static DWORD
IsApparmorConfigured(BOOLEAN *configured)
{
DWORD ceError = ERROR_SUCCESS;
BOOLEAN hasApparmor;
*configured = FALSE;
GCE(ceError = HasApparmor(&hasApparmor));
if(hasApparmor)
{
GCE(ceError = CTCheckFileHoldsPattern(APPARMOR_NSSWITCH,
"centeris", configured));
if(!*configured)
{
GCE(ceError = CTCheckFileHoldsPattern(APPARMOR_NSSWITCH,
"likewise", configured));
}
}
else
{
*configured = TRUE;
}
cleanup:
return ceError;
}
DWORD
DJFixDHCPHost(
PSTR pszPathifcfg,
PSTR pszComputerName
)
{
DWORD ceError = ERROR_SUCCESS;
BOOLEAN bPatternExists = FALSE;
ceError = CTCheckFileHoldsPattern(pszPathifcfg,
"^[[:space:]]*DHCP_HOSTNAME[[:space:]]*=.*$",
&bPatternExists);
BAIL_ON_CENTERIS_ERROR(ceError);
if (bPatternExists) {
ceError = DJReplaceNameValuePair(pszPathifcfg,
"DHCP_HOSTNAME",
pszComputerName);
BAIL_ON_CENTERIS_ERROR(ceError);
} else {
ceError = DJAppendNameValuePair(pszPathifcfg,
"DHCP_HOSTNAME",
pszComputerName);
BAIL_ON_CENTERIS_ERROR(ceError);
}
error:
return ceError;
}
static
DWORD
DJCheckIfDHCPHost(
PSTR pszPathifcfg,
PBOOLEAN pbDHCPHost
)
{
DWORD ceError = ERROR_SUCCESS;
PSTR pszFilter = "^[[:space:]]*BOOTPROTO.*dhcp.*$";
BOOLEAN bDHCPHost = FALSE;
DJ_LOG_INFO("Checking if DHCP Host...");
// now that we have a file, we need to check out our BOOTPROTO,
// if it's DHCP, we have to update the DHCP_HOSTNAME
// ps: the expression should be BOOTPROTO='?dhcp'? because RH uses dhcp and SuSE 'dhcp'
// sRun = "grep BOOTPROTO=\\'\\\\?dhcp\\'\\\\? " + sPathifcfg;
//sRun = "grep BOOTPROTO=\\'*dhcp\\'* " + sPathifcfg;
ceError = CTCheckFileHoldsPattern(pszPathifcfg, pszFilter, &bDHCPHost);
BAIL_ON_CENTERIS_ERROR(ceError);
*pbDHCPHost = bDHCPHost;
return ceError;
error:
*pbDHCPHost = FALSE;
return ceError;
}
static void ConfigureApparmor(BOOLEAN enable, LWException **exc)
{
DWORD ceError = ERROR_SUCCESS;
BOOLEAN hasApparmor;
BOOLEAN configured;
BOOLEAN usingMr;
FILE *file = NULL;
PCSTR addString;
PSTR restartPath = NULL;
PSTR restartCommand = NULL;
char *tempName = NULL;
char *finalName = NULL;
LW_CLEANUP_CTERR(exc, IsApparmorConfigured(&configured));
if(configured == enable)
goto cleanup;
LW_CLEANUP_CTERR(exc, CTCheckFileOrLinkExists(APPARMOR_NSSWITCH,
&hasApparmor));
if(!hasApparmor)
goto cleanup;
GCE(ceError = CTGetFileTempPath(
APPARMOR_NSSWITCH,
&finalName,
&tempName));
LW_CLEANUP_CTERR(exc, CTCheckFileHoldsPattern(finalName,
"mr,", &usingMr));
if(usingMr)
addString =
PREFIXDIR "/lib/*.so* mr,\n"
PREFIXDIR "/lib64/*.so* mr,\n"
"/tmp/.lwidentity/pipe rw,\n"
LOCALSTATEDIR "/lib/likewise/.lsassd rw,\n"
LOCALSTATEDIR "/tmp/.lsaclient_* rw,\n";
else
addString =
PREFIXDIR "/lib/*.so* r,\n"
PREFIXDIR "/lib64/*.so* r,\n"
"/tmp/.lwidentity/pipe rw,\n"
LOCALSTATEDIR "/lib/likewise/.lsassd rw,\n"
LOCALSTATEDIR "/tmp/.lsaclient_* rw,\n";
if(enable)
{
LW_CLEANUP_CTERR(exc, CTCopyFileWithOriginalPerms(finalName, tempName));
LW_CLEANUP_CTERR(exc, CTOpenFile(tempName, "a", &file));
LW_CLEANUP_CTERR(exc, CTFilePrintf(file, "# likewise\n%s# end likewise\n",
addString));
CTSafeCloseFile(&file);
LW_CLEANUP_CTERR(exc, CTSafeReplaceFile(finalName, tempName));
}
else
{
LW_CLEANUP_CTERR(exc, CTRunSedOnFile(finalName, finalName, FALSE, "/^[ \t]*#[ \t]*likewise[ \t]*$/,/^[ \t]*#[ \t]*end likewise[ \t]*$/d"));
LW_CLEANUP_CTERR(exc, CTRunSedOnFile(finalName, finalName, FALSE, "/^[ \t]*#[ \t]*centeris[ \t]*$/,/^[ \t]*#[ \t]*end centeris[ \t]*$/d"));
}
ceError = CTFindFileInPath("rcapparmor", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", &restartPath);
if(ceError == ERROR_FILE_NOT_FOUND)
{
ceError = CTFindFileInPath("apparmor", "/etc/init.d/apparmor", &restartPath);
}
if(ceError == ERROR_FILE_NOT_FOUND)
{
ceError = ERROR_SUCCESS;
}
else if(!ceError)
{
LW_CLEANUP_CTERR(exc, CTAllocateStringPrintf(&restartCommand,
"%s restart", restartPath));
LW_TRY(exc, CTCaptureOutputToExc(restartCommand, &LW_EXC));
}
LW_CLEANUP_CTERR(exc, ceError);
cleanup:
if(file != NULL)
{
CTCloseFile(file);
CTRemoveFile(tempName);
}
CT_SAFE_FREE_STRING(restartPath);
CT_SAFE_FREE_STRING(restartCommand);
CT_SAFE_FREE_STRING(tempName);
CT_SAFE_FREE_STRING(finalName);
}
