[PATCH 2/8] make newrole suid (take 3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael C Thompson <thompsmc@us.ibm.com>
To: Michael C Thompson <thompsmc@us.ibm.com>
Cc: SE Linux <selinux@tycho.nsa.gov>, Stephen Smalley <sds@tycho.nsa.gov>
Subject: [PATCH 2/8] make newrole suid (take 3)
Date: Thu, 02 Nov 2006 19:03:34 -0600	[thread overview]
Message-ID: <454A9566.1000304@us.ibm.com> (raw)
In-Reply-To: <454A8F35.2020006@us.ibm.com>

[-- Attachment #1: Type: text/plain, Size: 509 bytes --]

Michael C Thompson wrote:
> The 8 patches are as follows:
> 1) Modifications to Makefile to support future patch needs
>    Add newrole-lspp.pamd
> 2) New extract_pw_data function and use in main()

This is the 2nd of 8 patches.
This patch applies against policycoreutils-1.30.30-1.

This patch moves the parse /etc/passwd functionality from
main() into a separate function.

Changes:
  * Introduces the extract_pw_data() function and uses it in main()

Signed-off-by: Michael Thompson <thompsmc@us.ibm.com>


[-- Attachment #2: 02-extract_passwd.patch --]
[-- Type: text/x-diff, Size: 3914 bytes --]

diff -Naur policycoreutils-1.30.30/newrole/newrole.c policycoreutils-1.30.30.suid/newrole/newrole.c
--- policycoreutils-1.30.30/newrole/newrole.c	2006-09-29 10:50:27.000000000 -0500
+++ policycoreutils-1.30.30.suid/newrole/newrole.c	2006-11-02 12:19:12.000000000 -0600
@@ -332,6 +332,61 @@
 	return found;
 }
 
+/**
+ * Determine the Linux user identity to re-authenticate.
+ * If supported and set, use the login uid, as this should be more stable.
+ * Otherwise, use the real uid.
+ *
+ * This function assigns malloc'd memory into the pw_copy struct.
+ * Returns zero on success, non-zero otherwise
+ */
+int extract_pw_data(struct passwd *pw_copy)
+{
+	uid_t uid;
+	struct passwd *pw;
+
+#ifdef USE_AUDIT
+	uid = audit_getloginuid();
+	if (uid == (uid_t) - 1)
+		uid = getuid();
+#else
+	uid = getuid();
+#endif
+
+	setpwent();
+	pw = getpwuid(uid);
+	endpwent();
+	if (!(pw && pw->pw_name && pw->pw_name[0] && pw->pw_shell
+	      && pw->pw_shell[0] && pw->pw_dir && pw->pw_dir[0])) {
+		fprintf(stderr,
+			_("cannot find valid entry in the passwd file.\n"));
+		return -1;
+	}
+
+	*pw_copy = *pw;
+	pw = pw_copy;
+	pw->pw_name = strdup(pw->pw_name);
+	pw->pw_dir = strdup(pw->pw_dir);
+	pw->pw_shell = strdup(pw->pw_shell);
+
+	if (! (pw->pw_name && pw->pw_dir && pw->pw_shell)) {
+		fprintf(stderr, _("Out of memory!\n"));
+		goto out_free;
+	}
+
+	if (verify_shell(pw->pw_shell) == 0) {
+		fprintf(stderr, _("Error!  Shell is not valid.\n"));
+		goto out_free;
+	}
+	return 0;
+
+out_free:
+	free(pw->pw_name);
+	free(pw->pw_dir);
+	free(pw->pw_shell);
+	return -1;
+}
+
 /*
  * This function will drop the capabilities so that we are left
  * only with access to the audit system. If the user is root, we leave
@@ -460,8 +515,7 @@
 
 	context_t context;	/* manipulatable form of new_context */
 
-	struct passwd *pw;	/* struct derived from passwd file line */
-	struct passwd pw_copy;
+	struct passwd pw;	/* struct derived from passwd file line */
 
 	int clflag;		/* holds codes for command line flags */
 	int flag_index;		/* flag index in argv[] */
@@ -639,22 +693,8 @@
 #endif
 
