Hello community, here is the log from the commit of package libsemanage for openSUSE:Factory checked in at 2013-11-07 17:37:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsemanage (Old) and /work/SRC/openSUSE:Factory/.libsemanage.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsemanage" Changes: -------- --- /work/SRC/openSUSE:Factory/libsemanage/libsemanage.changes 2013-07-02 07:38:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libsemanage.new/libsemanage.changes 2013-11-07 17:37:26.000000000 +0100 @@ -1,0 +2,12 @@ +Thu Oct 31 13:55:06 UTC 2013 - [email protected] + +- Update to version 2.2 + * Avoid duplicate list entries + * Add audit support to libsemanage + * Remove policy.kern and replace with symlink + * Apply a MAX_UID check for genhomedircon + * Fix man pages +- Add audit-devel BuildRequires; new dependency +- Add fdupes BuildRequires and use it to symlink duplicate manpages + +------------------------------------------------------------------- python-semanage.changes: same change Old: ---- libsemanage-2.1.10.tar.gz New: ---- libsemanage-2.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsemanage.spec ++++++ --- /var/tmp/diff_new_pack.WOHiT3/_old 2013-11-07 17:37:33.000000000 +0100 +++ /var/tmp/diff_new_pack.WOHiT3/_new 2013-11-07 17:37:33.000000000 +0100 @@ -16,7 +16,9 @@ # +BuildRequires: audit-devel BuildRequires: bison +BuildRequires: fdupes BuildRequires: flex BuildRequires: libbz2-devel BuildRequires: libselinux-devel @@ -24,13 +26,13 @@ BuildRequires: libustr-devel Name: libsemanage -Version: 2.1.10 +Version: 2.2 Release: 0 Summary: SELinux binary policy manipulation library License: LGPL-2.1+ Group: System/Libraries Url: http://userspace.selinuxproject.org/ -Source: http://userspace.selinuxproject.org/releases/20130423/%{name}-%{version}.tar.gz +Source: http://userspace.selinuxproject.org/releases/20131030/%{name}-%{version}.tar.gz Source1: baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -104,6 +106,8 @@ mkdir -p %{buildroot}%{_includedir} make DESTDIR=%{buildroot} LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}/%{_lib}" install ln -sf /%{_lib}/libsemanage.so.1 %{buildroot}/%{_libdir}/libsemanage.so +# Remove duplicate files +%fdupes -s %{buildroot}%{_mandir} %post -n libsemanage1 -p /sbin/ldconfig ++++++ python-semanage.spec ++++++ --- /var/tmp/diff_new_pack.WOHiT3/_old 2013-11-07 17:37:33.000000000 +0100 +++ /var/tmp/diff_new_pack.WOHiT3/_new 2013-11-07 17:37:33.000000000 +0100 @@ -16,6 +16,7 @@ # +BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex BuildRequires: libbz2-devel @@ -26,13 +27,13 @@ BuildRequires: swig Name: python-semanage -Version: 2.1.10 +Version: 2.2 Release: 0 Summary: Python bindings for libsemanage License: LGPL-2.1 Group: Development/Languages/Python Url: http://www.nsa.gov/selinux/ -Source: http://userspace.selinuxproject.org/releases/20130423/libsemanage-%{version}.tar.gz +Source: http://userspace.selinuxproject.org/releases/20131030/libsemanage-%{version}.tar.gz Source1: baselibs.conf BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: libsemanage1 = %{version} ++++++ libsemanage-2.1.10.tar.gz -> libsemanage-2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/ChangeLog new/libsemanage-2.2/ChangeLog --- old/libsemanage-2.1.10/ChangeLog 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/ChangeLog 2013-10-30 17:51:19.000000000 +0100 @@ -1,3 +1,10 @@ +2.2 2013-10-30 + * Avoid duplicate list entries from Dan Walsh. + * Add audit support to libsemanage from Dan Walsh. + * Remove policy.kern and replace with symlink from Dan Walsh. + * Apply a MAX_UID check for genhomedircon from Laurent Bigonville. + * Fix man pages from Laurent Bigonville. + 2.1.10 2013-02-01 * Add sefcontext_compile to compile regex everytime policy is rebuilt * Cleanup/fix enable/disable/remove module. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/VERSION new/libsemanage-2.2/VERSION --- old/libsemanage-2.1.10/VERSION 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/VERSION 2013-10-30 17:51:19.000000000 +0100 @@ -1 +1 @@ -2.1.10 +2.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_bool_set_active.3 new/libsemanage-2.2/man/man3/semanage_bool_set_active.3 --- old/libsemanage-2.1.10/man/man3/semanage_bool_set_active.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_bool_set_active.3 2013-10-30 17:51:19.000000000 +0100 @@ -40,7 +40,7 @@ ). .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise 0 is returned. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_count.3 new/libsemanage-2.2/man/man3/semanage_count.3 --- old/libsemanage-2.1.10/man/man3/semanage_count.