Adding upstream version 1:4.15.2.upstream/1%4.15.2 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-26 16:18:36 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-06-26 16:18:36 +0000
commit: 6c3ea4f47ea280811a7fe53a22f7832e4533c9ec (patch)
tree: 3d7ed5da23b5dbf6f9e450dfb61642832249c31e /lib/semanage.c
parent: Adding upstream version 1:4.13+dfsg1. (diff)
download: shadow-6c3ea4f47ea280811a7fe53a22f7832e4533c9ec.tar.xz
shadow-6c3ea4f47ea280811a7fe53a22f7832e4533c9ec.zip
1 files changed, 29 insertions, 18 deletions
diff --git a/lib/semanage.c b/lib/semanage.c
index 082a6e8..277e20e 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -16,19 +16,19 @@
 #endif
 #include <stdio.h>
 #include <stdarg.h>
+
 #include <selinux/selinux.h>
+
 #include <semanage/semanage.h>
+
+#include "attr.h"
 #include "prototypes.h"
 
 #include "shadowlog_internal.h"
 
-#ifndef DEFAULT_SERANGE
-#define DEFAULT_SERANGE "s0"
-#endif
-
 
 format_attr(printf, 3, 4)
-static void semanage_error_callback (unused void *varg,
+static void semanage_error_callback (MAYBE_UNUSED void *varg,
                                      semanage_handle_t *handle,
                                      const char *fmt, ...)
 {
@@ -101,6 +101,8 @@ static semanage_handle_t *semanage_init (void)
 	return handle;
 
 fail:
+	if (handle)
+		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return NULL;
 }
@@ -109,7 +111,8 @@ fail:
 static int semanage_user_mod (semanage_handle_t *handle,
                               semanage_seuser_key_t *key,
                               const char *login_name,
-                              const char *seuser_name)
+                              const char *seuser_name,
+                              const char *serange)
 {
 	int ret;
 	semanage_seuser_t *seuser = NULL;
@@ -122,11 +125,12 @@ static int semanage_user_mod (semanage_handle_t *handle,
 		goto done;
 	}
 
-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+	if (serange && semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
+			         _("Could not set serange for %s to %s\n"),
+			         login_name, serange);
 			ret = 1;
 			goto done;
 		}
@@ -158,9 +162,10 @@ done:
 
 
 static int semanage_user_add (semanage_handle_t *handle,
-                             semanage_seuser_key_t *key,
+                             const semanage_seuser_key_t *key,
                              const char *login_name,
-                             const char *seuser_name)
+                             const char *seuser_name,
+                             const char *serange)
 {
 	int ret;
 	semanage_seuser_t *seuser = NULL;
@@ -181,11 +186,12 @@ static int semanage_user_add (semanage_handle_t *handle,
 		goto done;
 	}
 
-	if (semanage_mls_enabled(handle)) {
-		ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+	if (serange && semanage_mls_enabled(handle)) {
+		ret = semanage_seuser_set_mlsrange (handle, seuser, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
-			         _("Could not set serange for %s\n"), login_name);
+			         _("Could not set serange for %s to %s\n"),
+			         login_name, serange);
 			ret = 1;
 			goto done;
 		}
@@ -216,7 +222,7 @@ done:
 }
 
 
-int set_seuser (const char *login_name, const char *seuser_name)
+int set_seuser (const char *login_name, const char *seuser_name, const char *serange)
 {
 	semanage_handle_t *handle = NULL;
 	semanage_seuser_key_t *key = NULL;
@@ -250,7 +256,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 	}
 
 	if (0 != seuser_exists) {
-		ret = semanage_user_mod (handle, key, login_name, seuser_name);
+		ret = semanage_user_mod (handle, key, login_name, seuser_name, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
 			         _("Cannot modify SELinux user mapping\n"));
@@ -258,7 +264,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
 			goto done;
 		}
 	} else {
-		ret = semanage_user_add (handle, key, login_name, seuser_name);
+		ret = semanage_user_add (handle, key, login_name, seuser_name, serange);
 		if (ret != 0) {
 			fprintf (shadow_logfd,
 			         _("Cannot add SELinux user mapping\n"));
@@ -279,6 +285,8 @@ int set_seuser (const char *login_name, const char *seuser_name)
 
 done:
 	semanage_seuser_key_free (key);
+	if (handle)
+		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return ret;
 }
@@ -353,9 +361,12 @@ int del_seuser (const char *login_name)
 
 	ret = 0;
 done:
+	semanage_seuser_key_free (key);
+	if (handle)
+		semanage_disconnect (handle);
 	semanage_handle_destroy (handle);
 	return ret;
 }
 #else				/* !WITH_SELINUX */
-extern int errno;		/* warning: ANSI C forbids an empty source file */
+extern int ISO_C_forbids_an_empty_translation_unit;
 #endif				/* !WITH_SELINUX */
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-26 16:18:36 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-06-26 16:18:36 +0000
commit	6c3ea4f47ea280811a7fe53a22f7832e4533c9ec (patch)
tree	3d7ed5da23b5dbf6f9e450dfb61642832249c31e /lib/semanage.c
parent	Adding upstream version 1:4.13+dfsg1. (diff)
download	shadow-6c3ea4f47ea280811a7fe53a22f7832e4533c9ec.tar.xz shadow-6c3ea4f47ea280811a7fe53a22f7832e4533c9ec.zip