Attachment 75528 Details for Bug 116738 – moddified patch, works for me

moddified patch, works for me

pwdb-0.62-selinux.patch (text/plain), 10.23 KB, created by Levi Durham on 2005-12-25 14:40:55 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Levi Durham

Created: 2005-12-25 14:40:55 UTC

Size: 10.23 KB

patch

obsolete

>--- pwdb-0.62/examples/Makefile.pwdbselinux	1998-10-06 19:57:04.000000000 -0400
>+++ pwdb-0.62/examples/Makefile	2003-07-09 14:45:54.702663000 -0400
>@@ -4,6 +4,8 @@ PROGS	= posix gentest tpwdb radtest grou
> SRCS = $(addsuffix .c,$(PROGS))
> OBJS = $(addsuffix .o,$(PROGS))
> 
>+SELINUXLIBS = -lselinux
>+
> # rules
> junk:
> 	@echo "this is not a top-level Makefile"
>@@ -14,20 +16,20 @@ junk:
> 
> all:	${PROGS} ../libpwdb/libpwdb.a
> 
>-posix: posix.o ../libpwdb/libpwdb.a
>-	$(CC) -o $@ $< ../libpwdb/libpwdb.a -lnsl
>+posix: posix.o ../libpwdb/libpwdb.a 
>+	$(CC) -o $@ $< ../libpwdb/libpwdb.a -lnsl ${SELINUXLIBS}
> 
> tpwdb: tpwdb.o ../libpwdb/libpwdb.a
>-	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl
>+	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl ${SELINUXLIBS}
> 
> radtest: radtest.o ../libpwdb/libpwdb.a
>-	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl
>+	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl ${SELINUXLIBS}
> 
> gentest: gentest.o ../libpwdb/libpwdb.a
>-	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl
>+	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl ${SELINUXLIBS}
> 
> grouptest: grouptest.o ../libpwdb/libpwdb.a 
>-	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl
>+	${CC} -g -o $@ $< ../libpwdb/libpwdb.a -lnsl ${SELINUXLIBS}
> 
> clean:
> 	rm -f ${PROGS} *.o *~
>--- pwdb-0.62/libpwdb/shadow/shadowio.c.pwdbselinux	1998-10-06 16:58:43.000000000 -0400
>+++ pwdb-0.62/libpwdb/shadow/shadowio.c	2003-07-09 14:45:54.705662544 -0400
>@@ -16,6 +16,12 @@
> 
> #include "../_pwdb_internal.h"
> 
>+#ifdef WITH_SELINUX
>+#include <selinux/selinux.h>
>+static int selinux_enabled=0;
>+static security_context_t prev_context=NULL;
>+#endif
>+
> struct spw_file_entry {
>         char *spwf_line;
>         int spwf_changed;
>@@ -259,8 +265,28 @@ int __pwdb_spw_close (void)
> 		if (fstat (fileno (spwfp), &sb))
> 			return 0;
> 
>-		if (create_backup_file(spwfp, backup, &sb))
>-			return 0;
>+#ifdef WITH_SELINUX
>+		if (selinux_enabled=is_selinux_enabled()) {
>+		  security_context_t passwd_context=NULL;
>+		  if (fgetfilecon(fileno (spwfp),&passwd_context)<0) {
>+		    return 0;
>+		  };
>+		  if (getfscreatecon(&prev_context)<0) {
>+		    freecon(passwd_context);
>+		    return 0;
>+		  }
>+		  if (setfscreatecon(passwd_context)) {
>+		    freecon(passwd_context);
>+		    freecon(prev_context);
>+		    return 0;
>+		  }
>+		  freecon(passwd_context);
>+		}
>+#endif
>+		if (create_backup_file(spwfp, backup, &sb)){
