From 180c7a75ee8507d459c7de21882dc714c59c3cc9 Mon Sep 17 00:00:00 2001 From: Michal Zidek Date: Wed, 24 Sep 2014 16:03:04 +0200 Subject: sss_semanage: Add mlsrange parameter to set_seuser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mlsrange parameter will be needed in IPA provider and probably at some point in the tools as well. Reviewed-by: Lukáš Slebodník --- src/util/sss_semanage.c | 25 ++++++++++++++++--------- src/util/util.h | 3 ++- 2 files changed, 18 insertions(+), 10 deletions(-) (limited to 'src/util') diff --git a/src/util/sss_semanage.c b/src/util/sss_semanage.c index dbef3b343..3c566553f 100644 --- a/src/util/sss_semanage.c +++ b/src/util/sss_semanage.c @@ -22,7 +22,6 @@ #include "config.h" #include - #ifdef HAVE_SEMANAGE #include #endif @@ -118,7 +117,8 @@ fail: static int sss_semanage_user_add(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, - const char *seuser_name) + const char *seuser_name, + const char *mls) { int ret; semanage_seuser_t *seuser = NULL; @@ -138,7 +138,8 @@ static int sss_semanage_user_add(semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); + ret = semanage_seuser_set_mlsrange(handle, seuser, + mls ? mls : DEFAULT_SERANGE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not set serange for %s\n", login_name); @@ -171,7 +172,8 @@ done: static int sss_semanage_user_mod(semanage_handle_t *handle, semanage_seuser_key_t *key, const char *login_name, - const char *seuser_name) + const char *seuser_name, + const char *mls) { int ret; semanage_seuser_t *seuser = NULL; @@ -184,7 +186,8 @@ static int sss_semanage_user_mod(semanage_handle_t *handle, goto done; } - ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE); + ret = semanage_seuser_set_mlsrange(handle, seuser, + mls ? mls : DEFAULT_SERANGE); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not set serange for %s\n", login_name); @@ -213,7 +216,8 @@ done: return ret; } -int set_seuser(const char *login_name, const char *seuser_name) +int set_seuser(const char *login_name, const char *seuser_name, + const char *mls) { semanage_handle_t *handle = NULL; semanage_seuser_key_t *key = NULL; @@ -247,14 +251,16 @@ int set_seuser(const char *login_name, const char *seuser_name) } if (seuser_exists) { - ret = sss_semanage_user_mod(handle, key, login_name, seuser_name); + ret = sss_semanage_user_mod(handle, key, login_name, seuser_name, + mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot modify SELinux user mapping\n"); ret = EIO; goto done; } } else { - ret = sss_semanage_user_add(handle, key, login_name, seuser_name); + ret = sss_semanage_user_add(handle, key, login_name, seuser_name, + mls); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot add SELinux user mapping\n"); ret = EIO; @@ -348,7 +354,8 @@ done: } #else /* HAVE_SEMANAGE */ -int set_seuser(const char *login_name, const char *seuser_name) +int set_seuser(const char *login_name, const char *seuser_name, + const char *mls) { return EOK; } diff --git a/src/util/util.h b/src/util/util.h index b43ce6f50..0af4db3fe 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -592,7 +592,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, errno_t restore_creds(struct sss_creds *saved_creds); /* from sss_semanage.c */ -int set_seuser(const char *login_name, const char *seuser_name); +int set_seuser(const char *login_name, const char *seuser_name, + const char *mlsrange); int del_seuser(const char *login_name); #endif /* __SSSD_UTIL_H__ */ -- cgit