From 721aa7e45ba56530c571743de4762605560f90cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 10 Jan 2019 13:26:49 +0100
Subject: [PATCH] lib: label temporary files with correct selinux context
Resolves:
https://github.com/pbrezina/authselect/issues/128
---
configure.ac | 1 +
rpm/authselect.spec.in | 1 +
src/build_macros.m4 | 13 +++
src/lib/Makefile.am | 3 +
src/lib/util/selinux.c | 143 +++++++++++++++++++++++++++++
src/lib/util/{util.h => selinux.h} | 37 +++++---
src/lib/util/template.c | 16 +---
src/lib/util/util.h | 1 +
8 files changed, 192 insertions(+), 23 deletions(-)
create mode 100644 src/lib/util/selinux.c
copy src/lib/util/{util.h => selinux.h} (50%)
diff --git a/configure.ac b/configure.ac
index 0ddb875439133d10a9ece8b92a2df1719065d349..667d41c1f67264850fd9e175598214d751078a7e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,6 +37,7 @@ m4_include(external/po4a.m4)
dnl Required libraries
REQUIRE_POPT
REQUIRE_CMOCKA
+REQUIRE_SELINUX
dnl Optional build dependencies - man pages generation
CHECK_ASCIIDOC_TOOLS
diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
index c56ad4e2e0e23c902471fbacdb8bc3742bd8fa2d..f47c77ac3768ccf9c049c9ba512209fad059e418 100644
--- a/rpm/authselect.spec.in
+++ b/rpm/authselect.spec.in
@@ -24,6 +24,7 @@ BuildRequires: gettext-devel
BuildRequires: po4a
BuildRequires: %{_bindir}/a2x
BuildRequires: libcmocka-devel >= 1.0.0
+BuildRequires: libselinux-devel
Requires: authselect-libs%{?_isa} = %{version}-%{release}
Suggests: sssd
Suggests: samba-winbind
diff --git a/src/build_macros.m4 b/src/build_macros.m4
index 5da871ec8cadfa200630420b5fe932d8af0473a3..dfedd47fd84c7201cfad30621761a3c1c564bc18 100644
--- a/src/build_macros.m4
+++ b/src/build_macros.m4
@@ -28,3 +28,16 @@ AC_DEFUN([REQUIRE_CMOCKA],
)
AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes])
])
+
+AC_DEFUN([REQUIRE_SELINUX],
+[
+ AC_CHECK_HEADERS(selinux/selinux.h,
+ [AC_CHECK_LIB(selinux, is_selinux_enabled,
+ [SELINUX_LIBS="-lselinux"],
+ [AC_MSG_ERROR([SELinux library is missing])]
+ )],
+ [AC_MSG_ERROR([SELinux headers are missing])]
+ )
+ AC_SUBST(SELINUX_LIBS)
+])
+
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 2726062c421f7836ebc69fbbc0f5410cf3d19803..6c1191c702efbf52d45c7204311e4e9d1e64de3b 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -15,6 +15,7 @@ noinst_HEADERS = \
files/files.h \
profiles/profiles.h \
util/file.h \
+ util/selinux.h \
util/string_array.h \
util/string.h \
util/template.h \
@@ -55,6 +56,7 @@ libauthselect_la_SOURCES = \
profiles/list.c \
profiles/read.c \
util/file.c \
+ util/selinux.c \
util/string_array.c \
util/string.c \
util/template.c \
@@ -62,6 +64,7 @@ libauthselect_la_SOURCES = \
$(NULL)
libauthselect_la_LIBADD = \
$(top_builddir)/src/common/libcommon.la \
+ $(SELINUX_LIBS) \
$(NULL)
libauthselect_la_CFLAGS = \
$(AM_CFLAGS) \
diff --git a/src/lib/util/selinux.c b/src/lib/util/selinux.c
new file mode 100644
index 0000000000000000000000000000000000000000..05c8d7b19b13e1eff6086faa58657c3e41a44cc0
--- /dev/null
+++ b/src/lib/util/selinux.c
@@ -0,0 +1,143 @@
+/*
+ Authors:
+ Pavel Březina <pbrezina@redhat.com>
+
+ Copyright (C) 2018 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+
+#include "common/common.h"
+
+errno_t
+selinux_get_default_context(const char *path,
+ char **_context)
+{
+ struct selabel_handle *handle;
+ char *context;
+ errno_t ret;
+
+ handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (handle == NULL) {
+ ret = errno;
+ ERROR("Unable to create selable context [%d]: %s", ret, strerror(ret));
+ return ret;
+ }
+
+ ret = selabel_lookup(handle, &context, path, 0);
+ if (ret != 0) {
+ ret = errno;
+ if (ret == ENOENT) {
+ return ENOENT;
+ }
+
+ ERROR("Unable to lookup selinux context [%d]: %s", ret, strerror(ret));
+ } else {
+ *_context = context;
+ ret = EOK;
+ }
+
+ selabel_close(handle);
+
+ return ret;
+}
+
+errno_t
+selinux_mkstemp_of(const char *filepath,
+ char **_tmpfile)
+{
+ char *original_context = NULL;
+ char *default_context = NULL;
+ char *tmpfile = NULL;
+ errno_t ret;
+ int seret;
+ int fd;
+
+ seret = getfscreatecon(&original_context);
+ if (seret != 0) {
