From patchwork Sat Apr 30 07:58:09 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Zaman X-Patchwork-Id: 8986671 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 0E8449F46D for ; Sat, 30 Apr 2016 08:10:41 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 42E45201CE for ; Sat, 30 Apr 2016 08:10:40 +0000 (UTC) Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4324620142 for ; Sat, 30 Apr 2016 08:10:39 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,555,1454976000"; d="scan'208";a="15771030" IronPort-PHdr: =?us-ascii?q?9a23=3AXkGbQhDx2Lf2u+A9mgDqUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP7/p8bcNUDSrc9gkEXOFd2CrakU26yG7Ou5AzdIyK3CmU5BWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/nh6bipNaKOV4ArQH+SI0xBS3+lR/WuMgSjNkqAYcK4TyNnEF1ff?= =?us-ascii?q?9Lz3hjP1OZkkW0zM6x+Jl+73YY4Kp5pIYTGZn9Kr81Sb1eESQOL3E+5MqtswLK?= =?us-ascii?q?CwSI+CgySGITxzhBGA/DpCPzW573+n/4v/F63gGCMNf4TLY1XjLk5KBuHky7wB?= =?us-ascii?q?wbPiI0pTmEwvd7i7hW9Uqs?= X-IPAS-Result: =?us-ascii?q?A2ELBQDtZyRX/wHyM5BeHAGCcCuBULtuH4F2gnMBgjVMAQE?= =?us-ascii?q?BAQEBAgJiJ4ItfVs9AgEDAQIPFRMGAQEMIAsBAgMJAQEXKQgIAwEtAwEFAQsRD?= =?us-ascii?q?gsFGAQBiAgBpHiBMT4xilSFKAEEjC8BAQgCGAYKhA2KZREBhXKNXHOJSo4aY4h?= =?us-ascii?q?HJYVARY0uMIEOYoIFG4FYXwGGR4E1AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Apr 2016 08:10:32 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3U8AVBc019302; Sat, 30 Apr 2016 04:10:31 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u3U7wwQs229791 for ; Sat, 30 Apr 2016 03:58:58 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3U7wvn4016101 for ; Sat, 30 Apr 2016 03:58:58 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DyAADiZCRXiMTAVdFdgw2Be7djhAsIF4RpAYEPAoEkTAEBAQEBARMBAQEICwsJH4RzAgEDEhUZAQE3AQ9RNAEFARwZIogIAaR2gTE+MYpUhSgBBIwvAQEBAQEBBAIBFwYKhA2NWwtAgkONXHOJSo4aY4hHhWVFjS4wgQ6CWg0RCoFYXwGHfAEBAQ X-IPAS-Result: A1DyAADiZCRXiMTAVdFdgw2Be7djhAsIF4RpAYEPAoEkTAEBAQEBARMBAQEICwsJH4RzAgEDEhUZAQE3AQ9RNAEFARwZIogIAaR2gTE+MYpUhSgBBIwvAQEBAQEBBAIBFwYKhA2NWwtAgkONXHOJSo4aY4hHhWVFjS4wgQ6CWg0RCoFYXwGHfAEBAQ X-IronPort-AV: E=Sophos;i="5.24,555,1454994000"; d="scan'208";a="5420265" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 30 Apr 2016 03:58:57 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A2kALDB1/zvsnfICAsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segSKvad9pjvdHbS+e9qxAeQG96Lu7QU1KGP6fuocFdDyKjCmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWC34LniKvrocabSj4LrQT+SIs6FA+xowTVu5teqqpZAYF19CH0pGBVcf?= =?us-ascii?q?9d32JiKAHbtR/94sCt4MwrqHwI6Lpyv/JHBL73e6U+UKxwECUtM2dz4tbi8xbE?= =?us-ascii?q?U1ih/HwZB0cfiR1OSzrM6Rj8FsPzuzD9sMJl1TOUPMv3SrZyUjOnufQ4ACT0gT?= =?us-ascii?q?sKYmZquFrcjdZ92fpW?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HRAACqZCRXiMTAVdFdgw2Be7djhAsIF?