int sss_get_seuser(const char *linuxuser,
char **selinuxuser,
char **level)
{
int ret;
semanage_handle_t *handle;
handle = semanage_handle_create();
if (handle == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
return EIO;
}
semanage_msg_set_callback(handle,
sss_semanage_error_callback,
NULL);
/* We only needed the handle for this call. Close the handle right
* after it */
ret = sss_is_selinux_managed(handle);
sss_semanage_close(handle);
if (ret != EOK) {
return ret;
}
return getseuserbyname(linuxuser, selinuxuser, level);
}
static int sss_semanage_init(semanage_handle_t **_handle)
{
int ret;
semanage_handle_t *handle = NULL;
handle = semanage_handle_create();
if (!handle) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
ret = EIO;
goto done;
}
semanage_msg_set_callback(handle,
sss_semanage_error_callback,
NULL);
ret = sss_is_selinux_managed(handle);
if (ret != EOK) {
goto done;
}
ret = semanage_access_check(handle);
if (ret < SEMANAGE_CAN_READ) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n");
ret = EACCES;
goto done;
}
ret = semanage_connect(handle);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot estabilish SELinux management connection\n");
ret = EIO;
goto done;
}
ret = EOK;
done:
if (ret != EOK) {
sss_semanage_close(handle);
} else {
*_handle = handle;
}
return ret;
}
static semanage_handle_t *semanage_init (void)
{
int ret;
semanage_handle_t *handle = NULL;
handle = semanage_handle_create ();
if (NULL == handle) {
fprintf (stderr,
_("Cannot create SELinux management handle\n"));
return NULL;
}
semanage_msg_set_callback (handle, semanage_error_callback, NULL);
ret = semanage_is_managed (handle);
if (ret != 1) {
fprintf (stderr, _("SELinux policy not managed\n"));
goto fail;
}
ret = semanage_access_check (handle);
if (ret < SEMANAGE_CAN_READ) {
fprintf (stderr, _("Cannot read SELinux policy store\n"));
goto fail;
}
ret = semanage_connect (handle);
if (ret != 0) {
fprintf (stderr,
_("Cannot establish SELinux management connection\n"));
goto fail;
}
ret = semanage_begin_transaction (handle);
if (ret != 0) {
fprintf (stderr, _("Cannot begin SELinux transaction\n"));
goto fail;
}
return handle;
fail:
semanage_handle_destroy (handle);
return NULL;
}
static semanage_handle_t *sss_semanage_init(void)
{
int ret;
semanage_handle_t *handle = NULL;
handle = semanage_handle_create();
if (!handle) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux management handle\n");
return NULL;
}
semanage_msg_set_callback(handle,
sss_semanage_error_callback,
NULL);
ret = semanage_is_managed(handle);
if (ret != 1) {
DEBUG(SSSDBG_CRIT_FAILURE, "SELinux policy not managed\n");
goto fail;
}
ret = semanage_access_check(handle);
if (ret < SEMANAGE_CAN_READ) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot read SELinux policy store\n");
goto fail;
}
ret = semanage_connect(handle);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot estabilish SELinux management connection\n");
goto fail;
}
return handle;
fail:
sss_semanage_close(handle);
return NULL;
}
