libselinux-1.2 and const usage

libselinux-1.2 and const usage

[Thorsten Kukuk]

[-- Attachment #1: Type: text/plain, Size: 532 bytes --]


Hi,

when trying to add selinux support to some of my applications, I
found out that the libselinux interface does not make usage of
"const", which ends in a lot of compiler warnings.

Attached is a patch for libselinux to solve this.

  Thorsten
-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

[-- Attachment #2: libselinux-1.2.dif --]
[-- Type: text/plain, Size: 5020 bytes --]

--- include/selinux/get_context_list.h
+++ include/selinux/get_context_list.h	2003/10/03 06:17:18
@@ -13,7 +13,7 @@
    customizable preferences.  Returns number of entries in *conary.
    If 'fromcon' is NULL, defaults to current context.
    Caller must free via freeconary. */
-extern int get_ordered_context_list(char *user, 
+extern int get_ordered_context_list(const char *user, 
 				    security_context_t fromcon,
 				    security_context_t **list);
 
@@ -24,7 +24,7 @@
    If 'fromcon' is NULL, defaults to current context.
    Returns 0 on success or -1 otherwise.
    Caller must free via freecon. */
-extern int get_default_context(char* user, 
+extern int get_default_context(const char* user, 
 			       security_context_t fromcon,
 			       security_context_t *newcon);
 
@@ -39,6 +39,7 @@
    if a list of authorized contexts could not be obtained. 
    Caller must free via freecon.
    Returns 0 on success or -1 otherwise. */
-extern int manual_user_enter_context(char *user, security_context_t *newcon);
+extern int manual_user_enter_context(const char *user,
+				     security_context_t *newcon);
 
 #endif
--- include/selinux/selinux.h
+++ include/selinux/selinux.h	2003/10/03 06:19:39
@@ -98,7 +98,7 @@
 /* Compute the set of reachable user contexts and set *con to refer to 
    the NULL-terminated array of contexts.  Caller must free via freeconary. */
 extern int security_compute_user(security_context_t scon,
-				 char *username,
+				 const char *username,
 				 security_context_t **con);
 
 /* Load a policy configuration. */
--- src/compute_user.c
+++ src/compute_user.c	2003/10/03 06:19:00
@@ -10,7 +10,7 @@
 #include "policy.h"
 
 int security_compute_user(security_context_t scon,
-			  char *user,
+			  const char *user,
 			  security_context_t **con)
 {
 	char **ary;
--- src/get_context_list.c
+++ src/get_context_list.c	2003/10/03 06:17:18
@@ -10,7 +10,7 @@
 #define USERPRIORITY 1
 #define SYSTEMPRIORITY 2
 
-int get_default_context(char* user, 
+int get_default_context(const char* user, 
 			security_context_t fromcon,
 			security_context_t *newcon)
 {
@@ -112,7 +112,7 @@
 		      pri_list.  The number of elements stored in pri_list 
 		      is returned.
 */
-static int list_from_string (char *instr, char *user, 
+static int list_from_string (char *instr, const char *user, 
                              security_context_t *pri_list, 
                              int pri_length)
 {
@@ -170,7 +170,7 @@
                       in pri_list or -1 on error.
 */
 static int get_context_list (FILE *infile, security_context_t fromcon, 
-                             char *user, security_context_t *pri_list, 
+                             const char *user, security_context_t *pri_list, 
                              int pri_length)
 {
     int ret_val = 0;        /* Used for return values                    */
@@ -197,7 +197,7 @@
                          system configuration file.  The number of contexts placed
                          in pri_list is returned.
  */
-static int get_config_priority (security_context_t fromcon, char *user, 
+static int get_config_priority (security_context_t fromcon, const char *user, 
                          security_context_t *pri_list, int pri_length, int which,
                          int default_user_flag)
 {
@@ -346,7 +346,7 @@
     return ret_val;
 }
 
