From 7ce306a7c7751c609e4831c53f647e7322c24984 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jan 03 2007 19:18:27 +0000 Subject: - Fix selection of role --- diff --git a/pam-0.99.6.2-selinux-select-context.patch b/pam-0.99.6.2-selinux-select-context.patch index 0e61a60..831210f 100644 --- a/pam-0.99.6.2-selinux-select-context.patch +++ b/pam-0.99.6.2-selinux-select-context.patch @@ -1,5 +1,5 @@ ---- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context 2006-11-10 17:48:59.000000000 +0100 -+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml 2006-11-10 17:52:36.000000000 +0100 +--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context 2006-12-27 10:59:06.000000000 -0500 ++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml 2006-12-27 10:59:06.000000000 -0500 @@ -33,6 +33,9 @@ verbose @@ -28,36 +28,154 @@ ---- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context 2006-11-10 17:48:59.000000000 +0100 -+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-11-10 18:00:11.000000000 +0100 -@@ -63,6 +63,7 @@ +--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context 2006-12-27 10:59:06.000000000 -0500 ++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2007-01-03 13:40:24.000000000 -0500 +@@ -63,8 +63,10 @@ #include #include #include +#include #include #include ++#include -@@ -151,6 +152,8 @@ + static int + send_text (pam_handle_t *pamh, const char *text, int debug) +@@ -79,69 +81,64 @@ + * is responsible for freeing the responses. + */ + static int +-query_response (pam_handle_t *pamh, const char *text, ++query_response (pam_handle_t *pamh, const char *text, const char *def, + char **responses, int debug) + { ++ int rc; ++ if (def) ++ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def); ++ else ++ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text); + if (debug) +- pam_syslog(pamh, LOG_NOTICE, "%s", text); +- +- return pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s", text); ++ pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]); ++ return rc; + } + + static security_context_t + manual_context (pam_handle_t *pamh, const char *user, int debug) + { +- security_context_t newcon; ++ security_context_t newcon=NULL; + context_t new_context; + int mls_enabled = is_selinux_mls_enabled(); +- +- char *responses; ++ char *type=NULL; ++ char *responses=NULL; + + while (1) { + query_response(pamh, +- _("Would you like to enter a security context? [y] "), ++ _("Would you like to enter a security context? [n] "), NULL, + &responses,debug); +- if ((responses[0] == 'y') || (responses[0] == 'Y') || +- (responses[0] == '\0') ) ++ if ((responses[0] == 'y') || (responses[0] == 'Y')) + { + if (mls_enabled) + new_context = context_new ("user:role:type:level"); + else + new_context = context_new ("user:role:type"); +- _pam_drop(responses); + +- /* Allow the user to enter each field of the context individually */ ++ if (!new_context) ++ goto fail_set; ++ + if (context_user_set (new_context, user)) +- { +- context_free (new_context); +- return NULL; +- } +- query_response(pamh,_("role: "),&responses,debug); +- if (context_role_set (new_context, responses)) +- { +- _pam_drop(responses); +- context_free (new_context); +- return NULL; +- } ++ goto fail_set; ++ + _pam_drop(responses); +- query_response(pamh,_("type: "),&responses,debug); +- if (context_type_set (new_context, responses)) +- { +- _pam_drop(responses); +- context_free (new_context); +- return NULL; +- } ++ /* Allow the user to enter each field of the context individually */ ++ query_response(pamh,_("role:"), NULL, &responses,debug); ++ if (responses[0] != '\0') { ++ if (context_role_set (new_context, responses)) ++ goto fail_set; ++ if (get_default_type(responses, &type)) ++ goto fail_set; ++ if (context_type_set (new_context, type)) ++ goto fail_set; ++ } + _pam_drop(responses); + if (mls_enabled) + { +- query_response(pamh,_("level: "),&responses,debug); +- if (context_range_set (new_context, responses)) +- { +- _pam_drop(responses); +- context_free (new_context); +- return NULL; +- } +- _pam_drop(responses); ++ query_response(pamh,_("level:"), NULL, &responses,debug); ++ if (responses[0] != '\0') { ++ if (context_range_set (new_context, responses)) ++ goto fail_set; ++ } + } + /* Get the string value of the context and see if it is valid. */ + if (!security_check_context(context_str(new_context))) { +@@ -151,14 +148,125 @@ } else