diff options
Diffstat (limited to 'modules/pam_selinux')
| -rw-r--r-- | modules/pam_selinux/.cvsignore | 11 | ||||
| -rw-r--r-- | modules/pam_selinux/Makefile.am | 43 | ||||
| -rw-r--r-- | modules/pam_selinux/README.xml | 41 | ||||
| -rw-r--r-- | modules/pam_selinux/pam_selinux.8.xml | 220 | ||||
| -rw-r--r-- | modules/pam_selinux/pam_selinux.c | 720 | ||||
| -rw-r--r-- | modules/pam_selinux/pam_selinux_check.8 | 35 | ||||
| -rw-r--r-- | modules/pam_selinux/pam_selinux_check.c | 161 | ||||
| -rwxr-xr-x | modules/pam_selinux/tst-pam_selinux | 2 |
8 files changed, 0 insertions, 1233 deletions
diff --git a/modules/pam_selinux/.cvsignore b/modules/pam_selinux/.cvsignore deleted file mode 100644 index 08754fd5..00000000 --- a/modules/pam_selinux/.cvsignore +++ /dev/null @@ -1,11 +0,0 @@ -*.la -*.lo -*.so -*~ -.deps -.libs -Makefile -Makefile.in -pam_selinux_check -README -pam_selinux.8 diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am deleted file mode 100644 index baf782a8..00000000 --- a/modules/pam_selinux/Makefile.am +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk <kukuk@thkukuk.de> -# - -CLEANFILES = *~ -MAINTAINERCLEANFILES = $(MANS) README - -EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \ - tst-pam_selinux - -if HAVE_LIBSELINUX - TESTS = tst-pam_selinux - man_MANS = pam_selinux.8 -endif - -XMLS = README.xml pam_selinux.8.xml - -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) - -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/libpam_misc/include - -pam_selinux_check_LDFLAGS = $(AM_LDFLAGS) \ - -L$(top_builddir)/libpam -lpam \ - -L$(top_builddir)/libpam_misc -lpam_misc - -pam_selinux_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBSELINUX@ -pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module -if HAVE_VERSIONING - pam_selinux_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -endif - -if HAVE_LIBSELINUX - securelib_LTLIBRARIES = pam_selinux.la - noinst_PROGRAMS = pam_selinux_check -endif -if ENABLE_REGENERATE_MAN -noinst_DATA = README pam_selinux.8 -README: pam_selinux.8.xml --include $(top_srcdir)/Make.xml.rules -endif - diff --git a/modules/pam_selinux/README.xml b/modules/pam_selinux/README.xml deleted file mode 100644 index 7e1baf55..00000000 --- a/modules/pam_selinux/README.xml +++ /dev/null @@ -1,41 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_selinux.8.xml"> ---> -]> - -<article> - - <articleinfo> - - <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/> - </title> - - </articleinfo> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-description"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-options"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-examples"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_selinux.8.xml" xpointer='xpointer(//refsect1[@id = "pam_selinux-author"]/*)'/> - </section> - -</article> diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml deleted file mode 100644 index 3acd1322..00000000 --- a/modules/pam_selinux/pam_selinux.8.xml +++ /dev/null @@ -1,220 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_selinux"> - - <refmeta> - <refentrytitle>pam_selinux</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_selinux-name"> - <refname>pam_selinux</refname> - <refpurpose>PAM module to set the default security context</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_selinux-cmdsynopsis"> - <command>pam_selinux.so</command> - <arg choice="opt"> - close - </arg> - <arg choice="opt"> - debug - </arg> - <arg choice="opt"> - open - </arg> - <arg choice="opt"> - nottys - </arg> - <arg choice="opt"> - verbose - </arg> - <arg choice="opt"> - select_context - </arg> - <arg choice="opt"> - use_current_range - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_selinux-description"> - <title>DESCRIPTION</title> - <para> - In a nutshell, pam_selinux sets up the default security context for the - next execed shell. - </para> - <para> - When an application opens a session using pam_selinux, the shell that - gets executed will be run in the default security context, or if the - user chooses and the pam file allows the selected security context. - Also the controlling tty will have it's security context modified to - match the users. - </para> - <para> - Adding pam_selinux into a pam file could cause other pam modules to - change their behavior if the exec another application. The close and - open option help mitigate this problem. close option will only cause - the close portion of the pam_selinux to execute, and open will only - cause the open portion to run. You can add pam_selinux to the config - file twice. Add the pam_selinux close as the executes the open pass - through the modules, pam_selinux open_session will happen last. - When PAM executes the close pass through the modules pam_selinux - close_session will happen first. - </para> - </refsect1> - - <refsect1 id="pam_selinux-options"> - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - <option>close</option> - </term> - <listitem> - <para> - Only execute the close_session portion of the module. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Turns on debugging via - <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>open</option> - </term> - <listitem> - <para> - Only execute the open_session portion of the module. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>nottys</option> - </term> - <listitem> - <para> - Do not try to setup the ttys security context. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>verbose</option> - </term> - <listitem> - <para> - attempt to inform the user when security context is set. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>select_context</option> - </term> - <listitem> - <para> - Attempt to ask the user for a custom security context role. - If MLS is on ask also for sensitivity level. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>use_current_range</option> - </term> - <listitem> - <para> - Use the sensitivity range of the process for the user context. - This option and the select_context option are mutually exclusive. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_selinux-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - Only the <option>session</option> service is supported. - </para> - </refsect1> - - <refsect1 id='pam_selinux-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - Unable to get or set a valid context. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - The security context was set successfull. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - The user is not known to the system. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_selinux-examples'> - <title>EXAMPLES</title> - <programlisting> -auth required pam_unix.so -session required pam_permit.so -session optional pam_selinux.so - </programlisting> - </refsect1> - - <refsect1 id='pam_selinux-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_selinux-author'> - <title>AUTHOR</title> - <para> - pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. - </para> - </refsect1> - -</refentry> diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c deleted file mode 100644 index f0935896..00000000 --- a/modules/pam_selinux/pam_selinux.c +++ /dev/null @@ -1,720 +0,0 @@ -/****************************************************************************** - * A module for Linux-PAM that will set the default security context after login - * via PAM. - * - * Copyright (c) 2003 Red Hat, Inc. - * Written by Dan Walsh <dwalsh@redhat.com> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "config.h" - -#include <errno.h> -#include <limits.h> -#include <pwd.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <syslog.h> - -#define PAM_SM_AUTH -#define PAM_SM_SESSION - -#include <security/pam_modules.h> -#include <security/_pam_macros.h> -#include <security/pam_modutil.h> -#include <security/pam_ext.h> - -#include <selinux/selinux.h> -#include <selinux/get_context_list.h> -#include <selinux/flask.h> -#include <selinux/av_permissions.h> -#include <selinux/selinux.h> -#include <selinux/context.h> -#include <selinux/get_default_type.h> - -#ifdef HAVE_LIBAUDIT -#include <libaudit.h> -#include <sys/select.h> -#include <errno.h> -#endif - -/* Send audit message */ -static - -int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context, - security_context_t selected_context) -{ - int rc=0; -#ifdef HAVE_LIBAUDIT - char *msg = NULL; - int audit_fd = audit_open(); - security_context_t default_raw=NULL; - security_context_t selected_raw=NULL; - rc = -1; - if (audit_fd < 0) { - if (errno == EINVAL || errno == EPROTONOSUPPORT || - errno == EAFNOSUPPORT) - return 