mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Resolve build failiures when selinux is enabled (#1927)

Browse source
This commit is contained in:
Firstyear 2023-08-01 19:08:21 +10:00 committed by William Brown
parent f78dd2dd4a
commit 5d1e2f90e6
2 changed files with 45 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
libs/users/src/lib.rs
View file

@ -1,4 +1,8 @@
use libc::passwd as c_passwd;
use libc::{gid_t, uid_t}; use libc::{gid_t, uid_t};
use std::ffi::{CStr, OsStr, OsString};
use std::os::unix::ffi::OsStrExt;
use std::{mem, ptr};
pub fn get_current_uid() -> uid_t { pub fn get_current_uid() -> uid_t {
unsafe { libc::getuid() } unsafe { libc::getuid() }
@ -15,3 +19,41 @@ pub fn get_current_gid() -> gid_t {
pub fn get_effective_gid() -> gid_t { pub fn get_effective_gid() -> gid_t {
unsafe { libc::getegid() } unsafe { libc::getegid() }
} }
pub fn get_user_name_by_uid(uid: uid_t) -> Option<OsString> {
let mut passwd = unsafe { mem::zeroed::<c_passwd>() };
let mut buf = vec![0; 2048];
let mut result = ptr::null_mut::<c_passwd>();
#[cfg(feature = "logging")]
trace!("Running getpwuid_r for user #{}", uid);
loop {
let r =
unsafe { libc::getpwuid_r(uid, &mut passwd, buf.as_mut_ptr(), buf.len(), &mut result) };
if r != libc::ERANGE {
break;
}
let newsize = buf.len().checked_mul(2)?;
buf.resize(newsize, 0);
}
if result.is_null() {
// There is no such user, or an error has occurred.
// errno gets set if theres an error.
return None;
}
if result != &mut passwd {
// The result of getpwuid_r should be its input passwd.
return None;
}
let name = unsafe {
OsStr::from_bytes(CStr::from_ptr(result.read().pw_name).to_bytes()).to_os_string()
};
Some(name)
}

6
unix_integration/src/selinux_util.rs
View file

@ -1,7 +1,7 @@
use kanidm_utils_users::get_user_name_by_uid;
use std::ffi::CString; use std::ffi::CString;
use std::path::Path; use std::path::Path;
use std::process::Command; use std::process::Command;
use users::get_user_by_uid;
use selinux::{ use selinux::{
current_mode, kernel_support, label::back_end::File, label::Labeler, KernelSupport, current_mode, kernel_support, label::back_end::File, label::Labeler, KernelSupport,
@ -63,8 +63,8 @@ impl SelinuxLabeler {
// so that relabels in the future do not break it. // so that relabels in the future do not break it.
#[cfg(all(target_family = "unix", feature = "selinux"))] #[cfg(all(target_family = "unix", feature = "selinux"))]
// Yes, gid, because we use the GID number for both the user's UID and primary GID // Yes, gid, because we use the GID number for both the user's UID and primary GID
let sel_lookup_path_raw = match get_user_by_uid(gid) { let sel_lookup_path_raw = match get_user_name_by_uid(gid) {
Some(v) => format!("{}{}", home_prefix, v.name().to_str().unwrap()), Some(v) => format!("{}{}", home_prefix, v.to_str().unwrap()),
None => { None => {
return Err("Failed looking up username by uid for SELinux relabeling".to_string()); return Err("Failed looking up username by uid for SELinux relabeling".to_string());
} }