 	/* Get the passwd info for the Linux user identity. */
-	pw = getpwuid(uid);
-	if (!pw) {
-		fprintf(stderr,
-			_("cannot find your entry in the passwd file.\n"));
-		exit(-1);
-	}
-	pw_copy = *pw;
-	pw = &pw_copy;
-	pw->pw_name = xstrdup(pw->pw_name);
-	pw->pw_dir = xstrdup(pw->pw_dir);
-	pw->pw_shell = xstrdup(pw->pw_shell);
-
-	if (verify_shell(pw->pw_shell) == 0) {
-		fprintf(stderr, _("Error!  Shell is not valid.\n"));
-		exit(-1);
-	}
+	if (extract_pw_data(&pw))
+		return -1;
 
 	/* Get the tty name. Pam will need it. */
 	ttyn = ttyname(0);
@@ -664,7 +704,7 @@
 		exit(-1);
 	}
 
-	printf(_("Authenticating %s.\n"), pw->pw_name);
+	printf(_("Authenticating %s.\n"), pw.pw_name);
 
 	/* 
 	 * Re-authenticate the user running this program.
@@ -673,13 +713,13 @@
 	 * by policy).  Trusted path mechanism would be preferred.
 	 */
 #ifdef USE_PAM
-	if (!authenticate_via_pam(pw, ttyn))
+	if (!authenticate_via_pam(&pw, ttyn))
 #else				/* !USE_PAM */
-	if (!authenticate_via_shadow_passwd(pw))
+	if (!authenticate_via_shadow_passwd(&pw))
 #endif				/* if/else USE_PAM */
 	{
 		fprintf(stderr, _("newrole: incorrect password for %s\n"),
-			pw->pw_name);
+			pw.pw_name);
 		return (-1);
 	}
 	/* If we reach here, then we have authenticated the user. */
@@ -904,7 +944,7 @@
 
 	if (optind < 1)
 		optind = 1;
-	if (asprintf(&argv[optind - 1], "-%s", pw->pw_shell) < 0) {
+	if (asprintf(&argv[optind - 1], "-%s", pw.pw_shell) < 0) {
 		fprintf(stderr, _("Error allocating shell.\n"));
 		exit(-1);
 	}
@@ -925,7 +965,7 @@
 	if (send_audit_message(1, old_context, new_context, ttyn))
 		exit(-1);
 	freecon(old_context);
-	execv(pw->pw_shell, argv + optind - 1);
+	execv(pw.pw_shell, argv + optind - 1);
 
 	/* If we reach here, then we failed to exec the new shell. */
 	perror(_("failed to exec shell\n"));

next prev parent reply	other threads:[~2006-11-03  1:03 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-03  0:37 [PATCH 0/8] make newrole suid (take 3) Michael C Thompson
2006-11-03  1:02 ` [PATCH 1/8] " Michael C Thompson
2006-11-03  1:03 ` Michael C Thompson [this message]
2006-11-07  4:54   ` [PATCH 2/8] " Serge E. Hallyn
2006-11-07 19:41     ` Michael C Thompson
2006-11-03  1:04 ` [PATCH 3/8] " Michael C Thompson
2006-11-03  1:05 ` [PATCH 4/8] " Michael C Thompson
2006-11-07  5:23   ` Serge E. Hallyn
2006-11-07 20:09     ` Michael C Thompson
2006-11-08 17:32       ` Serge E. Hallyn
2006-11-08 19:35         ` Michael C Thompson
2006-11-09  5:15           ` Serge E. Hallyn
2006-11-09 13:57             ` Stephen Smalley
2006-11-09 16:37               ` Serge E. Hallyn
2006-11-09 20:06                 ` Stephen Smalley
2006-11-09 21:21                   ` Serge E. Hallyn
2006-11-09 20:22                 ` Michael C Thompson
2006-11-09 20:27                   ` Stephen Smalley
2006-11-03  1:05 ` [PATCH 5/8] " Michael C Thompson
2006-11-03  1:06 ` [PATCH 6/8] " Michael C Thompson
2006-11-03  1:06 ` [PATCH 7/8] " Michael C Thompson
2006-11-03  1:07 ` [PATCH 8/8] " Michael C Thompson
2006-11-14  0:08 ` [PATCH 0/8] " Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=454A9566.1000304@us.ibm.com \
    --to=thompsmc@us.ibm.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.