int getseuserbyname(const char *name, char **r_seuser, char **r_level)
{
FILE *cfg = NULL;
size_t size = 0;
char *buffer = NULL;
int rc;
unsigned long lineno = 0;
int mls_enabled = is_selinux_mls_enabled();
char *username = NULL;
char *seuser = NULL;
char *level = NULL;
char *groupseuser = NULL;
char *grouplevel = NULL;
char *defaultseuser = NULL;
char *defaultlevel = NULL;
gid_t gid = get_default_gid(name);
cfg = fopen(selinux_usersconf_path(), "re");
if (!cfg)
goto nomatch;
__fsetlocking(cfg, FSETLOCKING_BYCALLER);
while (getline(&buffer, &size, cfg) > 0) {
++lineno;
rc = process_seusers(buffer, &username, &seuser, &level,
mls_enabled);
if (rc == -1)
continue; /* comment, skip */
if (rc == -2) {
fprintf(stderr, "%s: error on line %lu, skipping...\n",
selinux_usersconf_path(), lineno);
continue;
}
if (!strcmp(username, name))
break;
if (username[0] == '%' &&
!groupseuser &&
check_group(&username[1], name, gid)) {
groupseuser = seuser;
grouplevel = level;
} else {
if (!defaultseuser &&
!strcmp(username, "__default__")) {
defaultseuser = seuser;
defaultlevel = level;
} else {
free(seuser);
free(level);
}
}
free(username);
username = NULL;
seuser = NULL;
}
free(buffer);
fclose(cfg);
if (seuser) {
free(username);
free(defaultseuser);
free(defaultlevel);
free(groupseuser);
free(grouplevel);
*r_seuser = seuser;
*r_level = level;
return 0;
}
if (groupseuser) {
free(defaultseuser);
free(defaultlevel);
*r_seuser = groupseuser;
*r_level = grouplevel;
return 0;
}
if (defaultseuser) {
*r_seuser = defaultseuser;
*r_level = defaultlevel;
return 0;
}
nomatch:
if (require_seusers)
return -1;
/* Fall back to the Linux username and no level. */
*r_seuser = strdup(name);
if (!(*r_seuser))
return -1;
*r_level = NULL;
return 0;
}
static JSBool
rpmsx_getprop(JSContext *cx, JSObject *obj, jsid id, jsval *vp)
{
void * ptr = JS_GetInstancePrivate(cx, obj, &rpmsxClass, NULL);
jsint tiny = JSVAL_TO_INT(id);
#if defined(WITH_SELINUX)
security_context_t con = NULL;
#endif
/* XXX the class has ptr == NULL, instances have ptr != NULL. */
if (ptr == NULL)
return JS_TRUE;
switch (tiny) {
case _DEBUG:
*vp = INT_TO_JSVAL(_debug);
break;
#if defined(WITH_SELINUX)
case _CURRENT: *vp = _GET_CON(!getcon(&con)); break;
case _PID: *vp = _GET_CON(!getpidcon(getpid(), &con)); break;
case _PPID: *vp = _GET_CON(!getpidcon(getppid(), &con)); break;
case _PREV: *vp = _GET_CON(!getprevcon(&con)); break;
case _EXEC: *vp = _GET_CON(!getexeccon(&con)); break;
case _FSCREATE: *vp = _GET_CON(!getfscreatecon(&con)); break;
case _KEYCREATE: *vp = _GET_CON(!getkeycreatecon(&con)); break;
case _SOCKCREATE: *vp = _GET_CON(!getsockcreatecon(&con)); break;
case _ENFORCE: *vp = INT_TO_JSVAL(security_getenforce()); break;
case _DENY: *vp = INT_TO_JSVAL(security_deny_unknown()); break;
case _POLICYVERS: *vp = INT_TO_JSVAL(security_policyvers()); break;
case _ENABLED: *vp = INT_TO_JSVAL(is_selinux_enabled()); break;
case _MLSENABLED: *vp = INT_TO_JSVAL(is_selinux_mls_enabled()); break;
#ifdef NOTYET
case _BOOLS: *vp = ; break;
#endif
case _ROOT: *vp = _GET_STR(selinux_policy_root()); break;
case _BINARY: *vp = _GET_STR(selinux_binary_policy_path()); break;
case _FAILSAFE: *vp = _GET_STR(selinux_failsafe_context_path());break;
case _REMOVABLE: *vp = _GET_STR(selinux_removable_context_path());break;
case _DEFAULT: *vp = _GET_STR(selinux_default_context_path()); break;
case _USER: *vp = _GET_STR(selinux_user_contexts_path()); break;
case _FCON: *vp = _GET_STR(selinux_file_context_path()); break;
case _FCONHOME: *vp = _GET_STR(selinux_file_context_homedir_path());break;
case _FCONLOCAL: *vp = _GET_STR(selinux_file_context_local_path());break;
case _FCONSUBS: *vp = _GET_STR(selinux_file_context_subs_path());break;
case _HOMEDIR: *vp = _GET_STR(selinux_homedir_context_path()); break;
case _MEDIA: *vp = _GET_STR(selinux_media_context_path()); break;
case _VIRTDOMAIN: *vp = _GET_STR(selinux_virtual_domain_context_path());break;
case _VIRTIMAGE: *vp = _GET_STR(selinux_virtual_image_context_path());break;
case _X: *vp = _GET_STR(selinux_x_context_path()); break;
case _CONTEXTS: *vp = _GET_STR(selinux_contexts_path()); break;
case _SECURETTY: *vp = _GET_STR(selinux_securetty_types_path()); break;
case _BOOLEANS: *vp = _GET_STR(selinux_booleans_path()); break;
case _CUSTOMTYPES: *vp = _GET_STR(selinux_customizable_types_path());break;
case _USERS: *vp = _GET_STR(selinux_users_path()); break;
case _USERSCONF: *vp = _GET_STR(selinux_usersconf_path()); break;
case _XLATIONS: *vp = _GET_STR(selinux_translations_path()); break;
case _COLORS: *vp = _GET_STR(selinux_colors_path()); break;
case _NETFILTER: *vp = _GET_STR(selinux_netfilter_context_path());break;
case _PATH: *vp = _GET_STR(selinux_path()); break;
#endif
default:
break;
}
#if defined(WITH_SELINUX)
if (con) {
freecon(con);
con = NULL;
}
#endif
return JS_TRUE;
}
