|
+
|
|
|
|
+extern int getseuserbyname(const char *name, seuser_t **r_seuser);
|
|
|
|
+
|
|
|
|
+#ifdef __cplusplus
|
2005-09-19 17:36:11 +00:00
|
|
|
+}
|
2005-09-29 02:12:47 +00:00
|
|
|
+#endif
|
2005-09-19 17:36:11 +00:00
|
|
|
+
|
2005-09-29 02:12:47 +00:00
|
|
|
+#endif
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/Makefile libselinux-1.27.1/man/Makefile
|
|
|
|
--- nsalibselinux/man/Makefile 2004-10-20 16:31:36.000000000 -0400
|
|
|
|
+++ libselinux-1.27.1/man/Makefile 2005-09-28 14:32:16.000000000 -0400
|
|
|
|
@@ -8,3 +8,6 @@
|
|
|
|
install -m 644 man3/*.3 $(MAN3DIR)
|
|
|
|
install -m 644 man8/*.8 $(MAN8DIR)
|
2005-09-16 18:42:27 +00:00
|
|
|
|
2005-09-29 02:12:47 +00:00
|
|
|
+clean:
|
|
|
|
+ -rm -f *~ \#*
|
|
|
|
+ -rm -f man8/*~ man8/\#*
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/seusers.c libselinux-1.27.1/src/seusers.c
|
|
|
|
--- nsalibselinux/src/seusers.c 1969-12-31 19:00:00.000000000 -0500
|
|
|
|
+++ libselinux-1.27.1/src/seusers.c 2005-09-28 14:48:28.000000000 -0400
|
|
|
|
@@ -0,0 +1,132 @@
|
|
|
|
+#include <unistd.h>
|
|
|
|
+#include <fcntl.h>
|
|
|
|
+#include <stdlib.h>
|
|
|
|
+#include <string.h>
|
|
|
|
+#include <stdio.h>
|
|
|
|
+#include <ctype.h>
|
|
|
|
+#include <selinux/selinux.h>
|
|
|
|
+#include <selinux/context.h>
|
|
|
|
+#include "selinux_internal.h"
|
2005-09-13 16:48:16 +00:00
|
|
|
+
|
2005-09-29 02:12:47 +00:00
|
|
|
+void freeseuser(seuser_t *seuser) {
|
|
|
|
+ if (!seuser) return;
|
|
|
|
+ if (seuser->username)
|
|
|
|
+ free(seuser->username);
|
|
|
|
+ if (seuser->seusername)
|
|
|
|
+ free(seuser->seusername);
|
|
|
|
+ if (seuser->level)
|
|
|
|
+ free(seuser->level);
|
|
|
|
+ free(seuser);
|
|
|
|
+ return;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+/* Process line from SEUSERSFILE.
|
|
|
|
+ Remove white space and set name do data before the "=" and sename to data
|
|
|
|
+ after it */
|
|
|
|
+static int process_seusers(const char *buffer, seuser_t **r_user) {
|
|
|
|
+ seuser_t *user=NULL;
|
|
|
|
+ char *ptr;
|
|
|
|
+ int rc=-1;
|
|
|
|
+ char *tok;
|
|
|
|
+ char *newbuf=strdup(buffer);
|
|
|
|
+ if (!newbuf) return -1;
|
|
|
|
+
|
|
|
|
+ user=calloc(1, sizeof(seuser_t));
|
|
|
|
+ if (!user) return -1;
|
|
|
|
+
|
|
|
|
+ tok=strtok_r(newbuf,":",&ptr);
|
|
|
|
+ if (!tok) goto err;
|
|
|
|
+ if ( tok[0]=='#' ) goto err;
|
|
|
|
+ user->username=strdup(tok);
|
|
|
|
+ if (!user->username) {
|
|
|
|
+ freeseuser(user);
|
|
|
|
+ rc=-1;
|
|
|
|
+ goto err;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ tok=strtok_r(NULL,":",&ptr);
|
|
|
|
+ if (!tok) goto err;
|
|
|
|
+ while (isspace(*tok)) tok++;
|
|
|
|
+ if(strlen(tok))
|
|
|
|
+ user->seusername=strdup(tok);
|
|
|
|
+ if (!user->seusername) {
|
|
|
|
+ freeseuser(user);
|
|
|
|
+ rc=-1;
|
|
|
|
+ goto err;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ tok=strtok_r(NULL,":",&ptr);
|
|
|
|
+ if (!tok) goto err;
|
|
|
|
+ while (isspace(*tok)) tok++;
|
|
|
|
+ if(strlen(tok))
|
|
|
|
+ user->level=strdup(tok);
|
|
|
|
+ if (!user->level) {
|
|
|
|
+ freeseuser(user);
|
