static void deliver_signal(pid_t pid, int signo);
static int safe_close(int fd);
+extern struct user_details user_details; /* XXX */
+
void
script_setup(uid_t uid)
{
log_io = !tq_empty(&io_plugins);
#ifdef HAVE_SELINUX
- rbac_enabled = is_selinux_enabled() > 0 && user_role != NULL;
+ rbac_enabled = is_selinux_enabled() > 0 && details->selinux_role != NULL;
if (rbac_enabled) {
- selinux_prefork(user_role, user_type, script_fds[SFD_SLAVE]);
if (log_io) {
+ selinux_prefork(details->selinux_role, details->selinux_type,
+ script_fds[SFD_SLAVE]);
/* Re-open slave fd after it has been relabeled */
close(script_fds[SFD_SLAVE]);
script_fds[SFD_SLAVE] = open(slavename, O_RDWR|O_NOCTTY, 0);
if (script_fds[SFD_SLAVE] == -1)
error(1, "cannot open %s", slavename);
+ } else if (user_details.tty != NULL) {
+ /* XXX - push this down into selinux_prefork */
+ int ttyfd = open(user_details.tty, O_RDWR|O_NONBLOCK);
+ if (ttyfd == -1)
+ error(1, "unable to open %s", user_details.tty);
+ (void)fcntl(ttyfd, F_SETFL, fcntl(ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
+ selinux_prefork(details->selinux_role, details->selinux_type,
+ ttyfd);
+ close(ttyfd);
}
}
#endif
}
}
}
+
+#ifdef HAVE_SELINUX
+ /* If I/O logging the label was on the pty which is now gone. */
+ if (rbac_enabled && !log_io) {
+ if (selinux_restore_tty(user_details.tty) != 0)
+ warningx("unable to restore tty label");
+ }
+#endif
+
efree(fdsr);
efree(fdsw);
while ((iob = iobufs) != NULL) {
/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com>
*
* Borrowed heavily from newrole source code
* This function attempts to revert the relabeling done to the tty.
* fd - referencing the opened ttyn
* ttyn - name of tty to restore
- * tty_context - original context of the tty
- * new_tty_context - context tty was relabeled to
*
* Returns zero on success, non-zero otherwise
*/
-static int
-restore_tty_label(int fd, const char *ttyn, security_context_t tty_context,
- security_context_t new_tty_context)
+/* XXX - should be called as part of cleanup() */
+int
+selinux_restore_tty(const char *ttyn)
{
- int rc = 0;
+ int fd, rc = 0;
security_context_t chk_tty_context = NULL;
- if (!ttyn)
- goto skip_relabel;
+ if (ttyn == NULL || new_tty_context == NULL)
+ goto skip_relabel;
- if (!new_tty_context)
- goto skip_relabel;
+ /* Re-open TTY descriptor */
+ fd = open(ttyn, O_RDWR | O_NONBLOCK);
+ if (fd == -1)
+ error(EXIT_FAILURE, "unable to open %s", ttyn);
+ (void)fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
/* Verify that the tty still has the context set by sudo. */
if ((rc = fgetfilecon(fd, &chk_tty_context)) < 0) {
- warning("unable to fgetfilecon %s", ttyn);
- goto skip_relabel;
+ warning("unable to fgetfilecon %s", ttyn);
+ goto skip_relabel;
}
if ((rc = strcmp(chk_tty_context, new_tty_context))) {
- warningx("%s changed labels.", ttyn);
- goto skip_relabel;
+ warningx("%s changed labels.", ttyn);
+ goto skip_relabel;
}
if ((rc = fsetfilecon(fd, tty_context)) < 0)
warning("unable to restore context for %s", ttyn);
+ close(fd);
+
skip_relabel:
freecon(chk_tty_context);
return(rc);
* specified role and type.
*/
security_context_t
-get_exec_context(security_context_t old_context, char *role, char *type)
+get_exec_context(security_context_t old_context, const char *role, const char *type)
{
security_context_t new_context = NULL;
context_t context = NULL;
* Set the tty context in preparation for fork/exec.
*/
void
-selinux_prefork(char *role, char *type, int ttyfd)
+selinux_prefork(const char *role, const char *type, int ttyfd)
{
/* Store the caller's SID in old_context. */
if (getprevcon(&old_context))
if (!new_context)
error(EXIT_FAILURE, "unable to get exec context");
- ttyfd = relabel_tty(ttyfd, new_context, &tty_context,
- &new_tty_context, enforcing);
- if (ttyfd < 0)
- error(EXIT_FAILURE, "unable to setup tty context for %s", new_context);
-
+ if (ttyfd != -1) {
+ ttyfd = relabel_tty(ttyfd, new_context, &tty_context,
+ &new_tty_context, enforcing);
+ if (ttyfd < 0)
+ error(EXIT_FAILURE, "unable to setup tty context for %s",
+ new_context);
#ifdef DEBUG
- warningx("your old tty context is %s", tty_context);
- warningx("your new tty context is %s", new_tty_context);
+ warningx("your old tty context is %s", tty_context);
+ warningx("your new tty context is %s", new_tty_context);
#endif
+ }
}
+/* XXX - pass in ttyn for audit support */
void
selinux_execve(const char *path, char *argv[], char *envp[])
{
}
#ifdef WITH_AUDIT
- if (send_audit_message(1, old_context, new_context, user_ttypath))
+ if (send_audit_message(1, old_context, new_context, ttyn))
return;
#endif
warning("%s", path);
}
+#if 0 /* XXX */
/*
* If the program is being run with a different security context we
* need to go through an intermediary process for the transition to
if (childPid < 0) {
/* fork failed, no child to worry about */
warning("unable to fork");
- if (restore_tty_label(ttyfd, user_ttypath, tty_context, new_tty_context))
+ if (selinux_restore_tty(user_ttypath);
warningx("unable to restore tty label");
exit(EXIT_FAILURE);
} else if (childPid) {
if (pid == -1)
error(EXIT_FAILURE, "waitpid");
- if (restore_tty_label(ttyfd, user_ttypath, tty_context, new_tty_context))
+ if (selinux_restore_tty(user_ttypath);
errorx(EXIT_FAILURE, "unable to restore tty label");
/* Preserve child exit status. */
error:
_exit(EXIT_FAILURE);
}
+#endif /* XXX */
projects / sudo / commitdiff