Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

pam_unix2-2.9.1/src/selinux_utils.c

By: a guest on Feb 24th, 2013  |  syntax: None  |  size: 3.16 KB  |  views: 26  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. /* Copyright (C) 2003, 2004, 2006 Thorsten Kukuk
  2.    Author: Thorsten Kukuk <kukuk@suse.de>
  3.  
  4.    This program is free software; you can redistribute it and/or modify
  5.    it under the terms of the GNU General Public License version 2 as
  6.    published by the Free Software Foundation.
  7.  
  8.    This program is distributed in the hope that it will be useful,
  9.    but WITHOUT ANY WARRANTY; without even the implied warranty of
  10.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11.    GNU General Public License for more details.
  12.  
  13.    You should have received a copy of the GNU General Public License
  14.    along with this program; if not, write to the Free Software Foundation,
  15.    Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
  16.  
  17.  
  18. #ifdef HAVE_CONFIG_H
  19. #include <config.h>
  20. #endif
  21.  
  22. #ifdef WITH_SELINUX
  23.  
  24.  
  25. #include <errno.h>
  26. #include <stdio.h>
  27. #include <string.h>
  28. #include <syslog.h>
  29. #include <sys/types.h>
  30. #include <selinux/flask.h>
  31. #include <selinux/selinux.h>
  32. #include <selinux/context.h>
  33.  
  34. #if defined (HAVE_SECURITY_PAM_EXT_H)
  35. #include <security/pam_ext.h>
  36. #endif
  37.  
  38. #include "public.h"
  39.  
  40. int
  41. selinux_check_access (const char *chuser, unsigned int access)
  42. {
  43.   int status = -1;
  44.   security_context_t user_context;
  45.  
  46.   if (getprevcon (&user_context) == 0)
  47.     {
  48.       context_t c = context_new (user_context);
  49.       const char *user = context_user_get (c);
  50.  
  51.       if (strcmp (chuser, user) == 0)
  52.         status = 0;
  53.       else
  54.         {
  55.           struct av_decision avd;
  56.           int retval = security_compute_av (user_context,
  57.                                             user_context,
  58.                                             SECCLASS_PASSWD,
  59.                                             access,
  60.                                             &avd);
  61.  
  62.           if ((retval == 0) &&
  63.               ((access & avd.allowed) == access))
  64.             status = 0;
  65.         }
  66.       context_free (c);
  67.       freecon (user_context);
  68.     }
  69.   return status;
  70. }
  71.  
  72. int
  73. set_default_context (pam_handle_t *pamh, const char *filename,
  74.                      char **prev_context)
  75. {
  76.   security_context_t scontext = NULL;
  77.  
  78.   if (is_selinux_enabled () <= 0)
  79.     return 0;
  80.  
  81.   if (prev_context == NULL)
  82.     return -1;
  83.  
  84.   if (getfilecon (filename, &scontext) < 0)
  85.     {
  86.       pam_syslog (pamh, LOG_ERR, "couldn't get security context `%s': %s",
  87.                   filename, strerror (errno));
  88.       return -1;
  89.     }
  90.  
  91.   if (getfscreatecon (prev_context) < 0)
  92.     {
  93.       freecon (scontext);
  94.       pam_syslog (pamh, LOG_ERR, "couldn't get default security context: %s",
  95.                   strerror (errno));
  96.       return -1;
  97.     }
  98.  
  99.   if (setfscreatecon (scontext) < 0 )
  100.     {
  101.       freecon (scontext);
  102.       pam_syslog (pamh, LOG_ERR,
  103.                   "couldn't set default security context to `%s': %s",
  104.                   scontext, strerror (errno));
  105.       return -1;
  106.     }
  107.  
  108.   freecon (scontext);
  109.  
  110.   return 0;
  111. }
  112.  
  113. int
  114. restore_default_context (pam_handle_t *pamh,
  115.                          security_context_t prev_context)
  116. {
  117.   int retval = 0;
  118.  
  119.   if (is_selinux_enabled () <= 0)
  120.     return 0;
  121.  
  122.   if (setfscreatecon (prev_context) < 0 )
  123.     {
  124.       pam_syslog (pamh, LOG_ERR,
  125.                   "couldn't reset default security context to `%s': %s",
  126.                   prev_context, strerror (errno));
  127.       retval = -1;
  128.     }
  129.  
  130.   if (prev_context)
  131.     {
  132.       freecon (prev_context);
  133.       prev_context = NULL;
  134.     }
  135.  
  136.   return retval;
  137. }
  138.  
  139. #endif
clone this paste RAW Paste Data