summaryrefslogtreecommitdiff
path: root/modules/pam_selinux
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_selinux')
-rw-r--r--modules/pam_selinux/.cvsignore11
-rw-r--r--modules/pam_selinux/Makefile.am43
-rw-r--r--modules/pam_selinux/README.xml41
-rw-r--r--modules/pam_selinux/pam_selinux.8.xml220
-rw-r--r--modules/pam_selinux/pam_selinux.c720
-rw-r--r--modules/pam_selinux/pam_selinux_check.835
-rw-r--r--modules/pam_selinux/pam_selinux_check.c161
-rwxr-xr-xmodules/pam_selinux/tst-pam_selinux2
8 files changed, 0 insertions, 1233 deletions
diff --git a/modules/pam_selinux/.cvsignore b/modules/pam_selinux/.cvsignore
deleted file mode 100644
index 08754fd5..00000000
--- a/modules/pam_selinux/.cvsignore
+++ /dev/null
@@ -1,11 +0,0 @@
-*.la
-*.lo
-*.so
-*~
-.deps
-.libs
-Makefile
-Makefile.in
-pam_selinux_check
-README
-pam_selinux.8
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
deleted file mode 100644
index baf782a8..00000000
--- a/modules/pam_selinux/Makefile.am
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de>
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \
- tst-pam_selinux
-
-if HAVE_LIBSELINUX
- TESTS = tst-pam_selinux
- man_MANS = pam_selinux.8
-endif
-
-XMLS = README.xml pam_selinux.8.xml
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -I$(top_srcdir)/libpam_misc/include
-
-pam_selinux_check_LDFLAGS = $(AM_LDFLAGS) \
- -L$(top_builddir)/libpam -lpam \
- -L$(top_builddir)/libpam_misc -lpam_misc
-
-pam_selinux_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@
-pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module
-if HAVE_VERSIONING
- pam_selinux_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-if HAVE_LIBSELINUX
- securelib_LTLIBRARIES = pam_selinux.la
- noinst_PROGRAMS = pam_selinux_check
-endif
-if ENABLE_REGENERATE_MAN
-noinst_DATA = README pam_selinux.8
-README: pam_selinux.8.xml
--include $(top_srcdir)/Make.xml.rules
-endif
-
diff --git a/modules/pam_selinux/README.xml b/modules/pam_selinux/README.xml
deleted file mode 100644
index 7e1baf55..00000000
--- a/modules/pam_selinux/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_selinux.8.xml">
--->
-]>
-
-<article>
-
- <articleinfo>
-
- <title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/>
- </title>
-
- </articleinfo>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-description"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-options"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-examples"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-author"]/*)'/>
- </section>
-
-</article>
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
deleted file mode 100644
index 3acd1322..00000000
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ /dev/null
@@ -1,220 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_selinux">
-
- <refmeta>
- <refentrytitle>pam_selinux</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_selinux-name">
- <refname>pam_selinux</refname>
- <refpurpose>PAM module to set the default security context</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_selinux-cmdsynopsis">
- <command>pam_selinux.so</command>
- <arg choice="opt">
- close
- </arg>
- <arg choice="opt">
- debug
- </arg>
- <arg choice="opt">
- open
- </arg>
- <arg choice="opt">
- nottys
- </arg>
- <arg choice="opt">
- verbose
- </arg>
- <arg choice="opt">
- select_context
- </arg>
- <arg choice="opt">
- use_current_range
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_selinux-description">
- <title>DESCRIPTION</title>
- <para>
- In a nutshell, pam_selinux sets up the default security context for the
- next execed shell.
- </para>
- <para>
- When an application opens a session using pam_selinux, the shell that
- gets executed will be run in the default security context, or if the
- user chooses and the pam file allows the selected security context.
- Also the controlling tty will have it's security context modified to
- match the users.
- </para>
- <para>
- Adding pam_selinux into a pam file could cause other pam modules to
- change their behavior if the exec another application. The close and
- open option help mitigate this problem. close option will only cause
- the close portion of the pam_selinux to execute, and open will only
- cause the open portion to run. You can add pam_selinux to the config
- file twice. Add the pam_selinux close as the executes the open pass
- through the modules, pam_selinux open_session will happen last.
