From patchwork Tue Feb 22 13:51:40 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12755120
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B4ABFC433EF
	for <selinux@archiver.kernel.org>; Tue, 22 Feb 2022 13:51:50 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232418AbiBVNwO (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Tue, 22 Feb 2022 08:52:14 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50640 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232052AbiBVNwO (ORCPT
        <rfc822;selinux@vger.kernel.org>); Tue, 22 Feb 2022 08:52:14 -0500
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com
 [IPv6:2a00:1450:4864:20::632])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BC2C690FFD
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:48 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id hw13so42924265ejc.9
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=MFurHR0pq931GS0HCE9XoYrSZM3+oBed7Dr+xT2gxCo=;
        b=dEZOl5RgmxbOOzIsXk3vMkfJL3LLvFUMRolKaz0zY8cGERPZQANWryhNj00iHhd7pP
         PCpif+frbTJzh+rTq03S9awYsqmR6AbDFXNj3yBcJNBHpd1NDCNBfWMvGQXzk7QfCU8Y
         mODysJ6u9vt84mraNf2LB2+XdnlqnIPZBH/EGS6q4UHBflANP9aofWt3ryo5H5Q6iBfE
         CPPbAe5ddgKNn5fHMKuktYgCks+kgpUIfgvRTiF0Uv7W6VIoVC7/Sfy7kFihGqYLeTt2
         WCzHiZyvHTXByfVtsH8amVPfMHzn5aG+l66spVyo8P86fqFf/sNtvYI538wUnnubYQC0
         Pr+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=MFurHR0pq931GS0HCE9XoYrSZM3+oBed7Dr+xT2gxCo=;
        b=DBXlgqZboDjVYs2LxrWBjKsGZh3ACU12fiFJ22omrbZxuLwPqLwBLykntzu5q0wsor
         txQQ9Ph6PFthV9oXSPII3fP9L8jhTOlmUt9jwbJjss6CtWRnVRxYMKniKOvzhO6DC37c
         ybZLkWbOXq1Nda4oFzcofsAM6WZHgTukSytDC72oPiiuO1DlRlSVZP4QaLCGUsAU+LqC
         n/AGpoOI0DzpmqknVLOZPxPwReu/XzOL3Utf+tFHwXy8q08wURpWCnoBBmp2IFZPS0oY
         ZIS/4H44e0qAkf7NaSCqgZ9Sb+rtucD/iomfVhyqWCp4UcvAFp775nLxd9cUvnjHXJIU
         ikUw==
X-Gm-Message-State: AOAM533U8Oo+pgJW5F2mD8vyaMKHG/919h5j5xDl1QAwLBskJY67Utjj
        u1829np3vFJSTveGFjFZ+toLpjAVQa4=
X-Google-Smtp-Source: 
 ABdhPJxNHiK7vFDiNvjQmfDdx2vJUpLlj6lE17vIsIsKlgqhrncifhFIvzy8vReoA7/NEuVv7lMJlA==
X-Received: by 2002:a17:907:96ac:b0:6d3:4554:598b with SMTP id
 hd44-20020a17090796ac00b006d34554598bmr1371683ejc.424.1645537907331;
        Tue, 22 Feb 2022 05:51:47 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-077-003-065-014.77.3.pool.telefonica.de. [77.3.65.14])
        by smtp.gmail.com with ESMTPSA id
 eg42sm8266916edb.79.2022.02.22.05.51.46
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Feb 2022 05:51:46 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 1/4] newrole: add Makefile target to test build options
Date: Tue, 22 Feb 2022 14:51:40 +0100
Message-Id: <20220222135143.30602-1-cgzones@googlemail.com>
X-Mailer: git-send-email 2.35.1
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Add a Makefile target which build newrole with all combinations of
supported build options.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
---
 policycoreutils/newrole/Makefile | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
index 4dedb7dd..b3ccf671 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -91,3 +91,16 @@ indent:
 
