From 214c04af59ea09589743b88943a7ba0adac64a7a Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Wed, 24 Sep 2014 16:03:04 +0200
Subject: [PATCH 02/22] sss_semanage: Add mlsrange parameter to set_seuser
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mlsrange parameter will be needed in IPA provider
and probably at some point in the tools as well.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/tools/sss_useradd.c |  2 +-
 src/tools/sss_usermod.c |  2 +-
 src/util/sss_semanage.c | 25 ++++++++++++++++---------
 src/util/util.h         |  3 ++-
 4 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c
index 59439401e225d752ea9a82fdb33900bf44699e18..8521b83011b42c9e2acca4136f154acb3919440c 100644
--- a/src/tools/sss_useradd.c
+++ b/src/tools/sss_useradd.c
@@ -205,7 +205,7 @@ int main(int argc, const char **argv)
 
     /* Set SELinux login context - must be done after transaction is done
      * b/c libselinux calls getpwnam */
-    ret = set_seuser(tctx->octx->name, pc_selinux_user);
+    ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL);
     if (ret != EOK) {
         ERROR("Cannot set SELinux login context\n");
         ret = EXIT_FAILURE;
diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c
index 9683c6e9e7c2bf389563515162a3772ee73987ed..55e94394766f5f46bb3c14c231186f2d79d6b6ab 100644
--- a/src/tools/sss_usermod.c
+++ b/src/tools/sss_usermod.c
@@ -300,7 +300,7 @@ int main(int argc, const char **argv)
 
     /* Set SELinux login context - must be done after transaction is done
      * b/c libselinux calls getpwnam */
-    ret = set_seuser(tctx->octx->name, pc_selinux_user);
+    ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL);
     if (ret != EOK) {
         ERROR("Cannot set SELinux login context\n");
         ret = EXIT_FAILURE;
diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c
index dbef3b3437f9ac51021f30b510b9c15cd34e297a..3c566553f2085a696f79c5ee35ec6015824d56a6 100644
--- a/src/util/sss_semanage.c
+++ b/src/util/sss_semanage.c
@@ -22,7 +22,6 @@
 #include "config.h"
 
 #include <stdio.h>
-
 #ifdef HAVE_SEMANAGE
 #include <semanage/semanage.h>
 #endif
@@ -118,7 +117,8 @@ fail:
 static int sss_semanage_user_add(semanage_handle_t *handle,
                                  semanage_seuser_key_t *key,
                                  const char *login_name,
-                                 const char *seuser_name)
+                                 const char *seuser_name,
+                                 const char *mls)
 {
     int ret;
     semanage_seuser_t *seuser = NULL;
@@ -138,7 +138,8 @@ static int sss_semanage_user_add(semanage_handle_t *handle,
         goto done;
     }
 
-    ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
+    ret = semanage_seuser_set_mlsrange(handle, seuser,
+                                       mls ? mls : DEFAULT_SERANGE);
     if (ret != 0) {
         DEBUG(SSSDBG_CRIT_FAILURE,
               "Could not set serange for %s\n", login_name);
@@ -171,7 +172,8 @@ done:
 static int sss_semanage_user_mod(semanage_handle_t *handle,
                                  semanage_seuser_key_t *key,
                                  const char *login_name,
-                                 const char *seuser_name)
+                                 const char *seuser_name,
+                                 const char *mls)
 {
     int ret;
     semanage_seuser_t *seuser = NULL;
@@ -184,7 +186,8 @@ static int sss_semanage_user_mod(semanage_handle_t *handle,
         goto done;
     }
 
-    ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
+    ret = semanage_seuser_set_mlsrange(handle, seuser,
+                                       mls ? mls : DEFAULT_SERANGE);
     if (ret != 0) {
         DEBUG(SSSDBG_CRIT_FAILURE,
               "Could not set serange for %s\n", login_name);
@@ -213,7 +216,8 @@ done:
     return ret;
 }
 
-int set_seuser(const char *login_name, const char *seuser_name)
+int set_seuser(const char *login_name, const char *seuser_name,
+               const char *mls)
 {
     semanage_handle_t *handle = NULL;
     semanage_seuser_key_t *key = NULL;
@@ -247,14 +251,16 @@ int set_seuser(const char *login_name, const char *seuser_name)
     }
 
     if (seuser_exists) {
-        ret = sss_semanage_user_mod(handle, key, login_name, seuser_name);
+        ret = sss_semanage_user_mod(handle, key, login_name, seuser_name,
+                                    mls);
         if (ret != 0) {
             DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n");
             ret = EIO;
             goto done;
         }
     } else {
-        ret = sss_semanage_user_add(handle, key, login_name, seuser_name);
+        ret = sss_semanage_user_add(handle, key, login_name, seuser_name,
+                                    mls);
         if (ret != 0) {
             DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n");
             ret = EIO;
@@ -348,7 +354,8 @@ done:
 }
 
 #else /* HAVE_SEMANAGE */
-int set_seuser(const char *login_name, const char *seuser_name)
+int set_seuser(const char *login_name, const char *seuser_name,
+               const char *mls)
 {
     return EOK;
 }
diff --git a/src/util/util.h b/src/util/util.h
index b43ce6f5092e9920609826bead483976fef2f9b1..0af4db3fec723ef372f7c1acde0e3f9f013f90e0 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -592,7 +592,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
 errno_t restore_creds(struct sss_creds *saved_creds);
 
 /* from sss_semanage.c */
-int set_seuser(const char *login_name, const char *seuser_name);
+int set_seuser(const char *login_name, const char *seuser_name,
+               const char *mlsrange);
 int del_seuser(const char *login_name);
 
 #endif /* __SSSD_UTIL_H__ */
-- 
1.9.3