|
 |
2de3ab |
diff -up shadow-4.8/src/chgpasswd.c.selinux-perms shadow-4.8/src/chgpasswd.c
|
|
|
2de3ab |
--- shadow-4.8/src/chgpasswd.c.selinux-perms 2019-12-01 18:02:43.000000000 +0100
|
|
|
2de3ab |
+++ shadow-4.8/src/chgpasswd.c 2020-01-13 10:21:44.558107260 +0100
|
|
|
2de3ab |
@@ -39,6 +39,13 @@
|
|
|
2de3ab |
#include <pwd.h>
|
|
|
2de3ab |
#include <stdio.h>
|
|
|
2de3ab |
#include <stdlib.h>
|
|
|
2de3ab |
+#ifdef WITH_SELINUX
|
|
|
2de3ab |
+#include <selinux/selinux.h>
|
|
|
2de3ab |
+#include <selinux/avc.h>
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+#ifdef WITH_LIBAUDIT
|
|
|
2de3ab |
+#include <libaudit.h>
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
#ifdef ACCT_TOOLS_SETUID
|
|
|
2de3ab |
#ifdef USE_PAM
|
|
|
2de3ab |
#include "pam_defs.h"
|
|
|
2de3ab |
@@ -80,6 +87,9 @@ static bool sgr_locked = false;
|
|
|
2de3ab |
#endif
|
|
|
2de3ab |
static bool gr_locked = false;
|
|
|
2de3ab |
|
|
|
2de3ab |
+/* The name of the caller */
|
|
|
2de3ab |
+static char *myname = NULL;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
/* local function prototypes */
|
|
|
2de3ab |
static void fail_exit (int code);
|
|
|
2de3ab |
static /*@noreturn@*/void usage (int status);
|
|
|
2de3ab |
@@ -334,6 +344,63 @@ static void check_perms (void)
|
|
|
2de3ab |
#endif /* ACCT_TOOLS_SETUID */
|
|
|
2de3ab |
}
|
|
|
2de3ab |
|
|
|
2de3ab |
+#ifdef WITH_SELINUX
|
|
|
2de3ab |
+static int
|
|
|
2de3ab |
+log_callback (int type, const char *fmt, ...)
|
|
|
2de3ab |
+{
|
|
|
2de3ab |
+ int audit_fd;
|
|
|
2de3ab |
+ va_list ap;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ va_start(ap, fmt);
|
|
|
2de3ab |
+#ifdef WITH_AUDIT
|
|
|
2de3ab |
+ audit_fd = audit_open();
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ if (audit_fd >= 0) {
|
|
|
2de3ab |
+ char *buf;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ if (vasprintf (&buf, fmt, ap) < 0)
|
|
|
2de3ab |
+ goto ret;
|
|
|
2de3ab |
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
|
|
2de3ab |
+ NULL, 0);
|
|
|
2de3ab |
+ audit_close(audit_fd);
|
|
|
2de3ab |
+ free(buf);
|
|
|
2de3ab |
+ goto ret;
|
|
|
2de3ab |
+ }
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
|
|
|
2de3ab |
+ret:
|
|
|
2de3ab |
+ va_end(ap);
|
|
|
2de3ab |
+ return 0;
|
|
|
2de3ab |
+}
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+static void
|
|
|
2de3ab |
+selinux_check_root (void)
|
|
|
2de3ab |
+{
|
|
|
2de3ab |
+ int status = -1;
|
|
|
2de3ab |
+ security_context_t user_context;
|
|
|
2de3ab |
+ union selinux_callback old_callback;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ if (is_selinux_enabled() < 1)
|
|
|
2de3ab |
+ return;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
|
|
|
2de3ab |
+ /* setup callbacks */
|
|
|
2de3ab |
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
|
|
|
2de3ab |
+ if ((status = getprevcon(&user_context)) < 0) {
|
|
|
2de3ab |
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
|
|
2de3ab |
+ exit(1);
|
|
|
2de3ab |
+ }
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
|
|
2de3ab |
