Ana Sayfa Keşfet Yardım
Giriş Yap
8516
/
Test
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: master
Dallar Biçim İmleri
Test
/
EVSE
/
GPL
/
linux-pam-1.5.2
/
modules
/
pam_selinux
/
pam_selinux.c

pam_selinux.c 23 KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818 
  1. /******************************************************************************
    2. 

  2.  * A module for Linux-PAM that will set the default security context after login
    3. 

  3.  * via PAM.
    4. 

  4.  *
    5. 

  5.  * Copyright (c) 2003-2008 Red Hat, Inc.
    6. 

  6.  * Written by Dan Walsh <dwalsh@redhat.com>
    7. 

  7.  * Additional improvements by Tomas Mraz <tmraz@redhat.com>
    8. 

  8.  *
    9. 

  9.  * Redistribution and use in source and binary forms, with or without
    10. 

  10.  * modification, are permitted provided that the following conditions
    11. 

  11.  * are met:
    12. 

  12.  * 1. Redistributions of source code must retain the above copyright
    13. 

  13.  *    notice, and the entire permission notice in its entirety,
    14. 

  14.  *    including the disclaimer of warranties.
    15. 

  15.  * 2. Redistributions in binary form must reproduce the above copyright
    16. 

  16.  *    notice, this list of conditions and the following disclaimer in the
    17. 

  17.  *    documentation and/or other materials provided with the distribution.
    18. 

  18.  * 3. The name of the author may not be used to endorse or promote
    19. 

  19.  *    products derived from this software without specific prior
    20. 

  20.  *    written permission.
    21. 

  21.  *
    22. 

  22.  * ALTERNATIVELY, this product may be distributed under the terms of
    23. 

  23.  * the GNU Public License, in which case the provisions of the GPL are
    24. 

  24.  * required INSTEAD OF the above restrictions.  (This clause is
    25. 

  25.  * necessary due to a potential bad interaction between the GPL and
    26. 

  26.  * the restrictions contained in a BSD-style copyright.)
    27. 

  27.  *
    28. 

  28.  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
    29. 

  29.  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
    30. 

  30.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
    31. 

  31.  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
    32. 

  32.  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
    33. 

  33.  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
    34. 

  34.  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    35. 

  35.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    36. 

  36.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    37. 

  37.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    38. 

  38.  * OF THE POSSIBILITY OF SUCH DAMAGE.
    39. 

  39.  */
    40. 

  40. 

  41. #include "config.h"
    42. 

  42. 

  43. #include <errno.h>
    44. 

  44. #include <limits.h>
    45. 

  45. #include <pwd.h>
    46. 

  46. #include <stdio.h>
    47. 

  47. #include <stdlib.h>
    48. 

  48. #include <string.h>
    49. 

  49. #include <unistd.h>
    50. 

  50. #include <sys/types.h>
    51. 

  51. #include <sys/stat.h>
    52. 

  52. #include <fcntl.h>
    53. 

  53. #include <syslog.h>
    54. 

  54. 

  55. #include <security/pam_modules.h>
    56. 

  56. #include <security/_pam_macros.h>
    57. 

  57. #include <security/pam_modutil.h>
    58. 

  58. #include <security/pam_ext.h>
    59. 

  59. #include "pam_inline.h"
    60. 

  60. 

  61. #include <selinux/selinux.h>
    62. 

  62. #include <selinux/get_context_list.h>
    63. 

  63. #include <selinux/context.h>
    64. 

  64. #include <selinux/get_default_type.h>
    65. 

  65. 

  66. #ifdef HAVE_LIBAUDIT
    67. 

  67. #include <libaudit.h>
    68. 

  68. #include <sys/select.h>
    69. 

  69. #endif
    70. 

  70. 

  71. /* Send audit message */
    72. 

  72. static void
    73. 

  73. send_audit_message(const pam_handle_t *pamh, int success, const char *default_context,
    74. 

  74. 		   const char *selected_context)
    75. 

  75. {
    76. 

  76. #ifdef HAVE_LIBAUDIT
    77. 

  77. 	char *msg = NULL;
    78. 

  78. 	int audit_fd = audit_open();
    79. 

  79. 	char *default_raw = NULL;
    80. 

  80. 	char *selected_raw = NULL;
    81. 

  81. 	const void *tty = NULL, *rhost = NULL;
    82. 

  82. 	if (audit_fd < 0) {
    83. 

  83. 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
    84. 

  84.                                         errno == EAFNOSUPPORT) {
    85. 

  85. 			goto fallback; /* No audit support in kernel */
    86. 

  86. 		}
    87. 

  87. 		pam_syslog(pamh, LOG_ERR, "Error connecting to audit system: %m");
    88. 

  88. 		goto fallback;
    89. 

  89. 	}
    90. 

  90. 	(void)pam_get_item(pamh, PAM_TTY, &tty);
    91. 

  91. 	(void)pam_get_item(pamh, PAM_RHOST, &rhost);
    92. 