= =?us-ascii?q?4F2gnMBgQ8CgSRMAQEBAQEBAgIPAQEBCAsLCR8xgi19Wz0CAQMSFRkBATcBD1E?= =?us-ascii?q?0AQUBHBkiiAgBpHWBMT4xilSFKAEEjC8BAQEBAQEEAgEXBgqEDY1bC0CCQ41cc?= =?us-ascii?q?4lKjhpjiEeFZUWNLjCBDoJaDREKgVhfAYd8AQEB?= X-IPAS-Result: =?us-ascii?q?A0HRAACqZCRXiMTAVdFdgw2Be7djhAsIF4F2gnMBgQ8CgSR?= =?us-ascii?q?MAQEBAQEBAgIPAQEBCAsLCR8xgi19Wz0CAQMSFRkBATcBD1E0AQUBHBkiiAgBp?= =?us-ascii?q?HWBMT4xilSFKAEEjC8BAQEBAQEEAgEXBgqEDY1bC0CCQ41cc4lKjhpjiEeFZUW?= =?us-ascii?q?NLjCBDoJaDREKgVhfAYd8AQEB?= X-IronPort-AV: E=Sophos;i="5.24,555,1454976000"; d="scan'208";a="15770947" Received: from mail-pf0-f196.google.com ([209.85.192.196]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 30 Apr 2016 07:58:56 +0000 Received: by mail-pf0-f196.google.com with SMTP id e190so16806603pfe.0 for ; Sat, 30 Apr 2016 00:58:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perfinion-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=EpEsMb8sS6czzj4rc/ZuMPf3s770XJoDH6V7saQDIjk=; b=KHrIvpxlw9NvpxUBIl/03g/eTa2hNn3i3dMGfYn+GekP9cwvQ2kc/JHdk5bVV5hkfo JOY2ca41SmnfJdAzHejnCd53jo+hbGQguhDxPGmcs2VMW/AxU5R89y2XURtZm8lStg/4 C97FfZbBFKkxnfclAPF/epSIo2Vr+ZJsbJg22YzwZ4F6EEf3l9EVxXWkx/cMqYhRlZ64 dPqJ+d9IiHcdHyF5P0VBU5w6hYcBe1lXamNk1VJm0DIjKcxRORECJiS8txUAoBUNd+DA wavWi1beJ5DzUplGDI1+I56wBpHgNjRdZY5ZlY9R/LCtAMR2axyTXGP1Bx9kLy2cZGE5 vKAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=EpEsMb8sS6czzj4rc/ZuMPf3s770XJoDH6V7saQDIjk=; b=MtAWbyTsxWZT3+c2MLZgxzBC82LKHm2OQ28IecX6qVlegV/Bkh6S5jfbgJY0E+Spfv UvLA/xwWGzny4riEHCOvlVpGpwXsgv67aOH1qWLOcXWnv1TyprR0G3n+Ju0pcZlcSjeh eYMzCqytAj62uGPmk/fgxlhBjSwUaYCws7uIawq0VzyfFgTZjNFnPRSOpM0M53c6W3R9 wOvtaAHwRoqercl/t68wxTekvrZQB3Y2o9p9CJRRR4aCcJl9/6MHN8SRDTFK4bpOv4YT uIfSD9FMco18uFdujBfK20M2g+L5bnt98ua5sMxM3myCAvXDaUxDzv/oV/uMBKIdRzo2 mX2g== X-Gm-Message-State: AOPr4FUAr7uZzKVETGQzc9751hfLZ2TQ26g/my7MSQaPu7ZnXTk/LBH781EN9btvS4iRTw== X-Received: by 10.98.52.195 with SMTP id b186mr35353513pfa.9.1462003135270; Sat, 30 Apr 2016 00:58:55 -0700 (PDT) Received: from localhost ([2404:e800:e600:38b:e5d4:5e0:f7e0:81be]) by smtp.gmail.com with ESMTPSA id 71sm29031996pfy.32.2016.04.30.00.58.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 30 Apr 2016 00:58:54 -0700 (PDT) From: Jason Zaman To: selinux@tycho.nsa.gov Subject: [PATCH v4 4/7] genhomedircon: Add uid and gid to struct user_entry Date: Sat, 30 Apr 2016 15:58:09 +0800 Message-Id: <1462003092-4611-5-git-send-email-jason@perfinion.com> X-Mailer: git-send-email 2.7.3 In-Reply-To: <1462003092-4611-1-git-send-email-jason@perfinion.com> References: <1462003092-4611-1-git-send-email-jason@perfinion.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: sds@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Jason Zaman --- libsemanage/src/genhomedircon.c | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 60f9012..46808d8 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -82,10 +82,13 @@ #define FALLBACK_PREFIX "user" #define FALLBACK_LEVEL "s0" #define FALLBACK_NAME ".