Blame SOURCES/0013-libsemanage-allow-spaces-in-user-group-names.patch

1aff52
From f4a0e563dfff91d308d1738bbabdddc9ab672098 Mon Sep 17 00:00:00 2001
1aff52
From: Vit Mojzis <vmojzis@redhat.com>
1aff52
Date: Thu, 17 Feb 2022 13:49:23 +0100
1aff52
Subject: [PATCH] libsemanage: allow spaces in user/group names
1aff52
1aff52
"semanage login -a" accepts whitespaces in user/group name
1aff52
(e.g. users/groups from Active Directory), which may lead to issues down
1aff52
the line since libsemanage doesn't expect whitespaces in
1aff52
/var/lib/selinux/targeted/active/seusers and other config files.
1aff52
1aff52
Fixes:
1aff52
  Artificial but simple reproducer
1aff52
  # groupadd server_admins
1aff52
  # sed -i "s/^server_admins/server admins/" /etc/group
1aff52
  # semanage login -a -s staff_u %server\ admins
1aff52
  # semanage login -l  (or "semodule -B")
1aff52
  libsemanage.parse_assert_ch: expected character ':', but found 'a' (/var/lib/selinux/targeted/active/seusers: 6):
1aff52
  %server admins:staff_u:s0-s0:c0.c1023 (No such file or directory).
1aff52
  libsemanage.seuser_parse: could not parse seuser record (No such file or directory).
1aff52
  libsemanage.dbase_file_cache: could not cache file database (No such file or directory).
1aff52
  libsemanage.enter_ro: could not enter read-only section (No such file or directory).
1aff52
  FileNotFoundError: [Errno 2] No such file or directory
1aff52
1aff52
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
1aff52
---
1aff52
 libsemanage/src/booleans_file.c    |  2 +-
1aff52
 libsemanage/src/fcontexts_file.c   |  6 +++---
1aff52
 libsemanage/src/ibendports_file.c  |  4 ++--
1aff52
 libsemanage/src/ibpkeys_file.c     |  4 ++--
1aff52
 libsemanage/src/interfaces_file.c  |  6 +++---
1aff52
 libsemanage/src/nodes_file.c       |  8 ++++----
1aff52
 libsemanage/src/parse_utils.c      |  6 +++---
1aff52
 libsemanage/src/parse_utils.h      | 11 +++++------
1aff52
 libsemanage/src/ports_file.c       |  4 ++--
1aff52
 libsemanage/src/seusers_file.c     |  6 +++---
1aff52
 libsemanage/src/users_base_file.c  |  7 +++----
1aff52
 libsemanage/src/users_extra_file.c |  4 ++--
1aff52
 12 files changed, 33 insertions(+), 35 deletions(-)
1aff52
1aff52
diff --git a/libsemanage/src/booleans_file.c b/libsemanage/src/booleans_file.c
1aff52
index f79d0b44..6d600bbc 100644
1aff52
--- a/libsemanage/src/booleans_file.c
1aff52
+++ b/libsemanage/src/booleans_file.c
1aff52
@@ -48,7 +48,7 @@ static int bool_parse(semanage_handle_t * handle,
1aff52
 		goto last;
1aff52
 
1aff52
 	/* Extract name */
1aff52
-	if (parse_fetch_string(handle, info, &str, '=') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, '=', 0) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
 	if (semanage_bool_set_name(handle, boolean, str) < 0)
1aff52
diff --git a/libsemanage/src/fcontexts_file.c b/libsemanage/src/fcontexts_file.c
1aff52
index 1e596519..ad177208 100644
1aff52
--- a/libsemanage/src/fcontexts_file.c
1aff52
+++ b/libsemanage/src/fcontexts_file.c
1aff52
@@ -91,7 +91,7 @@ static int fcontext_parse(semanage_handle_t * handle,
1aff52
 		goto last;
1aff52
 
