diff options
| author | Karel Zak | 2006-12-07 00:26:14 +0100 |
|---|---|---|
| committer | Karel Zak | 2006-12-07 00:26:14 +0100 |
| commit | d03dd60840f0a08464d5266539ad356aefe24b03 (patch) | |
| tree | 0a9ad240a7a88eb6b11b152974a7a51a0df79b75 /login-utils/chfn.c | |
| parent | Imported from util-linux-2.12pre tarball. (diff) | |
| download | kernel-qcow2-util-linux-d03dd60840f0a08464d5266539ad356aefe24b03.tar.gz kernel-qcow2-util-linux-d03dd60840f0a08464d5266539ad356aefe24b03.tar.xz kernel-qcow2-util-linux-d03dd60840f0a08464d5266539ad356aefe24b03.zip | |
Imported from util-linux-2.12a tarball.
Diffstat (limited to 'login-utils/chfn.c')
| -rw-r--r-- | login-utils/chfn.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/login-utils/chfn.c b/login-utils/chfn.c index 7c6bfac05..643a16319 100644 --- a/login-utils/chfn.c +++ b/login-utils/chfn.c @@ -40,6 +40,12 @@ #include "nls.h" #include "env.h" +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#include <selinux/av_permissions.h> +#include "selinux_utils.h" +#endif + #if REQUIRE_PASSWORD && USE_PAM #include <security/pam_appl.h> #include <security/pam_misc.h> @@ -136,6 +142,27 @@ int main (int argc, char **argv) { exit(1); } +#ifdef WITH_SELINUX + if (is_selinux_enabled()) { + if(uid == 0) { + if (checkAccess(oldf.username,PASSWD__CHFN)!=0) { + security_context_t user_context; + if (getprevcon(&user_context) < 0) + user_context=(security_context_t) strdup(_("Unknown user context")); + fprintf(stderr, _("%s: %s is not authorized to change the finger info of %s\n"), + whoami, user_context, oldf.username); + freecon(user_context); + exit(1); + } + } + if (setupDefaultContext("/etc/passwd") != 0) { + fprintf(stderr,_("%s: Can't set default context for /etc/passwd"), + whoami); + exit(1); + } + } +#endif + /* Reality check */ if (uid != 0 && uid != oldf.pw->pw_uid) { errno = EACCES; |