seusers.c revision 5e3171f658d1d2f1e0068f485b3fff7c164e05e4
113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <unistd.h> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <fcntl.h> 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <string.h> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio_ext.h> 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <ctype.h> 8dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh#include <errno.h> 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <selinux/selinux.h> 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <selinux/context.h> 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "selinux_internal.h" 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Process line from seusers.conf and split into its fields. 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle Returns 0 on success, -1 on comments, and -2 on error. */ 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int process_seusers(const char *buffer, 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char **luserp, 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char **seuserp, char **levelp, int mls_enabled) 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *newbuf = strdup(buffer); 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *luser = NULL, *seuser = NULL, *level = NULL; 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *start, *end; 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int mls_found = 1; 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!newbuf) 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle start = newbuf; 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (isspace(*start)) 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle start++; 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (*start == '#' || *start == 0) { 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newbuf); 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; /* Comment or empty line, skip over */ 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle end = strchr(start, ':'); 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!end) 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *end = 0; 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle luser = strdup(start); 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!luser) 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle start = end + 1; 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle end = strchr(start, ':'); 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!end) { 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_found = 0; 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle end = start; 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (*end && !isspace(*end)) 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle end++; 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *end = 0; 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle seuser = strdup(start); 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!seuser) 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!strcmp(seuser, "")) 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Skip MLS if disabled, or missing. */ 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!mls_enabled || !mls_found) 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto out; 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle start = ++end; 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (*end && !isspace(*end)) 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle end++; 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *end = 0; 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle level = strdup(start); 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!level) 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!strcmp(level, "")) 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle out: 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newbuf); 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *luserp = luser; 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *seuserp = seuser; 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *levelp = level; 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(newbuf); 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(luser); 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(seuser); 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(level); 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -2; /* error */ 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint require_seusers hidden = 0; 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <pwd.h> 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <grp.h> 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic gid_t get_default_gid(const char *name) { 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct passwd pwstorage, *pwent = NULL; 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle gid_t gid = -1; 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Allocate space for the getpwnam_r buffer */ 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rbuflen <= 0) return -1; 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *rbuf = malloc(rbuflen); 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rbuf == NULL) return -1; 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (retval == 0 && pwent) { 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle gid = pwent->pw_gid; 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(rbuf); 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return gid; 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int check_group(const char *group, const char *name, const gid_t gid) { 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int match = 0; 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int i, ng = 0; 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle gid_t *groups = NULL; 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct group gbuf, *grent = NULL; 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rbuflen <= 0) 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 122dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh char *rbuf; 123dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh 124dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh while(1) { 125dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh rbuf = malloc(rbuflen); 126dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh if (rbuf == NULL) 127dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh return 0; 128dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh int retval = getgrnam_r(group, &gbuf, rbuf, 129dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh rbuflen, &grent); 130dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh if ( retval == ERANGE ) 131dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh { 132dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh free(rbuf); 133dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh rbuflen = rbuflen * 2; 134dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh } else if ( retval != 0 || grent == NULL ) 135dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh { 136dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh goto done; 137dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh } else 138dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh { 139dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh break; 140dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh } 141dd563b35e1f6918e5c96de29ea255b04ad34e891Dan Walsh } 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (getgrouplist(name, gid, NULL, &ng) < 0) { 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle groups = (gid_t *) malloc(sizeof (gid_t) * ng); 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!groups) goto done; 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (getgrouplist(name, gid, groups, &ng) < 0) goto done; 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for (i = 0; i < ng; i++) { 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (grent->gr_gid == groups[i]) { 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle match = 1; 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto done; 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle done: 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(groups); 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(rbuf); 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return match; 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint getseuserbyname(const char *name, char **r_seuser, char **r_level) 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *cfg = NULL; 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle size_t size = 0; 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *buffer = NULL; 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int rc; 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned long lineno = 0; 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int mls_enabled = is_selinux_mls_enabled(); 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *username = NULL; 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *seuser = NULL; 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *level = NULL; 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *groupseuser = NULL; 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *grouplevel = NULL; 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *defaultseuser = NULL; 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle char *defaultlevel = NULL; 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle gid_t gid = get_default_gid(name); 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cfg = fopen(selinux_usersconf_path(), "r"); 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!cfg) 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto nomatch; 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __fsetlocking(cfg, FSETLOCKING_BYCALLER); 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle while (getline(&buffer, &size, cfg) > 0) { 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ++lineno; 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle rc = process_seusers(buffer, &username, &seuser, &level, 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle mls_enabled); 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc == -1) 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; /* comment, skip */ 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (rc == -2) { 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fprintf(stderr, "%s: error on line %lu, skipping...