chfs-chfn: remove deprecated selinux_check_passwd_access()
Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
b5debf7105
commit
e1de70b3c3
|
@ -1,7 +1,7 @@
|
|||
#ifndef UTIL_LINUX_SELINUX_UTILS_H
|
||||
#define UTIL_LINUX_SELINUX_UTILS_H
|
||||
|
||||
extern access_vector_t get_access_vector(const char *tclass, const char *op);
|
||||
extern int ul_setfscreatecon_from_file(char *orig_file);
|
||||
extern int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cxt);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -6,13 +6,6 @@
|
|||
|
||||
#include "selinux-utils.h"
|
||||
|
||||
access_vector_t get_access_vector(const char *tclass, const char *op)
|
||||
{
|
||||
security_class_t tc = string_to_security_class(tclass);
|
||||
|
||||
return tc ? string_to_av_perm(tc, op) : 0;
|
||||
}
|
||||
|
||||
int ul_setfscreatecon_from_file(char *orig_file)
|
||||
{
|
||||
if (is_selinux_enabled() > 0) {
|
||||
|
@ -28,3 +21,28 @@ int ul_setfscreatecon_from_file(char *orig_file)
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* returns 1 if user has access to @class and @perm ("passwd", "chfn")
|
||||
* or 0 on error,
|
||||
* or 0 if has no access -- in this case sets @user_cxt to user-context
|
||||
*/
|
||||
int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cxt)
|
||||
{
|
||||
char *user;
|
||||
int rc;
|
||||
|
||||
if (user_cxt)
|
||||
*user_cxt = NULL;
|
||||
|
||||
if (getprevcon(&user) != 0)
|
||||
return 0;
|
||||
|
||||
rc = selinux_check_access(user, user, classstr, perm, NULL);
|
||||
if (rc != 0 && user_cxt)
|
||||
*user_cxt = user;
|
||||
else
|
||||
freecon(user);
|
||||
|
||||
return rc == 0 ? 1 : 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -438,22 +438,15 @@ int main(int argc, char **argv)
|
|||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
if (is_selinux_enabled() > 0) {
|
||||
if (uid == 0) {
|
||||
access_vector_t av = get_access_vector("passwd", "chfn");
|
||||
char *user_cxt = NULL;
|
||||
|
||||
if (selinux_check_passwd_access(av) != 0) {
|
||||
char *user_context;
|
||||
if (uid == 0 && !ul_selinux_has_access("passwd", "chfn", &user_cxt))
|
||||
errx(EXIT_FAILURE,
|
||||
_("%s is not authorized to change "
|
||||
"the finger info of %s"),
|
||||
user_cxt ? : _("Unknown user context"),
|
||||
ctl.username);
|
||||
|
||||
if (getprevcon(&user_context) < 0)
|
||||
user_context = NULL;
|
||||
|
||||
errx(EXIT_FAILURE,
|
||||
_("%s is not authorized to change "
|
||||
"the finger info of %s"),
|
||||
user_context ? : _("Unknown user context"),
|
||||
ctl.username);
|
||||
}
|
||||
}
|
||||
if (ul_setfscreatecon_from_file(_PATH_PASSWD))
|
||||
errx(EXIT_FAILURE,
|
||||
_("can't set default context for %s"), _PATH_PASSWD);
|
||||
|
|
|
@ -287,21 +287,14 @@ int main(int argc, char **argv)
|
|||
|
||||
#ifdef HAVE_LIBSELINUX
|
||||
if (is_selinux_enabled() > 0) {
|
||||
if (uid == 0) {
|
||||
access_vector_t av = get_access_vector("passwd", "chsh");
|
||||
char *user_cxt = NULL;
|
||||
|
||||
if (selinux_check_passwd_access(av) != 0) {
|
||||
char *user_context;
|
||||
if (uid == 0 && !ul_selinux_has_access("passwd", "chsh", &user_cxt))
|
||||
errx(EXIT_FAILURE,
|
||||
_("%s is not authorized to change the shell of %s"),
|
||||
user_cxt ? : _("Unknown user context"),
|
||||
pw->pw_name);
|
||||
|
||||
if (getprevcon(&user_context) < 0)
|
||||
user_context = NULL;
|
||||
|
||||
errx(EXIT_FAILURE,
|
||||
_("%s is not authorized to change the shell of %s"),
|
||||
user_context ? : _("Unknown user context"),
|
||||
pw->pw_name);
|
||||
}
|
||||
}
|
||||
if (ul_setfscreatecon_from_file(_PATH_PASSWD) != 0)
|
||||
errx(EXIT_FAILURE,
|
||||
_("can't set default context for %s"), _PATH_PASSWD);
|
||||
|
|
Loading…
Reference in New Issue