 relabel: install
 	/sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
+
+test-build-options:
+	$(MAKE) PAMH=y AUDITH=y AUDIT_LOG_PRIV=y NAMESPACE_PRIV=y clean newrole
+	$(MAKE) PAMH=y AUDITH=y AUDIT_LOG_PRIV=y NAMESPACE_PRIV=n clean newrole
+	$(MAKE) PAMH=y AUDITH=y AUDIT_LOG_PRIV=n NAMESPACE_PRIV=y clean newrole
+	$(MAKE) PAMH=y AUDITH=y AUDIT_LOG_PRIV=n NAMESPACE_PRIV=n clean newrole
+	$(MAKE) PAMH=y AUDITH=y AUDIT_LOG_PRIV=y NAMESPACE_PRIV=y clean newrole
+	$(MAKE) PAMH=y AUDITH=n AUDIT_LOG_PRIV=n NAMESPACE_PRIV=y clean newrole
+	$(MAKE) PAMH=y AUDITH=n AUDIT_LOG_PRIV=n NAMESPACE_PRIV=n clean newrole
+	$(MAKE) PAMH=n AUDITH=y AUDIT_LOG_PRIV=y NAMESPACE_PRIV=n clean newrole
+	$(MAKE) PAMH=n AUDITH=y AUDIT_LOG_PRIV=n NAMESPACE_PRIV=n clean newrole
+	$(MAKE) PAMH=n AUDITH=n AUDIT_LOG_PRIV=n NAMESPACE_PRIV=n clean newrole
+	$(MAKE) clean

From patchwork Tue Feb 22 13:51:41 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12755121
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1A68AC433F5
	for <selinux@archiver.kernel.org>; Tue, 22 Feb 2022 13:51:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232545AbiBVNwR (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Tue, 22 Feb 2022 08:52:17 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50650 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232052AbiBVNwP (ORCPT
        <rfc822;selinux@vger.kernel.org>); Tue, 22 Feb 2022 08:52:15 -0500
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com
 [IPv6:2a00:1450:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96C6C92D04
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:49 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id s24so30650967edr.5
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=90zIJFuO45nVeH8CSv4OBlOjfOhXslmHI+dWeJ272lU=;
        b=JN/6mUVjbrNnPWgfPL0mo4CKEBEZm+3cQMmjIJHAKXS33FDXohNbzOo0M1PhI01B1X
         EbRNJrtoHXdXzF1nBH2ulLyoC2g6yVDfIEVduZVu7UoNP5Bir+9FNXqfyjI0iRn2eszB
         PVBd9tq4d7Z0CprAg7KJjotc3EWTl/ATltMv/xtbosDmZbaIbzw6vMVZTlSVPFhGfMmq
         qocFEr/owCuaxViDVVsmpRpdIK0j9vl9LrY04VcgDUPhaWqBNzSCIZvStNH25Ue97lMM
         2K3RKkN6GG8HNq+al8ekAHB/TyxJuiWm/ufeeMOlujLix529tYYUWjCgPExev43F/9ZL
         degA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=90zIJFuO45nVeH8CSv4OBlOjfOhXslmHI+dWeJ272lU=;
        b=gqnDHu9OyCbOAC1zVJ0lY4UXa24lVMogPHaEZr1o4WLWggAKbz/RWch0aEvc1aJBew
         yuwPB63ks8Sfg1V5Ku43f/0e7tmXpjJSbpe0H03u1mygV8daVMRb1qhfjbGyIeRggycA
         8OTI50cDWoZ2UBuTtiwEgJzCBnAMJdA0QiGKFmg7sUiek5XkOYQjDd1Ksqdsj6yNGE+p
         d0+4LAG/LUUw3Gyc5tpbVHnudJEmalDdtR+oyyoPEX2HDyRDTL8l/V0p98xpOgWNm/A4
         7SnMJa0sk4Ic1yE2VJPeu0atlLAffc64R7fSJeN9jMjNx7CrQI9kGN3S1agm8KHi2W52
         1peA==
X-Gm-Message-State: AOAM531sEiZekAfkzF1ov7BC/GNBIilhDtrbgbrrgU7SE623pYrB181i
        5DboDSLRtgG0UQMq3w+DB5v0GbL1Xc4=
X-Google-Smtp-Source: 
 ABdhPJxJ3U3MwnOlmhqGDA1RGEKb5boyvXaq7iHikJ9dbFy9FCPC/11aIrBhmwDypDQKyUYGOr+PtA==
X-Received: by 2002:a05:6402:520a:b0:412:8361:d11e with SMTP id
 s10-20020a056402520a00b004128361d11emr26265244edd.190.1645537907877;
        Tue, 22 Feb 2022 05:51:47 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-077-003-065-014.77.3.pool.telefonica.de. [77.3.65.14])
        by smtp.gmail.com with ESMTPSA id
 eg42sm8266916edb.79.2022.02.22.05.51.47
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Feb 2022 05:51:47 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 2/4] newrole: silence compiler warnings
Date: Tue, 22 Feb 2022 14:51:41 +0100
Message-Id: <20220222135143.30602-2-cgzones@googlemail.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220222135143.30602-1-cgzones@googlemail.com>
References: <20220222135143.30602-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