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_count.3 2013-10-30 17:51:19.000000000 +0100 @@ -33,7 +33,7 @@ ) .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_del.3 new/libsemanage-2.2/man/man3/semanage_del.3 --- old/libsemanage-2.1.10/man/man3/semanage_del.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_del.3 2013-10-30 17:51:19.000000000 +0100 @@ -40,7 +40,7 @@ ). .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise 0 is returned. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_exists.3 new/libsemanage-2.2/man/man3/semanage_exists.3 --- old/libsemanage-2.1.10/man/man3/semanage_exists.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_exists.3 2013-10-30 17:51:19.000000000 +0100 @@ -38,7 +38,7 @@ ) .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other read calls to the semanage database until the next commit. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_iterate.3 new/libsemanage-2.2/man/man3/semanage_iterate.3 --- old/libsemanage-2.1.10/man/man3/semanage_iterate.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_iterate.3 2013-10-30 17:51:19.000000000 +0100 @@ -31,7 +31,7 @@ The handler code may not invoke any semanage write requests for the same object type (i.e. modifying the underlying store is not allowed). The iterate function is reentrant only while inside a transaction (see .B semanage_begin_transaction -). It is not safe to execute other semanage read or write requests within iterate if not inside a transaction. The handler may return -1 to signal error exit, 0 to signal continue, and 1 to signal successful exit early (the iterate function will stop accordingly). +). It is not safe to execute other semanage read or write requests within iterate if not inside a transaction. The handler may return \-1 to signal error exit, 0 to signal continue, and 1 to signal successful exit early (the iterate function will stop accordingly). .TP .B Parameters: @@ -50,7 +50,7 @@ ) .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_list.3 new/libsemanage-2.2/man/man3/semanage_list.3 --- old/libsemanage-2.1.10/man/man3/semanage_list.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_list.3 2013-10-30 17:51:19.000000000 +0100 @@ -39,7 +39,7 @@ ) .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_modify.3 new/libsemanage-2.2/man/man3/semanage_modify.3 --- old/libsemanage-2.1.10/man/man3/semanage_modify.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_modify.3 2013-10-30 17:51:19.000000000 +0100 @@ -42,7 +42,7 @@ ). .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise 0 is returned. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_query.3 new/libsemanage-2.2/man/man3/semanage_query.3 --- old/libsemanage-2.1.10/man/man3/semanage_query.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_query.3 2013-10-30 17:51:19.000000000 +0100 @@ -39,7 +39,7 @@ ) .SH "RETURN VALUE" -In case of failure, -1 is returned, and the semanage error callback is invoked, describing the error. +In case of failure, \-1 is returned, and the semanage error callback is invoked, describing the error. Otherwise a non-negative integer is returned (a commit number). The same number will be returned by all other semanage object read calls until the next commit. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/man/man3/semanage_set_root.3 new/libsemanage-2.2/man/man3/semanage_set_root.3 --- old/libsemanage-2.1.10/man/man3/semanage_set_root.3 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/man/man3/semanage_set_root.3 2013-10-30 17:51:19.000000000 +0100 @@ -15,7 +15,7 @@ This function sets an alternate root directory to for SELinux configuration paths to be used by the semanage library. .SH "RETURN VALUE" -In case of failure, -1 is returned. +In case of failure, \-1 is returned. Otherwise 0 is returned. .SH "SEE ALSO" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/Makefile new/libsemanage-2.2/src/Makefile --- old/libsemanage-2.1.10/src/Makefile 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/Makefile 2013-10-30 17:51:19.000000000 +0100 @@ -92,7 +92,7 @@ $(RANLIB) $@ $(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -lustr -L$(LIBDIR) -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/exception.sh new/libsemanage-2.2/src/exception.sh --- old/libsemanage-2.1.10/src/exception.sh 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/exception.sh 2013-10-30 17:51:19.000000000 +0100 @@ -9,6 +9,6 @@ } " } -gcc -x c -c - -aux-info temp.aux < ../include/semanage/semanage.h +gcc -x c -c -I../include - -aux-info temp.aux < ../include/semanage/semanage.h for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done rm -f -- temp.aux -.o diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/genhomedircon.c