diff options
| author | Robbie Harwood <rharwood@redhat.com> | 2015-09-02 14:26:01 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-09-04 14:28:19 -0400 |
| commit | bf53dbf2201a9e87c185f7948a08a290b176234c (patch) | |
| tree | a5ea03cea21ce8c0f534e2776065eff6f4391f59 /proxy | |
| parent | 5eb49a01362df71dab345bb276d3d2d0b40aa005 (diff) | |
| download | gss-proxy-bf53dbf2201a9e87c185f7948a08a290b176234c.tar.gz gss-proxy-bf53dbf2201a9e87c185f7948a08a290b176234c.tar.xz gss-proxy-bf53dbf2201a9e87c185f7948a08a290b176234c.zip | |
Extract generalized selinux context comparison function
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'proxy')
| -rw-r--r-- | proxy/src/gp_proxy.h | 1 | ||||
| -rw-r--r-- | proxy/src/gp_socket.c | 38 |
2 files changed, 26 insertions, 13 deletions
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index 72bbc5c..aa54ec5 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -126,6 +126,7 @@ void gp_socket_send_data(verto_ctx *vctx, struct gp_conn *conn, struct gp_creds *gp_conn_get_creds(struct gp_conn *conn); uid_t gp_conn_get_uid(struct gp_conn *conn); const char *gp_conn_get_socket(struct gp_conn *conn); +bool gp_selinux_ctx_equal(SELINUX_CTX ctx1, SELINUX_CTX ctx2); bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx); /* from gp_workers.c */ diff --git a/proxy/src/gp_socket.c b/proxy/src/gp_socket.c index 3e8afc5..f7712cf 100644 --- a/proxy/src/gp_socket.c +++ b/proxy/src/gp_socket.c @@ -62,33 +62,31 @@ struct gp_buffer { size_t pos; }; -bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx) +bool gp_selinux_ctx_equal(SELINUX_CTX ctx1, SELINUX_CTX ctx2) { const char *ra, *rb; - if (ctx == NULL) { + if (ctx1 == ctx2) { return true; } - - if (!(conn->creds.type & CRED_TYPE_SELINUX) || - (conn->selinux_ctx == NULL)) { + if (ctx1 == NULL || ctx2 == NULL) { return false; } - if (strcmp(SELINUX_context_user_get(ctx), - SELINUX_context_user_get(conn->selinux_ctx)) != 0) { + if (strcmp(SELINUX_context_user_get(ctx1), + SELINUX_context_user_get(ctx2)) != 0) { return false; } - if (strcmp(SELINUX_context_role_get(ctx), - SELINUX_context_role_get(conn->selinux_ctx)) != 0) { + if (strcmp(SELINUX_context_role_get(ctx1), + SELINUX_context_role_get(ctx2)) != 0) { return false; } - if (strcmp(SELINUX_context_type_get(ctx), - SELINUX_context_type_get(conn->selinux_ctx)) != 0) { + if (strcmp(SELINUX_context_type_get(ctx1), + SELINUX_context_type_get(ctx2)) != 0) { return false; } - ra = SELINUX_context_range_get(ctx); - rb = SELINUX_context_range_get(conn->selinux_ctx); + ra = SELINUX_context_range_get(ctx1); + rb = SELINUX_context_range_get(ctx2); if (ra && rb && (strcmp(ra, rb) != 0)) { return false; } @@ -96,6 +94,20 @@ bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx) return true; } +bool gp_conn_check_selinux(struct gp_conn *conn, SELINUX_CTX ctx) +{ + if (ctx == NULL) { + return true; + } + + if (!(conn->creds.type & CRED_TYPE_SELINUX) || + (conn->selinux_ctx == NULL)) { + return false; + } + + return gp_selinux_ctx_equal(ctx, conn->selinux_ctx); +} + struct gp_creds *gp_conn_get_creds(struct gp_conn *conn) { return &conn->creds; |