[people/ms/ipfire-3.x.git] / net-tools / patches / net-tools-1.60-selinux.patch

--- net-tools-1.60/Makefile~	2005-12-24 06:56:57.000000000 -0500
+++ net-tools-1.60/Makefile	2005-12-29 16:54:06.000000000 -0500
@@ -113,6 +113,12 @@
 
 NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a
 
+ifeq ($(HAVE_SELINUX),1)
+LDFLAGS += -lselinux
+CFLAGS += -DHAVE_SELINUX
+else
+endif
+
 CFLAGS	+= $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH)
 LDFLAGS	+= $(LOPTS) -L$(NET_LIB_PATH)
 
--- net-tools-1.60/netstat.c~	2005-12-24 06:56:57.000000000 -0500
+++ net-tools-1.60/netstat.c	2005-12-29 16:54:07.000000000 -0500
@@ -86,6 +86,11 @@
 #include <net/if.h>
 #include <dirent.h>
 
+#if HAVE_SELINUX
+#include <selinux/selinux.h>
+#else
+#define security_context_t char*
+#endif
 #include "net-support.h"
 #include "pathnames.h"
 #include "version.h"
@@ -96,6 +101,7 @@
 #include "util.h"
 
 #define PROGNAME_WIDTH 20
+#define SELINUX_WIDTH 50
 
 #if !defined(s6_addr32) && defined(in6a_words)
 #define s6_addr32 in6a_words	/* libinet6			*/
@@ -150,6 +156,7 @@
 int flag_prg = 0;
 int flag_arg = 0;
 int flag_ver = 0;
+int flag_selinux = 0;
 
 FILE *procinfo;
 
@@ -213,12 +220,17 @@
 #define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s)
 #define PROGNAME_WIDTH2(s) #s
 
+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH)
+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s)
+#define SELINUX_WIDTH2(s) #s
+
 #define PRG_HASH_SIZE 211
 
 static struct prg_node {
     struct prg_node *next;
     int inode;
     char name[PROGNAME_WIDTH];
+    char scon[SELINUX_WIDTH];
 } *prg_hash[PRG_HASH_SIZE];
 
 static char prg_cache_loaded = 0;
@@ -226,9 +238,12 @@
 #define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE)
 
 #define PROGNAME_BANNER "PID/Program name"
+#define SELINUX_BANNER "Security Context"
 
 #define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0)
 
+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0)
+
 #define PRG_LOCAL_ADDRESS "local_address"
 #define PRG_INODE	 "inode"
 #define PRG_SOCKET_PFX    "socket:["
@@ -250,7 +265,7 @@
 /* NOT working as of glibc-2.0.7: */
 #undef  DIRENT_HAVE_D_TYPE_WORKS
 
-static void prg_cache_add(int inode, char *name)
+static void prg_cache_add(int inode, char *name, char *scon)
 {
     unsigned hi = PRG_HASHIT(inode);
     struct prg_node **pnp,*pn;
@@ -271,6 +286,14 @@
     if (strlen(name)>sizeof(pn->name)-1) 
 	name[sizeof(pn->name)-1]='\0';
     strcpy(pn->name,name);
+
+    {
+       int len=(strlen(scon)-sizeof(pn->scon))+1;
+       if (len > 0) 
+           strcpy(pn->scon,&scon[len+1]);
+       else
+	   strcpy(pn->scon,scon);
+    }
 }
 
 static const char *prg_cache_get(unsigned long inode)
@@ -283,6 +306,16 @@
     return("-");
 }
 
+static const char *prg_cache_get_con(unsigned long inode)
+{
+    unsigned hi=PRG_HASHIT(inode);
+    struct prg_node *pn;
+
+    for (pn=prg_hash[hi];pn;pn=pn->next)
+	    if (pn->inode==inode) return(pn->scon);
+    return("-");
+}
+
 static void prg_cache_clear(void)
 {
     struct prg_node **pnp,*pn;
@@ -348,6 +381,7 @@
     const char *cs,*cmdlp;
     DIR *dirproc=NULL,*dirfd=NULL;
     struct dirent *direproc,*direfd;
+    security_context_t scon=NULL;
 
     if (prg_cache_loaded || !flag_prg) return;
     prg_cache_loaded=1;
@@ -415,7 +449,15 @@
 	    }
 
 	    snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp);
-	    prg_cache_add(inode, finbuf);
+#if HAVE_SELINUX
+	    if (getpidcon(atoi(direproc->d_name), &scon) == -1) {
+		    scon=strdup("-");
+	    }
+	    prg_cache_add(inode, finbuf, scon);
+	    freecon(scon);
+#else
+	    prg_cache_add(inode, finbuf, "-");
+#endif
 	}
 	closedir(dirfd); 
 	dirfd = NULL;
@@ -1385,6 +1428,8 @@
 	printf("-      ");
     if (flag_prg)
 	printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-"));
+    if (flag_selinux)
+	printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-"));
     puts(path);
 }
 
