140
141
query_response (pam_handle_t *pamh, const char *text, const char *def,
141
char **responses, int debug)
142
char **response, int debug)
145
rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def);
146
rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def);
147
rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text);
149
pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]);
148
rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text);
150
if (*response == NULL) {
154
if (rc != PAM_SUCCESS) {
155
pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text);
157
pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response);
176
186
if (context_user_set (new_context, user))
179
_pam_drop(responses);
180
190
/* Allow the user to enter each field of the context individually */
181
query_response(pamh,_("role:"), NULL, &responses,debug);
182
if (responses[0] != '\0') {
183
if (context_role_set (new_context, responses))
191
if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS &&
192
response[0] != '\0') {
193
if (context_role_set (new_context, response))
185
if (get_default_type(responses, &type))
195
if (get_default_type(response, &type))
187
197
if (context_type_set (new_context, type))
190
_pam_drop(responses);
193
query_response(pamh,_("level:"), NULL, &responses,debug);
194
if (responses[0] != '\0') {
195
if (context_range_set (new_context, responses))
204
if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS &&
205
response[0] != '\0') {
206
if (context_range_set (new_context, response))
199
212
/* Get the string value of the context and see if it is valid. */
200
213
if (!security_check_context(context_str(new_context))) {
201
214
newcon = strdup(context_str(new_context));
241
255
static security_context_t
242
config_context (pam_handle_t *pamh, security_context_t puser_context, int debug)
256
config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug)
244
258
security_context_t newcon=NULL;
245
259
context_t new_context;
246
260
int mls_enabled = is_selinux_mls_enabled();
247
char *responses=NULL;
249
263
char resp_val = 0;
251
pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context);
265
pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon);
268
if (query_response(pamh,
255
269
_("Would you like to enter a different role or level?"), "n",
258
resp_val = responses[0];
259
_pam_drop(responses);
270
&response, debug) == PAM_SUCCESS) {
271
resp_val = response[0];
260
276
if ((resp_val == 'y') || (resp_val == 'Y'))
262
new_context = context_new(puser_context);
278
if ((new_context = context_new(defaultcon)) == NULL)
264
281
/* Allow the user to enter role and level individually */
265
query_response(pamh,_("role:"), context_role_get(new_context),
268
if (get_default_type(responses, &type)) {
269
pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses);
270
_pam_drop(responses);
282
if (query_response(pamh, _("role:"), context_role_get(new_context),
283
&response, debug) == PAM_SUCCESS && response[0]) {
284
if (get_default_type(response, &type)) {
285
pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response);
273
if (context_role_set(new_context, responses))
289
if (context_role_set(new_context, response))
275
291
if (context_type_set (new_context, type))
279
_pam_drop(responses);
282
query_response(pamh,_("level:"), context_range_get(new_context),
285
if (context_range_set(new_context, responses))
299
if (use_current_range) {
300
security_context_t mycon = NULL;
301
context_t my_context;
303
if (getcon(&mycon) != 0)
305
my_context = context_new(mycon);
306
if (my_context == NULL) {
311
if (context_range_set(new_context, context_range_get(my_context))) {
312
context_free(my_context);
315
context_free(my_context);
316
} else if (query_response(pamh, _("level:"), context_range_get(new_context),
317
&response, debug) == PAM_SUCCESS && response[0]) {
318
if (context_range_set(new_context, response))
288
_pam_drop(responses);
291
325
pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context));
293
327
/* Get the string value of the context and see if it is valid. */
294
328
if (!security_check_context(context_str(new_context))) {
295
329
newcon = strdup(context_str(new_context));
296
context_free (new_context);
332
context_free(new_context);
298
334
/* we have to check that this user is allowed to go into the
299
335
range they have specified ... role is tied to an seuser, so that'll
300
336
be checked at setexeccon time */
301
if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) {
302
pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon);
337
if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) {
338
pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
304
send_audit_message(pamh, 0, puser_context, newcon);
340
send_audit_message(pamh, 0, defaultcon, newcon);
312
send_audit_message(pamh, 0, puser_context, context_str(new_context));
348
send_audit_message(pamh, 0, defaultcon, context_str(new_context));
313
349
send_text(pamh,_("Not a valid security context"),debug);
315
351
context_free(new_context); /* next time around allocates another */
318
return strdup(puser_context);
354
return strdup(defaultcon);
319
355
} /* end while */
325
_pam_drop(responses);
326
362
context_free (new_context);
327
send_audit_message(pamh, 0, puser_context, NULL);
363
send_audit_message(pamh, 0, defaultcon, NULL);
368
static security_context_t
369
context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug)
