int del_seuser (const char *login_name) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int exists = 0; handle = semanage_init (); if (NULL == handle) { fprintf (stderr, _("Cannot init SELinux management\n")); ret = 1; goto done; } ret = semanage_seuser_key_create (handle, login_name, &key); if (ret != 0) { fprintf (stderr, _("Cannot create SELinux user key\n")); ret = 1; goto done; } ret = semanage_seuser_exists (handle, key, &exists); if (ret < 0) { fprintf (stderr, _("Cannot verify the SELinux user\n")); ret = 1; goto done; } if (0 == exists) { fprintf (stderr, _("Login mapping for %s is not defined, OK if default mapping was used\n"), login_name); ret = 0; /* probably default mapping */ goto done; } ret = semanage_seuser_exists_local (handle, key, &exists); if (ret < 0) { fprintf (stderr, _("Cannot verify the SELinux user\n")); ret = 1; goto done; } if (0 == exists) { fprintf (stderr, _("Login mapping for %s is defined in policy, cannot be deleted\n"), login_name); ret = 0; /* Login mapping defined in policy can't be deleted */ goto done; } ret = semanage_seuser_del_local (handle, key); if (ret != 0) { fprintf (stderr, _("Could not delete login mapping for %s"), login_name); ret = 1; goto done; } ret = semanage_commit (handle); if (ret < 0) { fprintf (stderr, _("Cannot commit SELinux transaction\n")); ret = 1; goto done; } ret = 0; done: semanage_handle_destroy (handle); return ret; }
int del_seuser(const char *login_name) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int exists = 0; handle = sss_semanage_init(); if (!handle) { DEBUG(1, ("Cannot init SELinux management\n")); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { DEBUG(1, ("Cannot create SELinux user key\n")); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &exists); if (ret < 0) { DEBUG(1, ("Cannot verify the SELinux user\n")); ret = EIO; goto done; } if (!exists) { DEBUG(5, ("Login mapping for %s is not defined, OK if default mapping " "was used\n", login_name)); ret = EOK; /* probably default mapping */ goto done; } ret = semanage_seuser_exists_local(handle, key, &exists); if (ret < 0) { DEBUG(1, ("Cannot verify the SELinux user\n")); ret = EIO; goto done; } if (!exists) { DEBUG(1, ("Login mapping for %s is defined in policy, " "cannot be deleted", login_name)); ret = ENOENT; goto done; } ret = semanage_seuser_del_local(handle, key); if (ret != 0) { DEBUG(1, ("Could not delete login mapping for %s", login_name)); ret = EIO; goto done; } ret = semanage_commit(handle); if (ret < 0) { DEBUG(1, ("Cannot commit SELinux transaction\n")); ret = EIO; goto done; } ret = EOK; done: semanage_handle_destroy(handle); return ret; }
int sss_del_seuser(const char *login_name) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; int ret; int exists = 0; ret = sss_semanage_init(&handle); if (ret == ERR_SELINUX_NOT_MANAGED) { goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n"); goto done; } ret = semanage_begin_transaction(handle); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot begin SELinux transaction\n"); ret = EIO; goto done; } ret = semanage_seuser_key_create(handle, login_name, &key); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux user key\n"); ret = EIO; goto done; } ret = semanage_seuser_exists(handle, key, &exists); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n"); ret = EIO; goto done; } if (!exists) { DEBUG(SSSDBG_FUNC_DATA, "Login mapping for %s is not defined, OK if default mapping " "was used\n", login_name); ret = EOK; /* probably default mapping */ goto done; } ret = semanage_seuser_exists_local(handle, key, &exists); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot verify the SELinux user\n"); ret = EIO; goto done; } if (!exists) { DEBUG(SSSDBG_CRIT_FAILURE, "Login mapping for %s is defined in policy, cannot be deleted\n", login_name); ret = ENOENT; goto done; } ret = semanage_seuser_del_local(handle, key); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not delete login mapping for %s\n", login_name); ret = EIO; goto done; } ret = semanage_commit(handle); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot commit SELinux transaction\n"); ret = EIO; goto done; } ret = EOK; done: sss_semanage_close(handle); return ret; }