  92. 	if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
    93. 

  93. 		pam_syslog(pamh, LOG_ERR, "Error translating default context '%s'.", default_context);
    94. 

  94. 		default_raw = NULL;
    95. 

  95. 	}
    96. 

  96. 	if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
    97. 

  97. 		pam_syslog(pamh, LOG_ERR, "Error translating selected context '%s'.", selected_context);
    98. 

  98. 		selected_raw = NULL;
    99. 

  99. 	}
    100. 

  100. 	if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
    101. 

  101. 		     default_raw ? default_raw : (default_context ? default_context : "?"),
    102. 

  102. 		     selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
    103. 

  103. 		msg = NULL; /* asprintf leaves msg in undefined state on failure */
    104. 

  104. 		pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
    105. 

  105. 		goto fallback;
    106. 

  106. 	}
    107. 

  107. 	if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
    108. 

  108. 				   msg, rhost, NULL, tty, success) <= 0) {
    109. 

  109. 		pam_syslog(pamh, LOG_ERR, "Error sending audit message: %m");
    110. 

  110. 		goto fallback;
    111. 

  111. 	}
    112. 

  112. 	goto cleanup;
    113. 

  113. 

  114.       fallback:
    115. 

  115. #endif /* HAVE_LIBAUDIT */
    116. 

  116.         pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d",
    117. 

  117. 		   default_context, selected_context, success);
    118. 

  118. 

  119. #ifdef HAVE_LIBAUDIT
    120. 

  120.       cleanup:
    121. 

  121. 	free(msg);
    122. 

  122. 	freecon(default_raw);
    123. 

  123. 	freecon(selected_raw);
    124. 

  124. 	if (audit_fd >= 0)
    125. 

  125. 		close(audit_fd);
    126. 

  126. #endif /* HAVE_LIBAUDIT */
    127. 

  127. }
    128. 

  128. 

  129. static int
    130. 

  130. send_text (pam_handle_t *pamh, const char *text, int debug)
    131. 

  131. {
    132. 

  132.   if (debug)
    133. 

  133.     pam_syslog(pamh, LOG_NOTICE, "%s", text);
    134. 

  134.   return pam_info (pamh, "%s", text);
    135. 

  135. }
    136. 

  136. 

  137. /*
    138. 

  138.  * This function sends a message to the user and gets the response. The caller
    139. 

  139.  * is responsible for freeing the responses.
    140. 

  140.  */
    141. 

  141. static int
    142. 

  142. query_response (pam_handle_t *pamh, const char *text, const char *def,
    143. 

  143. 		char **response, int debug)
    144. 

  144. {
    145. 

  145.   int rc;
    146. 

  146.   if (def)
    147. 

  147.     rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def);
    148. 

  148.   else
    149. 

  149.     rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text);
    150. 

  150. 

  151.   if (*response == NULL) {
    152. 

  152.     rc = PAM_CONV_ERR;
    153. 

  153.   }
    154. 

  154. 

  155.   if (rc != PAM_SUCCESS) {
    156. 

  156.     pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text);
    157. 

  157.   } else  if (debug)
    158. 

  158.     pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response);
    159. 

  159.   return rc;
    160. 

  160. }
    161. 

  161. 

  162. static char *
    163. 

  163. config_context (pam_handle_t *pamh, const char *defaultcon, int use_current_range, int debug)
    164. 

  164. {
    165. 

  165.   char *newcon = NULL;
    166. 

  166.   context_t new_context;
    167. 

  167.   int mls_enabled = is_selinux_mls_enabled();
    168. 

  168.   char *response=NULL;
    169. 

  169.   char *type=NULL;
    170. 

  170.   char resp_val = 0;
    171. 

  171. 

  172.   pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("The default security context is %s."), defaultcon);
    173. 

  173. 

  174.   while (1) {
    175. 

  175.     if (query_response(pamh,
    176. 

  176. 		   _("Would you like to enter a different role or level?"), "n",
    177. 

  177. 		   &response, debug) == PAM_SUCCESS) {
    178. 

  178. 	resp_val = response[0];
    179. 

  179. 	_pam_drop(response);
    180. 

  180.     } else {
    181. 

  181. 	resp_val = 'N';
    182. 

  182.     }
    183. 

  183.     if ((resp_val == 'y') || (resp_val == 'Y'))
    184. 

  184.       {
    185. 

  185.         if ((new_context = context_new(defaultcon)) == NULL)
    186. 

  186. 	    goto fail_set;
    187. 

  187. 

  188. 	/* Allow the user to enter role and level individually */
    189. 

  189. 	if (query_response(pamh, _("role:"), context_role_get(new_context),
    190. 

  190. 		       &response, debug) == PAM_SUCCESS && response[0]) {
    191. 

  191. 	  if (get_default_type(response, &type)) {
    192. 

  192. 	    pam_prompt(pamh, PAM_ERROR_MSG, NULL,
    193. 

