summaryrefslogtreecommitdiff
path: root/libbb/update_passwd.c
diff options
context:
space:
mode:
authorDenis Vlasenko <vda.linux@googlemail.com>2007-10-20 02:00:49 +0000
committerDenis Vlasenko <vda.linux@googlemail.com>2007-10-20 02:00:49 +0000
commit2edbc2ab85b96fb01a3862db09df12f40d4382cd (patch)
tree0637a680a89fb11a986e59657875adda2546ec18 /libbb/update_passwd.c
parentaa7a888e423fc85daa8af0ac3aabe8fc7af86312 (diff)
downloadbusybox-w32-2edbc2ab85b96fb01a3862db09df12f40d4382cd.tar.gz
busybox-w32-2edbc2ab85b96fb01a3862db09df12f40d4382cd.tar.bz2
busybox-w32-2edbc2ab85b96fb01a3862db09df12f40d4382cd.zip
ping: fix breakage from -I fix
passwd: SELinux support by KaiGai Kohei <kaigai@ak.jp.nec.com>
Diffstat (limited to 'libbb/update_passwd.c')
-rw-r--r--libbb/update_passwd.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index 8914b8b45..388adf81f 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -11,6 +11,31 @@
11 11
12#include "libbb.h" 12#include "libbb.h"
13 13
14#if ENABLE_SELINUX
15static void check_selinux_update_passwd(const char *username)
16{
17 security_context_t context;
18 char *seuser;
19
20 if (getuid() != (uid_t)0 || is_selinux_enabled() == 0)
21 return; /* No need to check */
22
23 if (getprevcon_raw(&context) < 0)
24 bb_perror_msg_and_die("getprevcon failed");
25 seuser = strtok(context, ":");
26 if (!seuser)
27 bb_error_msg_and_die("invalid context '%s'", context);
28 if (strcmp(seuser, username) != 0) {
29 if (checkPasswdAccess(PASSWD__PASSWD) != 0)
30 bb_error_msg_and_die("SELinux: access denied");
31 }
32 if (ENABLE_FEATURE_CLEAN_UP)
33 freecon(context);
34}
35#else
36#define check_selinux_update_passwd(username) ((void)0)
37#endif
38
14int update_passwd(const char *filename, const char *username, 39int update_passwd(const char *filename, const char *username,
15 const char *new_pw) 40 const char *new_pw)
16{ 41{
@@ -27,6 +52,8 @@ int update_passwd(const char *filename, const char *username,
27 int cnt = 0; 52 int cnt = 0;
28 int ret = -1; /* failure */ 53 int ret = -1; /* failure */
29 54
55 check_selinux_update_passwd(username);
56
30 /* New passwd file, "/etc/passwd+" for now */ 57 /* New passwd file, "/etc/passwd+" for now */
31 fnamesfx = xasprintf("%s+", filename); 58 fnamesfx = xasprintf("%s+", filename);
32 sfx_char = &fnamesfx[strlen(fnamesfx)-1]; 59 sfx_char = &fnamesfx[strlen(fnamesfx)-1];
@@ -38,6 +65,8 @@ int update_passwd(const char *filename, const char *username,
38 goto free_mem; 65 goto free_mem;
39 old_fd = fileno(old_fp); 66 old_fd = fileno(old_fp);
40 67
68 selinux_preserve_fcontext(old_fd);
69
41 /* Try to create "/etc/passwd+". Wait if it exists. */ 70 /* Try to create "/etc/passwd+". Wait if it exists. */
42 i = 30; 71 i = 30;
43 do { 72 do {