int main(int argc, char **argv)
{
security_context_t *list, usercon = NULL, cur_context = NULL;
char *user = NULL, *level = NULL;
int ret, i, opt;
while ((opt = getopt(argc, argv, "l:")) > 0) {
switch (opt) {
case 'l':
level = strdup(optarg);
break;
default:
usage(argv[0], "invalid option", 1);
}
}
if (((argc - optind) < 1) || ((argc - optind) > 2))
usage(argv[0], "invalid number of arguments", 2);
/* If selinux isn't available, bail out. */
if (!is_selinux_enabled()) {
fprintf(stderr,
"getconlist may be used only on a SELinux kernel.\n");
return 1;
}
user = argv[optind];
/* If a context wasn't passed, use the current context. */
if (((argc - optind) < 2)) {
if (getcon(&cur_context) < 0) {
fprintf(stderr, "Couldn't get current context.\n");
return 2;
}
} else
cur_context = argv[optind + 1];
/* Get the list and print it */
if (level)
ret =
get_ordered_context_list_with_level(user, level,
cur_context, &list);
else
ret = get_ordered_context_list(user, cur_context, &list);
if (ret != -1) {
for (i = 0; list[i]; i++)
puts(list[i]);
freeconary(list);
}
free(usercon);
return 0;
}
int get_ordered_context_list_with_level(const char *user,
const char *level,
security_context_t fromcon,
security_context_t ** list)
{
int rc;
int freefrom = 0;
context_t con;
char *newfromcon;
if (!level)
return get_ordered_context_list(user, fromcon, list);
if (!fromcon) {
rc = getcon(&fromcon);
if (rc < 0)
return rc;
freefrom = 1;
}
rc = -1;
con = context_new(fromcon);
if (!con)
goto out;
if (context_range_set(con, level))
goto out;
newfromcon = context_str(con);
if (!newfromcon)
goto out;
rc = get_ordered_context_list(user, newfromcon, list);
out:
context_free(con);
if (freefrom)
freecon(fromcon);
return rc;
}
/*
* Launch sulogin and wait it for finish
*/
void initng_main_su_login(void)
{
pid_t sulogin_pid;
int status;
#ifdef SELINUX
if (is_selinux_enabled > 0) {
security_context_t *contextlist = NULL;
if (get_ordered_context_list("root", 0, &contextlist) > 0) {
if (setexeccon(contextlist[0]) != 0)
fprintf(stderr, "setexeccon failed\n");
freeconary(contextlist);
}
}
#endif
/* sulogin nicely 2 times */
if (local_sulogin_count <= TRY_TIMES) {
printf("This is a sulogin offer,\n"
"you will be able to login for %i times (now %i),\n"
"and on return initng will try continue where it was,\n"
"if the times go out, initng will launch\n"
"/sbin/initng-segfault on next su_login request.\n\n",
TRY_TIMES, local_sulogin_count);
sulogin_pid = fork();
if (sulogin_pid == 0) {
const char *sulogin_argv[] = { "/sbin/sulogin", NULL };
const char *sulogin_env[] = { NULL };
/* launch sulogin */
execve(sulogin_argv[0], (char **)sulogin_argv,
(char **)sulogin_env);
printf("Unable to execute /sbin/sulogin!\n");
} else if (sulogin_pid > 0) {
do {
sulogin_pid = waitpid(sulogin_pid, &status,
WUNTRACED);
} while (!WIFEXITED(status) && !WIFSIGNALED(status));
/* increase the sulogin_count */
local_sulogin_count++;
}
}
/* else run segfault script */
initng_main_segfault();
}
int get_default_context(const char *user,
security_context_t fromcon, security_context_t * newcon)
{
security_context_t *conary;
int rc;
rc = get_ordered_context_list(user, fromcon, &conary);
if (rc <= 0)
return -1;
*newcon = strdup(conary[0]);
freeconary(conary);
if (!(*newcon))
return -1;
return 0;
}
int get_default_context_with_role(const char *user,
const char *role,
char * fromcon,
char ** newcon)
{
char **conary;
char **ptr;
context_t con;
const char *role2;
int rc;
rc = get_ordered_context_list(user, fromcon, &conary);
if (rc <= 0)
return -1;
for (ptr = conary; *ptr; ptr++) {
con = context_new(*ptr);
if (!con)
continue;
role2 = context_role_get(con);
if (role2 && !strcmp(role, role2)) {
context_free(con);
break;
}
context_free(con);
}
rc = -1;
if (!(*ptr)) {
errno = EINVAL;
goto out;
}
*newcon = strdup(*ptr);
if (!(*newcon))
goto out;
rc = 0;
out:
freeconary(conary);
return rc;
}