newrole.c:636:12: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
      636 | static int transition_to_caller_uid()
          |            ^~~~~~~~~~~~~~~~~~~~~~~~

    newrole.c:103:9: warning: macro is not used [-Wunused-macros]
    #define DEFAULT_CONTEXT_SIZE 255        /* first guess at context size */
            ^

    newrole.c:862:4: warning: 'break' will never be executed [-Wunreachable-code-break]
                            break;
                            ^~~~~

    newrole.c:168:13: warning: no previous extern declaration for non-static variable 'service_name' [-Wmissing-variable-declarations]
    const char *service_name = "newrole";
                ^

    hashtab.c:53:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:92:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:124:11: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
            hvalue = h->hash_value(h, key);
                   ~ ^~~~~~~~~~~~~~~~~~~~~
    hashtab.c:172:10: warning: implicit conversion changes signedness: 'int' to 'unsigned int' [-Wsign-conversion]
                            ret = apply(cur->key, cur->datum, args);
                                ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    hashtab.c:174:12: warning: implicit conversion changes signedness: 'unsigned int' to 'int' [-Wsign-conversion]
                                    return ret;
                                    ~~~~~~ ^~~

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policycoreutils/newrole/hashtab.c |  9 +++++----
 policycoreutils/newrole/newrole.c | 15 ++++++---------
 2 files changed, 11 insertions(+), 13 deletions(-)

diff --git a/policycoreutils/newrole/hashtab.c b/policycoreutils/newrole/hashtab.c
index bc502836..26d4f4c7 100644
--- a/policycoreutils/newrole/hashtab.c
+++ b/policycoreutils/newrole/hashtab.c
@@ -44,7 +44,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
 
 int hashtab_insert(hashtab_t h, hashtab_key_t key, hashtab_datum_t datum)
 {
-	int hvalue;
+	unsigned int hvalue;
 	hashtab_ptr_t prev, cur, newnode;
 
 	if (!h)
@@ -83,7 +83,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
 		   void (*destroy) (hashtab_key_t k,
 				    hashtab_datum_t d, void *args), void *args)
 {
-	int hvalue;
+	unsigned int hvalue;
 	hashtab_ptr_t cur, last;
 
 	if (!h)
@@ -115,7 +115,7 @@ int hashtab_remove(hashtab_t h, hashtab_key_t key,
 hashtab_datum_t hashtab_search(hashtab_t h, const_hashtab_key_t key)
 {
 
-	int hvalue;
+	unsigned int hvalue;
 	hashtab_ptr_t cur;
 
 	if (!h)
@@ -160,8 +160,9 @@ int hashtab_map(hashtab_t h,
 		int (*apply) (hashtab_key_t k,
 			      hashtab_datum_t d, void *args), void *args)
 {
-	unsigned int i, ret;
+	unsigned int i;
 	hashtab_ptr_t cur;
+	int ret;
 
 	if (!h)
 		return HASHTAB_SUCCESS;
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 9d68b6ab..c9989863 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -100,7 +100,6 @@
 #endif
 
 #define DEFAULT_PATH "/usr/bin:/bin"
-#define DEFAULT_CONTEXT_SIZE 255	/* first guess at context size */
 
 extern char **environ;
 
