-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/I+8IACgkQrlYvE4MpobPo3wCgt10X9J+DL1Hz1LwgEWCHp45v
yVcAnApaNGrtesDAHGZsQkkn+XqolfXa
=5E5E
-----END PGP SIGNATURE-----
>From 977f16ab8f909e54d46ccb5525688db73a72fd8f Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 30 May 2012 16:08:58 -0400
Subject: [PATCH 78/90] Fix seusers potential crash. Change getdefaultcon to
specify service so we can test
/etc/selinux/POLICY/logins/USERNAME file
---
libselinux/src/seusers.c | 9 ++++++++-
libselinux/utils/getdefaultcon.c | 10 +++++++---
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
index 5cdf6c0..b525fba 100644
--- a/libselinux/src/seusers.c
+++ b/libselinux/src/seusers.c
@@ -279,11 +279,18 @@ int getseuser(const char *username, const char *service,
while (getline(&buffer, &size, fp) > 0) {
++lineno;
- if (strncmp(buffer, "*:", 2) == 0) {
+ if (!service) {
+ rec = strdup(buffer);
+ break;
+ }
+
+ if (strncmp(buffer, "*:", 2) == 0)
+ {
free(rec);
rec = strdup(buffer);
continue;
}
+
len = strlen(service);
if ((strncmp(buffer, service, len) == 0) &&
(buffer[len] == ':')) {
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
index 049e75c..6bafedb 100644
--- a/libselinux/utils/getdefaultcon.c
+++ b/libselinux/utils/getdefaultcon.c
@@ -21,10 +21,11 @@ int main(int argc, char **argv)
{
security_context_t usercon = NULL, cur_context = NULL;
char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ char *service = NULL;
int ret, opt;
int verbose = 0;
- while ((opt = getopt(argc, argv, "l:r:v")) > 0) {
+ while ((opt = getopt(argc, argv, "l:r:s:v")) > 0) {
switch (opt) {
case 'l':
level = strdup(optarg);
@@ -32,6 +33,9 @@ int main(int argc, char **argv)
case 'r':
role = strdup(optarg);
break;
+ case 's':
+ service = strdup(optarg);
+ break;
case 'v':
verbose = 1;
break;
@@ -61,7 +65,7 @@ int main(int argc, char **argv)
} else
cur_context = argv[optind + 1];
- if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
+ if ((ret = getseuser(user, service, &seuser, &dlevel)) == 0) {
if (! level) level=dlevel;
if (role != NULL && role[0])
ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
@@ -74,7 +78,7 @@ int main(int argc, char **argv)
if (verbose) {
printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
} else {
- printf("%s", usercon);
+ printf("%s\n", usercon);
}
}
--
1.7.10.2