new/libsemanage-2.2/src/genhomedircon.c --- old/libsemanage-2.1.10/src/genhomedircon.c 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/genhomedircon.c 2013-10-30 17:51:19.000000000 +0100 @@ -283,7 +283,7 @@ char *rbuf = NULL; char *path = NULL; long rbuflen; - uid_t temp, minuid = 500; + uid_t temp, minuid = 500, maxuid = 60000; int minuid_set = 0; struct passwd pwstorage, *pwbuf; struct stat buf; @@ -333,6 +333,14 @@ free(path); path = NULL; + path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MAX", NULL); + if (path && *path) { + temp = atoi(path); + maxuid = temp; + } + free(path); + path = NULL; + path = semanage_findval(PATH_ETC_LIBUSER, "LU_UIDNUMBER", "="); if (path && *path) { temp = atoi(path); @@ -352,7 +360,7 @@ goto fail; setpwent(); while ((retval = getpwent_r(&pwstorage, rbuf, rbuflen, &pwbuf)) == 0) { - if (pwbuf->pw_uid < minuid) + if (pwbuf->pw_uid < minuid || pwbuf->pw_uid > maxuid) continue; if (!semanage_list_find(shells, pwbuf->pw_shell)) continue; @@ -385,7 +393,7 @@ /* NOTE: old genhomedircon printed a warning on match */ if (hand.matched) { - WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid); + WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid); } else { if (semanage_list_push(&homedir_list, path)) goto fail; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/semanage_store.c new/libsemanage-2.2/src/semanage_store.c --- old/libsemanage-2.1.10/src/semanage_store.c 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/semanage_store.c 2013-10-30 17:51:19.000000000 +0100 @@ -1234,6 +1234,10 @@ retval = 0; cleanup: + (void) unlink(active_kernel); + if (symlink(store_pol, active_kernel) < 0) { + ERR(sh, "Unable to create sybolic link from %s to %s error code %d.", active_kernel, store_pol, r); + } free(storepath); return retval; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/seusers_local.c new/libsemanage-2.2/src/seusers_local.c --- old/libsemanage-2.1.10/src/seusers_local.c 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/seusers_local.c 2013-10-30 17:51:19.000000000 +0100 @@ -8,27 +8,177 @@ #include <sepol/policydb.h> #include <sepol/context.h> +#include <libaudit.h> +#include <errno.h> #include "user_internal.h" #include "seuser_internal.h" #include "handle.h" #include "database.h" #include "debug.h" +#include "string.h" +#include <stdlib.h> + +static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) { + char *roles = NULL; + unsigned int num_roles; + size_t i; + size_t size = 0; + const char **roles_arr; + semanage_user_key_t *key = NULL; + semanage_user_t * user; + if (semanage_user_key_create(handle, sename, &key) >= 0) { + if (semanage_user_query(handle, key, &user) >= 0) { + if (semanage_user_get_roles(handle, + user, + &roles_arr, + &num_roles) >= 0) { + for (i = 0; i<num_roles; i++) { + size += (strlen(roles_arr[i]) + 1); + } + roles = malloc(size); + if (roles) { + strcpy(roles,roles_arr[0]); + for (i = 1; i<num_roles; i++) { + strcat(roles,","); + strcat(roles,roles_arr[i]); + } + } + } + semanage_user_free(user); + } + semanage_user_key_free(key); + } + return roles; +} + +static int semanage_seuser_audit(semanage_handle_t * handle, + const semanage_seuser_t * seuser, + const semanage_seuser_t * previous, + int audit_type, + int success) { + const char *name = NULL; + const char *sename = NULL; + char *roles = NULL; + const char *mls = NULL; + const char *psename = NULL; + const char *pmls = NULL; + char *proles = NULL; + char msg[1024]; + const char *sep = "-"; + int rc = -1; + strcpy(msg, "login"); + if (seuser) { + name = semanage_seuser_get_name(seuser); + sename = semanage_seuser_get_sename(seuser); + mls = semanage_seuser_get_mlsrange(seuser); + roles = semanage_user_roles(handle, sename); + } + if (previous) { + psename = semanage_seuser_get_sename(previous); + pmls = semanage_seuser_get_mlsrange(previous); + proles = semanage_user_roles(handle, psename); + } + if (audit_type != AUDIT_ROLE_REMOVE) { + if (sename && (!psename || strcmp(psename, sename) != 0)) { + strcat(msg,sep); + strcat(msg,"sename"); + sep = ","; + } + if (roles && (!proles || strcmp(proles, roles) != 0)) { + strcat(msg,sep); + strcat(msg,"role"); + sep = ","; + } + if (mls && (!pmls || strcmp(pmls, mls) != 0)) { + strcat(msg,sep); + strcat(msg,"range"); + } + } + + int fd = audit_open(); + if (fd < 0) + { + /* If kernel doesn't support audit, bail out */ + if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) { + rc = 0; + goto err; + } + rc = fd; + goto err; + } + audit_log_semanage_message(fd, audit_type, NULL, msg, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success); + rc = 0; +err: + audit_close(fd); + free(roles); + free(proles); + return