@@ -115,7 +114,7 @@ extern char **environ;
  *
  * Returns malloc'd memory
  */
-static char *build_new_range(char *newlevel, const char *range)
+static char *build_new_range(const char *newlevel, const char *range)
 {
 	char *newrangep = NULL;
 	const char *tmpptr;
@@ -166,7 +165,7 @@ static char *build_new_range(char *newlevel, const char *range)
 #include <security/pam_appl.h>	/* for PAM functions */
 #include <security/pam_misc.h>	/* for misc_conv PAM utility function */
 
-const char *service_name = "newrole";
+static const char *service_name = "newrole";
 
 /* authenticate_via_pam()
  *
@@ -230,14 +229,13 @@ static int free_hashtab_entry(hashtab_key_t key, hashtab_datum_t d,
 
 static unsigned int reqsymhash(hashtab_t h, const_hashtab_key_t key)
 {
-	char *p, *keyp;
+	const char *p;
 	size_t size;
 	unsigned int val;
 
 	val = 0;
-	keyp = (char *)key;
-	size = strlen(keyp);
-	for (p = keyp; ((size_t) (p - keyp)) < size; p++)
+	size = strlen(key);
+	for (p = key; ((size_t) (p - key)) < size; p++)
 		val =
 		    (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
 	return val & (h->size - 1);
@@ -623,7 +621,7 @@ static inline int drop_capabilities(__attribute__ ((__unused__)) int full)
  * This function will set the uid values to be that of caller's uid, and
  * will drop any privilege which may have been raised.
  */
-static int transition_to_caller_uid()
+static int transition_to_caller_uid(void)
 {
 	uid_t uid = getuid();
 
@@ -850,7 +848,6 @@ static int parse_command_line_arguments(int argc, char **argv, char *ttyn,
 		case 'V':
 			printf("newrole: %s version %s\n", PACKAGE, VERSION);
 			exit(0);
-			break;
 		case 'p':
 			*preserve_environment = 1;
 			break;

From patchwork Tue Feb 22 13:51:42 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12755122
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D9089C433FE
	for <selinux@archiver.kernel.org>; Tue, 22 Feb 2022 13:51:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232052AbiBVNwR (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Tue, 22 Feb 2022 08:52:17 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50652 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232435AbiBVNwP (ORCPT
        <rfc822;selinux@vger.kernel.org>); Tue, 22 Feb 2022 08:52:15 -0500
Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com
 [IPv6:2a00:1450:4864:20::62a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09C4B986EE
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:49 -0800 (PST)
Received: by mail-ej1-x62a.google.com with SMTP id hw13so42924443ejc.9
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=iv+2a7tqm2jECt97x/Sq1uKwBTjbldUt0AY5QMtK2PY=;
        b=nW2OxukDWIL9GK1qSlR7xXhsMfBtm89bjwLjzkFOLqexutUs9jMblBY8g44Gm7Lv1x
         wzOsKpSSEMwxGHVeBhlwOQyCXy8a6Qu5VP6HeThmtZ77IBfCo5eOfYEm1VQNCdCS8yYq
         MYI5/6CSWRzZoKQxnesjz7QYhsfdekKd/vxGnZGp8dRDFBHV5SAkyN6ks6AtP5iOMpEL
         AXK+0ptigCvvtdgDOpFf1DLeuHZEUb2HmQPNW7SA7SqOVNCShkyGTOJQ9Mg6aSMAr9so
         RMl1z7ZxyDakjcvQd2U02Zd2uxG0ZkaMWayDp0uDIidxrtPji57yRt+6erEFN03tbums
         6HlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=iv+2a7tqm2jECt97x/Sq1uKwBTjbldUt0AY5QMtK2PY=;
        b=AJbH7QOBwxIw/XhXo1Ya9Uz9YUvZf6SIN+lNN+itW/3n2IJVkG5ZPguNWpNtjjiy1/
         vCUY0FCsyif3Tbp5oenMPxK6mjdyYhQMNyMLKVK5mvzbTRYhaC8A7WjUZq2iEmASEbba
         q/OwTApDLaakrTDZN+zWWmpdv68U6WVjeyjnBzNqJoE38HZIMKoskEAcJuTZfn5iaZlP
         alXP2FUZS+FTQQGmNxU/2e8cFmPW0AycRZd85JOTCqQTJy0iUJHHywCxwxmjp89nnjN2
         QzZwriUukrWy1p17hUczJl0gezlyMGK98ZdKbh2HrdGbl4YpGASDPHRZRE8aPmBo/HtY
         BpfQ==
X-Gm-Message-State: AOAM533vJijNwBV7kHdaL2iTl0AeQ0Bao0VrRYquaVIL34GZVtg0H1Kd
        aDx/kMLI6AYlDgjG+umWhPjqusMHu5s=
X-Google-Smtp-Source: 
 ABdhPJzXHuqgVKF7XVAn4Eelb/AbIgPKTe1ztf4N3IcjtqNX9HugJPXF/8yBV5n8Jjk/+lGctyzpXA==
X-Received: by 2002:a17:906:5a5c:b0:6cf:11a2:6b79 with SMTP id
 my28-20020a1709065a5c00b006cf11a26b79mr19432168ejc.602.1645537908497;
        Tue, 22 Feb 2022 05:51:48 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-077-003-065-014.77.3.pool.telefonica.de. [77.3.65.14])
        by smtp.gmail.com with ESMTPSA id
 eg42sm8266916edb.79.2022.02.22.05.51.47
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Feb 2022 05:51:48 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 3/4] newrole: check for crypt(3) failure
Date: Tue, 22 Feb 2022 14:51:42 +0100
Message-Id: <20220222135143.30602-3-cgzones@googlemail.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220222135143.30602-1-cgzones@googlemail.com>
References: <20220222135143.30602-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Depending on the implementation crypt(3) can fail either by returning
NULL, or returning a pointer to an invalid hash and setting errno.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policycoreutils/newrole/newrole.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index c9989863..781f99b6 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -368,9 +368,14 @@ static int authenticate_via_shadow_passwd(const char *uname)
 	}
 