371
security_context_t newcon = NULL;
372
context_t new_context;
373
context_t my_context = NULL;
374
int mls_enabled = is_selinux_mls_enabled();
375
const char *env = NULL;
378
if ((new_context = context_new(defaultcon)) == NULL)
381
if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') {
383
pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env);
385
if (get_default_type(env, &type)) {
386
pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env);
389
if (context_role_set(new_context, env))
391
if (context_type_set(new_context, type))
397
if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') {
399
pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set");
400
use_current_range = 1;
403
if (use_current_range) {
404
security_context_t mycon = NULL;
406
if (getcon(&mycon) != 0)
408
my_context = context_new(mycon);
409
if (my_context == NULL) {
414
env = context_range_get(my_context);
416
env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED");
419
if (env != NULL && env[0] != '\0') {
421
pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env);
422
if (context_range_set(new_context, env))
427
newcon = strdup(context_str(new_context));
432
pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon);
434
/* Get the string value of the context and see if it is valid. */
435
if (security_check_context(newcon)) {
436
pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon);
437
send_audit_message(pamh, 0, defaultcon, newcon);
444
/* we have to check that this user is allowed to go into the
445
range they have specified ... role is tied to an seuser, so that'll
446
be checked at setexeccon time */
447
if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) {
448
pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
449
send_audit_message(pamh, 0, defaultcon, newcon);
456
context_free(my_context);
457
context_free(new_context);
458
send_audit_message(pamh, 0, defaultcon, NULL);
333
463
security_restorelabel_tty(const pam_handle_t *pamh,
334
464
const char *tty, security_context_t context)
439
569
pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
440
570
int argc, const char **argv)
442
int i, debug = 0, ttys=1, has_tty=isatty(0);
572
int i, debug = 0, ttys=1;
443
573
int verbose=0, close_session=0;
444
574
int select_context = 0;
445
575
int use_current_range = 0;
447
577
security_context_t* contextlist = NULL;
448
578
int num_contexts = 0;
449
const char *username = NULL;
580
const char *username;
581
const void *void_username;
450
582
const void *tty = NULL;
451
583
char *seuser=NULL;
452
584
char *level=NULL;
453
585
security_context_t default_user_context=NULL;
586
#ifdef HAVE_GETSEUSER
587
const void *void_service;
455
591
/* Parse arguments. */
456
592
for (i = 0; i < argc; i++) {
489
628
if (!(selinux_enabled = is_selinux_enabled()>0) )
490
629
return PAM_SUCCESS;
492
if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
631
if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS ||
632
void_username == NULL) {
494
633
return PAM_USER_UNKNOWN;
497
if (getseuserbyname(username, &seuser, &level)==0) {
635
username = void_username;
637
#ifdef HAVE_GETSEUSER
638
if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS ||
639
void_service == NULL) {
640
return PAM_SESSION_ERR;
642
service = void_service;
644
if (getseuser(username, service, &seuser, &level) == 0) {
646
if (getseuserbyname(username, &seuser, &level) == 0) {
498
648
num_contexts = get_ordered_context_list_with_level(seuser,
510
660
freeconary(contextlist);
511
661
if (default_user_context == NULL) {
512
662
pam_syslog(pamh, LOG_ERR, "Out of memory");
515
666
user_context = default_user_context;
516
if (select_context && has_tty) {
517
user_context = config_context(pamh, default_user_context, debug);
518
if (user_context == NULL) {
667
if (select_context) {
668
user_context = config_context(pamh, default_user_context, use_current_range, debug);
669
} else if (env_params || use_current_range) {
670
user_context = context_from_env(pamh, default_user_context, env_params, use_current_range, debug);
673
if (user_context == NULL) {
519
674
freecon(default_user_context);
520
675
pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s",
539
692
return PAM_SUCCESS;
542
pam_syslog (pamh, LOG_ERR,
543
"Unable to get valid context for %s, No valid tty",
545
if (security_getenforce() == 1)
552
if (use_current_range && is_selinux_mls_enabled()) {
553
security_context_t process_context=NULL;
554
if (getcon(&process_context) == 0) {
555
context_t pcon, ucon;
556
char *process_level=NULL;
557
security_context_t orig_context;
560
orig_context = user_context;
562
orig_context = default_user_context;
564
pcon = context_new(process_context);
565
freecon(process_context);
566
process_level = strdup(context_range_get(pcon));
570
pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level);
572
ucon = context_new(orig_context);
574
context_range_set(ucon, process_level);
577
if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) {
578
send_text(pamh, _("Requested MLS level not in permitted range"), debug);
579
/* even if default_user_context is NULL audit that anyway */
580
send_audit_message(pamh, 0, default_user_context, context_str(ucon));
586
pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon));
588
/* replace the user context with the level adjusted one */
589
freecon(user_context);
590
user_context = strdup(context_str(ucon));
596
696
if (getexeccon(&prev_user_context)<0) {