rc; +} int semanage_seuser_modify_local(semanage_handle_t * handle, const semanage_seuser_key_t * key, const semanage_seuser_t * data) { - + int rc; + void *callback = (void *) handle->msg_callback; dbase_config_t *dconfig = semanage_seuser_dbase_local(handle); - return dbase_modify(handle, dconfig, key, data); + const char *sename = semanage_seuser_get_sename(data); + const char *mls_range = semanage_seuser_get_mlsrange(data); + semanage_seuser_t *previous = NULL; + semanage_seuser_t *new = NULL; + + if (!sename) { + errno=EINVAL; + return -1; + } + if (semanage_seuser_clone(handle, data, &new) < 0) { + goto err; + } + + if (!mls_range && semanage_mls_enabled(handle)) { + semanage_user_key_t *ukey = NULL; + semanage_user_t *u = NULL; + rc = semanage_user_key_create(handle, sename, &ukey); + if (rc < 0) + goto err; + + rc = semanage_user_query(handle, ukey, &u); + semanage_user_key_free(ukey); + if (rc >= 0 ) { + mls_range = semanage_user_get_mlsrange(u); + rc = semanage_seuser_set_mlsrange(handle, new, mls_range); + semanage_user_free(u); + } + if (rc < 0) + goto err; + } + + handle->msg_callback = NULL; + (void) semanage_seuser_query(handle, key, &previous); + handle->msg_callback = callback; + rc = dbase_modify(handle, dconfig, key, new); + if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0) + rc = -1; +err: + if (previous) + semanage_seuser_free(previous); + semanage_seuser_free(new); + return rc; } int semanage_seuser_del_local(semanage_handle_t * handle, const semanage_seuser_key_t * key) { - + int rc; + semanage_seuser_t *seuser = NULL; dbase_config_t *dconfig = semanage_seuser_dbase_local(handle); - return dbase_del(handle, dconfig, key); + rc = dbase_del(handle, dconfig, key); + semanage_seuser_query(handle, key, &seuser); + if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0) + rc = -1; + if (seuser) + semanage_seuser_free(seuser); + return rc; } int semanage_seuser_query_local(semanage_handle_t * handle, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/users_local.c new/libsemanage-2.2/src/users_local.c --- old/libsemanage-2.1.10/src/users_local.c 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/users_local.c 2013-10-30 17:51:19.000000000 +0100 @@ -6,9 +6,14 @@ typedef struct semanage_user record_t; #define DBASE_RECORD_DEFINED +#include <string.h> +#include <stdlib.h> #include "user_internal.h" +#include "seuser_internal.h" #include "handle.h" #include "database.h" +#include "errno.h" +#include "debug.h" int semanage_user_modify_local(semanage_handle_t * handle, const semanage_user_key_t * key, @@ -19,9 +24,43 @@ return dbase_modify(handle, dconfig, key, data); } +static int lookup_seuser(semanage_handle_t * handle, const semanage_user_key_t *k) { + semanage_user_t *user; + semanage_seuser_t **records; + const char *name; + const char *sename; + unsigned int count; + size_t i; + int rc = 0; + if (semanage_user_query(handle, k, &user) < 0) + return 0; + name = semanage_user_get_name(user); + semanage_seuser_list_local(handle, + &records, + &count); + for(i=0; i<count; i++) { + sename = semanage_seuser_get_sename(records[i]); + if (strcmp(name, sename) == 0) { + errno = EINVAL; + ERR(handle, "%s is being used by %s login record", + sename, semanage_seuser_get_name(records[i])); + rc = -1; + } + } + for(i=0; i<count; i++) + semanage_seuser_free(records[i]); + free(records); + semanage_user_free(user); + if (rc) + errno = EINVAL; + return rc; +} + int semanage_user_del_local(semanage_handle_t * handle, const semanage_user_key_t * key) { + if (lookup_seuser(handle, key)) + return -1; dbase_config_t *dconfig = semanage_user_dbase_local(handle); return dbase_del(handle, dconfig, key); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/src/utilities.c new/libsemanage-2.2/src/utilities.c --- old/libsemanage-2.1.10/src/utilities.c 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/src/utilities.c 2013-10-30 17:51:19.000000000 +0100 @@ -140,6 +140,10 @@ if (!data) return EINVAL; + + if (semanage_list_find(*list, data) != NULL) + return 0; + if (!(temp = malloc(sizeof(semanage_list_t)))) return ENOMEM; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsemanage-2.1.10/tests/Makefile new/libsemanage-2.2/tests/Makefile --- old/libsemanage-2.1.10/tests/Makefile 2013-02-06 02:43:22.000000000 +0100 +++ new/libsemanage-2.2/tests/Makefile 2013-10-30 17:51:19.000000000 +0100 @@ -13,7 +13,7 @@ CC = gcc CFLAGS = -c -g -o0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include -LDFLAGS = -lcunit -lustr -lbz2 +LDFLAGS = -lcunit -lustr -lbz2 -laudit OBJECTS = $(SOURCES:.c=.o) all: $(EXECUTABLE) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
