static int lookup_seuser(semanage_handle_t * handle, const semanage_user_key_t *k) {
semanage_user_t *user;
semanage_seuser_t **records;
const char *name;
const char *sename;
unsigned int count;
size_t i;
int rc = 0;
if (semanage_user_query(handle, k, &user) < 0)
return 0;
name = semanage_user_get_name(user);
semanage_seuser_list_local(handle,
&records,
&count);
for(i = 0; i < count; i++) {
sename = semanage_seuser_get_sename(records[i]);
if (strcmp(name, sename) == 0) {
errno = EINVAL;
ERR(handle, "%s is being used by %s login record",
sename, semanage_seuser_get_name(records[i]));
rc = -1;
}
}
for(i = 0; i < count; i++)
semanage_seuser_free(records[i]);
free(records);
semanage_user_free(user);
if (rc)
errno = EINVAL;
return rc;
}
static int semanage_user_add (semanage_handle_t *handle,
semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name)
{
int ret;
semanage_seuser_t *seuser = NULL;
ret = semanage_seuser_create (handle, &seuser);
if (ret != 0) {
fprintf (stderr,
_("Cannot create SELinux login mapping for %s\n"),
login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_set_name (handle, seuser, login_name);
if (ret != 0) {
fprintf (stderr, _("Could not set name for %s\n"), login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (stderr,
_("Could not set serange for %s\n"),
login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
fprintf (stderr,
_("Could not set SELinux user for %s\n"),
login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_modify_local (handle, key, seuser);
if (ret != 0) {
fprintf (stderr,
_("Could not add login mapping for %s\n"),
login_name);
ret = 1;
goto done;
}
ret = 0;
done:
semanage_seuser_free (seuser);
return ret;
}
static int sss_semanage_user_add(semanage_handle_t *handle,
semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name,
const char *mls)
{
int ret;
semanage_seuser_t *seuser = NULL;
ret = semanage_seuser_create(handle, &seuser);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot create SELinux login mapping for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_name(handle, seuser, login_name);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Could not set name for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_mlsrange(handle, seuser,
mls ? mls : DEFAULT_SERANGE);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not set serange for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not set SELinux user for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_modify_local(handle, key, seuser);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not add login mapping for %s\n", login_name);
ret = EIO;
goto done;
}
ret = EOK;
done:
semanage_seuser_free(seuser);
return ret;
}
static int semanage_user_mod (semanage_handle_t *handle,
semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name)
{
int ret;
semanage_seuser_t *seuser = NULL;
semanage_seuser_query (handle, key, &seuser);
if (NULL == seuser) {
fprintf (stderr,
_("Could not query seuser for %s\n"), login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
fprintf (stderr,
_("Could not set serange for %s\n"), login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
if (ret != 0) {
fprintf (stderr,
_("Could not set sename for %s\n"),
login_name);
ret = 1;
goto done;
}
ret = semanage_seuser_modify_local (handle, key, seuser);
if (ret != 0) {
fprintf (stderr,
_("Could not modify login mapping for %s\n"),
login_name);
ret = 1;
goto done;
}
ret = 0;
done:
semanage_seuser_free (seuser);
return ret;
}
static int sss_semanage_user_mod(semanage_handle_t *handle,
semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name)
{
int ret;
semanage_seuser_t *seuser = NULL;
semanage_seuser_query(handle, key, &seuser);
if (seuser == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not query seuser for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not set serange for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Could not set sename for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_modify_local(handle, key, seuser);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Could not modify login mapping for %s\n"), login_name);
ret = EIO;
goto done;
}
ret = EOK;
done:
semanage_seuser_free(seuser);
return ret;
}
int get_seuser(TALLOC_CTX *mem_ctx, const char *login_name,
char **_seuser, char **_mls_range)
{
errno_t ret;
const char *seuser;
const char *mls_range;
semanage_handle_t *sm_handle = NULL;
semanage_seuser_t *sm_user = NULL;
semanage_seuser_key_t *sm_key = NULL;
sm_handle = sss_semanage_init();
if (sm_handle == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create SELinux handle\n");
ret = EIO;
goto done;
}
ret = semanage_seuser_key_create(sm_handle, login_name, &sm_key);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot create key for %s\n", login_name);
ret = EIO;
goto done;
}
ret = semanage_seuser_query(sm_handle, sm_key, &sm_user);
if (ret < 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot query for %s\n", login_name);
ret = EIO;
goto done;
}
seuser = semanage_seuser_get_sename(sm_user);
if (seuser != NULL) {
*_seuser = talloc_strdup(mem_ctx, seuser);
if (*_seuser == NULL) {
ret = ENOMEM;
goto done;
}
DEBUG(SSSDBG_OP_FAILURE,
"SELinux user for %s: %s\n", login_name, *_seuser);
} else {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get sename for %s\n", login_name);
}
mls_range = semanage_seuser_get_mlsrange(sm_user);
if (mls_range != NULL) {
*_mls_range = talloc_strdup(mem_ctx, mls_range);
if (*_mls_range == NULL) {
ret = ENOMEM;
goto done;
}
DEBUG(SSSDBG_OP_FAILURE,
"SELinux range for %s: %s\n", login_name, *_mls_range);
} else {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get mlsrange for %s\n", login_name);
}
ret = EOK;
done:
semanage_seuser_key_free(sm_key);
semanage_seuser_free(sm_user);
sss_semanage_close(sm_handle);
return ret;
}