  193. 		       _("There is no default type for role %s."), response);
    194. 

  194. 	    _pam_drop(response);
    195. 

  195. 	    continue;
    196. 

  196. 	  } else {
    197. 

  197. 	    if (context_role_set(new_context, response))
    198. 

  198. 	      goto fail_set;
    199. 

  199. 	    if (context_type_set (new_context, type))
    200. 

  200. 	      goto fail_set;
    201. 

  201. 	    _pam_drop(type);
    202. 

  202. 	  }
    203. 

  203. 	}
    204. 

  204. 	_pam_drop(response);
    205. 

  205. 

  206. 	if (mls_enabled)
    207. 

  207. 	  {
    208. 

  208. 	    if (use_current_range) {
    209. 

  209. 	        char *mycon = NULL;
    210. 

  210. 	        context_t my_context;
    211. 

  211. 

  212. 		if (getcon(&mycon) != 0)
    213. 

  213. 		    goto fail_set;
    214. 

  214. 		my_context = context_new(mycon);
    215. 

  215. 	        if (my_context == NULL) {
    216. 

  216. 		    freecon(mycon);
    217. 

  217. 		    goto fail_set;
    218. 

  218. 		}
    219. 

  219. 		freecon(mycon);
    220. 

  220. 		if (context_range_set(new_context, context_range_get(my_context))) {
    221. 

  221. 		    context_free(my_context);
    222. 

  222. 		    goto fail_set;
    223. 

  223. 		}
    224. 

  224. 		context_free(my_context);
    225. 

  225. 	    } else if (query_response(pamh, _("level:"), context_range_get(new_context),
    226. 

  226. 			   &response, debug) == PAM_SUCCESS && response[0]) {
    227. 

  227. 		if (context_range_set(new_context, response))
    228. 

  228. 		    goto fail_set;
    229. 

  229. 	    }
    230. 

  230. 	    _pam_drop(response);
    231. 

  231. 	  }
    232. 

  232. 

  233. 	if (debug)
    234. 

  234. 	  pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context));
    235. 

  235. 

  236.         /* Get the string value of the context and see if it is valid. */
    237. 

  237.         if (!security_check_context(context_str(new_context))) {
    238. 

  238. 	  newcon = strdup(context_str(new_context));
    239. 

  239. 	  if (newcon == NULL)
    240. 

  240. 	    goto fail_set;
    241. 

  241. 	  context_free(new_context);
    242. 

  242. 

  243. 	  /* we have to check that this user is allowed to go into the
    244. 

  244. 	     range they have specified ... role is tied to an seuser, so that'll
    245. 

  245. 	     be checked at setexeccon time */
    246. 

  246. 	  if (mls_enabled &&
    247. 

  247. 	      selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) {
    248. 

  248. 	    pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
    249. 

  249. 

  250. 	    send_audit_message(pamh, 0, defaultcon, newcon);
    251. 

  251. 

  252. 	    free(newcon);
    253. 

  253. 	    goto fail_range;
    254. 

  254. 	  }
    255. 

  255. 	  return newcon;
    256. 

  256. 	}
    257. 

  257. 	else {
    258. 

  258. 	  send_audit_message(pamh, 0, defaultcon, context_str(new_context));
    259. 

  259. 	  send_text(pamh,_("This is not a valid security context."),debug);
    260. 

  260. 	}
    261. 

  261.         context_free(new_context); /* next time around allocates another */
    262. 

  262.       }
    263. 

  263.     else
    264. 

  264.       return strdup(defaultcon);
    265. 

  265.   } /* end while */
    266. 

  266. 

  267.   return NULL;
    268. 

  268. 

  269.  fail_set:
    270. 

  270.   free(type);
    271. 

  271.   _pam_drop(response);
    272. 

  272.   context_free (new_context);
    273. 

  273.   send_audit_message(pamh, 0, defaultcon, NULL);
    274. 

  274.  fail_range:
    275. 

  275.   return NULL;
    276. 

  276. }
    277. 

  277. 

  278. static char *
    279. 

  279. context_from_env (pam_handle_t *pamh, const char *defaultcon, int env_params, int use_current_range, int debug)
    280. 

  280. {
    281. 

  281.   char *newcon = NULL;
    282. 

  282.   context_t new_context;
    283. 

  283.   context_t my_context = NULL;
    284. 

  284.   int mls_enabled = is_selinux_mls_enabled();
    285. 

  285.   const char *env = NULL;
    286. 

  286.   char *type = NULL;
    287. 

  287.   int fail = 1;
    288. 

  288. 

  289.   if ((new_context = context_new(defaultcon)) == NULL)
    290. 

  290.     goto fail_set;
    291. 

  291. 

  292.   if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') {
    293. 

  293.     if (debug)
    294. 

  294. 	pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env);
    295. 

  295. 

  296.     if (get_default_type(env, &type)) {
    297. 

  297. 	pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env);
    298. 