|
|
|
+ rc=-1;
|
|
|
|
+ goto err;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ tok=strtok_r(NULL,":",&ptr);
|
|
|
|
+ if (tok) {
|
|
|
|
+ int len;
|
|
|
|
+ while (isspace(*tok)) tok++;
|
|
|
|
+ len=strlen(tok);
|
|
|
|
+ if(len) {
|
|
|
|
+ char *ptr=realloc(user->level, strlen(user->level) + len + 2);
|
|
|
|
+ if (ptr==NULL) {
|
|
|
|
+ freeseuser(user);
|
|
|
|
+ rc=-1;
|
|
|
|
+ goto err;
|
2005-09-12 15:52:30 +00:00
|
|
|
+ }
|
2005-09-29 02:12:47 +00:00
|
|
|
+ user->level=ptr;
|
|
|
|
+ strcat(user->level,":");
|
|
|
|
+ strcat(user->level,tok);
|
2005-09-12 15:52:30 +00:00
|
|
|
+ }
|
|
|
|
+ }
|
2005-09-29 02:12:47 +00:00
|
|
|
+
|
|
|
|
+ *r_user=user;
|
|
|
|
+ rc=0;
|
|
|
|
+err:
|
|
|
|
+ free(newbuf);
|
|
|
|
+ return rc;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+int getseuserbyname(const char *name, seuser_t **r_seuser) {
|
|
|
|
+ FILE *cfg=NULL;
|
|
|
|
+ size_t size=0;
|
|
|
|
+ char *buffer=NULL;
|
|
|
|
+
|
|
|
|
+ static seuser_t *seuser=NULL;
|
|
|
|
+ static seuser_t *defaultseuser=NULL;
|
|
|
|
+
|
|
|
|
+ cfg = fopen(SEUSERFILE,"r");
|
|
|
|
+ if (!cfg) return -1;
|
|
|
|
+
|
|
|
|
+ while (getline(&buffer, &size, cfg) > 0) {
|
|
|
|
+ if(process_seusers(buffer, &seuser) == 0) {
|
|
|
|
+ if (strcasecmp(seuser->username, name)==0)
|
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ if (strcasecmp(seuser->username,"default")==0) {
|
|
|
|
+ if (defaultseuser) freeseuser(defaultseuser);
|
|
|
|
+ defaultseuser=seuser;
|
|
|
|
+ }
|
|
|
|
+ else
|
|
|
|
+ freeseuser(seuser);
|
|
|
|
+ seuser=NULL;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+ if (buffer) free(buffer);
|
|
|
|
+ fclose(cfg);
|
|
|
|
+ if (seuser) {
|
|
|
|
+ freeseuser(defaultseuser);
|
|
|
|
+ *r_seuser=seuser;
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
+ if (defaultseuser) {
|
|
|
|
+ *r_seuser=defaultseuser;
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return -1;
|
|
|
|
+}
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getseuser.c libselinux-1.27.1/utils/getseuser.c
|
|
|
|
--- nsalibselinux/utils/getseuser.c 1969-12-31 19:00:00.000000000 -0500
|
|
|
|
+++ libselinux-1.27.1/utils/getseuser.c 2005-09-28 14:49:21.000000000 -0400
|
|
|
|
@@ -0,0 +1,27 @@
|
|
|
|
+#include <unistd.h>
|
|
|
|
+#include <stdlib.h>
|
|
|
|
+#include <stdio.h>
|
|
|
|
+#include <getopt.h>
|
|
|
|
+#include <errno.h>
|
|
|
|
+#include <string.h>
|
|
|
|
+#include <selinux/selinux.h>
|
|
|
|
+
|
|
|
|
+void usage(const char *progname)
|
|
|
|
+{
|
|
|
|
+ fprintf(stderr, "usage: %s\n", progname);
|
|
|
|
+ exit(1);
|
|
|
|
+}
|
|
|
|
+int main(int argc, char **argv) {
|
|
|
|
+ seuser_t *seuser;
|
|
|
|
+ if ( argc != 2 ) usage(argv[0]);
|
|
|
|
+ if (getseuserbyname(argv[1], &seuser) == 0 ) {
|
|
|
|
+ printf("%s\n", seuser->username);
|
|
|
|
+ printf("%s\n", seuser->seusername);
|
|
|
|
+ printf("%s", seuser->level);
|
|
|
|
+ freeseuser(seuser);
|
|
|
|
+ return 0;
|
|
|
|
+ } else {
|
|
|
|
+ printf("%s not found\n", argv[1]);
|
|
|
|
+ return -1;
|
2005-09-12 15:52:30 +00:00
|
|
|
+ }
|
|
|
|
+}
|