int main(int argc, char **argv) { security_context_t *list, usercon = NULL, cur_context = NULL; char *user = NULL, *level = NULL; int ret, i, opt; while ((opt = getopt(argc, argv, "l:")) > 0) { switch (opt) { case 'l': level = strdup(optarg); break; default: usage(argv[0], "invalid option", 1); } } if (((argc - optind) < 1) || ((argc - optind) > 2)) usage(argv[0], "invalid number of arguments", 2); /* If selinux isn't available, bail out. */ if (!is_selinux_enabled()) { fprintf(stderr, "getconlist may be used only on a SELinux kernel.\n"); return 1; } user = argv[optind]; /* If a context wasn't passed, use the current context. */ if (((argc - optind) < 2)) { if (getcon(&cur_context) < 0) { fprintf(stderr, "Couldn't get current context.\n"); return 2; } } else cur_context = argv[optind + 1]; /* Get the list and print it */ if (level) ret = get_ordered_context_list_with_level(user, level, cur_context, &list); else ret = get_ordered_context_list(user, cur_context, &list); if (ret != -1) { for (i = 0; list[i]; i++) puts(list[i]); freeconary(list); } free(usercon); return 0; }
int get_ordered_context_list_with_level(const char *user, const char *level, security_context_t fromcon, security_context_t ** list) { int rc; int freefrom = 0; context_t con; char *newfromcon; if (!level) return get_ordered_context_list(user, fromcon, list); if (!fromcon) { rc = getcon(&fromcon); if (rc < 0) return rc; freefrom = 1; } rc = -1; con = context_new(fromcon); if (!con) goto out; if (context_range_set(con, level)) goto out; newfromcon = context_str(con); if (!newfromcon) goto out; rc = get_ordered_context_list(user, newfromcon, list); out: context_free(con); if (freefrom) freecon(fromcon); return rc; }
/* * Launch sulogin and wait it for finish */ void initng_main_su_login(void) { pid_t sulogin_pid; int status; #ifdef SELINUX if (is_selinux_enabled > 0) { security_context_t *contextlist = NULL; if (get_ordered_context_list("root", 0, &contextlist) > 0) { if (setexeccon(contextlist[0]) != 0) fprintf(stderr, "setexeccon failed\n"); freeconary(contextlist); } } #endif /* sulogin nicely 2 times */ if (local_sulogin_count <= TRY_TIMES) { printf("This is a sulogin offer,\n" "you will be able to login for %i times (now %i),\n" "and on return initng will try continue where it was,\n" "if the times go out, initng will launch\n" "/sbin/initng-segfault on next su_login request.\n\n", TRY_TIMES, local_sulogin_count); sulogin_pid = fork(); if (sulogin_pid == 0) { const char *sulogin_argv[] = { "/sbin/sulogin", NULL }; const char *sulogin_env[] = { NULL }; /* launch sulogin */ execve(sulogin_argv[0], (char **)sulogin_argv, (char **)sulogin_env); printf("Unable to execute /sbin/sulogin!\n"); } else if (sulogin_pid > 0) { do { sulogin_pid = waitpid(sulogin_pid, &status, WUNTRACED); } while (!WIFEXITED(status) && !WIFSIGNALED(status)); /* increase the sulogin_count */ local_sulogin_count++; } } /* else run segfault script */ initng_main_segfault(); }
int get_default_context(const char *user, security_context_t fromcon, security_context_t * newcon) { security_context_t *conary; int rc; rc = get_ordered_context_list(user, fromcon, &conary); if (rc <= 0) return -1; *newcon = strdup(conary[0]); freeconary(conary); if (!(*newcon)) return -1; return 0; }
int get_default_context_with_role(const char *user, const char *role, char * fromcon, char ** newcon) { char **conary; char **ptr; context_t con; const char *role2; int rc; rc = get_ordered_context_list(user, fromcon, &conary); if (rc <= 0) return -1; for (ptr = conary; *ptr; ptr++) { con = context_new(*ptr); if (!con) continue; role2 = context_role_get(con); if (role2 && !strcmp(role, role2)) { context_free(con); break; } context_free(con); } rc = -1; if (!(*ptr)) { errno = EINVAL; goto out; } *newcon = strdup(*ptr); if (!(*newcon)) goto out; rc = 0; out: freeconary(conary); return rc; }