  298. 	goto fail_set;
    299. 

  299.     } else {
    300. 

  300. 	if (context_role_set(new_context, env))
    301. 

  301. 	    goto fail_set;
    302. 

  302. 	if (context_type_set(new_context, type))
    303. 

  303. 	    goto fail_set;
    304. 

  304.     }
    305. 

  305.   }
    306. 

  306. 

  307.   if (mls_enabled) {
    308. 

  308.     if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') {
    309. 

  309.         if (debug)
    310. 

  310. 	    pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set");
    311. 

  311. 	use_current_range = 1;
    312. 

  312.     }
    313. 

  313. 

  314.     if (use_current_range) {
    315. 

  315.         char *mycon = NULL;
    316. 

  316. 

  317. 	if (getcon(&mycon) != 0)
    318. 

  318. 	    goto fail_set;
    319. 

  319.         my_context = context_new(mycon);
    320. 

  320.         if (my_context == NULL) {
    321. 

  321.             freecon(mycon);
    322. 

  322. 	    goto fail_set;
    323. 

  323. 	}
    324. 

  324. 	freecon(mycon);
    325. 

  325. 	env = context_range_get(my_context);
    326. 

  326.     } else {
    327. 

  327.         env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED");
    328. 

  328.     }
    329. 

  329. 

  330.     if (env != NULL && env[0] != '\0') {
    331. 

  331.         if (debug)
    332. 

  332. 	    pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env);
    333. 

  333. 	if (context_range_set(new_context, env))
    334. 

  334. 	    goto fail_set;
    335. 

  335.     }
    336. 

  336.   }
    337. 

  337. 

  338.   newcon = strdup(context_str(new_context));
    339. 

  339.   if (newcon == NULL)
    340. 

  340.     goto fail_set;
    341. 

  341. 

  342.   if (debug)
    343. 

  343.     pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon);
    344. 

  344. 

  345.   /* Get the string value of the context and see if it is valid. */
    346. 

  346.   if (security_check_context(newcon)) {
    347. 

  347.     pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon);
    348. 

  348. 

  349.     goto fail_set;
    350. 

  350.   }
    351. 

  351. 

  352.   /* we have to check that this user is allowed to go into the
    353. 

  353.      range they have specified ... role is tied to an seuser, so that'll
    354. 

  354.      be checked at setexeccon time */
    355. 

  355.   if (mls_enabled &&
    356. 

  356.       selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) {
    357. 

  357.     pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
    358. 

  358. 

  359.     goto fail_set;
    360. 

  360.   }
    361. 

  361. 

  362.   fail = 0;
    363. 

  363. 

  364.  fail_set:
    365. 

  365.   free(type);
    366. 

  366.   context_free(my_context);
    367. 

  367.   context_free(new_context);
    368. 

  368.   if (fail) {
    369. 

  369.     send_audit_message(pamh, 0, defaultcon, newcon);
    370. 

  370.     freecon(newcon);
    371. 

  371.     newcon = NULL;
    372. 

  372.   }
    373. 

  373.   return newcon;
    374. 

  374. }
    375. 

  375. 

  376. #define DATANAME "pam_selinux_context"
    377. 

  377. typedef struct {
    378. 

  378.   char *exec_context;
    379. 

  379.   char *prev_exec_context;
    380. 

  380.   char *default_user_context;
    381. 

  381.   char *tty_context;
    382. 

  382.   char *prev_tty_context;
    383. 

  383.   char *tty_path;
    384. 

  384. } module_data_t;
    385. 

  385. 

  386. static void
    387. 

  387. free_module_data(module_data_t *data)
    388. 

  388. {
    389. 

  389.   free(data->tty_path);
    390. 

  390.   freecon(data->prev_tty_context);
    391. 

  391.   freecon(data->tty_context);
    392. 

  392.   freecon(data->default_user_context);
    393. 

  393.   freecon(data->prev_exec_context);
    394. 

  394.   if (data->exec_context != data->default_user_context)
    395. 

  395.     freecon(data->exec_context);
    396. 

  396.   memset(data, 0, sizeof(*data));
    397. 

  397.   free(data);
    398. 

  398. }
    399. 

  399. 

  400. static void
    401. 

  401. cleanup(pam_handle_t *pamh UNUSED, void *data, int err UNUSED)
    402. 

  402. {
    403. 

  403.   free_module_data(data);
    404. 

  404. }
    405. 

  405. 

  406. static const module_data_t *
    407. 

  407. get_module_data(const pam_handle_t *pamh)
    408. 

  408. {
    409. 

  409.   const void *data;
    410. 

  410. 

  411.   return (pam_get_data(pamh, DATANAME, &data) == PAM_SUCCESS) ? data : NULL;
    412. 

  412. }
    413. 

  413. 

  414. static const char *
    415. 

  415. get_item(const pam_handle_t *pamh, int item_type)
    416. 

  416. {
    417. 

