/[packages]/cauldron/ypserv/pristine/SOURCES/ypserv-4.0-selinux-context.patch
ViewVC logotype

Annotation of /cauldron/ypserv/pristine/SOURCES/ypserv-4.0-selinux-context.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1649366 - (hide annotations) (download)
Wed Nov 25 21:58:07 2020 UTC (4 years, 2 months ago) by tv
Original Path: cauldron/ypserv/current/SOURCES/ypserv-4.0-selinux-context.patch
File size: 5706 byte(s)
4.1 which builds with tirpc/glibc-2.32
1 tv 1649366 diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac
2     --- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context 2018-06-13 15:08:56.011432773 +0200
3     +++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac 2018-06-13 15:08:56.017432861 +0200
4     @@ -240,6 +240,26 @@ then
5     exit
6     fi
7    
8     +AC_ARG_WITH(selinux,
9     + [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])],
10     +
11     + [ if test "$withval" = "yes"; then
12     + AC_CHECK_HEADERS([selinux/selinux.h], [],
13     + [AC_MSG_ERROR([Missing SELinux header files])])
14     + AC_CHECK_LIB(selinux, setfilecon_raw, [],
15     + [AC_MSG_ERROR([Missing or incorrect SELinux library])])
16     + AC_CHECK_LIB(selinux, getfilecon_raw, [],
17     + [AC_MSG_ERROR([Missing or incorrect SELinux library])])
18     + AC_CHECK_LIB(selinux, freecon, [],
19     + [AC_MSG_ERROR([Missing or incorrect SELinux library])])
20     + fi
21     + ],[])
22     +
23     +AC_SUBST(with_selinux)
24     +if test "$with_selinux" = "yes"; then
25     + AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled])
26     +fi
27     +
28     AC_CHECK_LIB(crypt,crypt,LIBCRYPT="-lcrypt",LIBCRYPT="")
29     AC_CHECK_HEADERS(crypt.h)
30     AC_SUBST(LIBCRYPT)
31     diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am
32     --- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context 2016-11-22 16:40:13.000000000 +0100
33     +++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am 2018-06-13 15:08:56.017432861 +0200
34     @@ -24,7 +24,7 @@ sbin_PROGRAMS = rpc.yppasswdd
35    
36     rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c
37    
38     -rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@
39     +rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ $(LIBSELINUX)
40     rpc_yppasswdd_CFLAGS = @PIE_CFLAGS@ @SYSTEMD_CFLAGS@ @NSL_CFLAGS@ @TIRPC_CFLAGS@
41    
42     if ENABLE_REGENERATE_MAN
43     diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c
44     --- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context 2016-11-22 16:40:13.000000000 +0100
45     +++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c 2018-07-20 12:01:14.874866767 +0200
46     @@ -41,6 +41,10 @@
47     #include "yppwd_local.h"
48     #include "log_msg.h"
49    
50     +#ifdef WITH_SELINUX
51     +#include <selinux/selinux.h>
52     +#endif /* WITH_SELINUX */
53     +
54     #ifndef CHECKROOT
55     /* Set to 0 if you don't want to check against the root password
56     of the NIS master server. */
57     @@ -460,6 +464,9 @@ update_files (yppasswd *yppw, int *shado
58     FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL;
59     struct stat passwd_stat, shadow_stat;
60     char *rootpass = "x";
61     +#ifdef WITH_SELINUX
62     + char *pSelCon = NULL;
63     +#endif /* WITH_SELINUX */
64    
65     #if CHECKROOT
66     if ((pw = getpwnam ("root")) != NULL)
67     @@ -520,6 +527,39 @@ update_files (yppasswd *yppw, int *shado
68     return 1;
69     }
70    
71     +#ifdef WITH_SELINUX
72     + if (is_selinux_enabled() == 1)
73     + {
74     + /* Get selinux context of the original file */
75     + if (getfilecon_raw(path_passwd, &pSelCon) < 0)
76     + {
77     + log_msg ("update %.12s (uid=%d) failed",
78     + yppw->newpw.pw_name, yppw->newpw.pw_uid);
79     + log_msg ("Can't get selinux context %s: %m", path_passwd);
80     + freecon(pSelCon);
81     + fclose (oldpf);
82     + fclose (newpf);
83     + unlink (path_passwd_tmp);
84     + return 1;
85     + }
86     +
87     + /* Set selinux context for tmp file */
88     + if (setfilecon_raw(path_passwd_tmp, pSelCon))
89     + {
90     + log_msg ("update %.12s (uid=%d) failed",
91     + yppw->newpw.pw_name, yppw->newpw.pw_uid);
92     + log_msg ("Can't set selinux context %s: %m", path_passwd_tmp);
93     + freecon(pSelCon);
94     + fclose (oldpf);
95     + fclose (newpf);
96     + unlink (path_passwd_tmp);
97     + return 1;
98     + }
99     + freecon(pSelCon);
100     + pSelCon=NULL;
101     + }
102     +# endif /* WITH_SELINUX */
103     +
104     /* Open the shadow file for reading. */
105     if ((oldsf = fopen (path_shadow, "r")) != NULL)
106     {
107     @@ -558,6 +598,37 @@ update_files (yppasswd *yppw, int *shado
108     fclose (oldpf);
109     return 1;
110     }
111     +#ifdef WITH_SELINUX
112     + if (is_selinux_enabled() == 1)
113     + {
114     + if (getfilecon_raw(path_shadow, &pSelCon) < 0)
115     + {
116     + log_msg ("update %.12s (uid=%d) failed",
117     + yppw->newpw.pw_name, yppw->newpw.pw_uid);
118     + log_msg ("Can't get selinux context %s: %m", path_shadow);
119     + freecon(pSelCon);
120     + fclose (newsf);
121     + fclose (oldsf);
122     + fclose (newpf);
123     + fclose (oldpf);
124     + return 1;
125     + }
126     + if (setfilecon_raw(path_shadow_tmp, pSelCon))
127     + {
128     + log_msg ("update %.12s (uid=%d) failed",
129     + yppw->newpw.pw_name, yppw->newpw.pw_uid);
130     + log_msg ("Can't set selinux context %s: %m", path_shadow_tmp);
131     + freecon(pSelCon);
132     + fclose (newsf);
133     + fclose (oldsf);
134     + fclose (newpf);
135     + fclose (oldpf);
136     + return 1;
137     + }
138     + freecon(pSelCon);
139     + pSelCon=NULL;
140     + }
141     +#endif /* WITH_SELINUX */
142     }
143    
144     /* Loop over all passwd entries */

  ViewVC Help
Powered by ViewVC 1.1.30