1aff52
 	/* Regexp */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_fcontext_set_expr(handle, fcontext, str) < 0)
1aff52
 		goto err;
1aff52
@@ -101,7 +101,7 @@ static int fcontext_parse(semanage_handle_t * handle,
1aff52
 	/* Type */
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (!strcasecmp(str, "-s"))
1aff52
 		semanage_fcontext_set_type(fcontext, SEMANAGE_FCONTEXT_SOCK);
1aff52
@@ -125,7 +125,7 @@ static int fcontext_parse(semanage_handle_t * handle,
1aff52
 	/* Context */
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
       process_context:
1aff52
diff --git a/libsemanage/src/ibendports_file.c b/libsemanage/src/ibendports_file.c
1aff52
index 402c7a5e..47a62429 100644
1aff52
--- a/libsemanage/src/ibendports_file.c
1aff52
+++ b/libsemanage/src/ibendports_file.c
1aff52
@@ -76,7 +76,7 @@ static int ibendport_parse(semanage_handle_t *handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* IB Device Name */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_ibendport_set_ibdev_name(handle, ibendport, str) < 0)
1aff52
 		goto err;
1aff52
@@ -93,7 +93,7 @@ static int ibendport_parse(semanage_handle_t *handle,
1aff52
 	/* context */
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_context_from_string(handle, str, &con) < 0) {
1aff52
 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
1aff52
diff --git a/libsemanage/src/ibpkeys_file.c b/libsemanage/src/ibpkeys_file.c
1aff52
index ceaea7ad..5424e279 100644
1aff52
--- a/libsemanage/src/ibpkeys_file.c
1aff52
+++ b/libsemanage/src/ibpkeys_file.c
1aff52
@@ -81,7 +81,7 @@ static int ibpkey_parse(semanage_handle_t *handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Subnet Prefix */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_ibpkey_set_subnet_prefix(handle, ibpkey, str) < 0)
1aff52
 		goto err;
1aff52
@@ -116,7 +116,7 @@ static int ibpkey_parse(semanage_handle_t *handle,
1aff52
 		semanage_ibpkey_set_pkey(ibpkey, low);
1aff52
 	}
1aff52
 	/* Pkey context */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_context_from_string(handle, str, &con) < 0) {
1aff52
 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
1aff52
diff --git a/libsemanage/src/interfaces_file.c b/libsemanage/src/interfaces_file.c
1aff52
index 1478af97..b105f807 100644
1aff52
--- a/libsemanage/src/interfaces_file.c
1aff52
+++ b/libsemanage/src/interfaces_file.c
1aff52
@@ -73,7 +73,7 @@ static int iface_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Name */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_iface_set_name(handle, iface, str) < 0)
1aff52
 		goto err;
1aff52
@@ -83,7 +83,7 @@ static int iface_parse(semanage_handle_t * handle,
1aff52
 	/* Interface context */
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_context_from_string(handle, str, &con) < 0) {
1aff52
 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
1aff52
@@ -107,7 +107,7 @@ static int iface_parse(semanage_handle_t * handle,
1aff52
 	/* Message context */
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_context_from_string(handle, str, &con) < 0) {
1aff52
 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
1aff52
diff --git a/libsemanage/src/nodes_file.c b/libsemanage/src/nodes_file.c
1aff52
index f6c8895d..922355dd 100644
1aff52
--- a/libsemanage/src/nodes_file.c
1aff52
+++ b/libsemanage/src/nodes_file.c
1aff52
@@ -78,7 +78,7 @@ static int node_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Protocol */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (!strcasecmp(str, "ipv4"))
1aff52
 		proto = SEMANAGE_PROTO_IP4;
1aff52
@@ -97,7 +97,7 @@ static int node_parse(semanage_handle_t * handle,
1aff52
 	/* Address */
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_node_set_addr(handle, node, proto, str) < 0)
1aff52
 		goto err;
1aff52
@@ -107,7 +107,7 @@ static int node_parse(semanage_handle_t * handle,
1aff52
 	str = NULL;
1aff52
 