 	/* Use crypt() to encrypt user's input password. */
+	errno = 0;
 	encrypted_password_s = crypt(unencrypted_password_s,
 				     p_shadow_line->sp_pwdp);
 	memset(unencrypted_password_s, 0, strlen(unencrypted_password_s));
+	if (errno || !encrypted_password_s) {
+		fprintf(stderr, _("Cannot encrypt password.\n"));
+		return 0;
+	}
 	return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp));
 }
 #endif				/* if/else USE_PAM */

From patchwork Tue Feb 22 13:51:43 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?=
 <cgzones@googlemail.com>
X-Patchwork-Id: 12755123
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5F4A5C433EF
	for <selinux@archiver.kernel.org>; Tue, 22 Feb 2022 13:51:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232435AbiBVNwS (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Tue, 22 Feb 2022 08:52:18 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50670 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232540AbiBVNwQ (ORCPT
        <rfc822;selinux@vger.kernel.org>); Tue, 22 Feb 2022 08:52:16 -0500
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com
 [IPv6:2a00:1450:4864:20::531])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8884590FFD
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:50 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id x5so36979786edd.11
        for <selinux@vger.kernel.org>; Tue, 22 Feb 2022 05:51:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20210112;
        h=from:to:subject:date:message-id:in-reply-to:references:mime-version
         :content-transfer-encoding;
        bh=AeOBKwplGWTadx7LbtcLnRBBLdCt5vU5//tyI2TJmac=;
        b=Y4yRU4tbFUGA6d3nInL3arkjhHZJtxKUWmwrGXmRCzMobIU1PDTekYvuHqKenZEgN7
         PLN0hPmCh15mn4Ubhqq6CEirrwJ/d6VYcdEB9P272eGBROB9pt/gJoV6ENivUr0ThpP1
         M1xy1NNHghN3iht4+KyVl8k+jZDnLgoNJmxC6c5QSPadh+dV+F2t4FtpK2ezOVX5xV2f
         Dg71Ks8nVNvotKZCD6Lt9jttifAOHZY1fTzCJI0Gsk5wy34kN+xMkri9WGd/AD+dDTsQ
         N0v0XEgmnwYztplCfqFjg7KHKBHp5ykN8d7E2ce3yvIYiXqG8bZIZ7Mk0CiuAYmZwZUq
         ohJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=AeOBKwplGWTadx7LbtcLnRBBLdCt5vU5//tyI2TJmac=;
        b=wKZvFNcJafL9W5tjRYS9xGvRnLepvzd1CfA23rUMRNG5xhRZTrD1JzNsd5NNgPkm2c
         xG2frHujHf6dgmxW8/ju9GPRrTp7HerS19H/cr/dTZ+GQs0GYq+W3P/9h4CkfnA+9uIl
         v9mgHLyd/EHHzpQaHom2HrHraPtySy9sHC/dstXbXsCh3HGCFOUvSTZRudo9JqqcAXhm
         4TFx843ssyImnYQ+Tb1rk0AWfh1RHR8MGe9mVrVsl1tWRaZSSBQOxEdNIpQZIoKVbkYG
         S03frBZ9INK0kGwlM+NS5IT/eTTxMZJCU+QiAIVPwI7487uCK/PVsuRPZqCpWbCcEP4N
         pkZQ==
X-Gm-Message-State: AOAM532TVXQKg9XYjiP46lV8klWCavAhpWoypcPQRspirZ3L5BjvBq3M
        UtU0/WxoBAqkCUCOZ49M9iksTFIQ6VI=