0; /* No audit support in kernel */ - pam_syslog(pamh, LOG_ERR, _("Error connecting to audit system.")); - return rc; - } - if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) { - pam_syslog(pamh, LOG_ERR, _("Error translating default context.")); - default_raw = NULL; - } - if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) { - pam_syslog(pamh, LOG_ERR, _("Error translating selected context.")); - selected_raw = NULL; - } - if (asprintf(&msg, "pam: default-context=%s selected-context=%s", - default_raw ? default_raw : (default_context ? default_context : "?"), - selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) { - pam_syslog(pamh, LOG_ERR, ("Error allocating memory.")); - goto out; - } - if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, - msg, NULL, NULL, NULL, success) <= 0) { - pam_syslog(pamh, LOG_ERR, _("Error sending audit message.")); - goto out; - } - rc = 0; - out: - free(msg); - freecon(default_raw); - freecon(selected_raw); - close(audit_fd); -#else - pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success); -#endif - return rc; -} -static int -send_text (pam_handle_t *pamh, const char *text, int debug) -{ - if (debug) - pam_syslog(pamh, LOG_NOTICE, "%s", text); - return pam_info (pamh, "%s", text); -} - -/* - * This function sends a message to the user and gets the response. The caller - * is responsible for freeing the responses. - */ -static int -query_response (pam_handle_t *pamh, const char *text, const char *def, - char **responses, int debug) -{ - int rc; - if (def) - rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def); - else - rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text); - if (debug) - pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]); - return rc; -} - -static security_context_t -manual_context (pam_handle_t *pamh, const char *user, int debug) -{ - security_context_t newcon=NULL; - context_t new_context; - int mls_enabled = is_selinux_mls_enabled(); - char *type=NULL; - char *responses=NULL; - - while (1) { - query_response(pamh, - _("Would you like to enter a security context? [N] "), NULL, - &responses,debug); - if ((responses[0] == 'y') || (responses[0] == 'Y')) - { - if (mls_enabled) - new_context = context_new ("user:role:type:level"); - else - new_context = context_new ("user:role:type"); - - if (!new_context) - goto fail_set; - - if (context_user_set (new_context, user)) - goto fail_set; - - _pam_drop(responses); - /* Allow the user to enter each field of the context individually */ - query_response(pamh,_("role:"), NULL, &responses,debug); - if (responses[0] != '\0') { - if (context_role_set (new_context, responses)) - goto fail_set; - if (get_default_type(responses, &type)) - goto fail_set; - if (context_type_set (new_context, type)) - goto fail_set; - } - _pam_drop(responses); - if (mls_enabled) - { - query_response(pamh,_("level:"), NULL, &responses,debug); - if (responses[0] != '\0') { - if (context_range_set (new_context, responses)) - goto fail_set; - } - } - /* Get the string value of the context and see if it is valid. */ - if (!security_check_context(context_str(new_context))) { - newcon = strdup(context_str(new_context)); - context_free (new_context); - return newcon; - } - else - send_text(pamh,_("Not a valid security context"),debug); - context_free (new_context); - } - else { - _pam_drop(responses); - return NULL; - } - } /* end while */ - fail_set: - free(type); - _pam_drop(responses); - context_free (new_context); - return NULL; -} - -static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug) -{ - struct av_decision avd; - int retval; - unsigned int bit = CONTEXT__CONTAINS; - context_t src_context = context_new (src); - context_t dst_context = context_new (dst); - context_range_set(dst_context, context_range_get(src_context)); - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context)); - - retval = security_compute_av(context_str(dst_context), dst, SECCLASS_CONTEXT, bit, &avd); - context_free(src_context); - context_free(dst_context); - if (retval || ((bit & avd.allowed) != bit)) - return 0; - - return 1; -} - -static security_context_t -config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) -{ - security_context_t newcon=NULL; - context_t new_context; - int mls_enabled = is_selinux_mls_enabled(); - char *responses=NULL; - char *type=NULL; - char resp_val = 0; - - pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); - - while (1) { - query_response(pamh, - _("Would you like to enter a different role or level?"), "n", - &responses,debug); - - resp_val = responses[0]; - _pam_drop(responses); - if ((resp_val == 'y') || (resp_val == 'Y')) - { - new_context = context_new(puser_context); - - /* Allow the user to enter role and level individually */ - query_response(pamh,_("role:"), context_role_get(new_context), - &responses, debug); - if (responses[0]) { - if (get_default_type(responses, &type)) { - pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses); - _pam_drop(responses); - continue; - } else { - if (context_role_set(new_context, responses)) - goto fail_set; - if (context_type_set (new_context, type)) - goto fail_set; - } - } - _pam_drop(responses); - if (mls_enabled) - { - query_response(pamh,_("level:"), context_range_get(new_context), - &responses, debug); - if (responses[0]) { - if (context_range_set(new_context, responses)) - goto fail_set; - } - _pam_drop(responses); - } - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); - - /* Get the string value of the context and see if it is valid. */ - if (!security_check_context(context_str(new_context))) { - newcon = strdup(context_str(new_context)); - context_free (new_context); - - /* we have to check that this user is allowed to go into the - range they have specified ... role is tied to an seuser, so that'll - be checked at setexeccon time */ - if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) { - pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon); - - send_audit_message(pamh, 0, puser_context, newcon); - - free(newcon); - goto fail_range; - } - return newcon; - } - else { - send_audit_message(pamh, 0, puser_context, context_str(new_context)); - send_text(pamh,_("Not a valid security context"),debug); - } - context_free(new_context); /* next time around allocates another */ - } - else - return strdup(puser_context); - } /* end while */ - - return NULL; - - fail_set: - free(type); - _pam_drop(responses); - context_free (new_context); - send_audit_message(pamh, 0, puser_context, NULL); - fail_range: - return NULL; -} - -static void -security_restorelabel_tty(const pam_handle_t *pamh, - const char *tty, security_context_t context) -{ - char ttybuf[PATH_MAX]; - const char *ptr; - - if (context==NULL) - return; - - if(strncmp("/dev/", tty, 5)) { - snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty); - ptr = ttybuf; - } - else - ptr = tty; - - if (setfilecon(ptr, context) && errno != ENOENT) - { - pam_syslog(pamh, LOG_NOTICE, - "Warning! Could not relabel %s with %s, not relabeling: %m", - ptr, context); - } -} - -static security_context_t -security_label_tty(pam_handle_t *pamh, char *tty, - security_context_t usercon) -{ - char ttybuf[PATH_MAX]; - int status=0; - security_context_t newdev_context=NULL; /* The new context of a device */ - security_context_t prev_context=NULL; /* The new context of a device */ - const char *ptr; - - if(strncmp("/dev/", tty, 5)) - { - snprintf(ttybuf,sizeof(ttybuf),"/dev/%s",tty); - ptr = ttybuf; - } - else - ptr = tty; - - if (getfilecon(ptr, &prev_context) < 0) - { - if(errno != ENOENT) - pam_syslog(pamh, LOG_NOTICE, - "Warning! Could not get current context for %s, not relabeling: %m", - ptr); - return NULL; - } - if( security_compute_relabel(usercon,prev_context,SECCLASS_CHR_FILE, - &newdev_context)!=0) - { - pam_syslog(pamh, LOG_NOTICE, - "Warning! Could not get new context for %s, not relabeling: %m", - ptr); - pam_syslog(pamh, LOG_NOTICE, - "usercon=%s, prev_context=%s", usercon, prev_context); - freecon(prev_context); - return NULL; - } - status=setfilecon(ptr,newdev_context); - if (status) - { - pam_syslog(pamh, LOG_NOTICE, - "Warning! Could not relabel %s with %s, not relabeling: %m", - ptr,newdev_context); - freecon(prev_context); - prev_context=NULL; - } - freecon(newdev_context); - return prev_context; -} - -static security_context_t user_context=NULL; -static security_context_t prev_user_context=NULL; -static security_context_t ttyn_context=NULL; /* The current context of ttyn device */ -static int selinux_enabled=0; -static char *ttyn=NULL; - -/* Tell the user that access has been granted. */ -static void -verbose_message(pam_handle_t *pamh, char *msg, int debug) -{ - if (debug) - pam_syslog(pamh, LOG_NOTICE, msg); - - pam_info (pamh, "%s", msg); -} - -PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) -{ - /* Fail by default. */ - return PAM_AUTH_ERR; -} - -PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int i, debug = 0, ttys=1, has_tty=isatty(0); - int verbose=0, close_session=0; - int select_context = 0; - int use_current_range = 0; - int ret = 0; - security_context_t* contextlist = NULL; - int num_contexts = 0; - const char *username = NULL; - const void *tty = NULL; - char *seuser=NULL; - char *level=NULL; - security_context_t default_user_context=NULL; - - /* Parse arguments. */ - for (i = 0; i < argc; i++) { - if (strcmp(argv[i], "debug") == 0) { - debug = 1; - } - if (strcmp(argv[i], "nottys") == 0) { - ttys = 0; - } - if (strcmp(argv[i], "verbose") == 0) { - verbose = 1; - } - if (strcmp(argv[i], "close") == 0) { - close_session = 1; - } - if (strcmp(argv[i], "select_context") == 0) { - select_context = 1; - } - if (strcmp(argv[i], "use_current_range") == 0) { - use_current_range = 1; - } - } - - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Open Session"); - - if (select_context && use_current_range) { - pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range"); - select_context = 0; - } - - /* this module is only supposed to execute close_session */ - if (close_session) - return PAM_SUCCESS; - - if (!(selinux_enabled = is_selinux_enabled()>0) ) - return PAM_SUCCESS; - - if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS || - username == NULL) { - return PAM_USER_UNKNOWN; - } - - if (getseuserbyname(username, &seuser, &level)==0) { - num_contexts = get_ordered_context_list_with_level(seuser, - level, - NULL, - &contextlist); - if (debug) - pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s", - username, seuser, level); - free(seuser); - free(level); - } - if (num_contexts > 0) { - default_user_context=strdup(contextlist[0]); - freeconary(contextlist); - if (default_user_context == NULL) { - pam_syslog(pamh, LOG_ERR, _("Out of memory")); - return PAM_AUTH_ERR; - } - user_context = default_user_context; - if (select_context && has_tty) { - user_context = config_context(pamh, default_user_context, debug); - if (user_context == NULL) { - freecon(default_user_context); - pam_syslog(pamh, LOG_ERR, _("Unable to get valid context for %s"), - username); - pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username); - if (security_getenforce() == 1) - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; - } - } - } - else { - if (has_tty) { - user_context = manual_context(pamh,seuser,debug); - if (user_context == NULL) { - pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", - username); - if (security_getenforce() == 1) - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; - } - } else { - pam_syslog (pamh, LOG_ERR, - "Unable to get valid context for %s, No valid tty", - username); - if (security_getenforce() == 1) - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; - } - } - - if (use_current_range && is_selinux_mls_enabled()) { - security_context_t process_context=NULL; - if (getcon(&process_context) == 0) { - context_t pcon, ucon; - char *process_level=NULL; - security_context_t orig_context; - - if (user_context) - orig_context = user_context; - else - orig_context = default_user_context; - - pcon = context_new(process_context); - freecon(process_context); - process_level = strdup(context_range_get(pcon)); - context_free(pcon); - - if (debug) - pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level); - - ucon = context_new(orig_context); - - context_range_set(ucon, process_level); - free(process_level); - - if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) { - send_text(pamh, _("Requested MLS level not in permitted range"), debug); - /* even if default_user_context is NULL audit that anyway */ - send_audit_message(pamh, 0, default_user_context, context_str(ucon)); - context_free(ucon); - return PAM_AUTH_ERR; - } - - if (debug) - pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon)); - - /* replace the user context with the level adjusted one */ - freecon(user_context); - user_context = strdup(context_str(ucon)); - - context_free(ucon); - } - } - - if (getexeccon(&prev_user_context)<0) { - prev_user_context=NULL; - } - if (ttys) { - /* Get the name of the terminal. */ - if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS) { - tty = NULL; - } - - if ((tty == NULL) || (strlen(tty) == 0) || - strcmp(tty, "ssh") == 0 || strncmp(tty, "NODEV", 5) == 0) { - tty = ttyname(STDIN_FILENO); - if ((tty == NULL) || (strlen(tty) == 0)) { - tty = ttyname(STDOUT_FILENO); - } - if ((tty == NULL) || (strlen(tty) == 0)) { - tty = ttyname(STDERR_FILENO); - } - } - } - if(ttys && tty ) { - ttyn=strdup(tty); - ttyn_context=security_label_tty(pamh,ttyn,user_context); - } - send_audit_message(pamh, 1, default_user_context, user_context); - if (default_user_context != user_context) { - freecon(default_user_context); - } - ret = setexeccon(user_context); - if (ret==0 && verbose) { - char msg[PATH_MAX]; - snprintf(msg, sizeof(msg), - _("Security Context %s Assigned"), user_context); - verbose_message(pamh, msg, debug); - } - if (ret) { - pam_syslog(pamh, LOG_ERR, - "Error! Unable to set %s executable context %s.", - username, user_context); - if (security_getenforce() == 1) { - freecon(user_context); - return PAM_AUTH_ERR; - } - } else { - if (debug) - pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s", - username, user_context); - } -#ifdef HAVE_SETKEYCREATECON - ret = setkeycreatecon(user_context); - if (ret==0 && verbose) { - char msg[PATH_MAX]; - snprintf(msg, sizeof(msg), - _("Key Creation Context %s Assigned"), user_context); - verbose_message(pamh, msg, debug); - } - if (ret) { - pam_syslog(pamh, LOG_ERR, - "Error! Unable to set %s key creation context %s.", - username, user_context); - if (security_getenforce() == 1) { - freecon(user_context); - return PAM_AUTH_ERR; - } - } else { - if (debug) - pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s", - username, user_context); - } -#endif - freecon(user_context); - - return PAM_SUCCESS; -} - -PAM_EXTERN int -pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int i, debug = 0,status=0, open_session=0; - if (! (selinux_enabled )) - return PAM_SUCCESS; - - /* Parse arguments. */ - for (i = 0; i < argc; i++) { - if (strcmp(argv[i], "debug") == 0) { - debug = 1; - } - if (strcmp(argv[i], "open") == 0) { - open_session = 1; - } - } - - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Close Session"); - - if (open_session) - return PAM_SUCCESS; - - if (ttyn) { - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Restore tty %s -> %s", - ttyn,ttyn_context); - - security_restorelabel_tty(pamh,ttyn,ttyn_context); - freecon(ttyn_context); - free(ttyn); - ttyn=NULL; - } - status=setexeccon(prev_user_context); - freecon(prev_user_context); - if (status) { - pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.", - prev_user_context); - if (security_getenforce() == 1) - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; - } - - if (debug) - pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal"); - - return PAM_SUCCESS; -} diff --git a/modules/pam_selinux/pam_selinux_check.8 b/modules/pam_selinux/pam_selinux_check.8 deleted file mode 100644 index d6fcdff1..00000000 --- a/modules/pam_selinux/pam_selinux_check.8 +++ /dev/null @@ -1,35 +0,0 @@ -.TH pam_selinux_check 8 2002/05/23 "Red Hat Linux" "System Administrator's Manual" -.SH NAME -pam_selinux_check \- login program to test pam_selinux.so -.SH SYNOPSIS -.B pam_selinux_check [user] -.br - -.SH DESCRIPTION -With no arguments, -.B pam_selinux_check -will prompt for user - -.SH OPTIONS -.IP target_user -The user to login as. - -.SH DIAGNOSTICS -You must setup a /etc/pam.d/pam_selinux_check file, in order for the check to work. - -When checking if a selinux is valid, -.B pam_selinux_check -returns an exit code of 0 for success and > 0 on error: - -.nf -1: Authentication failure -.fi - -.SH SEE ALSO -pam_selinux(8) - -.SH BUGS -Let's hope not, but if you find any, please email the author. - -.SH AUTHOR -Dan Walsh <dwalsh@redhat.com> diff --git a/modules/pam_selinux/pam_selinux_check.c b/modules/pam_selinux/pam_selinux_check.c deleted file mode 100644 index 30526d37..00000000 --- a/modules/pam_selinux/pam_selinux_check.c +++ /dev/null @@ -1,161 +0,0 @@ -/****************************************************************************** - * A module for Linux-PAM that will set the default security context after login - * via PAM. - * - * Copyright (c) 2003 Red Hat, Inc. - * Written by Dan Walsh <dwalsh@redhat.com> - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, and the entire permission notice in its entirety, - * including the disclaimer of warranties. