rpms/libuser
5
0
Fork 0
Code Issues Pull Requests Releases Activity
480650e15c
libuser/libuser-0.62-Do-not-use-deprecated-includes.patch
Merlin Mathesius 480650e15c Pull in upstream patch that fixes FTBFS for Rawhide and ELN 
Signed-off-by: Merlin Mathesius <mmathesi@redhat.com>
2020-09-02 13:28:40 -05:00

79 lines
2.5 KiB
Diff
Raw Blame History

From 29d9996dd200916db888d41196f87609bce329ff Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Apr 07 2020 11:55:38 +0000
Subject: Do not use deprecated flask.h and av_permissions.h
selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
next SELinux release.
Use string_to_security_class() and string_to_av_perm() to get class and
permission values. The original hardcoded values could be invalid and are
deprecated as the whole flask.h and av_permissions.h header files.
Fixes: https://pagure.io/libuser/issue/44
---
diff --git a/apps/apputil.c b/apps/apputil.c
index 1937645..7413ab5 100644
--- a/apps/apputil.c
+++ b/apps/apputil.c
@@ -26,8 +26,6 @@
#include <unistd.h>
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-#include <selinux/av_permissions.h>
-#include <selinux/flask.h>
#include <selinux/context.h>
#endif
#include "../lib/error.h"
@@ -57,7 +55,7 @@ check_access(const char *chuser, access_vector_t access)
retval = security_compute_av(user_context,
user_context,
- SECCLASS_PASSWD,
+ string_to_security_class("passwd"),
access, &avd);
if (retval == 0 && (avd.allowed & access) == access)
@@ -221,19 +219,25 @@ lu_authenticate_unprivileged(struct lu_context *ctx, const char *user,
#ifdef WITH_SELINUX
if (is_selinux_enabled() > 0) {
/* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */
- if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) {
- security_context_t user_context;
+ if (getuid() == 0) {
+ security_class_t class;
+ access_vector_t perm;
+ class = string_to_security_class("passwd");
+ perm = string_to_av_perm(class, "chfn");
+ if (check_access(user, perm) != 0) {
+ security_context_t user_context;
- if (getprevcon(&user_context) < 0)
- user_context = NULL;
- /* FIXME: "change the finger info?" */
- fprintf(stderr,
- _("%s is not authorized to change the finger "
- "info of %s\n"), user_context ? user_context
- : _("Unknown user context"), user);
- if (user_context != NULL)
- freecon(user_context);
- goto err;
+ if (getprevcon(&user_context) < 0)
+ user_context = NULL;
+ /* FIXME: "change the finger info?" */
+ fprintf(stderr,
+ _("%s is not authorized to change the finger "
+ "info of %s\n"), user_context ? user_context
+ : _("Unknown user context"), user);
+ if (user_context != NULL)
+ freecon(user_context);
+ goto err;
+ }
}
/* FIXME: is this right for lpasswd? */
if (!lu_util_fscreate_from_file("/etc/passwd", NULL)) {
Reference in New Issue View Git Blame Copy Permalink