X-Google-Smtp-Source: 
 ABdhPJyTk1vYY+75aL7eCTL9PXXZO286+5B0uC5k6u3TTbhA8DVb7fh5OeM1CmVsXon3Qdl0ClhAvw==
X-Received: by 2002:aa7:c047:0:b0:40b:488:547c with SMTP id
 k7-20020aa7c047000000b0040b0488547cmr26123147edo.76.1645537909090;
        Tue, 22 Feb 2022 05:51:49 -0800 (PST)
Received: from debianHome.localdomain
 (dynamic-077-003-065-014.77.3.pool.telefonica.de. [77.3.65.14])
        by smtp.gmail.com with ESMTPSA id
 eg42sm8266916edb.79.2022.02.22.05.51.48
        for <selinux@vger.kernel.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Feb 2022 05:51:48 -0800 (PST)
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 4/4] newrole: ensure password memory erasure
Date: Tue, 22 Feb 2022 14:51:43 +0100
Message-Id: <20220222135143.30602-4-cgzones@googlemail.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220222135143.30602-1-cgzones@googlemail.com>
References: <20220222135143.30602-1-cgzones@googlemail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Compiler can optimize calls to memset(3), due to the as-if rule, away if
the object is not accessed later on.  Use a wrapper using volatile
pointers to ensure the memory is guaranteed to be erased.  Also erase
the encrypted password.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policycoreutils/newrole/newrole.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 781f99b6..ae37d725 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -333,6 +333,14 @@ static int read_pam_config(void)
 
 #define PASSWORD_PROMPT _("Password:")	/* prompt for getpass() */
 
+static void memzero(void *ptr, size_t size)
+{
+	volatile unsigned char * volatile p = ptr;
+	while (size--) {
+		*p++ = '\0';
+	}
+}
+
 /* authenticate_via_shadow_passwd()
  *
  * in:     uname - the calling user's user name
@@ -351,6 +359,7 @@ static int authenticate_via_shadow_passwd(const char *uname)
 	struct spwd *p_shadow_line;
 	char *unencrypted_password_s;
 	char *encrypted_password_s;
+	int ret;
 
 	setspent();
 	p_shadow_line = getspnam(uname);
@@ -371,12 +380,15 @@ static int authenticate_via_shadow_passwd(const char *uname)
 	errno = 0;
 	encrypted_password_s = crypt(unencrypted_password_s,
 				     p_shadow_line->sp_pwdp);
-	memset(unencrypted_password_s, 0, strlen(unencrypted_password_s));
+	memzero(unencrypted_password_s, strlen(unencrypted_password_s));
 	if (errno || !encrypted_password_s) {
 		fprintf(stderr, _("Cannot encrypt password.\n"));
 		return 0;
 	}
-	return (!strcmp(encrypted_password_s, p_shadow_line->sp_pwdp));
+
+	ret = !strcmp(encrypted_password_s, p_shadow_line->sp_pwdp);
+	memzero(encrypted_password_s, strlen(encrypted_password_s));
+	return ret;
 }
 #endif				/* if/else USE_PAM */