*" +#define FALLBACK_UIDGID "[0-9]+" #define DEFAULT_LOGIN "__default__" typedef struct user_entry { char *name; + char *uid; + char *gid; char *sename; char *prefix; char *home; @@ -628,11 +631,13 @@ static int name_user_cmp(char *key, semanage_user_t ** val) } static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, - const char *sen, const char *pre, const char *h, - const char *l) + const char *u, const char *g, const char *sen, + const char *pre, const char *h, const char *l) { genhomedircon_user_entry_t *temp = NULL; char *name = NULL; + char *uid = NULL; + char *gid = NULL; char *sename = NULL; char *prefix = NULL; char *home = NULL; @@ -644,6 +649,12 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, name = strdup(n); if (!name) goto cleanup; + uid = strdup(u); + if (!uid) + goto cleanup; + gid = strdup(g); + if (!gid) + goto cleanup; sename = strdup(sen); if (!sename) goto cleanup; @@ -658,6 +669,8 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, goto cleanup; temp->name = name; + temp->uid = uid; + temp->gid = gid; temp->sename = sename; temp->prefix = prefix; temp->home = home; @@ -669,6 +682,8 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n, cleanup: free(name); + free(uid); + free(gid); free(sename); free(prefix); free(home); @@ -687,6 +702,8 @@ static void pop_user_entry(genhomedircon_user_entry_t ** list) temp = *list; *list = temp->next; free(temp->name); + free(temp->uid); + free(temp->gid); free(temp->sename); free(temp->prefix); free(temp->home); @@ -739,6 +756,7 @@ static int setup_fallback_user(genhomedircon_settings_t * s) } if (push_user_entry(&(s->fallback), FALLBACK_NAME, + FALLBACK_UIDGID, FALLBACK_UIDGID, seuname, prefix, "", level) != 0) errors = STATUS_ERR; semanage_user_key_free(key); @@ -768,6 +786,8 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, const char *seuname = NULL; const char *prefix = NULL; const char *level = NULL; + char uid[11]; + char gid[11]; struct passwd pwstorage, *pwent = NULL; unsigned int i; long rbuflen; @@ -852,7 +872,19 @@ static genhomedircon_user_entry_t *get_users(genhomedircon_settings_t * s, } if (ignore(pwent->pw_dir)) continue; - if (push_user_entry(&head, name, seuname, + + len = snprintf(uid, sizeof(uid), "%u", pwent->pw_uid); + if (len < 0 || len >= (int)sizeof(uid)) { + *errors = STATUS_ERR; + goto cleanup; + } + len = snprintf(gid, sizeof(gid), "%u", pwent->pw_gid); + if (len < 0 || len >= (int)sizeof(gid)) { + *errors = STATUS_ERR; + goto cleanup; + } + + if (push_user_entry(&head, name, uid, gid, seuname, prefix, pwent->pw_dir, level) != STATUS_SUCCESS) { *errors = STATUS_ERR; break;