- When PAM executes the close pass through the modules pam_selinux
- close_session will happen first.
- </para>
- </refsect1>
-
- <refsect1 id="pam_selinux-options">
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- <option>close</option>
- </term>
- <listitem>
- <para>
- Only execute the close_session portion of the module.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Turns on debugging via
- <citerefentry>
- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>open</option>
- </term>
- <listitem>
- <para>
- Only execute the open_session portion of the module.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>nottys</option>
- </term>
- <listitem>
- <para>
- Do not try to setup the ttys security context.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>verbose</option>
- </term>
- <listitem>
- <para>
- attempt to inform the user when security context is set.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>select_context</option>
- </term>
- <listitem>
- <para>
- Attempt to ask the user for a custom security context role.
- If MLS is on ask also for sensitivity level.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>use_current_range</option>
- </term>
- <listitem>
- <para>
- Use the sensitivity range of the process for the user context.
- This option and the select_context option are mutually exclusive.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id="pam_selinux-services">
- <title>MODULE SERVICES PROVIDED</title>
- <para>
- Only the <option>session</option> service is supported.
- </para>
- </refsect1>
-
- <refsect1 id='pam_selinux-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- Unable to get or set a valid context.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The security context was set successfull.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_USER_UNKNOWN</term>
- <listitem>
- <para>
- The user is not known to the system.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id='pam_selinux-examples'>
- <title>EXAMPLES</title>
- <programlisting>
-auth required pam_unix.so
-session required pam_permit.so
-session optional pam_selinux.so
- </programlisting>
- </refsect1>
-
- <refsect1 id='pam_selinux-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_selinux-author'>
- <title>AUTHOR</title>
- <para>
- pam_selinux was written by Dan Walsh &lt;dwalsh@redhat.com&gt;.
- </para>
- </refsect1>
-
-</refentry>
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
deleted file mode 100644
index f0935896..00000000
--- a/modules/pam_selinux/pam_selinux.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/******************************************************************************
- * A module for Linux-PAM that will set the default security context after login
- * via PAM.
- *
- * Copyright (c) 2003 Red Hat, Inc.
- * Written by Dan Walsh <dwalsh@redhat.com>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, and the entire permission notice in its entirety,
- * including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions. (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "config.h"
-
-#include <errno.h>
-#include <limits.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <syslog.h>
-
-#define PAM_SM_AUTH
-#define PAM_SM_SESSION
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#include <security/pam_modutil.h>
-#include <security/pam_ext.h>
-
-#include <selinux/selinux.h>
-#include <selinux/get_context_list.h>
-#include <selinux/flask.h>
-#include <selinux/av_permissions.h>
-#include <selinux/selinux.h>
-#include <selinux/context.h>
-#include <selinux/get_default_type.h>
-
-#ifdef HAVE_LIBAUDIT
-#include <libaudit.h>
-#include <sys/select.h>
-#include <errno.h>
-#endif
-
-/* Send audit message */
-static
-
-int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context,
- security_context_t selected_context)
-{
- int rc=0;
-#ifdef HAVE_LIBAUDIT
- char *msg = NULL;
- int audit_fd = audit_open();
- security_context_t default_raw=NULL;
- security_context_t selected_raw=NULL;
- rc = -1;
- if (audit_fd < 0) {
- if (errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT)
- return 0; /* No audit support in kernel */
- pam_syslog(pamh, LOG_ERR, _("Error connecting to audit system."));
- return rc;
- }
- if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
- pam_syslog(pamh, LOG_ERR, _("Error translating default context."));
- default_raw = NULL;
- }
- if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
- pam_syslog(pamh, LOG_ERR, _("Error translating selected context."));
- selected_raw = NULL;
- }
- if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
- default_raw ? default_raw : (default_context ? default_context : "?"),
- selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
- pam_syslog(pamh, LOG_ERR, ("Error allocating memory."));
- goto out;
- }
- if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
- msg, NULL, NULL, NULL, success) <= 0) {
- pam_syslog(pamh, LOG_ERR, _("Error sending audit message."));
- goto out;
- }
- rc = 0;
- out:
- free(msg);
- freecon(default_raw);
- freecon(selected_raw);
- close(audit_fd);
-#else
- pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success);
-#endif
- return rc;
-}
-static int
-send_text (pam_handle_t *pamh, const char *text, int debug)
-{
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "%s", text);
- return pam_info (pamh, "%s", text);
-}
-
-/*
- * This function sends a message to the user and gets the response. The caller
- * is responsible for freeing the responses.