  417.   const void *item;
    418. 

  418. 

  419.   return (pam_get_item(pamh, item_type, &item) == PAM_SUCCESS) ? item : NULL;
    420. 

  420. }
    421. 

  421. 

  422. static int
    423. 

  423. set_exec_context(const pam_handle_t *pamh, const char *context)
    424. 

  424. {
    425. 

  425.   if (setexeccon(context) == 0)
    426. 

  426.     return 0;
    427. 

  427.   pam_syslog(pamh, LOG_ERR, "Setting executable context \"%s\" failed: %m",
    428. 

  428. 	     context ? context : "");
    429. 

  429.   return -1;
    430. 

  430. }
    431. 

  431. 

  432. static int
    433. 

  433. set_file_context(const pam_handle_t *pamh, const char *context,
    434. 

  434. 		 const char *file)
    435. 

  435. {
    436. 

  436.   if (!file)
    437. 

  437.     return 0;
    438. 

  438.   if (setfilecon(file, context) == 0 || errno == ENOENT)
    439. 

  439.     return 0;
    440. 

  440.   pam_syslog(pamh, LOG_ERR, "Setting file context \"%s\" failed for %s: %m",
    441. 

  441. 	     context ? context : "", file);
    442. 

  442.   return -1;
    443. 

  443. }
    444. 

  444. 

  445. static int
    446. 

  446. compute_exec_context(pam_handle_t *pamh, module_data_t *data,
    447. 

  447. 		     int select_context, int use_current_range,
    448. 

  448. 		     int env_params, int debug)
    449. 

  449. {
    450. 

  450.   const char *username;
    451. 

  451. 

  452. #ifdef HAVE_GETSEUSER
    453. 

  453.   const char *service;
    454. 

  454. #endif
    455. 

  455.   char *seuser = NULL;
    456. 

  456.   char *level = NULL;
    457. 

  457.   char **contextlist = NULL;
    458. 

  458.   int num_contexts = 0;
    459. 

  459.   const struct passwd *pwd;
    460. 

  460. 

  461.   if (!(username = get_item(pamh, PAM_USER))) {
    462. 

  462.     pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name");
    463. 

  463.     return PAM_USER_UNKNOWN;
    464. 

  464.   }
    465. 

  465. 

  466.   if ((pwd = pam_modutil_getpwnam(pamh, username)) != NULL) {
    467. 

  467.     username = pwd->pw_name;
    468. 

  468.   } /* ignore error and keep using original username */
    469. 

  469. 

  470.   /* compute execute context */
    471. 

  471. #ifdef HAVE_GETSEUSER
    472. 

  472.   if (!(service = get_item(pamh, PAM_SERVICE))) {
    473. 

  473.     pam_syslog(pamh, LOG_ERR, "Cannot obtain the service name");
    474. 

  474.     return PAM_SESSION_ERR;
    475. 

  475.   }
    476. 

  476.   if (getseuser(username, service, &seuser, &level) == 0) {
    477. 

  477. #else
    478. 

  478.   if (getseuserbyname(username, &seuser, &level) == 0) {
    479. 

  479. #endif
    480. 

  480.     num_contexts = get_ordered_context_list_with_level(seuser, level, NULL,
    481. 

  481. 						       &contextlist);
    482. 

  482.     if (debug)
    483. 

  483.       pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User= %s Level= %s",
    484. 

  484. 		 username, seuser, level);
    485. 

  485.     free(level);
    486. 

  486.   }
    487. 

  487.   if (num_contexts > 0) {
    488. 

  488.     free(seuser);
    489. 

  489.     data->default_user_context = strdup(contextlist[0]);
    490. 

  490.     freeconary(contextlist);
    491. 

  491.     if (!data->default_user_context) {
    492. 

  492.       pam_syslog(pamh, LOG_CRIT, "Out of memory");
    493. 

  493.       return PAM_BUF_ERR;
    494. 

  494.     }
    495. 

  495. 

  496.     data->exec_context = data->default_user_context;
    497. 

  497.     if (select_context)
    498. 

  498.       data->exec_context = config_context(pamh, data->default_user_context,
    499. 

  499. 					  use_current_range, debug);
    500. 

  500.     else if (env_params || use_current_range)
    501. 

  501.       data->exec_context = context_from_env(pamh, data->default_user_context,
    502. 

  502. 					    env_params, use_current_range,
    503. 

  503. 					    debug);
    504. 

  504.   }
    505. 

  505. 

  506.   if (!data->exec_context) {
    507. 

  507.     pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username);
    508. 

  508.     pam_prompt(pamh, PAM_ERROR_MSG, NULL,
    509. 

  509. 	       _("A valid context for %s could not be obtained."), username);
    510. 

  510.   }
    511. 

  511. 

  512.   if (getexeccon(&data->prev_exec_context) < 0)
    513. 

  513.     data->prev_exec_context = NULL;
    514. 

  514. 

  515.   return PAM_SUCCESS;
    516. 