1aff52
 	/* Netmask */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_node_set_mask(handle, node, proto, str) < 0)
1aff52
 		goto err;
1aff52
@@ -117,7 +117,7 @@ static int node_parse(semanage_handle_t * handle,
1aff52
 	str = NULL;
1aff52
 
1aff52
 	/* Port context */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_context_from_string(handle, str, &con) < 0) {
1aff52
 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
1aff52
diff --git a/libsemanage/src/parse_utils.c b/libsemanage/src/parse_utils.c
1aff52
index 4fb54fc3..918dee43 100644
1aff52
--- a/libsemanage/src/parse_utils.c
1aff52
+++ b/libsemanage/src/parse_utils.c
1aff52
@@ -239,7 +239,7 @@ int parse_fetch_int(semanage_handle_t * handle,
1aff52
 	char *test = NULL;
1aff52
 	int value = 0;
1aff52
 
1aff52
-	if (parse_fetch_string(handle, info, &str, delim) < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, delim, 0) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
 	if (!isdigit((int)*str)) {
1aff52
@@ -267,7 +267,7 @@ int parse_fetch_int(semanage_handle_t * handle,
1aff52
 }
1aff52
 
1aff52
 int parse_fetch_string(semanage_handle_t * handle,
1aff52
-		       parse_info_t * info, char **str, char delim)
1aff52
+		       parse_info_t * info, char **str, char delim, int allow_spaces)
1aff52
 {
1aff52
 
1aff52
 	char *start = info->ptr;
1aff52
@@ -277,7 +277,7 @@ int parse_fetch_string(semanage_handle_t * handle,
1aff52
 	if (parse_assert_noeof(handle, info) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
-	while (*(info->ptr) && !isspace(*(info->ptr)) &&
1aff52
+	while (*(info->ptr) && (allow_spaces || !isspace(*(info->ptr))) &&
1aff52
 	       (*(info->ptr) != delim)) {
1aff52
 		info->ptr++;
1aff52
 		len++;
1aff52
diff --git a/libsemanage/src/parse_utils.h b/libsemanage/src/parse_utils.h
1aff52
index 0f334860..3e44aca1 100644
1aff52
--- a/libsemanage/src/parse_utils.h
1aff52
+++ b/libsemanage/src/parse_utils.h
1aff52
@@ -71,12 +71,11 @@ extern int parse_optional_str(parse_info_t * info, const char *str);
1aff52
 int parse_fetch_int(semanage_handle_t * hgandle,
1aff52
 		    parse_info_t * info, int *num, char delim);
1aff52
 
1aff52
-/* Extract the next string (delimited by 
1aff52
- * whitespace), and move the read pointer past it.
1aff52
- * Stop of the optional character delim is encountered,
1aff52
- * or if whitespace/eof is encountered. Fail if the
1aff52
- * string is of length 0. */
1aff52
+/* Extract the next string and move the read pointer past it.
1aff52
+ * Stop if the optional character delim (or eof) is encountered,
1aff52
+ * or if whitespace is encountered and allow_spaces is 0.
1aff52
+ * Fail if the string is of length 0. */
1aff52
 extern int parse_fetch_string(semanage_handle_t * handle,
1aff52
-			      parse_info_t * info, char **str_ptr, char delim);
1aff52
+			      parse_info_t * info, char **str_ptr, char delim, int allow_spaces);
1aff52
 
1aff52
 #endif
1aff52
diff --git a/libsemanage/src/ports_file.c b/libsemanage/src/ports_file.c
1aff52
index 4738d467..0c151089 100644
1aff52
--- a/libsemanage/src/ports_file.c
1aff52
+++ b/libsemanage/src/ports_file.c
1aff52
@@ -78,7 +78,7 @@ static int port_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Protocol */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (!strcasecmp(str, "tcp"))
1aff52
 		semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
1aff52
@@ -124,7 +124,7 @@ static int port_parse(semanage_handle_t * handle,
1aff52
 		semanage_port_set_port(port, low);
1aff52
 