- */
-static int
-query_response (pam_handle_t *pamh, const char *text, const char *def,
- char **responses, int debug)
-{
- int rc;
- if (def)
- rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def);
- else
- rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text);
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]);
- return rc;
-}
-
-static security_context_t
-manual_context (pam_handle_t *pamh, const char *user, int debug)
-{
- security_context_t newcon=NULL;
- context_t new_context;
- int mls_enabled = is_selinux_mls_enabled();
- char *type=NULL;
- char *responses=NULL;
-
- while (1) {
- query_response(pamh,
- _("Would you like to enter a security context? [N] "), NULL,
- &responses,debug);
- if ((responses[0] == 'y') || (responses[0] == 'Y'))
- {
- if (mls_enabled)
- new_context = context_new ("user:role:type:level");
- else
- new_context = context_new ("user:role:type");
-
- if (!new_context)
- goto fail_set;
-
- if (context_user_set (new_context, user))
- goto fail_set;
-
- _pam_drop(responses);
- /* Allow the user to enter each field of the context individually */
- query_response(pamh,_("role:"), NULL, &responses,debug);
- if (responses[0] != '\0') {
- if (context_role_set (new_context, responses))
- goto fail_set;
- if (get_default_type(responses, &type))
- goto fail_set;
- if (context_type_set (new_context, type))
- goto fail_set;
- }
- _pam_drop(responses);
- if (mls_enabled)
- {
- query_response(pamh,_("level:"), NULL, &responses,debug);
- if (responses[0] != '\0') {
- if (context_range_set (new_context, responses))
- goto fail_set;
- }
- }
- /* Get the string value of the context and see if it is valid. */
- if (!security_check_context(context_str(new_context))) {
- newcon = strdup(context_str(new_context));
- context_free (new_context);
- return newcon;
- }
- else
- send_text(pamh,_("Not a valid security context"),debug);
- context_free (new_context);
- }
- else {
- _pam_drop(responses);
- return NULL;
- }
- } /* end while */
- fail_set:
- free(type);
- _pam_drop(responses);
- context_free (new_context);
- return NULL;
-}
-
-static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug)
-{
- struct av_decision avd;
- int retval;
- unsigned int bit = CONTEXT__CONTAINS;
- context_t src_context = context_new (src);
- context_t dst_context = context_new (dst);
- context_range_set(dst_context, context_range_get(src_context));
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context));
-
- retval = security_compute_av(context_str(dst_context), dst, SECCLASS_CONTEXT, bit, &avd);
- context_free(src_context);
- context_free(dst_context);
- if (retval || ((bit & avd.allowed) != bit))
- return 0;
-
- return 1;
-}
-
-static security_context_t
-config_context (pam_handle_t *pamh, security_context_t puser_context, int debug)
-{
- security_context_t newcon=NULL;
- context_t new_context;
- int mls_enabled = is_selinux_mls_enabled();
- char *responses=NULL;
- char *type=NULL;
- char resp_val = 0;
-
- pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context);
-
- while (1) {
- query_response(pamh,
- _("Would you like to enter a different role or level?"), "n",
- &responses,debug);
-
- resp_val = responses[0];
- _pam_drop(responses);
- if ((resp_val == 'y') || (resp_val == 'Y'))
- {
- new_context = context_new(puser_context);
-
- /* Allow the user to enter role and level individually */
- query_response(pamh,_("role:"), context_role_get(new_context),
- &responses, debug);
- if (responses[0]) {
- if (get_default_type(responses, &type)) {
- pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses);
- _pam_drop(responses);
- continue;
- } else {
- if (context_role_set(new_context, responses))
- goto fail_set;
- if (context_type_set (new_context, type))
- goto fail_set;
- }
- }
- _pam_drop(responses);
- if (mls_enabled)
- {
- query_response(pamh,_("level:"), context_range_get(new_context),
- &responses, debug);
- if (responses[0]) {
- if (context_range_set(new_context, responses))