  516. }
    517. 

  517. 

  518. static int
    519. 

  519. compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
    520. 

  520. {
    521. 

  521.   const char *tty = get_item(pamh, PAM_TTY);
    522. 

  522.   security_class_t tclass;
    523. 

  523. 

  524.   if (!tty || !*tty || !strcmp(tty, "ssh")
    525. 

  525.       || pam_str_skip_prefix(tty, "NODEV") != NULL) {
    526. 

  526.     tty = ttyname(STDIN_FILENO);
    527. 

  527.     if (!tty || !*tty)
    528. 

  528.       tty = ttyname(STDOUT_FILENO);
    529. 

  529.     if (!tty || !*tty)
    530. 

  530.       tty = ttyname(STDERR_FILENO);
    531. 

  531.     if (!tty || !*tty)
    532. 

  532.       return PAM_SUCCESS;
    533. 

  533.   }
    534. 

  534. 

  535.   if (pam_str_skip_prefix(tty, "/dev/") == NULL) {
    536. 

  536.     if (asprintf(&data->tty_path, "%s%s", "/dev/", tty) < 0)
    537. 

  537.       data->tty_path = NULL;
    538. 

  538.   } else {
    539. 

  539.     data->tty_path = strdup(tty);
    540. 

  540.   }
    541. 

  541. 

  542.   if (!data->tty_path) {
    543. 

  543.     pam_syslog(pamh, LOG_CRIT, "Out of memory");
    544. 

  544.     return PAM_BUF_ERR;
    545. 

  545.   }
    546. 

  546. 

  547.   if (getfilecon(data->tty_path, &data->prev_tty_context) < 0) {
    548. 

  548.     data->prev_tty_context = NULL;
    549. 

  549.     if (errno == ENOENT) {
    550. 

  550.       free(data->tty_path);
    551. 

  551.       data->tty_path = NULL;
    552. 

  552.       return PAM_SUCCESS;
    553. 

  553.     }
    554. 

  554.     pam_syslog(pamh, LOG_ERR, "Failed to get current context for %s: %m",
    555. 

  555. 	       data->tty_path);
    556. 

  556.     return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
    557. 

  557.   }
    558. 

  558. 

  559.   tclass = string_to_security_class("chr_file");
    560. 

  560.   if (tclass == 0) {
    561. 

  561.     pam_syslog(pamh, LOG_ERR, "Failed to get chr_file security class");
    562. 

  562.     freecon(data->prev_tty_context);
    563. 

  563.     data->prev_tty_context = NULL;
    564. 

  564.     free(data->tty_path);
    565. 

  565.     data->tty_path = NULL;
    566. 

  566.     return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
    567. 

  567.   }
    568. 

  568. 

  569.   if (security_compute_relabel(data->exec_context, data->prev_tty_context,
    570. 

  570. 			       tclass, &data->tty_context)) {
    571. 

  571.     data->tty_context = NULL;
    572. 

  572.     pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
    573. 

  573. 	       data->tty_path);
    574. 

  574.     freecon(data->prev_tty_context);
    575. 

  575.     data->prev_tty_context = NULL;
    576. 

  576.     free(data->tty_path);
    577. 

  577.     data->tty_path = NULL;
    578. 

  578.     return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
    579. 

  579.   }
    580. 

  580. 

  581.   return PAM_SUCCESS;
    582. 

  582. }
    583. 

  583. 

  584. static int
    585. 

  585. restore_context(const pam_handle_t *pamh, const module_data_t *data, int debug)
    586. 

  586. {
    587. 

  587.   int err;
    588. 

  588. 

  589.   if (!data) {
    590. 

  590.     if (debug)
    591. 

  591.       pam_syslog(pamh, LOG_NOTICE, "No context to restore");
    592. 

  592.     return PAM_SUCCESS;
    593. 

  593.   }
    594. 

  594. 

  595.   if (debug && data->tty_path)
    596. 

  596.     pam_syslog(pamh, LOG_NOTICE,
    597. 

  597. 	       "Restore file context of tty %s: [%s] -> [%s]",
    598. 

  598. 	       data->tty_path,
    599. 

  599. 	       data->tty_context ? data->tty_context : "",
    600. 

  600. 	       data->prev_tty_context ? data->prev_tty_context : "");
    601. 

  601.   err = set_file_context(pamh, data->prev_tty_context, data->tty_path);
    602. 

  602. 

  603.   if (debug)
    604. 

  604.     pam_syslog(pamh, LOG_NOTICE, "Restore executable context: [%s] -> [%s]",
    605. 

  605. 	       data->exec_context,
    606. 

  606. 	       data->prev_exec_context ? data->prev_exec_context : "");
    607. 

  607.   err |= set_exec_context(pamh, data->prev_exec_context);
    608. 

  608. 

  609.   if (err && security_getenforce() == 1)
    610. 

  610.     return PAM_SESSION_ERR;
    611. 