\n", 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle selinux_usersconf_path(), lineno); 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue; 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!strcmp(username, name)) 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle break; 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (username[0] == '%' && 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle !groupseuser && 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle check_group(&username[1], name, gid)) { 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle groupseuser = seuser; 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle grouplevel = level; 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!defaultseuser && 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle !strcmp(username, "__default__")) { 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle defaultseuser = seuser; 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle defaultlevel = level; 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } else { 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(seuser); 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(level); 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(username); 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle username = NULL; 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle seuser = NULL; 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(buffer); 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(cfg); 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (seuser) { 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(username); 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(defaultseuser); 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(defaultlevel); 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(groupseuser); 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(grouplevel); 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_seuser = seuser; 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_level = level; 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (groupseuser) { 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(defaultseuser); 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(defaultlevel); 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_seuser = groupseuser; 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_level = grouplevel; 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (defaultseuser) { 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_seuser = defaultseuser; 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_level = defaultlevel; 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle nomatch: 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (require_seusers) 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Fall back to the Linux username and no level. */ 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_seuser = strdup(name); 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!(*r_seuser)) 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *r_level = NULL; 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 260532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 261532bd9a8926b4123c9444660041f4e9961543577Daniel J Walshint getseuser(const char *username, const char *service, 262532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh char **r_seuser, char **r_level) { 263532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh int ret = -1; 264532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh int len = 0; 265532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh char *seuser = NULL; 266532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh char *level = NULL; 267532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh char *buffer = NULL; 268532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh size_t size = 0; 269532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh char *rec = NULL; 270532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh char *path=NULL; 271c87df3493d9550429193a8dc7d78a6bfc4c234d3Daniel P. Berrange FILE *fp = NULL; 272532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0) 273532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh goto err; 274c87df3493d9550429193a8dc7d78a6bfc4c234d3Daniel P. Berrange fp = fopen(path, "r"); 275532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh free(path); 276532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (fp == NULL) goto err; 277532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh __fsetlocking(fp, FSETLOCKING_BYCALLER); 278532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh while (getline(&buffer, &size, fp) > 0) { 279532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (strncmp(buffer, "*:", 2) == 0) { 280532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh free(rec); 281532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh rec = strdup(buffer); 282532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh continue; 283532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh } 2845e3171f658d1d2f1e0068f485b3fff7c164e05e4Eric Paris if (!service) 2855e3171f658d1d2f1e0068f485b3fff7c164e05e4Eric Paris continue; 286532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh len = strlen(service); 287532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if ((strncmp(buffer, service, len) == 0) && 288532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh (buffer[len] == ':')) { 289532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh free(rec); 290532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh rec = strdup(buffer); 291532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh break; 292532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh } 293532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh } 294532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 295532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (! rec) goto err; 296532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh seuser = strchr(rec, ':'); 297532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (! seuser) goto err; 298532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 299532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh seuser++; 300532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh level = strchr(seuser, ':'); 301532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh *level = 0; 302532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh level++; 303532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh *r_seuser = strdup(seuser); 304532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (! *r_seuser) goto err; 305532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 306532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh len = strlen(level); 307532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (len && level[len-1] == '\n') 308532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh level[len-1] = 0; 309532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 310532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh *r_level = strdup(level); 311532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (! *r_level) { 312532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh free(*r_seuser); 313532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh goto err; 314532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh } 315532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh ret = 0; 316532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 317532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh err: 318532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh free(buffer); 319532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh if (fp) fclose(fp); 320532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh free(rec); 321532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh 322532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh return (ret ? getseuserbyname(username, r_seuser, r_level) : ret); 323532bd9a8926b4123c9444660041f4e9961543577Daniel J Walsh} 324