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		isopen = 0;
> 		(void) fclose (spwfp);
>@@ -278,11 +304,15 @@ int __pwdb_spw_close (void)
> 		 */
> 
> 		spwfp = fopen_with_umask(newfile, "w", 0777);
>-		if (!spwfp)
>-			return 0;
>+		if (!spwfp){
>+		  errors++;
>+		  goto errorexit;
>+		}
> 		if (chown(newfile, sb.st_uid, sb.st_gid) ||
>-		    chmod(newfile, sb.st_mode))
>-			return 0;
>+		    chmod(newfile, sb.st_mode)){
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		/*
> 		 * Check each member in the list and write out any elements
>@@ -308,7 +338,7 @@ int __pwdb_spw_close (void)
> 
> 		if (errors) {
> 			unlink (newfile);
>-			return 0;
>+			goto errorexit;
> 		}
> 
> 		/*
>@@ -352,7 +382,20 @@ int __pwdb_spw_close (void)
> 	}
> 	spwf_tail = 0;
> 	isopen = 0;
>-	return 1;
>+
>+	errorexit:
>+#ifdef WITH_SELINUX
>+	if (selinux_enabled) {
>+	  if (setfscreatecon(prev_context)) {
>+	    errors++;
>+	  }
>+	  if (prev_context != NULL) {
>+	    freecon(prev_context);
>+	    prev_context=NULL;
>+	  }
>+	}
>+#endif
>+	return errors==0;
> }
> 
> int __pwdb_spw_update (const struct __pwdb_spwd *spwd)
>--- pwdb-0.62/libpwdb/shadow/sgroupio.c.pwdbselinux	1998-10-06 16:58:43.000000000 -0400
>+++ pwdb-0.62/libpwdb/shadow/sgroupio.c	2003-07-09 14:45:54.704662696 -0400
>@@ -16,6 +16,12 @@
> 
> #include "../_pwdb_internal.h"
> 
>+#ifdef WITH_SELINUX
>+#include <selinux/selinux.h>
>+static int selinux_enabled=0;
>+static security_context_t prev_context=NULL;
>+#endif
>+
> static	int	islocked;
> static	int	isopen;
> static	int	open_modes;
>@@ -278,8 +284,28 @@ int __pwdb_sgr_close (void)
> 		if (fstat (fileno (sgrfp), &sb))
> 			return 0;
> 
>-		if (create_backup_file(sgrfp, backup, &sb))
>-			return 0;
>+#ifdef WITH_SELINUX
>+		if (selinux_enabled=is_selinux_enabled()) {
>+		  security_context_t passwd_context=NULL;
>+		  if (fgetfilecon(fileno (sgrfp),&passwd_context)<0) {
>+		    return 0;
>+		  };
>+		  if (getfscreatecon(&prev_context)<0) {
>+		    freecon(passwd_context);
>+		    return 0;
>+		  }
>+		  if (setfscreatecon(passwd_context)) {
>+		    freecon(passwd_context);
>+		    freecon(prev_context);
>+		    return 0;
>+		  }
>+		  freecon(passwd_context);
>+		}
>+#endif
>+		if (create_backup_file(sgrfp, backup, &sb)){
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		isopen = 0;
> 		(void) fclose (sgrfp);
>@@ -296,11 +322,15 @@ int __pwdb_sgr_close (void)
> 		 */
> 
> 		sgrfp = fopen_with_umask(newfile, "w", 0777);
>-		if (!sgrfp)
>-			return 0;
>+		if (!sgrfp){
>+		  errors++;
>+		  goto errorexit;
>+		}
> 		if (chown(newfile, sb.st_uid, sb.st_gid) ||
>-		    chmod(newfile, sb.st_mode))
>-			return 0;
>+		    chmod(newfile, sb.st_mode)){
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		/*
> 		 * Check each member in the list and write out any elements
>@@ -326,7 +356,7 @@ int __pwdb_sgr_close (void)