  611. 

  612.   return PAM_SUCCESS;
    613. 

  613. }
    614. 

  614. 

  615. static int
    616. 

  616. set_context(pam_handle_t *pamh, const module_data_t *data,
    617. 

  617. 	    int debug, int verbose)
    618. 

  618. {
    619. 

  619.   int rc, err;
    620. 

  620. 

  621.   if (debug && data->tty_path)
    622. 

  622.     pam_syslog(pamh, LOG_NOTICE, "Set file context of tty %s: [%s] -> [%s]",
    623. 

  623. 	       data->tty_path,
    624. 

  624. 	       data->prev_tty_context ? data->prev_tty_context : "",
    625. 

  625. 	       data->tty_context ? data->tty_context : "");
    626. 

  626.   err = set_file_context(pamh, data->tty_context, data->tty_path);
    627. 

  627. 

  628.   if (debug)
    629. 

  629.     pam_syslog(pamh, LOG_NOTICE, "Set executable context: [%s] -> [%s]",
    630. 

  630. 	       data->prev_exec_context ? data->prev_exec_context : "",
    631. 

  631. 	       data->exec_context);
    632. 

  632.   rc = set_exec_context(pamh, data->exec_context);
    633. 

  633.   err |= rc;
    634. 

  634. 

  635.   send_audit_message(pamh, !rc, data->default_user_context, data->exec_context);
    636. 

  636.   if (verbose && !rc) {
    637. 

  637.     char msg[PATH_MAX];
    638. 

  638. 

  639.     snprintf(msg, sizeof(msg),
    640. 

  640. 	     _("Security context %s has been assigned."), data->exec_context);
    641. 

  641.     send_text(pamh, msg, debug);
    642. 

  642.   }
    643. 

  643. #ifdef HAVE_SETKEYCREATECON
    644. 

  644.   if (debug)
    645. 

  645.     pam_syslog(pamh, LOG_NOTICE, "Set key creation context to %s",
    646. 

  646. 	       data->exec_context ? data->exec_context : "");
    647. 

  647.   rc = setkeycreatecon(data->exec_context);
    648. 

  648.   err |= rc;
    649. 

  649.   if (rc)
    650. 

  650.     pam_syslog(pamh, LOG_ERR, "Setting key creation context %s failed: %m",
    651. 

  651. 	       data->exec_context ? data->exec_context : "");
    652. 

  652.   if (verbose && !rc) {
    653. 

  653.     char msg[PATH_MAX];
    654. 

  654. 

  655.     snprintf(msg, sizeof(msg),
    656. 

  656. 	     _("Key creation context %s has been assigned."), data->exec_context);
    657. 

  657.     send_text(pamh, msg, debug);
    658. 

  658.   }
    659. 

  659. #endif
    660. 

  660. 

  661.   if (err && security_getenforce() == 1)
    662. 

  662.     return PAM_SESSION_ERR;
    663. 

  663. 

  664.   return PAM_SUCCESS;
    665. 

  665. }
    666. 

  666. 

  667. static int
    668. 

  668. create_context(pam_handle_t *pamh, int argc, const char **argv,
    669. 

  669. 	       int debug, int verbose)
    670. 

  670. {
    671. 

  671.   int i;
    672. 

  672.   int ttys = 1;
    673. 

  673.   int select_context = 0;
    674. 

  674.   int use_current_range = 0;
    675. 

  675.   int env_params = 0;
    676. 

  676.   module_data_t *data;
    677. 

  677. 

  678.   /* Parse arguments. */
    679. 

  679.   for (i = 0; i < argc; i++) {
    680. 

  680.     if (strcmp(argv[i], "nottys") == 0) {
    681. 

  681.       ttys = 0;
    682. 

  682.     }
    683. 

  683.     if (strcmp(argv[i], "select_context") == 0) {
    684. 

  684.       select_context = 1;
    685. 

  685.     }
    686. 

  686.     if (strcmp(argv[i], "use_current_range") == 0) {
    687. 

  687.       use_current_range = 1;
    688. 

  688.     }
    689. 

  689.     if (strcmp(argv[i], "env_params") == 0) {
    690. 

  690.       env_params = 1;
    691. 

  691.     }
    692. 

  692.   }
    693. 

  693. 

  694.   if (is_selinux_enabled() <= 0) {
    695. 

  695.     if (debug)
    696. 

  696.       pam_syslog(pamh, LOG_NOTICE, "SELinux is not enabled");
    697. 

  697.     return PAM_SUCCESS;
    698. 

  698.   }
    699. 

  699. 

  700.   if (select_context && env_params) {
    701. 

  701.     pam_syslog(pamh, LOG_ERR,
    702. 

  702. 	       "select_context cannot be used with env_params");
    703. 

  703.     select_context = 0;
    704. 

  704.   }
    705. 

  705. 

  706.   if (!(data = calloc(1, sizeof(*data)))) {
    707. 

