diff options
author | Michal Zidek <mzidek@redhat.com> | 2014-09-24 16:03:04 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 21:26:27 +0200 |
commit | 180c7a75ee8507d459c7de21882dc714c59c3cc9 (patch) | |
tree | 98fd1fdbe7ce47e38a5b0c42b040ee4a57d16d34 /src | |
parent | 42ec8af02ecf1937e4db9b1ecc6216022634f0f9 (diff) | |
download | sssd-180c7a75ee8507d459c7de21882dc714c59c3cc9.tar.gz sssd-180c7a75ee8507d459c7de21882dc714c59c3cc9.tar.xz sssd-180c7a75ee8507d459c7de21882dc714c59c3cc9.zip |
sss_semanage: Add mlsrange parameter to set_seuser
mlsrange parameter will be needed in IPA provider
and probably at some point in the tools as well.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/tools/sss_useradd.c | 2 | ||||
-rw-r--r-- | src/tools/sss_usermod.c | 2 | ||||
-rw-r--r-- | src/util/sss_semanage.c | 25 | ||||
-rw-r--r-- | src/util/util.h | 3 |
4 files changed, 20 insertions, 12 deletions
diff --git a/src/tools/sss_useradd.c b/src/tools/sss_useradd.c index 59439401e..8521b8301 100644 --- a/src/tools/sss_useradd.c +++ b/src/tools/sss_useradd.c @@ -205,7 +205,7 @@ int main(int argc, const char **argv) /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ - ret = set_seuser(tctx->octx->name, pc_selinux_user); + ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL); if (ret != EOK) { ERROR("Cannot set SELinux login context\n"); ret = EXIT_FAILURE; diff --git a/src/tools/sss_usermod.c b/src/tools/sss_usermod.c index 9683c6e9e..55e943947 100644 --- a/src/tools/sss_usermod.c +++ b/src/tools/sss_usermod.c @@ -300,7 +300,7 @@ int main(int argc, const char **argv) /* Set SELinux login context - must be done after transaction is done * b/c libselinux calls getpwnam */ - ret = set_seuser(tctx->octx->name, pc_selinux_user); + ret = set_seuser(tctx->octx->name, pc_selinux_user, NULL); if (ret != EOK) { ERROR("Cannot set SELinux login context\n"); ret = EXIT_FAILURE; diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c index dbef3b343..3c566553f 100644 --- a/src/util/sss_semanage.c +++ b/src/util/sss_semanage.c @@ -22,7 +22,6 @@ #include "config.h" #include <stdio.h> - #ifdef HAVE_SEMANAGE #include <semanage/semanage.h> #endif @@ -118,7 +117,8 @@ fail: static int sss_semanage_user_add(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, - const char *seuser_name) + const char *seuser_name, + const char *mls) { int ret; semanage_seuser_t *seuser = NULL; @@ -138,7 +138,8 @@ static int sss_semanage_user_add(semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); + ret = semanage_seuser_set_mlsrange(handle, seuser, + mls ? mls : DEFAULT_SERANGE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not set serange for %s\n", login_name); @@ -171,7 +172,8 @@ done: static int sss_semanage_user_mod(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, - const char *seuser_name) + const char *seuser_name, + const char *mls) { int ret; semanage_seuser_t *seuser = NULL; @@ -184,7 +186,8 @@ static int sss_semanage_user_mod(semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); + ret = semanage_seuser_set_mlsrange(handle, seuser, + mls ? mls : DEFAULT_SERANGE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not set serange for %s\n", login_name); @@ -213,7 +216,8 @@ done: return ret; } -int set_seuser(const char *login_name, const char *seuser_name) +int set_seuser(const char *login_name, const char *seuser_name, + const char *mls) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; @@ -247,14 +251,16 @@ int set_seuser(const char *login_name, const char *seuser_name) } if (seuser_exists) { - ret = sss_semanage_user_mod(handle, key, login_name, seuser_name); + ret = sss_semanage_user_mod(handle, key, login_name, seuser_name, + mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n"); ret = EIO; goto done; } } else { - ret = sss_semanage_user_add(handle, key, login_name, seuser_name); + ret = sss_semanage_user_add(handle, key, login_name, seuser_name, + mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n"); ret = EIO; @@ -348,7 +354,8 @@ done: } #else /* HAVE_SEMANAGE */ -int set_seuser(const char *login_name, const char *seuser_name) +int set_seuser(const char *login_name, const char *seuser_name, + const char *mls) { return EOK; } diff --git a/src/util/util.h b/src/util/util.h index b43ce6f50..0af4db3fe 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -592,7 +592,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, errno_t restore_creds(struct sss_creds *saved_creds); /* from sss_semanage.c */ -int set_seuser(const char *login_name, const char *seuser_name); +int set_seuser(const char *login_name, const char *seuser_name, + const char *mlsrange); int del_seuser(const char *login_name); #endif /* __SSSD_UTIL_H__ */ |