> 
> 		if (errors) {
> 			unlink (newfile);
>-			return 0;
>+			goto errorexit;
> 		}
> 
> 		/*
>@@ -370,7 +400,20 @@ int __pwdb_sgr_close (void)
> 	}
> 	sgr_tail = 0;
> 	isopen = 0;
>-	return 1;
>+
>+	errorexit:
>+#ifdef WITH_SELINUX
>+	if (selinux_enabled) {
>+	  if (setfscreatecon(prev_context)) {
>+	    errors++;
>+	  }
>+	  if (prev_context != NULL) {
>+	    freecon(prev_context);
>+	    prev_context=NULL;
>+	  }
>+	}
>+#endif
>+	return errors==0;
> }
> 
> int __pwdb_sgr_update (const struct __pwdb_sgrp *sgrent)
>--- pwdb-0.62/libpwdb/unix/pwio.c.pwdbselinux	1998-10-06 16:58:43.000000000 -0400
>+++ pwdb-0.62/libpwdb/unix/pwio.c	2003-07-09 14:45:54.707662240 -0400
>@@ -16,6 +16,11 @@
> 
> #include "../_pwdb_internal.h"
> 
>+#ifdef WITH_SELINUX
>+#include <selinux/selinux.h>
>+static int selinux_enabled=0;
>+static security_context_t prev_context=NULL;
>+#endif
> struct pw_file_entry {
>         char *pwf_line;
>         int pwf_changed;
>@@ -204,8 +209,28 @@ int __pwdb_pw_close (void)
> 		if (fstat (fileno (pwfp), &sb))
> 			return 0;
> 
>-		if (create_backup_file(pwfp, backup, &sb))
>-			return 0;
>+#ifdef WITH_SELINUX
>+		if (selinux_enabled=is_selinux_enabled()) {
>+		  security_context_t passwd_context=NULL;
>+		  if (fgetfilecon(fileno (pwfp),&passwd_context)<0) {
>+		    return 0;
>+		  };
>+		  if (getfscreatecon(&prev_context)<0) {
>+		    freecon(passwd_context);
>+		    return 0;
>+		  }
>+		  if (setfscreatecon(passwd_context)) {
>+		    freecon(passwd_context);
>+		    freecon(prev_context);
>+		    return 0;
>+		  }
>+		  freecon(passwd_context);
>+		}
>+#endif
>+		if (create_backup_file(pwfp, backup, &sb)) {
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		isopen = 0;
> 		(void) fclose (pwfp);
>@@ -222,11 +247,15 @@ int __pwdb_pw_close (void)
> 		 */
> 
> 		pwfp = fopen_with_umask(newfile, "w", 0777);
>-		if (!pwfp)
>-			return 0;
>+		if (!pwfp) {
>+		  errors++;
>+		  goto errorexit;
>+		}
> 		if (chown(newfile, sb.st_uid, sb.st_gid) ||
>-		    chmod(newfile, sb.st_mode))
>-			return 0;
>+		    chmod(newfile, sb.st_mode)) {
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		/*
> 		 * Check each member in the list and write out any elements
>@@ -251,7 +280,7 @@ int __pwdb_pw_close (void)
> 
> 		if (errors) {
> 			unlink (newfile);
>-			return 0;
>+			goto errorexit;
> 		}
> 
> 		/*
>@@ -294,7 +323,20 @@ int __pwdb_pw_close (void)
> 	}
> 	pwf_tail = 0;
> 	isopen = 0;
>-	return 1;
>+	
>+	errorexit:
>+#ifdef WITH_SELINUX
>+	if (selinux_enabled) {
>+	  if (setfscreatecon(prev_context)) {
>+	    errors++;
>+	  }
>+	  if (prev_context != NULL) {
>+	    freecon(prev_context);
>+	    prev_context=NULL;
>+	  }
>+	}
>+#endif
>+	return errors==0;
> }
> 
> /*
>--- pwdb-0.62/libpwdb/unix/groupio.c.pwdbselinux	1998-10-06 16:58:43.000000000 -0400
>+++ pwdb-0.62/libpwdb/unix/groupio.c	2003-07-09 14:45:54.708662088 -0400
>@@ -11,6 +11,12 @@
> #include "../_pwdb_internal.h"
> 
> 
>+#ifdef WITH_SELINUX
>+#include <selinux/selinux.h>
>+int selinux_enabled=0;
>+static security_context_t prev_context=NULL;
>+#endif
>+
> static	int	islocked;
> static	int	isopen;
> static	int	open_modes;
>@@ -259,8 +265,28 @@ int __pwdb_gr_close (void)
> 		if (fstat (fileno (grfp), &sb))
> 			return 0;
> 
>-		if (create_backup_file(grfp, backup, &sb))
>-			return 0;
>+#ifdef WITH_SELINUX
>+		if (selinux_enabled=is_selinux_enabled()) {
>+		  security_context_t group_context=NULL;
>+		  if (fgetfilecon(fileno (grfp),&group_context)<0) {
>+		    return 0;
>+		  };
>+		  if (getfscreatecon(&prev_context)<0) {
>+		    freecon(group_context);
>+		    return 0;
>+		  }
>+		  if (setfscreatecon(group_context)) {
>+		    freecon(group_context);
>+		    freecon(prev_context);
>+		    return 0;
>+		  }
>+		  freecon(group_context);
>+		}
>+#endif
>+		if (create_backup_file(grfp, backup, &sb)) {
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		isopen = 0;
> 		(void) fclose (grfp);
>@@ -278,11 +304,15 @@ int __pwdb_gr_close (void)
> 		 */
> 
> 		grfp = fopen_with_umask(newfile, "w", 0777);
>-		if (!grfp)
>-			return 0;
>+		if (!grfp) {
>+		  errors++;
>+		  goto errorexit;
>+		}
> 		if (chown(newfile, sb.st_uid, sb.st_gid) ||
>-		    chmod(newfile, sb.st_mode))
>-			return 0;
>+		    chmod(newfile, sb.st_mode)) {
>+		  errors++;
>+		  goto errorexit;
>+		}
> 
> 		/*
> 		 * Check each member in the list and write out any elements
>@@ -308,7 +338,7 @@ int __pwdb_gr_close (void)
> 
> 		if (errors) {
> 			unlink (newfile);
>-			return 0;
>+			goto errorexit;
> 		}
> 
> 		/*
>@@ -351,7 +381,19 @@ int __pwdb_gr_close (void)
> 	}
> 	grf_tail = 0;
> 	isopen = 0;
>-	return 1;
>+	errorexit:
>+#ifdef WITH_SELINUX
>+	if (selinux_enabled) {
>+	  if (setfscreatecon(prev_context)) {
>+	    errors++;
>+	  }
>+	  if (prev_context != NULL) {
>+	    freecon(prev_context);
>+	    prev_context=NULL;
>+	  }
>+	}
>+#endif
>+	return errors==0;
> }
> 
> /* update an entry */
>--- pwdb-0.62/libpwdb/Makefile.pwdbselinux	1999-04-10 05:31:20.000000000 -0400
>+++ pwdb-0.62/libpwdb/Makefile	2003-07-09 14:45:54.709661936 -0400
>@@ -22,7 +22,7 @@ HEADERS	= pwdb/pwdb_public.h pwdb/pwdb_c
> 
> # needed for generic interface compilation
> # if header files are not installed (CG)
>-CFLAGS+=-I.
>+CFLAGS+=-I. -DWITH_SELINUX
> 
> CFLAGS+=# -DDEBUG
> 
>@@ -50,6 +50,6 @@ all: $(LIBSTATIC) $(LIBDYNAME) 
> 
> $(LIBDYNAME): $(LIBOBJ)
>-	$(CC) -shared -Wl,-soname -Wl,$(LIBSONAME) -Wl,-x -o $(LIBFILENAME) $(LIBOBJ)  -lcrypt -lnsl -lc
>+	$(CC) -shared -Wl,-soname -Wl,$(LIBSONAME) -Wl,-x -o $(LIBFILENAME) $(LIBOBJ)  -lcrypt -lnsl -lc -lselinux
> 	@ln -sf $(LIBFILENAME) $@
> 
> $(LIBSTATIC): $(LIBOBJ)
>

Actions: View

Attachments on bug 116738: 75528