  707.     pam_syslog(pamh, LOG_CRIT, "Out of memory");
    708. 

  708.     return PAM_BUF_ERR;
    709. 

  709.   }
    710. 

  710. 

  711.   i = compute_exec_context(pamh, data, select_context, use_current_range,
    712. 

  712. 			   env_params, debug);
    713. 

  713.   if (i != PAM_SUCCESS) {
    714. 

  714.     free_module_data(data);
    715. 

  715.     return i;
    716. 

  716.   }
    717. 

  717. 

  718.   if (!data->exec_context) {
    719. 

  719.     free_module_data(data);
    720. 

  720.     return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
    721. 

  721.   }
    722. 

  722. 

  723.   if (ttys && (i = compute_tty_context(pamh, data)) != PAM_SUCCESS) {
    724. 

  724.     free_module_data(data);
    725. 

  725.     return i;
    726. 

  726.   }
    727. 

  727. 

  728.   if ((i = pam_set_data(pamh, DATANAME, data, cleanup)) != PAM_SUCCESS) {
    729. 

  729.     pam_syslog(pamh, LOG_ERR, "Error saving context: %m");
    730. 

  730.     free_module_data(data);
    731. 

  731.     return i;
    732. 

  732.   }
    733. 

  733. 

  734.   return set_context(pamh, data, debug, verbose);
    735. 

  735. }
    736. 

  736. 

  737. int
    738. 

  738. pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
    739. 

  739. 		    int argc UNUSED, const char **argv UNUSED)
    740. 

  740. {
    741. 

  741.   /* Fail by default. */
    742. 

  742.   return PAM_AUTH_ERR;
    743. 

  743. }
    744. 

  744. 

  745. int
    746. 

  746. pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
    747. 

  747. 	       int argc UNUSED, const char **argv UNUSED)
    748. 

  748. {
    749. 

  749.   return PAM_SUCCESS;
    750. 

  750. }
    751. 

  751. 

  752. int
    753. 

  753. pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
    754. 

  754. 		    int argc, const char **argv)
    755. 

  755. {
    756. 

  756.   const module_data_t *data;
    757. 

  757.   int i, debug = 0, verbose = 0, close_session = 0, restore = 0;
    758. 

  758. 

  759.   /* Parse arguments. */
    760. 

  760.   for (i = 0; i < argc; i++) {
    761. 

  761.     if (strcmp(argv[i], "debug") == 0) {
    762. 

  762.       debug = 1;
    763. 

  763.     }
    764. 

  764.     if (strcmp(argv[i], "verbose") == 0) {
    765. 

  765.       verbose = 1;
    766. 

  766.     }
    767. 

  767.     if (strcmp(argv[i], "close") == 0) {
    768. 

  768.       close_session = 1;
    769. 

  769.     }
    770. 

  770.     if (strcmp(argv[i], "restore") == 0) {
    771. 

  771.       restore = 1;
    772. 

  772.     }
    773. 

  773.   }
    774. 

  774. 

  775.   if (debug)
    776. 

  776.     pam_syslog(pamh, LOG_NOTICE, "Open Session");
    777. 

  777. 

  778.   /* Is this module supposed to execute close_session only? */
    779. 

  779.   if (close_session)
    780. 

  780.     return PAM_SUCCESS;
    781. 

  781. 

  782.   data = get_module_data(pamh);
    783. 

  783. 

  784.   /* Is this module supposed only to restore original context? */
    785. 

  785.   if (restore)
    786. 

  786.     return restore_context(pamh, data, debug);
    787. 

  787. 

  788.   /* If there is a saved context, this module is supposed to set it again. */
    789. 

  789.   return data ? set_context(pamh, data, debug, verbose) :
    790. 

  790.     create_context(pamh, argc, argv, debug, verbose);
    791. 

  791. }
    792. 

  792. 

  793. int
    794. 

  794. pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
    795. 

  795. 		     int argc, const char **argv)
    796. 

  796. {
    797. 

  797.   int i, debug = 0, open_session = 0;
    798. 

  798. 

  799.   /* Parse arguments. */
    800. 

  800.   for (i = 0; i < argc; i++) {
    801. 

  801.     if (strcmp(argv[i], "debug") == 0) {
    802. 

  802.       debug = 1;
    803. 

  803.     }
    804. 

  804.     if (strcmp(argv[i], "open") == 0) {
    805. 

  805.       open_session = 1;
    806. 

  806.     }
    807. 

  807.   }
    808. 

  808. 

  809.   if (debug)
    810. 

  810.     pam_syslog(pamh, LOG_NOTICE, "Close Session");
    811. 

  811. 

  812.   /* Is this module supposed to execute open_session only? */
    813. 

  813.   if (open_session)
    814. 

  814.     return PAM_SUCCESS;
    815. 

  815. 

  816.   /* Restore original context. */
    817. 

  817.   return restore_context(pamh, get_module_data(pamh), debug);
    818. 

  818. }
    819.