rpms / ypserv

Clone
Source Code
GIT

Blame SOURCES/ypserv-2.31-selinux-context.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c7
  2.   SOURCES
  3.   ypserv-2.31-selinux-context.patch
Blob History Raw
194c2d 
--- ypserv-2.31/rpc.yppasswdd/Makefile.am.selinux-context	2016-01-25 15:39:35.038050672 +0100
194c2d 
+++ ypserv-2.31/rpc.yppasswdd/Makefile.am	2016-01-25 15:39:56.203036632 +0100
194c2d 
@@ -26,7 +26,7 @@
194c2d
194c2d 
 rpc_yppasswdd_LDFLAGS = -Wl,-z,relro,-z,now
194c2d
194c2d 
-rpc_yppasswdd_LDADD =  @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) $(LIBSYSTEMD_DAEMON)
194c2d 
+rpc_yppasswdd_LDADD =  @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) $(LIBSYSTEMD_DAEMON) $(LIBSELINUX)
194c2d 
 rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@
194c2d
194c2d 
 if ENABLE_REGENERATE_MAN
194c2d 
--- ypserv-2.31/configure.in.selinux-context.patch	2016-01-25 16:07:01.662180676 +0100
194c2d 
+++ ypserv-2.31/configure.in	2016-01-25 16:07:57.116157640 +0100
194c2d 
@@ -243,6 +243,26 @@
194c2d 
   echo ""
194c2d 
   exit
194c2d 
 fi
194c2d 
+AC_ARG_WITH(selinux,
194c2d 
+    [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])],
194c2d 
+
194c2d 
+  [ if test "$withval" = "yes"; then
194c2d 
+    AC_CHECK_HEADERS([selinux/selinux.h], [],
194c2d 
+        [AC_MSG_ERROR([Missing SELinux header files])])
194c2d 
+    AC_CHECK_LIB(selinux, setfilecon_raw, [],
194c2d 
+        [AC_MSG_ERROR([Missing or incorrect SELinux library])])
194c2d 
+    AC_CHECK_LIB(selinux, getfilecon_raw, [],
194c2d 
+        [AC_MSG_ERROR([Missing or incorrect SELinux library])])
194c2d 
+    AC_CHECK_LIB(selinux, freecon, [],
194c2d 
+          [AC_MSG_ERROR([Missing or incorrect SELinux library])])
194c2d 
+  fi
194c2d 
+ ],[])
194c2d 
+
194c2d 
+AC_SUBST(with_selinux)
194c2d 
+if test "$with_selinux" = "yes"; then
194c2d 
+      AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled])
194c2d 
+fi
194c2d 
+
194c2d
194c2d 
 AC_CHECK_LIB(xcrypt,crypt,LIBCRYPT="-lxcrypt",LIBCRYPT="")
194c2d 
 if test -z "$LIBCRYPT" ; then
650ab0 
--- ypserv-2.31/rpc.yppasswdd/update.c.selinux-context	2013-04-10 16:42:51.000000000 +0200
650ab0 
+++ ypserv-2.31/rpc.yppasswdd/update.c	2018-01-09 08:49:08.165461843 +0100
194c2d 
@@ -42,6 +42,9 @@
194c2d 
 #ifdef HAVE_SHADOW_H
194c2d 
 #include <shadow.h>
194c2d 
 #endif
194c2d 
+#ifdef WITH_SELINUX
194c2d 
+#include <selinux/selinux.h>
194c2d 
+#endif /* WITH_SELINUX */
194c2d 
 #include "compat.h"
194c2d
194c2d 
 #ifndef CHECKROOT
650ab0 
@@ -448,6 +451,9 @@
194c2d 
   FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL;
194c2d 
   struct stat passwd_stat, shadow_stat;
194c2d 
   char *rootpass = "x";
194c2d 
+#ifdef WITH_SELINUX
194c2d 
+  char  *pSelCon = NULL;
194c2d 
+#endif /* WITH_SELINUX */
194c2d
194c2d 
 #if CHECKROOT
194c2d 
   if ((pw = getpwnam ("root")) != NULL)
650ab0 
@@ -489,6 +495,7 @@
194c2d 
       return 1;
194c2d 
     }
194c2d
194c2d 
+
194c2d 
   /* Open a temp passwd file */
194c2d 
   if ((newpf = fopen (path_passwd_tmp, "w+")) == NULL)
194c2d 
     {
650ab0 
@@ -497,6 +504,7 @@
194c2d 
       fclose (oldpf);
194c2d 
       return 1;
194c2d 
     }
194c2d 
+
194c2d 
   chmod (path_passwd_tmp, passwd_stat.st_mode);
194c2d 
   if (chown (path_passwd_tmp, passwd_stat.st_uid, passwd_stat.st_gid) == -1)
194c2d 
     {
650ab0 
@@ -507,42 +515,104 @@
194c2d 
       return 1;
194c2d 
     }
194c2d
194c2d 
+#ifdef WITH_SELINUX
650ab0 
+  if (is_selinux_enabled() == 1)
194c2d 
+    {
650ab0 
+      /* Get selinux context of the original file */
650ab0 
+      if (getfilecon_raw(path_passwd, &pSelCon) < 0)
650ab0 
+        {
650ab0 
+          log_msg ("%s failed", logbuf);
650ab0 
+          log_msg ("Can't get selinux context %s: %m", path_passwd);
650ab0 
+          freecon(pSelCon);
650ab0 
+          fclose (oldpf);
650ab0 
+          fclose (newpf);
650ab0 
+          unlink (path_passwd_tmp);
650ab0 
+          return 1;
650ab0 
+        }
194c2d 
+
650ab0 