@@ -1403,6 +1448,7 @@
 
     printf(_("\nProto RefCnt Flags       Type       State         I-Node"));
     print_progname_banner();
+    print_selinux_banner();
     printf(_(" Path\n"));	/* xxx */
 
     {
@@ -1682,6 +1728,7 @@
     fprintf(stderr, _("        -o, --timers               display timers\n"));
     fprintf(stderr, _("        -F, --fib                  display Forwarding Information Base (default)\n"));
     fprintf(stderr, _("        -C, --cache                display routing cache instead of FIB\n\n"));
+    fprintf(stderr, _("        -Z, --context              display SELinux security context for sockets\n\n"));
 
     fprintf(stderr, _("  <Iface>: Name of interface to monitor/list.\n"));
     fprintf(stderr, _("  <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n"));
@@ -1729,6 +1776,7 @@
 	{"cache", 0, 0, 'C'},
 	{"fib", 0, 0, 'F'},
 	{"groups", 0, 0, 'g'},
+	{"context", 0, 0, 'Z'},
 	{NULL, 0, 0, 0}
     };
 
@@ -1741,7 +1789,7 @@
 
     afname[0] = '\0';
 
-    while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF)
+    while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF)
 	switch (i) {
 	case -1:
 	    break;
@@ -1838,6 +1886,20 @@
 	    if (aftrans_opt("unix"))
 		exit(1);
 	    break;
+	case 'Z':
+#if HAVE_SELINUX
+	    if (is_selinux_enabled() <= 0) {
+		fprintf(stderr, _("SELinux is not enabled on this machine.\n"));
+		exit(1);
+	    }
+	    flag_prg++;
+	    flag_selinux++;
+#else
+            fprintf(stderr, _("SELinux is not enabled for this application.\n"));
+	    exit(1);
+#endif
+
+	    break;
 	case '?':
 	case 'h':
 	    usage();
--- net-tools-1.60/netstat.c.sel	2007-05-21 14:02:08.000000000 -0400
+++ net-tools-1.60/netstat.c	2007-05-21 14:03:23.000000000 -0400
@@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns
     }
     if (flag_prg)
 	printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode));
+    if (flag_selinux)
+	printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode));
+
     if (flag_opt)
 	printf("%s", timers);
     putchar('\n');
@@ -2420,6 +2423,7 @@ int main
 	    if (flag_exp > 1)
 		printf(_(" User       Inode     "));
 	    print_progname_banner();
+	    print_selinux_banner();
 	    if (flag_opt)
 		printf(_(" Timer"));	/* xxx */
 	    printf("\n");
Commit	Line	Data
236898d6 MT	1	--- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500
	2	+++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500
	3	@@ -113,6 +113,12 @@
	4
	5	NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a
	6
	7	+ifeq ($(HAVE_SELINUX),1)
	8	+LDFLAGS += -lselinux
	9	+CFLAGS += -DHAVE_SELINUX
	10	+else
	11	+endif
	12	+
	13	CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH)
	14	LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH)
	15
	16	--- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500
	17	+++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500
	18	@@ -86,6 +86,11 @@
	19	#include <net/if.h>
	20	#include <dirent.h>
	21
	22	+#if HAVE_SELINUX
	23	+#include <selinux/selinux.h>
	24	+#else
	25	+#define security_context_t char*
	26	+#endif
	27	#include "net-support.h"
	28	#include "pathnames.h"
	29	#include "version.h"
	30	@@ -96,6 +101,7 @@
	31	#include "util.h"
	32
	33	#define PROGNAME_WIDTH 20
	34	+#define SELINUX_WIDTH 50
	35
	36	#if !defined(s6_addr32) && defined(in6a_words)
	37	#define s6_addr32 in6a_words /* libinet6 */
	38	@@ -150,6 +156,7 @@
	39	int flag_prg = 0;
	40	int flag_arg = 0;
	41	int flag_ver = 0;
	42	+int flag_selinux = 0;
	43
	44	FILE *procinfo;
	45
	46	@@ -213,12 +220,17 @@
	47	#define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s)
	48	#define PROGNAME_WIDTH2(s) #s
	49
	50	+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH)
	51	+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s)
	52	+#define SELINUX_WIDTH2(s) #s
	53	+
	54	#define PRG_HASH_SIZE 211
	55
	56	static struct prg_node {
	57	struct prg_node *next;
	58	int inode;
	59	char name[PROGNAME_WIDTH];
	60	+ char scon[SELINUX_WIDTH];
	61	} *prg_hash[PRG_HASH_SIZE];
	62
	63	static char prg_cache_loaded = 0;
	64	@@ -226,9 +238,12 @@
65	#define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE)
66
67	#define PROGNAME_BANNER "PID/Program name"