+ freecon(user_context);
|
|
|
2de3ab |
+ if (status != 0 && security_getenforce() != 0)
|
|
|
2de3ab |
+ exit(1);
|
|
|
2de3ab |
+}
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+
|
|
|
2de3ab |
/*
|
|
|
2de3ab |
* open_files - lock and open the group databases
|
|
|
2de3ab |
*/
|
|
|
2de3ab |
@@ -427,6 +494,7 @@ int main (int argc, char **argv)
|
|
|
2de3ab |
|
|
|
2de3ab |
const struct group *gr;
|
|
|
2de3ab |
struct group newgr;
|
|
|
2de3ab |
+ struct passwd *pw = NULL;
|
|
|
2de3ab |
int errors = 0;
|
|
|
2de3ab |
int line = 0;
|
|
|
2de3ab |
|
|
|
2de3ab |
@@ -436,12 +504,37 @@ int main (int argc, char **argv)
|
|
|
2de3ab |
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
2de3ab |
(void) textdomain (PACKAGE);
|
|
|
2de3ab |
|
|
|
2de3ab |
+#ifdef WITH_SELINUX
|
|
|
2de3ab |
+ selinux_check_root ();
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+
|
|
|
2de3ab |
process_root_flag ("-R", argc, argv);
|
|
|
2de3ab |
|
|
|
2de3ab |
process_flags (argc, argv);
|
|
|
2de3ab |
|
|
|
2de3ab |
OPENLOG ("chgpasswd");
|
|
|
2de3ab |
|
|
|
2de3ab |
+#ifdef WITH_AUDIT
|
|
|
2de3ab |
+ audit_help_open ();
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ /*
|
|
|
2de3ab |
+ * Determine the name of the user that invoked this command. This
|
|
|
2de3ab |
+ * is really hit or miss because there are so many ways that command
|
|
|
2de3ab |
+ * can be executed and so many ways to trip up the routines that
|
|
|
2de3ab |
+ * report the user name.
|
|
|
2de3ab |
+ */
|
|
|
2de3ab |
+ pw = get_my_pwent ();
|
|
|
2de3ab |
+ if (NULL == pw) {
|
|
|
2de3ab |
+ fprintf (stderr, _("%s: Cannot determine your user name.\n"),
|
|
|
2de3ab |
+ Prog);
|
|
|
2de3ab |
+ SYSLOG ((LOG_WARN,
|
|
|
2de3ab |
+ "Cannot determine the user name of the caller (UID %lu)",
|
|
|
2de3ab |
+ (unsigned long) getuid ()));
|
|
|
2de3ab |
+ exit (E_NOPERM);
|
|
|
2de3ab |
+ }
|
|
|
2de3ab |
+ myname = xstrdup (pw->pw_name);
|
|
|
2de3ab |
+
|
|
|
2de3ab |
check_perms ();
|
|
|
2de3ab |
|
|
|
2de3ab |
#ifdef SHADOWGRP
|
|
|
2de3ab |
diff -up shadow-4.8/src/chpasswd.c.selinux-perms shadow-4.8/src/chpasswd.c
|
|
|
2de3ab |
--- shadow-4.8/src/chpasswd.c.selinux-perms 2019-12-01 18:02:43.000000000 +0100
|
|
|
2de3ab |
+++ shadow-4.8/src/chpasswd.c 2020-01-13 10:21:44.558107260 +0100
|
|
|
2de3ab |
@@ -39,6 +39,13 @@
|
|
|
2de3ab |
#include <pwd.h>
|
|
|
2de3ab |
#include <stdio.h>
|
|
|
2de3ab |
#include <stdlib.h>
|
|
|
2de3ab |
+#ifdef WITH_SELINUX
|
|
|
2de3ab |
+#include <selinux/selinux.h>
|
|
|
2de3ab |
+#include <selinux/avc.h>
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+#ifdef WITH_LIBAUDIT
|
|
|
2de3ab |
+#include <libaudit.h>
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
#ifdef USE_PAM
|
|
|
2de3ab |
#include "pam_defs.h"
|
|
|
2de3ab |
#endif /* USE_PAM */
|
|
|
2de3ab |
@@ -332,6 +339,63 @@ static void check_perms (void)
|
|
|
2de3ab |
#endif /* USE_PAM */
|
|
|
2de3ab |
}
|
|
|
2de3ab |
|
|
|
2de3ab |
+#ifdef WITH_SELINUX
|
|
|
2de3ab |
+static int
|
|
|
2de3ab |
+log_callback (int type, const char *fmt, ...)