-int get_ordered_context_list (char *user, 
+int get_ordered_context_list (const char *user, 
 			      security_context_t fromcon, 
 			      security_context_t **list)
 {
@@ -376,7 +376,7 @@
 	    freefrom = 1;
     }
 
-    rc = security_compute_user(fromcon, (char*)user, &init_list);
+    rc = security_compute_user(fromcon, user, &init_list);
     if (rc < 0) {
 	    /* Retry with the default SELinux user identity. */
 	    rc = security_compute_user(fromcon, 
--- src/query_user_context.c
+++ src/query_user_context.c	2003/10/03 06:17:18
@@ -109,7 +109,7 @@
  *                     context chosen by the user into usercon.  Returns 0
  *                     on success.
  */
-int manual_user_enter_context (char *user, security_context_t *newcon)
+int manual_user_enter_context (const char *user, security_context_t *newcon)
 {
     char response[10];     /* Used to get yes or no answers from user */
     char role[100];        /* The role requested by the user          */
@@ -120,9 +120,9 @@
     int  levellen = 100;
     int mls_enabled = 0;
 
-    context_t new_context; /* The new context chosen by the user      */
-    char *user_context;    /* String value of the user's context      */
-    int done = 0;          /* true if a valid sid has been obtained   */
+    context_t new_context;     /* The new context chosen by the user     */
+    char *user_context = NULL; /* String value of the user's context     */
+    int done = 0;              /* true if a valid sid has been obtained  */
 
     /* Initialize the context.  How this is done depends on whether
        or not MLS is enabled                                        */

Re: libselinux-1.2 and const usage

[Stephen Smalley]

On Fri, 2003-10-03 at 02:36, Thorsten Kukuk wrote:
> Hi,
> 
> when trying to add selinux support to some of my applications, I
> found out that the libselinux interface does not make usage of
> "const", which ends in a lot of compiler warnings.
> 
> Attached is a patch for libselinux to solve this.

Thanks, I've merged this into our internal CVS tree as well as the
sourceforge CVS tree.  I'd be interested in knowing what applications
you are modifying and how you are adapting them for SELinux, if you're
willing to share...

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux-1.2 and const usage

[Thorsten Kukuk]

Hi,

On Fri, Oct 03, Stephen Smalley wrote:

> On Fri, 2003-10-03 at 02:36, Thorsten Kukuk wrote:
> > Hi,
> > 
> > when trying to add selinux support to some of my applications, I
> > found out that the libselinux interface does not make usage of
> > "const", which ends in a lot of compiler warnings.
> > 
> > Attached is a patch for libselinux to solve this.
> 
> Thanks, I've merged this into our internal CVS tree as well as the
> sourceforge CVS tree.  I'd be interested in knowing what applications
> you are modifying and how you are adapting them for SELinux, if you're
> willing to share...

I try to add SELinux support to pam_login, pwdutils and some of my
PAM modules with the help of the already existing selinux patches
for util-linux, shadow and passwd. pam_login is already done, the
others will come later.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux-1.2 and const usage

[Russell Coker]

On Mon, 6 Oct 2003 17:33, Thorsten Kukuk wrote:
> I try to add SELinux support to pam_login

Are you working from Dan's PAM patch or doing it differently?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux-1.2 and const usage

[Thorsten Kukuk]

On Tue, Oct 07, Russell Coker wrote:

> On Mon, 6 Oct 2003 17:33, Thorsten Kukuk wrote:
> > I try to add SELinux support to pam_login
> 
> Are you working from Dan's PAM patch or doing it differently?

pam_login is a login program, for which I use the util-linux/login
patch as base.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux-1.2 and const usage

[Stephen Smalley]

On Tue, 2003-10-07 at 00:50, Thorsten Kukuk wrote:
> pam_login is a login program, for which I use the util-linux/login
> patch as base.

Just FYI, Dan Walsh of RH has developed a pam_selinux session module as
a possible alternative to patching the util-linux login.  I think it is
available in his pam SRPM from
ftp//people.redhat.com/dwalsh/SELinux/srpms.
  
-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.