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote - * products derived from this software without specific prior - * written permission. - * - * ALTERNATIVELY, this product may be distributed under the terms of - * the GNU Public License, in which case the provisions of the GPL are - * required INSTEAD OF the above restrictions. (This clause is - * necessary due to a potential bad interaction between the GPL and - * the restrictions contained in a BSD-style copyright.) - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/************************************************************************ - * - * All PAM code goes in this section. - * - ************************************************************************/ - -#include "config.h" - -#include <errno.h> -#include <syslog.h> -#include <unistd.h> /* for getuid(), exit(), getopt() */ -#include <signal.h> -#include <sys/wait.h> /* for wait() */ - -#include <security/pam_appl.h> /* for PAM functions */ -#include <security/pam_misc.h> /* for misc_conv PAM utility function */ - -#define SERVICE_NAME "pam_selinux_check" /* the name of this program for PAM */ - /* The file containing the context to run - * the scripts under. */ -int authenticate_via_pam( const char *user , pam_handle_t **pamh); - -/* authenticate_via_pam() - * - * in: user - * out: nothing - * return: value condition - * ----- --------- - * 1 pam thinks that the user authenticated themselves properly - * 0 otherwise - * - * this function uses pam to authenticate the user running this - * program. this is the only function in this program that makes pam - * calls. - * - */ - -int authenticate_via_pam( const char *user , pam_handle_t **pamh) { - - struct pam_conv *conv; - int result = 0; /* our result, set to 0 (not authenticated) by default */ - - /* this is a jump table of functions for pam to use when it wants to * - * communicate with the user. we'll be using misc_conv(), which is * - * provided for us via pam_misc.h. */ - struct pam_conv pam_conversation = { - misc_conv, - NULL - }; - conv = &pam_conversation; - - - /* make `p_pam_handle' a valid pam handle so we can use it when * - * calling pam functions. */ - if( PAM_SUCCESS != pam_start( SERVICE_NAME, - user, - conv, - pamh ) ) { - fprintf( stderr, _("failed to initialize PAM\n") ); - exit( -1 ); - } - - if( PAM_SUCCESS != pam_set_item(*pamh, PAM_RUSER, user)) - { - fprintf( stderr, _("failed to pam_set_item()\n") ); - exit( -1 ); - } - - /* Ask PAM to authenticate the user running this program */ - if( PAM_SUCCESS == pam_authenticate(*pamh,0) ) { - if ( PAM_SUCCESS == pam_open_session(*pamh, 0) ) - result = 1; /* user authenticated OK! */ - } - return( result ); - -} /* authenticate_via_pam() */ - -int -main (int argc, char **argv) -{ - pam_handle_t *pamh; - int childPid; - - if (argc < 1) - exit (-1); - - if (!authenticate_via_pam(argv[1],&pamh)) - exit(-1); - - childPid = fork(); - if (childPid < 0) { - /* error in fork() */ - fprintf(stderr, _("login: failure forking: %m")); - pam_close_session(pamh, 0); - /* We're done with PAM. Free `pam_handle'. */ - pam_end( pamh, PAM_SUCCESS ); - exit(0); - } - if (childPid) { - close(0); close(1); close(2); - struct sigaction sa; - memset(&sa,0,sizeof(sa)); - sa.sa_handler = SIG_IGN; - sigaction(SIGQUIT, &sa, NULL); - sigaction(SIGINT, &sa, NULL); - while(wait(NULL) == -1 && errno == EINTR) /**/ ; - openlog("login", LOG_ODELAY, LOG_AUTHPRIV); - pam_close_session(pamh, 0); - /* We're done with PAM. Free `pam_handle'. */ - pam_end( pamh, PAM_SUCCESS ); - exit(0); - } - argv[0]=strdup ("/bin/sh"); - argv[1]=NULL; - - /* NOTE: The environment has not been sanitized. LD_PRELOAD and other fun - * things could be set. */ - execv("/bin/sh",argv); - fprintf(stderr,"Failure\n"); - return 0; -} diff --git a/modules/pam_selinux/tst-pam_selinux b/modules/pam_selinux/tst-pam_selinux deleted file mode 100755 index 14c3d82f..00000000 --- a/modules/pam_selinux/tst-pam_selinux +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -../../tests/tst-dlopen .libs/pam_selinux.so |