send_text(pamh,_("Not a valid security context"),debug); -+ -+ context_free(new_context); /* next time around allocates another */ ++ context_free (new_context); } else { _pam_drop(responses); -@@ -161,6 +164,86 @@ - return NULL; - } - -+static int mls_range_allowed(security_context_t src, security_context_t dst) + return NULL; + } + } /* end while */ ++ fail_set: ++ free(type); ++ _pam_drop(responses); ++ context_free (new_context); ++ return NULL; ++} ++ ++static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug) +{ + struct av_decision avd; + int retval; + unsigned int bit = CONTEXT__CONTAINS; -+ -+ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd); ++ context_t src_context = context_new (src); ++ context_t dst_context = context_new (dst); ++ context_range_set(dst_context, context_range_get(src_context)); ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context)); ++ ++ retval = security_compute_av(context_str(dst_context), dst, SECCLASS_CONTEXT, bit, &avd); ++ context_free(src_context); ++ context_free(dst_context); + if (retval || ((bit & avd.allowed) != bit)) + return 0; + @@ -67,35 +185,54 @@ +static security_context_t +config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) +{ -+ security_context_t newcon; ++ security_context_t newcon=NULL; + context_t new_context; + int mls_enabled = is_selinux_mls_enabled(); -+ char *responses; ++ char *responses=NULL; ++ char *type=NULL; + char resp_val = 0; -+ ++ ++ pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); ++ + while (1) { + query_response(pamh, -+ _("Would you like to enter a role/level? [y] "), ++ _("Would you like to enter a different role or level?"), "n", + &responses,debug); + + resp_val = responses[0]; + _pam_drop(responses); -+ if ((resp_val == 'y') || (resp_val == 'Y') || (resp_val == '\0')) ++ if ((resp_val == 'y') || (resp_val == 'Y')) + { + new_context = context_new(puser_context); + + /* Allow the user to enter role and level individually */ -+ query_response(pamh,_("role: "),&responses,debug); -+ if (responses[0] && context_role_set(new_context, responses)) -+ goto fail_set; ++ query_response(pamh,_("role:"), context_role_get(new_context), ++ &responses, debug); ++ if (responses[0]) { ++ if (get_default_type(responses, &type)) { ++ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses); ++ _pam_drop(responses); ++ continue; ++ } else { ++ if (context_role_set(new_context, responses)) ++ goto fail_set; ++ if (context_type_set (new_context, type)) ++ goto fail_set; ++ } ++ } + _pam_drop(responses); + if (mls_enabled) + { -+ query_response(pamh,_("level: "),&responses,debug); -+ if (responses[0] && context_range_set(new_context, responses)) -+ goto fail_set; ++ query_response(pamh,_("level:"), context_range_get(new_context), ++ &responses, debug); ++ if (responses[0]) { ++ if (context_range_set(new_context, responses)) ++ goto fail_set; ++ } + _pam_drop(responses); + } ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); + + /* Get the string value of the context and see if it is valid. */ + if (!security_check_context(context_str(new_context))) { @@ -105,10 +242,12 @@ + /* we have to check that this user is allowed to go into the + range they have specified ... role is tied to an seuser, so that'll + be checked at setexeccon time */ -+ if (mls_enabled && !mls_range_allowed(puser_context, newcon)) -+ goto fail_range; ++ if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) { ++ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon); + -+ freecon(puser_context); ++ ++ goto fail_range; ++ } + return newcon; + } + else @@ -117,24 +256,21 @@ + context_free(new_context); /* next time around allocates another */ + } + else -+ break; ++ return strdup(puser_context); + } /* end while */ -+ -+ freecon(puser_context); -+ return NULL; + + return NULL; + + fail_set: ++ free(type); + _pam_drop(responses); + context_free (new_context); + fail_range: -+ freecon(puser_context); + return NULL; -+} -+ + } + static void - security_restorelabel_tty(const pam_handle_t *pamh, - const char *tty, security_context_t context) -@@ -273,10 +356,12 @@ +@@ -273,10 +381,11 @@ { int i, debug = 0, ttys=1, has_tty=isatty(0); int verbose=0, close_session=0; @@ -143,12 +279,11 @@ security_context_t* contextlist = NULL; int num_contexts = 0; - const void *username = NULL; -+ const void *pusername = NULL; + const char *username = NULL; const void *tty = NULL; char *seuser=NULL; char *level=NULL; -@@ -295,6 +380,9 @@ +@@ -295,6 +404,9 @@ if (strcmp(argv[i], "close") == 0) { close_session = 1; } @@ -158,21 +293,16 @@ } if (debug) -@@ -307,10 +395,11 @@ +@@ -307,7 +419,7 @@ if (!