- goto fail_set;
- }
- _pam_drop(responses);
- }
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context));
-
- /* Get the string value of the context and see if it is valid. */
- if (!security_check_context(context_str(new_context))) {
- newcon = strdup(context_str(new_context));
- context_free (new_context);
-
- /* we have to check that this user is allowed to go into the
- range they have specified ... role is tied to an seuser, so that'll
- be checked at setexeccon time */
- if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) {
- pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon);
-
- send_audit_message(pamh, 0, puser_context, newcon);
-
- free(newcon);
- goto fail_range;
- }
- return newcon;
- }
- else {
- send_audit_message(pamh, 0, puser_context, context_str(new_context));
- send_text(pamh,_("Not a valid security context"),debug);
- }
- context_free(new_context); /* next time around allocates another */
- }
- else
- return strdup(puser_context);
- } /* end while */
-
- return NULL;
-
- fail_set:
- free(type);
- _pam_drop(responses);
- context_free (new_context);
- send_audit_message(pamh, 0, puser_context, NULL);
- fail_range:
- return NULL;
-}
-
-static void
-security_restorelabel_tty(const pam_handle_t *pamh,
- const char *tty, security_context_t context)
-{
- char ttybuf[PATH_MAX];
- const char *ptr;
-
- if (context==NULL)
- return;
-
- if(strncmp("/dev/", tty, 5)) {
- snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty);
- ptr = ttybuf;
- }
- else
- ptr = tty;
-
- if (setfilecon(ptr, context) && errno != ENOENT)
- {
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not relabel %s with %s, not relabeling: %m",
- ptr, context);
- }
-}
-
-static security_context_t
-security_label_tty(pam_handle_t *pamh, char *tty,
- security_context_t usercon)
-{
- char ttybuf[PATH_MAX];
- int status=0;
- security_context_t newdev_context=NULL; /* The new context of a device */
- security_context_t prev_context=NULL; /* The new context of a device */
- const char *ptr;
-
- if(strncmp("/dev/", tty, 5))
- {
- snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty);
- ptr = ttybuf;
- }
- else
- ptr = tty;
-
- if (getfilecon(ptr, &prev_context) < 0)
- {
- if(errno != ENOENT)
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not get current context for %s, not relabeling: %m",
- ptr);
- return NULL;
- }
- if( security_compute_relabel(usercon,prev_context,SECCLASS_CHR_FILE,
- &newdev_context)!=0)
- {
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not get new context for %s, not relabeling: %m",
- ptr);
- pam_syslog(pamh, LOG_NOTICE,
- "usercon=%s, prev_context=%s", usercon, prev_context);
- freecon(prev_context);
- return NULL;
- }
- status=setfilecon(ptr,newdev_context);
- if (status)
- {
- pam_syslog(pamh, LOG_NOTICE,
- "Warning! Could not relabel %s with %s, not relabeling: %m",
- ptr,newdev_context);
- freecon(prev_context);
- prev_context=NULL;
- }
- freecon(newdev_context);
- return prev_context;
-}
-
-static security_context_t user_context=NULL;
-static security_context_t prev_user_context=NULL;
-static security_context_t ttyn_context=NULL; /* The current context of ttyn device */
-static int selinux_enabled=0;
-static char *ttyn=NULL;
-
-/* Tell the user that access has been granted. */
-static void
-verbose_message(pam_handle_t *pamh, char *msg, int debug)
-{
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, msg);
-
- pam_info (pamh, "%s", msg);
-}
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
- int argc UNUSED, const char **argv UNUSED)
-{
- /* Fail by default. */
- return PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
- int argc UNUSED, const char **argv UNUSED)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- int i, debug = 0, ttys=1, has_tty=isatty(0);
- int verbose=0, close_session=0;
- int select_context = 0;
- int use_current_range = 0;
- int ret = 0;
- security_context_t* contextlist = NULL;