|
|
|
2de3ab |
+{
|
|
|
2de3ab |
+ int audit_fd;
|
|
|
2de3ab |
+ va_list ap;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ va_start(ap, fmt);
|
|
|
2de3ab |
+#ifdef WITH_AUDIT
|
|
|
2de3ab |
+ audit_fd = audit_open();
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ if (audit_fd >= 0) {
|
|
|
2de3ab |
+ char *buf;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ if (vasprintf (&buf, fmt, ap) < 0)
|
|
|
2de3ab |
+ goto ret;
|
|
|
2de3ab |
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
|
|
2de3ab |
+ NULL, 0);
|
|
|
2de3ab |
+ audit_close(audit_fd);
|
|
|
2de3ab |
+ free(buf);
|
|
|
2de3ab |
+ goto ret;
|
|
|
2de3ab |
+ }
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
|
|
|
2de3ab |
+ret:
|
|
|
2de3ab |
+ va_end(ap);
|
|
|
2de3ab |
+ return 0;
|
|
|
2de3ab |
+}
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+static void
|
|
|
2de3ab |
+selinux_check_root (void)
|
|
|
2de3ab |
+{
|
|
|
2de3ab |
+ int status = -1;
|
|
|
2de3ab |
+ security_context_t user_context;
|
|
|
2de3ab |
+ union selinux_callback old_callback;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ if (is_selinux_enabled() < 1)
|
|
|
2de3ab |
+ return;
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
|
|
|
2de3ab |
+ /* setup callbacks */
|
|
|
2de3ab |
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
|
|
|
2de3ab |
+ if ((status = getprevcon(&user_context)) < 0) {
|
|
|
2de3ab |
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
|
|
2de3ab |
+ exit(1);
|
|
|
2de3ab |
+ }
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
|
|
|
2de3ab |
+
|
|
|
2de3ab |
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
|
|
2de3ab |
+ freecon(user_context);
|
|
|
2de3ab |
+ if (status != 0 && security_getenforce() != 0)
|
|
|
2de3ab |
+ exit(1);
|
|
|
2de3ab |
+}
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+
|
|
|
2de3ab |
/*
|
|
|
2de3ab |
* open_files - lock and open the password databases
|
|
|
2de3ab |
*/
|
|
|
2de3ab |
@@ -428,6 +492,10 @@ int main (int argc, char **argv)
|
|
|
2de3ab |
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
2de3ab |
(void) textdomain (PACKAGE);
|
|
|
2de3ab |
|
|
|
2de3ab |
+#ifdef WITH_SELINUX
|
|
|
2de3ab |
+ selinux_check_root ();
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+
|
|
|
2de3ab |
process_root_flag ("-R", argc, argv);
|
|
|
2de3ab |
|
|
|
2de3ab |
process_flags (argc, argv);
|
|
|
2de3ab |
@@ -440,6 +508,10 @@ int main (int argc, char **argv)
|
|
|
2de3ab |
|
|
|
2de3ab |
OPENLOG ("chpasswd");
|
|
|
2de3ab |
|
|
|
2de3ab |
+#ifdef WITH_AUDIT
|
|
|
2de3ab |
+ audit_help_open ();
|
|
|
2de3ab |
+#endif
|
|
|
2de3ab |
+
|
|
|
2de3ab |
check_perms ();
|
|
|
2de3ab |
|
|
|
2de3ab |
#ifdef USE_PAM
|