From 12fa74c860993f154d1eb1585b4a735ca3684565 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Wed, 12 Mar 2014 15:19:02 +0100

Subject: [PATCH 113/113] IPA: Write SELinux usernames in the right case

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

https://fedorahosted.org/sssd/ticket/2282

Reviewed-by: Michal Židek <mzidek@redhat.com>

---

 src/providers/ipa/ipa_selinux.c | 26 +++++++++++++++++++++-----

 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c

index 4ec5a64159de139f9ba5b30bf1f1a56baf32a52f..7f59161918a04ff8c994a0ce0fe55924ff09eda7 100644

--- a/src/providers/ipa/ipa_selinux.c

+++ b/src/providers/ipa/ipa_selinux.c

@@ -225,6 +225,7 @@ static errno_t create_order_array(TALLOC_CTX *mem_ctx, const char *map_order,

                                   char ***_order_array, size_t *_order_count);

 static errno_t choose_best_seuser(struct sysdb_attrs **usermaps,

                                   struct pam_data *pd,

+                                  struct sss_domain_info *user_domain,

                                   char **order_array, int order_count,

                                   const char *default_user);

@@ -311,8 +312,8 @@ static void ipa_selinux_handler_done(struct tevent_req *req)

         goto fail;

     }

-    ret = choose_best_seuser(best_match_maps, pd, order_array, order_count,

-                             default_user);

+    ret = choose_best_seuser(best_match_maps, pd, op_ctx->user_domain,

+                             order_array, order_count, default_user);

     if (ret != EOK) {

         DEBUG(SSSDBG_CRIT_FAILURE,

               ("Failed to evaluate ordered SELinux users array.\n"));

@@ -601,13 +602,16 @@ done:

     return ret;

 }

-static errno_t write_selinux_login_file(const char *username, char *string);

+static errno_t write_selinux_login_file(const char *orig_name,

+                                        struct sss_domain_info *dom,

+                                        char *string);

 static errno_t remove_selinux_login_file(const char *username);

 /* Choose best selinux user based on given order and write

  * the user to selinux login file. */

 static errno_t choose_best_seuser(struct sysdb_attrs **usermaps,

                                   struct pam_data *pd,

+                                  struct sss_domain_info *user_domain,

                                   char **order_array, int order_count,

                                   const char *default_user)

 {

@@ -662,7 +666,7 @@ static errno_t choose_best_seuser(struct sysdb_attrs **usermaps,

         }

     }

-    ret = write_selinux_login_file(pd->user, file_content);

+    ret = write_selinux_login_file(pd->user, user_domain, file_content);

 done:

     if (!file_content) {

         err = remove_selinux_login_file(pd->user);

@@ -673,7 +677,9 @@ done:

     return ret;

 }

-static errno_t write_selinux_login_file(const char *username, char *string)

+static errno_t write_selinux_login_file(const char *orig_name,

+                                        struct sss_domain_info *dom,

+                                        char *string)

 {

     char *path = NULL;

     char *tmp_path = NULL;

@@ -685,6 +691,7 @@ static errno_t write_selinux_login_file(const char *username, char *string)

     char *full_string = NULL;

     int enforce;

     errno_t ret = EOK;

+    const char *username;

     len = strlen(string);

     if (len == 0) {

@@ -697,6 +704,15 @@ static errno_t write_selinux_login_file(const char *username, char *string)

         return ENOMEM;

     }

+    /* pam_selinux needs the username in the same format getpwnam() would

+     * return it

+     */

+    username = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive);

+    if (username == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

     path = selogin_path(tmp_ctx, username);

     if (path == NULL) {

         ret = ENOMEM;

-- 

1.8.5.3