- int num_contexts = 0;
- const char *username = NULL;
- const void *tty = NULL;
- char *seuser=NULL;
- char *level=NULL;
- security_context_t default_user_context=NULL;
-
- /* Parse arguments. */
- for (i = 0; i < argc; i++) {
- if (strcmp(argv[i], "debug") == 0) {
- debug = 1;
- }
- if (strcmp(argv[i], "nottys") == 0) {
- ttys = 0;
- }
- if (strcmp(argv[i], "verbose") == 0) {
- verbose = 1;
- }
- if (strcmp(argv[i], "close") == 0) {
- close_session = 1;
- }
- if (strcmp(argv[i], "select_context") == 0) {
- select_context = 1;
- }
- if (strcmp(argv[i], "use_current_range") == 0) {
- use_current_range = 1;
- }
- }
-
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Open Session");
-
- if (select_context && use_current_range) {
- pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range");
- select_context = 0;
- }
-
- /* this module is only supposed to execute close_session */
- if (close_session)
- return PAM_SUCCESS;
-
- if (!(selinux_enabled = is_selinux_enabled()>0) )
- return PAM_SUCCESS;
-
- if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
- username == NULL) {
- return PAM_USER_UNKNOWN;
- }
-
- if (getseuserbyname(username, &seuser, &level)==0) {
- num_contexts = get_ordered_context_list_with_level(seuser,
- level,
- NULL,
- &contextlist);
- if (debug)
- pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
- username, seuser, level);
- free(seuser);
- free(level);
- }
- if (num_contexts > 0) {
- default_user_context=strdup(contextlist[0]);
- freeconary(contextlist);
- if (default_user_context == NULL) {
- pam_syslog(pamh, LOG_ERR, _("Out of memory"));
- return PAM_AUTH_ERR;
- }
- user_context = default_user_context;
- if (select_context && has_tty) {
- user_context = config_context(pamh, default_user_context, debug);
- if (user_context == NULL) {
- freecon(default_user_context);
- pam_syslog(pamh, LOG_ERR, _("Unable to get valid context for %s"),
- username);
- pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
- }
- }
- }
- else {
- if (has_tty) {
- user_context = manual_context(pamh,seuser,debug);
- if (user_context == NULL) {
- pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
- username);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
- }
- } else {
- pam_syslog (pamh, LOG_ERR,
- "Unable to get valid context for %s, No valid tty",
- username);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
- }
- }
-
- if (use_current_range && is_selinux_mls_enabled()) {
- security_context_t process_context=NULL;
- if (getcon(&process_context) == 0) {
- context_t pcon, ucon;
- char *process_level=NULL;
- security_context_t orig_context;
-
- if (user_context)
- orig_context = user_context;
- else
- orig_context = default_user_context;
-
- pcon = context_new(process_context);
- freecon(process_context);
- process_level = strdup(context_range_get(pcon));
- context_free(pcon);
-
- if (debug)
- pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level);
-
- ucon = context_new(orig_context);
-
- context_range_set(ucon, process_level);
- free(process_level);
-
- if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) {
- send_text(pamh, _("Requested MLS level not in permitted range"), debug);
- /* even if default_user_context is NULL audit that anyway */
- send_audit_message(pamh, 0, default_user_context, context_str(ucon));
- context_free(ucon);
- return PAM_AUTH_ERR;
- }
-
- if (debug)
- pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon));
-
- /* replace the user context with the level adjusted one */
- freecon(user_context);
- user_context = strdup(context_str(ucon));
-
- context_free(ucon);
- }
- }
-
- if (getexeccon(&prev_user_context)<0) {
- prev_user_context=NULL;
- }
- if (ttys) {
- /* Get the name of the terminal. */
- if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS) {
- tty = NULL;
- }
-
- if ((tty == NULL) || (strlen(tty) == 0) ||
- strcmp(tty, "ssh") == 0 || strncmp(tty, "NODEV", 5) == 0) {
- tty = ttyname(STDIN_FILENO);
