aboutsummaryrefslogtreecommitdiff
path: root/loginutils/login.c
diff options
context:
space:
mode:
authorRob Landley <rob@landley.net>2005-05-03 06:25:50 +0000
committerRob Landley <rob@landley.net>2005-05-03 06:25:50 +0000
commit60158cb93eb0b3207dd1084cdf5bdd9226bd9e89 (patch)
treefe97ec71775deb1f3078c6db0cb8db554bc6b76f /loginutils/login.c
parent988a78c61cffe91b005d37f0b7d6e2cb2c5ea713 (diff)
downloadbusybox-w32-60158cb93eb0b3207dd1084cdf5bdd9226bd9e89.tar.gz
busybox-w32-60158cb93eb0b3207dd1084cdf5bdd9226bd9e89.tar.bz2
busybox-w32-60158cb93eb0b3207dd1084cdf5bdd9226bd9e89.zip
A patch from Takeharu KATO to update/fix SE-Linux support.
Diffstat (limited to 'loginutils/login.c')
-rw-r--r--loginutils/login.c52
1 files changed, 27 insertions, 25 deletions
diff --git a/loginutils/login.c b/loginutils/login.c
index 34095a6a7..5186e2369 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -17,10 +17,10 @@
17 17
18#include "busybox.h" 18#include "busybox.h"
19#ifdef CONFIG_SELINUX 19#ifdef CONFIG_SELINUX
20#include <flask_util.h> 20#include <selinux/selinux.h> /* for is_selinux_enabled() */
21#include <get_sid_list.h> 21#include <selinux/get_context_list.h> /* for get_default_context() */
22#include <proc_secure.h> 22#include <selinux/flask.h> /* for security class definitions */
23#include <fs_secure.h> 23#include <errno.h>
24#endif 24#endif
25 25
26#ifdef CONFIG_FEATURE_U_W_TMP 26#ifdef CONFIG_FEATURE_U_W_TMP
@@ -79,8 +79,7 @@ extern int login_main(int argc, char **argv)
79 char *opt_host = 0; 79 char *opt_host = 0;
80 int alarmstarted = 0; 80 int alarmstarted = 0;
81#ifdef CONFIG_SELINUX 81#ifdef CONFIG_SELINUX
82 int flask_enabled = is_flask_enabled(); 82 security_context_t stat_sid = NULL, sid = NULL, old_tty_sid=NULL, new_tty_sid=NULL;
83 security_id_t sid = 0, old_tty_sid, new_tty_sid;
84#endif 83#endif
85 84
86 username[0]=0; 85 username[0]=0;
@@ -225,41 +224,45 @@ auth_ok:
225#ifdef CONFIG_FEATURE_U_W_TMP 224#ifdef CONFIG_FEATURE_U_W_TMP
226 setutmp ( username, tty ); 225 setutmp ( username, tty );
227#endif 226#endif
227
228 if ( *tty != '/' )
229 snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
230 else
231 safe_strncpy ( full_tty, tty, sizeof( full_tty ) - 1 );
232
228#ifdef CONFIG_SELINUX 233#ifdef CONFIG_SELINUX
229 if (flask_enabled) 234 if (is_selinux_enabled())
230 { 235 {
231 struct stat st; 236 struct stat st;
237 int rc;
232 238
233 if (get_default_sid(username, 0, &sid)) 239 if (get_default_context(username, NULL, &sid))
234 { 240 {
235 fprintf(stderr, "Unable to get SID for %s\n", username); 241 fprintf(stderr, "Unable to get SID for %s\n", username);
236 exit(1); 242 exit(1);
237 } 243 }
238 if (stat_secure(tty, &st, &old_tty_sid)) 244 rc = getfilecon(full_tty,&stat_sid);
245 freecon(stat_sid);
246 if ((rc<0) || (stat(full_tty, &st)<0))
239 { 247 {
240 fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", tty, strerror(errno)); 248 fprintf(stderr, "stat_secure(%.100s) failed: %.100s\n", full_tty, strerror(errno));
241 return EXIT_FAILURE; 249 return EXIT_FAILURE;
242 } 250 }
243 if (security_change_sid (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0) 251 if (security_compute_relabel (sid, old_tty_sid, SECCLASS_CHR_FILE, &new_tty_sid) != 0)
244 { 252 {
245 fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", tty, strerror(errno)); 253 fprintf(stderr, "security_change_sid(%.100s) failed: %.100s\n", full_tty, strerror(errno));
246 return EXIT_FAILURE; 254 return EXIT_FAILURE;
247 } 255 }
248 if(chsid(tty, new_tty_sid) != 0) 256 if(setfilecon(full_tty, new_tty_sid) != 0)
249 { 257 {
250 fprintf(stderr, "chsid(%.100s, %d) failed: %.100s\n", tty, new_tty_sid, strerror(errno)); 258 fprintf(stderr, "chsid(%.100s, %s) failed: %.100s\n", full_tty, new_tty_sid, strerror(errno));
251 return EXIT_FAILURE; 259 return EXIT_FAILURE;
252 } 260 }
261 freecon(sid);
262 freecon(old_tty_sid);
263 freecon(new_tty_sid);
253 } 264 }
254 else
255 sid = 0;
256#endif 265#endif
257
258 if ( *tty != '/' )
259 snprintf ( full_tty, sizeof( full_tty ) - 1, "/dev/%s", tty);
260 else
261 safe_strncpy ( full_tty, tty, sizeof( full_tty ) - 1 );
262
263 if ( !is_my_tty ( full_tty )) 266 if ( !is_my_tty ( full_tty ))
264 syslog ( LOG_ERR, "unable to determine TTY name, got %s\n", full_tty ); 267 syslog ( LOG_ERR, "unable to determine TTY name, got %s\n", full_tty );
265 268
@@ -279,11 +282,10 @@ auth_ok:
279 282
280 if ( pw-> pw_uid == 0 ) 283 if ( pw-> pw_uid == 0 )
281 syslog ( LOG_INFO, "root login %s\n", fromhost ); 284 syslog ( LOG_INFO, "root login %s\n", fromhost );
282 run_shell ( tmp, 1, 0, 0
283#ifdef CONFIG_SELINUX 285#ifdef CONFIG_SELINUX
284 , sid 286 set_current_security_context(sid);
285#endif 287#endif
286 ); /* exec the shell finally. */ 288 run_shell ( tmp, 1, 0, 0); /* exec the shell finally. */
287 289
288 return EXIT_FAILURE; 290 return EXIT_FAILURE;
289} 291}