1aff52
 	/* Port context */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_context_from_string(handle, str, &con) < 0) {
1aff52
 		ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
1aff52
diff --git a/libsemanage/src/seusers_file.c b/libsemanage/src/seusers_file.c
1aff52
index 910bedf4..21b970ac 100644
1aff52
--- a/libsemanage/src/seusers_file.c
1aff52
+++ b/libsemanage/src/seusers_file.c
1aff52
@@ -53,7 +53,7 @@ static int seuser_parse(semanage_handle_t * handle,
1aff52
 		goto last;
1aff52
 
1aff52
 	/* Extract name */
1aff52
-	if (parse_fetch_string(handle, info, &str, ':') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ':', 1) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_seuser_set_name(handle, seuser, str) < 0)
1aff52
 		goto err;
1aff52
@@ -68,7 +68,7 @@ static int seuser_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Extract sename */
1aff52
-	if (parse_fetch_string(handle, info, &str, ':') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ':', 1) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_seuser_set_sename(handle, seuser, str) < 0)
1aff52
 		goto err;
1aff52
@@ -83,7 +83,7 @@ static int seuser_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* NOTE: does not allow spaces/multiline */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
 	if (semanage_seuser_set_mlsrange(handle, seuser, str) < 0)
1aff52
diff --git a/libsemanage/src/users_base_file.c b/libsemanage/src/users_base_file.c
1aff52
index 0f0a8fdb..a0f8cd7e 100644
1aff52
--- a/libsemanage/src/users_base_file.c
1aff52
+++ b/libsemanage/src/users_base_file.c
1aff52
@@ -83,7 +83,7 @@ static int user_base_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Parse user name */
1aff52
-	if (parse_fetch_string(handle, info, &name_str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &name_str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
 	if (semanage_user_base_set_name(handle, user, name_str) < 0) {
1aff52
@@ -150,7 +150,7 @@ static int user_base_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* NOTE: does not allow spaces/multiline */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_user_base_set_mlslevel(handle, user, str) < 0)
1aff52
 		goto err;
1aff52
@@ -165,8 +165,7 @@ static int user_base_parse(semanage_handle_t * handle,
1aff52
 	if (parse_assert_space(handle, info) < 0)
1aff52
 		goto err;
1aff52
 
1aff52
-	/* NOTE: does not allow spaces/multiline */
1aff52
-	if (parse_fetch_string(handle, info, &str, ';') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ';', 1) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_user_base_set_mlsrange(handle, user, str) < 0)
1aff52
 		goto err;
1aff52
diff --git a/libsemanage/src/users_extra_file.c b/libsemanage/src/users_extra_file.c
1aff52
index 8f2bebd6..7aa9df3c 100644
1aff52
--- a/libsemanage/src/users_extra_file.c
1aff52
+++ b/libsemanage/src/users_extra_file.c
1aff52
@@ -57,7 +57,7 @@ static int user_extra_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Extract name */
1aff52
-	if (parse_fetch_string(handle, info, &str, ' ') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_user_extra_set_name(handle, user_extra, str) < 0)
1aff52
 		goto err;
1aff52
@@ -73,7 +73,7 @@ static int user_extra_parse(semanage_handle_t * handle,
1aff52
 		goto err;
1aff52
 
1aff52
 	/* Extract prefix */
1aff52
-	if (parse_fetch_string(handle, info, &str, ';') < 0)
1aff52
+	if (parse_fetch_string(handle, info, &str, ';', 1) < 0)
1aff52
 		goto err;
1aff52
 	if (semanage_user_extra_set_prefix(handle, user_extra, str) < 0)
1aff52
 		goto err;
1aff52
-- 
1aff52
2.35.3
1aff52