(selinux_enabled = is_selinux_enabled()>0) ) return PAM_SUCCESS; - if (pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS || -- username == NULL) { -+ if (pam_get_item(pamh, PAM_USER, &pusername) != PAM_SUCCESS || -+ pusername == NULL) { ++ if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS || + username == NULL) { return PAM_USER_UNKNOWN; } -+ username = pusername; - - if (getseuserbyname(username, &seuser, &level)==0) { - num_contexts = get_ordered_context_list_with_level(seuser, -@@ -319,19 +408,32 @@ +@@ -319,19 +431,38 @@ &contextlist); if (debug) pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s", @@ -182,24 +312,33 @@ free(level); } if (num_contexts > 0) { - user_context = (security_context_t) strdup(contextlist[0]); -+ +- user_context = (security_context_t) strdup(contextlist[0]); ++ security_context_t puser_context=strdup(contextlist[0]); + freeconary(contextlist); +- } else { ++ if (puser_context == NULL) { ++ pam_syslog(pamh, LOG_ERR, _("Out of memory")); ++ return PAM_AUTH_ERR; ++ } ++ user_context = puser_context; + if (select_context && has_tty) { -+ user_context = config_context(pamh, user_context, debug); ++ user_context = config_context(pamh, puser_context, debug); ++ freecon(puser_context); + if (user_context == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", ++ pam_syslog(pamh, LOG_ERR, _("Unable to get valid context for %s"), + username); ++ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username); + if (security_getenforce() == 1) + return PAM_AUTH_ERR; + else + return PAM_SUCCESS; + } -+ } -+ - freeconary(contextlist); - } else { ++ } ++ } ++ else { if (has_tty) { - user_context = manual_context(pamh,username,debug); +- user_context = manual_context(pamh,username,debug); ++ user_context = manual_context(pamh,seuser,debug); if (user_context == NULL) { pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", - (const char *)username); @@ -207,7 +346,7 @@ if (security_getenforce() == 1) return PAM_AUTH_ERR; else -@@ -340,7 +442,7 @@ +@@ -340,7 +471,7 @@ } else { pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s, No valid tty", @@ -216,7 +355,7 @@ if (security_getenforce() == 1) return PAM_AUTH_ERR; else -@@ -381,7 +483,7 @@ +@@ -381,7 +512,7 @@ if (ret) { pam_syslog(pamh, LOG_ERR, "Error! Unable to set %s executable context %s.", @@ -225,7 +364,7 @@ if (security_getenforce() == 1) { freecon(user_context); return PAM_AUTH_ERR; -@@ -389,7 +491,7 @@ +@@ -389,7 +520,7 @@ } else { if (debug) pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s", @@ -234,7 +373,7 @@ } #ifdef HAVE_SETKEYCREATECON ret = setkeycreatecon(user_context); -@@ -402,7 +504,7 @@ +@@ -402,7 +533,7 @@ if (ret) { pam_syslog(pamh, LOG_ERR, "Error! Unable to set %s key creation context %s.", @@ -243,7 +382,7 @@ if (security_getenforce() == 1) { freecon(user_context); return PAM_AUTH_ERR; -@@ -410,7 +512,7 @@ +@@ -410,7 +541,7 @@ } else { if (debug) pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s", diff --git a/pam.spec b/pam.spec index 974a64c..b2f9788 100644 --- a/pam.spec +++ b/pam.spec @@ -11,7 +11,7 @@ Summary: A security tool which provides authentication for applications Name: pam Version: 0.99.6.2 -Release: 5%{?dist} +Release: 7%{?dist} License: GPL or BSD Group: System Environment/Base Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 @@ -41,6 +41,7 @@ Patch90: pam-0.99.6.2-keyinit-setgid.patch Patch91: pam-0.99.6.2-unix-username.patch Patch92: pam-0.99.6.2-selinux-select-context.patch Patch100: pam-0.99.6.2-reconf.patch +Patch101: pam-0.99.6.2-selinux-namespace.patch BuildRoot: %{_tmppath}/%{name}-root Requires: cracklib, cracklib-dicts >= 2.8 @@ -110,6 +111,7 @@ cp %{SOURCE7} . %patch92 -p1 -b .select-context %patch100 -p1 -b .reconf +%patch101 -p1 -b .selinux-namespace #autoreconf %build @@ -386,6 +388,13 @@ fi %doc doc/adg/*.txt doc/adg/html %changelog +* Thu Dec 1 2006 Dan Walsh 0.99.6.2-7 +- Fix selection of role + +* Thu Dec 1 2006 Dan Walsh 0.99.6.2-6 +- Fix pam_namespace to only change MLS componant +Resolves: Bug #216184 + * Thu Nov 30 2006 Tomas Mraz 0.99.6.2-5 - add select-context option to pam_selinux (#213812) - autoreconf won't work with autoconf-2.61 as configure.in is not yet adjusted