- if ((tty == NULL) || (strlen(tty) == 0)) {
- tty = ttyname(STDOUT_FILENO);
- }
- if ((tty == NULL) || (strlen(tty) == 0)) {
- tty = ttyname(STDERR_FILENO);
- }
- }
- }
- if(ttys && tty ) {
- ttyn=strdup(tty);
- ttyn_context=security_label_tty(pamh,ttyn,user_context);
- }
- send_audit_message(pamh, 1, default_user_context, user_context);
- if (default_user_context != user_context) {
- freecon(default_user_context);
- }
- ret = setexeccon(user_context);
- if (ret==0 && verbose) {
- char msg[PATH_MAX];
- snprintf(msg, sizeof(msg),
- _("Security Context %s Assigned"), user_context);
- verbose_message(pamh, msg, debug);
- }
- if (ret) {
- pam_syslog(pamh, LOG_ERR,
- "Error! Unable to set %s executable context %s.",
- username, user_context);
- if (security_getenforce() == 1) {
- freecon(user_context);
- return PAM_AUTH_ERR;
- }
- } else {
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
- username, user_context);
- }
-#ifdef HAVE_SETKEYCREATECON
- ret = setkeycreatecon(user_context);
- if (ret==0 && verbose) {
- char msg[PATH_MAX];
- snprintf(msg, sizeof(msg),
- _("Key Creation Context %s Assigned"), user_context);
- verbose_message(pamh, msg, debug);
- }
- if (ret) {
- pam_syslog(pamh, LOG_ERR,
- "Error! Unable to set %s key creation context %s.",
- username, user_context);
- if (security_getenforce() == 1) {
- freecon(user_context);
- return PAM_AUTH_ERR;
- }
- } else {
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
- username, user_context);
- }
-#endif
- freecon(user_context);
-
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- int i, debug = 0,status=0, open_session=0;
- if (! (selinux_enabled ))
- return PAM_SUCCESS;
-
- /* Parse arguments. */
- for (i = 0; i < argc; i++) {
- if (strcmp(argv[i], "debug") == 0) {
- debug = 1;
- }
- if (strcmp(argv[i], "open") == 0) {
- open_session = 1;
- }
- }
-
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Close Session");
-
- if (open_session)
- return PAM_SUCCESS;
-
- if (ttyn) {
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "Restore tty %s -> %s",
- ttyn,ttyn_context);
-
- security_restorelabel_tty(pamh,ttyn,ttyn_context);
- freecon(ttyn_context);
- free(ttyn);
- ttyn=NULL;
- }
- status=setexeccon(prev_user_context);
- freecon(prev_user_context);
- if (status) {
- pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.",
- prev_user_context);
- if (security_getenforce() == 1)
- return PAM_AUTH_ERR;
- else
- return PAM_SUCCESS;
- }
-
- if (debug)
- pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
-
- return PAM_SUCCESS;
-}
diff --git a/modules/pam_selinux/pam_selinux_check.8 b/modules/pam_selinux/pam_selinux_check.8
deleted file mode 100644
index d6fcdff1..00000000
--- a/modules/pam_selinux/pam_selinux_check.8
+++ /dev/null
@@ -1,35 +0,0 @@
-.TH pam_selinux_check 8 2002/05/23 "Red Hat Linux" "System Administrator's Manual"
-.SH NAME
-pam_selinux_check \- login program to test pam_selinux.so
-.SH SYNOPSIS
-.B pam_selinux_check [user]
-.br
-
-.SH DESCRIPTION
-With no arguments,
-.B pam_selinux_check
-will prompt for user
-
-.SH OPTIONS
-.IP target_user
-The user to login as.
-
-.SH DIAGNOSTICS
-You must setup a /etc/pam.d/pam_selinux_check file, in order for the check to work.
-
-When checking if a selinux is valid,
-.B pam_selinux_check
-returns an exit code of 0 for success and > 0 on error:
-
-.nf
-1: Authentication failure
-.fi
-
-.SH SEE ALSO
-pam_selinux(8)
-
-.SH BUGS
-Let's hope not, but if you find any, please email the author.
-
-.SH AUTHOR
-Dan Walsh <dwalsh@redhat.com>
diff --git a/modules/pam_selinux/pam_selinux_check.c b/modules/pam_selinux/pam_selinux_check.c
deleted file mode 100644
index 30526d37..00000000
--- a/modules/pam_selinux/pam_selinux_check.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/******************************************************************************
- * A module for Linux-PAM that will set the default security context after login
- * via PAM.
- *
- * Copyright (c) 2003 Red Hat, Inc.
