197 lines
5.8 KiB
C
197 lines
5.8 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include "selinux_internal.h"
|
|
#include "context_internal.h"
|
|
#include <selinux/get_context_list.h>
|
|
|
|
/* context_menu - given a list of contexts, presents a menu of security contexts
|
|
* to the user. Returns the number (position in the list) of
|
|
* the user selected context.
|
|
*/
|
|
static int context_menu (security_context_t *list)
|
|
{
|
|
int i; /* array index */
|
|
int choice = 0; /* index of the user's choice */
|
|
char response[10]; /* string to hold the user's response */
|
|
|
|
printf ("\n\n");
|
|
for (i = 0; list[i]; i++)
|
|
printf ("[%d] %s\n", i+1, list[i]);
|
|
|
|
while ((choice < 1) || (choice > i))
|
|
{
|
|
printf ("Enter number of choice: ");
|
|
fflush (stdin);
|
|
if (fgets (response, sizeof (response), stdin) == NULL)
|
|
continue;
|
|
fflush (stdin);
|
|
choice = strtol (response, NULL, 10);
|
|
}
|
|
|
|
return (choice-1);
|
|
}
|
|
|
|
|
|
/* query_user_context - given a list of context, allow the user to choose one. The
|
|
* default is the first context in the list. Returns 0 on
|
|
* success, -1 on failure
|
|
*/
|
|
int query_user_context (security_context_t *list,
|
|
security_context_t *usercon)
|
|
{
|
|
char response[10] ; /* The user's response */
|
|
int choice; /* The index in the list of the sid chosen by
|
|
the user */
|
|
|
|
if (!list[0])
|
|
return -1;
|
|
|
|
printf ("\nYour default context is %s.\n", list[0]);
|
|
if (list[1]) {
|
|
printf ("Do you want to choose a different one? [n]");
|
|
fflush (stdin);
|
|
if (fgets (response, sizeof (response), stdin) == NULL)
|
|
return -1;
|
|
fflush (stdin);
|
|
|
|
if ((response[0] == 'y') || (response[0] == 'Y'))
|
|
{
|
|
choice = context_menu (list);
|
|
*usercon = strdup(list[choice]);
|
|
if (!(*usercon))
|
|
return -1;
|
|
return 0;
|
|
}
|
|
|
|
*usercon = strdup(list[0]);
|
|
if (!(*usercon))
|
|
return -1;
|
|
} else {
|
|
*usercon = strdup(list[0]);
|
|
if (!(*usercon))
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
/* get_field - given fieldstr - the "name" of a field, query the user
|
|
* and set the new value of the field
|
|
*/
|
|
static void get_field (const char* fieldstr, char* newfield, int newfieldlen)
|
|
{
|
|
int done = 0; /* true if a non-empty field has been obtained */
|
|
|
|
while (!done) /* Keep going until we get a value for the field */
|
|
{
|
|
printf ("\tEnter %s ", fieldstr);
|
|
fflush (stdin);
|
|
if (fgets (newfield, newfieldlen, stdin) == NULL)
|
|
continue;
|
|
fflush (stdin);
|
|
if (newfield[strlen(newfield)-1] == '\n')
|
|
newfield[strlen(newfield)-1] = '\0';
|
|
|
|
if (strlen(newfield) == 0)
|
|
{
|
|
printf ("You must enter a %s\n", fieldstr);
|
|
}
|
|
else
|
|
{
|
|
done = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/* manual_user_enter_context - provides a way for a user to manually enter a
|
|
* context in case the policy doesn't allow a list
|
|
* to be obtained.
|
|
* given the userid, queries the user and places the
|
|
* context chosen by the user into usercon. Returns 0
|
|
* on success.
|
|
*/
|
|
int manual_user_enter_context (const char *user, security_context_t *newcon)
|
|
{
|
|
char response[10]; /* Used to get yes or no answers from user */
|
|
char role[100]; /* The role requested by the user */
|
|
int rolelen = 100;
|
|
char type[100]; /* The type requested by the user */
|
|
int typelen = 100;
|
|
char level[100]; /* The level requested by the user */
|
|
int levellen = 100;
|
|
int mls_enabled = is_selinux_mls_enabled();
|
|
|
|
context_t new_context; /* The new context chosen by the user */
|
|
char *user_context = NULL; /* String value of the user's context */
|
|
int done = 0; /* true if a valid sid has been obtained */
|
|
|
|
/* Initialize the context. How this is done depends on whether
|
|
or not MLS is enabled */
|
|
if (mls_enabled)
|
|
new_context = context_new ("user:role:type:level");
|
|
else
|
|
new_context = context_new ("user:role:type");
|
|
|
|
if(!new_context)
|
|
return -1;
|
|
|
|
while (!done)
|
|
{
|
|
printf ("Would you like to enter a security context? [y]");
|
|
if (fgets (response, sizeof(response), stdin) == NULL
|
|
|| (response[0] == 'n') || (response[0] == 'N')) {
|
|
context_free(new_context);
|
|
return -1;
|
|
}
|
|
|
|
/* Allow the user to enter each field of the context individually */
|
|
if (context_user_set (new_context, user))
|
|
{
|
|
context_free (new_context);
|
|
return -1;
|
|
}
|
|
get_field ("role", role, rolelen);
|
|
if (context_role_set (new_context, role))
|
|
{
|
|
context_free (new_context);
|
|
return -1;
|
|
}
|
|
get_field ("type", type, typelen);
|
|
if (context_type_set (new_context, type))
|
|
{
|
|
context_free (new_context);
|
|
return -1;
|
|
}
|
|
|
|
if (mls_enabled) {
|
|
get_field ("level", level, levellen);
|
|
if (context_range_set (new_context, level))
|
|
{
|
|
context_free (new_context);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
/* Get the string value of the context and see if it is valid. */
|
|
user_context = context_str(new_context);
|
|
if(!user_context)
|
|
{
|
|
context_free (new_context);
|
|
return -1;
|
|
}
|
|
if (!security_check_context(user_context))
|
|
done = 1;
|
|
else
|
|
printf ("Not a valid security context\n");
|
|
}
|
|
|
|
*newcon = strdup(user_context);
|
|
context_free (new_context);
|
|
if(!(*newcon))
|
|
return -1;
|
|
return 0;
|
|
}
|