+ ERROR("Unable to get current fscreate selinux context!");
+ return EIO;
+ }
+
+ tmpfile = format("%s.XXXXXX", filepath);
+ if (tmpfile == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = selinux_get_default_context(filepath, &default_context);
+ if (ret == ENOENT) {
+ default_context = NULL;
+ } else if (ret != EOK) {
+ ERROR("Unable to get default selinux context for [%s] [%d]: %s!",
+ filepath, ret, strerror(ret));
+ goto done;
+ }
+
+ seret = setfscreatecon(default_context);
+ if (seret != 0) {
+ ERROR("Unable to set fscreate selinux context!");
+ ret = EIO;
+ goto done;
+ }
+
+ fd = mkstemp(tmpfile);
+ if (fd == -1) {
+ ret = errno;
+
+ seret = setfscreatecon(original_context);
+ if (seret != 0) {
+ ERROR("Unable to restore fscreate selinux context!");
+ ret = EIO;
+ goto done;
+ }
+
+ goto done;
+ }
+
+ close(fd);
+
+ seret = setfscreatecon(original_context);
+ if (seret != 0) {
+ ERROR("Unable to restore fscreate selinux context!");
+ ret = EIO;
+ goto done;
+ }
+
+ *_tmpfile = tmpfile;
+
+ ret = EOK;
+
+done:
+ if (original_context != NULL) {
+ freecon(original_context);
+ }
+
+ if (default_context != NULL) {
+ freecon(default_context);
+ }
+
+ if (ret != EOK) {
+ free(tmpfile);
+ }
+
+ return ret;
+}
diff --git a/src/lib/util/util.h b/src/lib/util/selinux.h
similarity index 50%
copy from src/lib/util/util.h
copy to src/lib/util/selinux.h
index b81990722d62ccf466c0687454c82ea3ee171436..26f2374140562dd085145845ed3092a0ddcf924e 100644
--- a/src/lib/util/util.h
+++ b/src/lib/util/selinux.h
@@ -18,20 +18,33 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _UTIL_H_
-#define _UTIL_H_
+#ifndef _SELINUX_H_
+#define _SELINUX_H_
+
+#include "common/errno_t.h"
/**
- * Many of the utility functions are not as effective as they can be but
- * this is OK since authselect works only with small configuration files
- * therefore we can prefer clean and simple code over performance.
+ * Get default security context for @path.
+ *
+ * @param path Path to the file.
+ *
+ * @return EOK on success, ENOENT if context was not found, other errno code
+ * is returned on failure.
*/
+errno_t
+selinux_get_default_context(const char *path);
-#include "common/common.h"
-#include "lib/util/file.h"
-#include "lib/util/string.h"
-#include "lib/util/string_array.h"
-#include "lib/util/template.h"
-#include "lib/util/textfile.h"
+/**
+ * Create temporary file created on @filepath.XXXXXX with security context
+ * set to default security context of @filepath.
+ *
+ * @param filepath File for which a temporary file should be created.
+ * @param _tmpfile Create temporary file.
+ *
+ * @return EOK on success, other errno code on failure.
+ */
+errno_t
+selinux_mkstemp_of(const char *filepath,
+ char **_tmpfile);
-#endif /* _UTIL_H_ */
+#endif /* _SELINUX_H_ */
diff --git a/src/lib/util/template.c b/src/lib/util/template.c
index 0eedd2b04146f201a5c37f45c1d08f01c079d61f..9773dcbf1ecbde4fe2408f1b816dce129747806f 100644
--- a/src/lib/util/template.c
+++ b/src/lib/util/template.c
@@ -27,6 +27,7 @@
#include "common/common.h"
#include "lib/util/template.h"
#include "lib/util/textfile.h"
+#include "lib/util/selinux.h"
#include "lib/util/string.h"
#include "lib/util/string_array.h"
@@ -594,23 +595,16 @@ template_write_temporary(const char *filepath,
mode_t oldmask;
char *tmpfile;
errno_t ret;
- int fd;
-
- tmpfile = format("%s.XXXXXX", filepath);
- if (tmpfile == NULL) {
- return ENOMEM;
- }
oldmask = umask(mode);
- fd = mkstemp(tmpfile);;
- if (fd == -1) {
- ret = errno;
+ ret = selinux_mkstemp_of(filepath, &tmpfile);
+ if (ret != EOK) {
+ ERROR("Unable to create temporary file for [%s] [%d]: %s",
+ filepath, ret, strerror(ret));
goto done;
}
- close(fd);
-
ret = template_write(tmpfile, content, mode);
if (ret != EOK) {
goto done;
diff --git a/src/lib/util/util.h b/src/lib/util/util.h
index b81990722d62ccf466c0687454c82ea3ee171436..e75afaef316fc8f8fd4d2aabbab7be1aa24e9ac7 100644
--- a/src/lib/util/util.h
+++ b/src/lib/util/util.h
@@ -29,6 +29,7 @@
#include "common/common.h"
#include "lib/util/file.h"
+#include "lib/util/selinux.h"
#include "lib/util/string.h"
#include "lib/util/string_array.h"
#include "lib/util/template.h"
--
2.17.2