+      /* Set selinux context for tmp file */
650ab0 
+      if (setfilecon_raw(path_passwd_tmp, pSelCon))
650ab0 
+        {
650ab0 
+          log_msg ("%s failed", logbuf);
650ab0 
+          log_msg ("Can't set selinux context %s: %m", path_passwd_tmp);
650ab0 
+          freecon(pSelCon);
650ab0 
+          fclose (oldpf);
650ab0 
+          fclose (newpf);
650ab0 
+          unlink (path_passwd_tmp);
650ab0 
+          return 1;
650ab0 
+        }
194c2d 
+      freecon(pSelCon);
650ab0 
+      pSelCon=NULL;
194c2d 
+    }
650ab0 
+#    endif /* WITH_SELINUX  */
194c2d 
+
194c2d 
 #ifdef HAVE_GETSPNAM
194c2d 
   /* Open the shadow file for reading. */
194c2d 
   if ((oldsf = fopen (path_shadow, "r")) != NULL)
194c2d 
     {
194c2d 
       if (fstat (fileno (oldsf), &shadow_stat) < 0)
194c2d 
-	{
194c2d 
-	  log_msg ("%s failed", logbuf);
194c2d 
-	  log_msg ("Can't stat %s: %m", path_shadow);
194c2d 
-	  fclose (oldpf);
194c2d 
-	  fclose (newpf);
194c2d 
-	  fclose (oldsf);
194c2d 
-	  return 1;
194c2d 
-	}
194c2d 
+	    {
194c2d 
+	      log_msg ("%s failed", logbuf);
194c2d 
+	      log_msg ("Can't stat %s: %m", path_shadow);
194c2d 
+	      fclose (oldpf);
194c2d 
+	      fclose (newpf);
194c2d 
+	      fclose (oldsf);
194c2d 
+	      return 1;
194c2d 
+	    }
194c2d 
+
194c2d
194c2d 
       if ((newsf = fopen (path_shadow_tmp, "w+")) == NULL)
194c2d 
-	{
194c2d 
-	  int err = errno;
194c2d 
-	  log_msg ("%s failed", logbuf);
194c2d 
-	  log_msg ("Can't open %s.tmp: %s",
194c2d 
-		   path_passwd, strerror (err));
194c2d 
-	  fclose (oldsf);
194c2d 
-	  fclose (newpf);
194c2d 
-	  fclose (oldpf);
194c2d 
-	  return 1;
194c2d 
-	}
194c2d 
+	    {
194c2d 
+	      int err = errno;
194c2d 
+	      log_msg ("%s failed", logbuf);
194c2d 
+	      log_msg ("Can't open %s.tmp: %s",
194c2d 
+	    	   path_passwd, strerror (err));
194c2d 
+	      fclose (oldsf);
194c2d 
+	      fclose (newpf);
194c2d 
+	      fclose (oldpf);
194c2d 
+	      return 1;
194c2d 
+	    }
194c2d 
       chmod (path_shadow_tmp, shadow_stat.st_mode);
194c2d 
       if (chown (path_shadow_tmp, shadow_stat.st_uid,
194c2d 
-		 shadow_stat.st_gid) == -1)
194c2d 
-	{
194c2d 
-	  log_msg ("chown failed", strerror (errno));
194c2d 
-	  fclose (newsf);
194c2d 
-	  fclose (oldsf);
194c2d 
-	  fclose (newpf);
194c2d 
-	  fclose (oldpf);
194c2d 
-	  return 1;
194c2d 
-	}
194c2d 
+	     shadow_stat.st_gid) == -1)
194c2d 
+	    {
194c2d 
+	      log_msg ("chown failed", strerror (errno));
194c2d 
+	      fclose (newsf);
194c2d 
+	      fclose (oldsf);
194c2d 
+	      fclose (newpf);
194c2d 
+	      fclose (oldpf);
194c2d 
+	      return 1;
194c2d 
+	    }
194c2d 
+#ifdef WITH_SELINUX
650ab0 
+      if (is_selinux_enabled() == 1)
650ab0 
+        {
650ab0 
+          if (getfilecon_raw(path_shadow, &pSelCon) < 0)
650ab0 
+          {
650ab0 
+                  log_msg ("%s failed", logbuf);
650ab0 
+                  log_msg ("Can't get selinux context %s: %m", path_shadow);
650ab0 
+              freecon(pSelCon);
650ab0 
+                  fclose (newsf);
650ab0 
+                  fclose (oldsf);
650ab0 
+                  fclose (newpf);
650ab0 
+                  fclose (oldpf);
650ab0 
+                  return 1;
650ab0 
+          }
650ab0 
+          if (setfilecon_raw(path_shadow_tmp, pSelCon))
650ab0 
+                {
650ab0 
+                  log_msg ("%s failed", logbuf);
650ab0 
+                  log_msg ("Can't set selinux context %s: %m", path_shadow_tmp);
650ab0 
+              freecon(pSelCon);
650ab0 
+                  fclose (newsf);
650ab0 
+                  fclose (oldsf);
650ab0 
+                  fclose (newpf);
650ab0 
+                  fclose (oldpf);
650ab0 
+                  return 1;
650ab0 
+                }
194c2d 
+          freecon(pSelCon);
650ab0 
+          pSelCon=NULL;
650ab0 
+        }
194c2d 
+#endif /* WITH_SELINUX */
194c2d 
+
194c2d 
     }
194c2d 
 #endif /* HAVE_GETSPNAM */
194c2d

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation