ViewVC logotype

Contents of /cauldron/ypserv/pristine/SOURCES/ypserv-4.0-selinux-context.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1649366 - (show annotations) (download)
Wed Nov 25 21:58:07 2020 UTC (4 years, 2 months ago) by tv
Original Path: cauldron/ypserv/current/SOURCES/ypserv-4.0-selinux-context.patch
File size: 5706 byte(s)
4.1 which builds with tirpc/glibc-2.32
1 diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac
2 --- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac.selinux-context 2018-06-13 15:08:56.011432773 +0200
3 +++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/configure.ac 2018-06-13 15:08:56.017432861 +0200
4 @@ -240,6 +240,26 @@ then
5 exit
6 fi
8 +AC_ARG_WITH(selinux,
9 + [AC_HELP_STRING([--with-selinux@<:@=yes|no@:>@],[Enables SELinux support [no]])],
10 +
11 + [ if test "$withval" = "yes"; then
12 + AC_CHECK_HEADERS([selinux/selinux.h], [],
13 + [AC_MSG_ERROR([Missing SELinux header files])])
14 + AC_CHECK_LIB(selinux, setfilecon_raw, [],
15 + [AC_MSG_ERROR([Missing or incorrect SELinux library])])
16 + AC_CHECK_LIB(selinux, getfilecon_raw, [],
17 + [AC_MSG_ERROR([Missing or incorrect SELinux library])])
18 + AC_CHECK_LIB(selinux, freecon, [],
19 + [AC_MSG_ERROR([Missing or incorrect SELinux library])])
20 + fi
21 + ],[])
22 +
23 +AC_SUBST(with_selinux)
24 +if test "$with_selinux" = "yes"; then
25 + AC_DEFINE(WITH_SELINUX, 1, [Define to 1 if SELinux support is enabled])
26 +fi
27 +
28 AC_CHECK_LIB(crypt,crypt,LIBCRYPT="-lcrypt",LIBCRYPT="")
29 AC_CHECK_HEADERS(crypt.h)
31 diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am
32 --- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am.selinux-context 2016-11-22 16:40:13.000000000 +0100
33 +++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/Makefile.am 2018-06-13 15:08:56.017432861 +0200
34 @@ -24,7 +24,7 @@ sbin_PROGRAMS = rpc.yppasswdd
36 rpc_yppasswdd_SOURCES = update.c yppasswd_xdr.c yppasswdd.c
38 -rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@
39 +rpc_yppasswdd_LDADD = @PIE_LDFLAGS@ $(top_builddir)/lib/libyp.a $(LIBDBM) $(LIBCRYPT) @SYSTEMD_LIBS@ @NSL_LIBS@ @TIRPC_LIBS@ $(LIBSELINUX)
43 diff -up ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c
44 --- ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c.selinux-context 2016-11-22 16:40:13.000000000 +0100
45 +++ ypserv-5bfba760283060087aefeb417342bcc66d349b2e/rpc.yppasswdd/update.c 2018-07-20 12:01:14.874866767 +0200
46 @@ -41,6 +41,10 @@
47 #include "yppwd_local.h"
48 #include "log_msg.h"
50 +#ifdef WITH_SELINUX
51 +#include <selinux/selinux.h>
52 +#endif /* WITH_SELINUX */
53 +
54 #ifndef CHECKROOT
55 /* Set to 0 if you don't want to check against the root password
56 of the NIS master server. */
57 @@ -460,6 +464,9 @@ update_files (yppasswd *yppw, int *shado
58 FILE *oldpf = NULL, *newpf = NULL, *oldsf = NULL, *newsf = NULL;
59 struct stat passwd_stat, shadow_stat;
60 char *rootpass = "x";
61 +#ifdef WITH_SELINUX
62 + char *pSelCon = NULL;
63 +#endif /* WITH_SELINUX */
66 if ((pw = getpwnam ("root")) != NULL)
67 @@ -520,6 +527,39 @@ update_files (yppasswd *yppw, int *shado
68 return 1;
69 }
71 +#ifdef WITH_SELINUX
72 + if (is_selinux_enabled() == 1)
73 + {
74 + /* Get selinux context of the original file */
75 + if (getfilecon_raw(path_passwd, &pSelCon) < 0)
76 + {
77 + log_msg ("update %.12s (uid=%d) failed",
78 + yppw->newpw.pw_name, yppw->newpw.pw_uid);
79 + log_msg ("Can't get selinux context %s: %m", path_passwd);
80 + freecon(pSelCon);
81 + fclose (oldpf);
82 + fclose (newpf);
83 + unlink (path_passwd_tmp);
84 + return 1;
85 + }
86 +
87 + /* Set selinux context for tmp file */
88 + if (setfilecon_raw(path_passwd_tmp, pSelCon))
89 + {
90 + log_msg ("update %.12s (uid=%d) failed",
91 + yppw->newpw.pw_name, yppw->newpw.pw_uid);
92 + log_msg ("Can't set selinux context %s: %m", path_passwd_tmp);
93 + freecon(pSelCon);
94 + fclose (oldpf);
95 + fclose (newpf);
96 + unlink (path_passwd_tmp);
97 + return 1;
98 + }
99 + freecon(pSelCon);
100 + pSelCon=NULL;
101 + }
102 +# endif /* WITH_SELINUX */
103 +
104 /* Open the shadow file for reading. */
105 if ((oldsf = fopen (path_shadow, "r")) != NULL)
106 {
107 @@ -558,6 +598,37 @@ update_files (yppasswd *yppw, int *shado
108 fclose (oldpf);
109 return 1;
110 }
111 +#ifdef WITH_SELINUX
112 + if (is_selinux_enabled() == 1)
113 + {
114 + if (getfilecon_raw(path_shadow, &pSelCon) < 0)
115 + {
116 + log_msg ("update %.12s (uid=%d) failed",
117 + yppw->newpw.pw_name, yppw->newpw.pw_uid);
118 + log_msg ("Can't get selinux context %s: %m", path_shadow);
119 + freecon(pSelCon);
120 + fclose (newsf);
121 + fclose (oldsf);
122 + fclose (newpf);
123 + fclose (oldpf);
124 + return 1;
125 + }
126 + if (setfilecon_raw(path_shadow_tmp, pSelCon))
127 + {
128 + log_msg ("update %.12s (uid=%d) failed",
129 + yppw->newpw.pw_name, yppw->newpw.pw_uid);
130 + log_msg ("Can't set selinux context %s: %m", path_shadow_tmp);
131 + freecon(pSelCon);
132 + fclose (newsf);
133 + fclose (oldsf);
134 + fclose (newpf);
135 + fclose (oldpf);
136 + return 1;
137 + }
138 + freecon(pSelCon);
139 + pSelCon=NULL;
140 + }
141 +#endif /* WITH_SELINUX */
142 }
144 /* Loop over all passwd entries */

  ViewVC Help
Powered by ViewVC 1.1.30