- * Written by Dan Walsh <dwalsh@redhat.com>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, and the entire permission notice in its entirety,
- * including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions. (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/************************************************************************
- *
- * All PAM code goes in this section.
- *
- ************************************************************************/
-
-#include "config.h"
-
-#include <errno.h>
-#include <syslog.h>
-#include <unistd.h> /* for getuid(), exit(), getopt() */
-#include <signal.h>
-#include <sys/wait.h> /* for wait() */
-
-#include <security/pam_appl.h> /* for PAM functions */
-#include <security/pam_misc.h> /* for misc_conv PAM utility function */
-
-#define SERVICE_NAME "pam_selinux_check" /* the name of this program for PAM */
- /* The file containing the context to run
- * the scripts under. */
-int authenticate_via_pam( const char *user , pam_handle_t **pamh);
-
-/* authenticate_via_pam()
- *
- * in: user
- * out: nothing
- * return: value condition
- * ----- ---------
- * 1 pam thinks that the user authenticated themselves properly
- * 0 otherwise
- *
- * this function uses pam to authenticate the user running this
- * program. this is the only function in this program that makes pam
- * calls.
- *
- */
-
-int authenticate_via_pam( const char *user , pam_handle_t **pamh) {
-
- struct pam_conv *conv;
- int result = 0; /* our result, set to 0 (not authenticated) by default */
-
- /* this is a jump table of functions for pam to use when it wants to *
- * communicate with the user. we'll be using misc_conv(), which is *
- * provided for us via pam_misc.h. */
- struct pam_conv pam_conversation = {
- misc_conv,
- NULL
- };
- conv = &pam_conversation;
-
-
- /* make `p_pam_handle' a valid pam handle so we can use it when *
- * calling pam functions. */
- if( PAM_SUCCESS != pam_start( SERVICE_NAME,
- user,
- conv,
- pamh ) ) {
- fprintf( stderr, _("failed to initialize PAM\n") );
- exit( -1 );
- }
-
- if( PAM_SUCCESS != pam_set_item(*pamh, PAM_RUSER, user))
- {
- fprintf( stderr, _("failed to pam_set_item()\n") );
- exit( -1 );
- }
-
- /* Ask PAM to authenticate the user running this program */
- if( PAM_SUCCESS == pam_authenticate(*pamh,0) ) {
- if ( PAM_SUCCESS == pam_open_session(*pamh, 0) )
- result = 1; /* user authenticated OK! */
- }
- return( result );
-
-} /* authenticate_via_pam() */
-
-int
-main (int argc, char **argv)
-{
- pam_handle_t *pamh;
- int childPid;
-
- if (argc < 1)
- exit (-1);
-
- if (!authenticate_via_pam(argv[1],&pamh))
- exit(-1);
-
- childPid = fork();
- if (childPid < 0) {
- /* error in fork() */
- fprintf(stderr, _("login: failure forking: %m"));
- pam_close_session(pamh, 0);
- /* We're done with PAM. Free `pam_handle'. */
- pam_end( pamh, PAM_SUCCESS );
- exit(0);
- }
- if (childPid) {
- close(0); close(1); close(2);
- struct sigaction sa;
- memset(&sa,0,sizeof(sa));
- sa.sa_handler = SIG_IGN;
- sigaction(SIGQUIT, &sa, NULL);
- sigaction(SIGINT, &sa, NULL);
- while(wait(NULL) == -1 && errno == EINTR) /**/ ;
- openlog("login", LOG_ODELAY, LOG_AUTHPRIV);
- pam_close_session(pamh, 0);
- /* We're done with PAM. Free `pam_handle'. */
- pam_end( pamh, PAM_SUCCESS );
- exit(0);
- }
- argv[0]=strdup ("/bin/sh");
- argv[1]=NULL;
-
- /* NOTE: The environment has not been sanitized. LD_PRELOAD and other fun
- * things could be set. */
- execv("/bin/sh",argv);
- fprintf(stderr,"Failure\n");
- return 0;
-}
diff --git a/modules/pam_selinux/tst-pam_selinux b/modules/pam_selinux/tst-pam_selinux
deleted file mode 100755
index 14c3d82f..00000000
--- a/modules/pam_selinux/tst-pam_selinux
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_selinux.so