68	+#define SELINUX_BANNER "Security Context"
69
70	#define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0)
71
72	+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0)
73	+
74	#define PRG_LOCAL_ADDRESS "local_address"
75	#define PRG_INODE "inode"
76	#define PRG_SOCKET_PFX "socket:["
77	@@ -250,7 +265,7 @@
78	/* NOT working as of glibc-2.0.7: */
79	#undef DIRENT_HAVE_D_TYPE_WORKS
80
81	-static void prg_cache_add(int inode, char *name)
82	+static void prg_cache_add(int inode, char name, char scon)
83	{
84	unsigned hi = PRG_HASHIT(inode);
85	struct prg_node *pnp,pn;
86	@@ -271,6 +286,14 @@
87	if (strlen(name)>sizeof(pn->name)-1)
88	name[sizeof(pn->name)-1]='\0';
89	strcpy(pn->name,name);
90	+
91	+ {
92	+ int len=(strlen(scon)-sizeof(pn->scon))+1;
93	+ if (len > 0)
94	+ strcpy(pn->scon,&scon[len+1]);
95	+ else
96	+ strcpy(pn->scon,scon);
97	+ }
98	}
99
100	static const char *prg_cache_get(unsigned long inode)
101	@@ -283,6 +306,16 @@
102	return("-");
103	}
104
105	+static const char *prg_cache_get_con(unsigned long inode)
106	+{
107	+ unsigned hi=PRG_HASHIT(inode);
108	+ struct prg_node *pn;
109	+
110	+ for (pn=prg_hash[hi];pn;pn=pn->next)
111	+ if (pn->inode==inode) return(pn->scon);
112	+ return("-");
113	+}
114	+
115	static void prg_cache_clear(void)
116	{
117	struct prg_node *pnp,pn;
118	@@ -348,6 +381,7 @@
119	const char cs,cmdlp;
120	DIR dirproc=NULL,dirfd=NULL;
121	struct dirent direproc,direfd;
122	+ security_context_t scon=NULL;
123
124	if (prg_cache_loaded \|\| !flag_prg) return;
125	prg_cache_loaded=1;
126	@@ -415,7 +449,15 @@
127	}
128
129	snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp);
130	- prg_cache_add(inode, finbuf);
131	+#if HAVE_SELINUX
132	+ if (getpidcon(atoi(direproc->d_name), &scon) == -1) {
133	+ scon=strdup("-");
134	+ }
135	+ prg_cache_add(inode, finbuf, scon);
136	+ freecon(scon);
137	+#else
138	+ prg_cache_add(inode, finbuf, "-");
139	+#endif
140	}
141	closedir(dirfd);
142	dirfd = NULL;
143	@@ -1385,6 +1428,8 @@
144	printf("- ");
145	if (flag_prg)
146	printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-"));
147	+ if (flag_selinux)
148	+ printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-"));
149	puts(path);
150	}
151
152	@@ -1403,6 +1448,7 @@
153
154	printf(_("\nProto RefCnt Flags Type State I-Node"));
155	print_progname_banner();
156	+ print_selinux_banner();
157	printf(_(" Path\n")); /* xxx */
158
159	{
160	@@ -1682,6 +1728,7 @@
161	fprintf(stderr, _(" -o, --timers display timers\n"));
162	fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n"));
163	fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n"));
164	+ fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n"));
165
166	fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n"));
167	fprintf(stderr, _(" <Socket>={-t\|--tcp} {-u\|--udp} {-w\|--raw} {-x\|--unix} --ax25 --ipx --netrom\n"));
168	@@ -1729,6 +1776,7 @@
169	{"cache", 0, 0, 'C'},
170	{"fib", 0, 0, 'F'},
171	{"groups", 0, 0, 'g'},
172	+ {"context", 0, 0, 'Z'},
173	{NULL, 0, 0, 0}
174	};
175
176	@@ -1741,7 +1789,7 @@
177
178	afname[0] = '\0';
179
180	- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF)
181	+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF)
182	switch (i) {
183	case -1:
184	break;
185	@@ -1838,6 +1886,20 @@
186	if (aftrans_opt("unix"))
187	exit(1);
188	break;
189	+ case 'Z':
190	+#if HAVE_SELINUX
191	+ if (is_selinux_enabled() <= 0) {
192	+ fprintf(stderr, _("SELinux is not enabled on this machine.\n"));
193	+ exit(1);
194	+ }
195	+ flag_prg++;
196	+ flag_selinux++;
197	+#else
198	+ fprintf(stderr, _("SELinux is not enabled for this application.\n"));
199	+ exit(1);
200	+#endif
201	+
202	+ break;
203	case '?':
204	case 'h':
205	usage();
206	--- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400
207	+++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400
208	@@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns
209	}
210	if (flag_prg)
211	printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode));
212	+ if (flag_selinux)
213	+ printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode));
214	+
215	if (flag_opt)
216	printf("%s", timers);
217	putchar('\n');
218	@@ -2420,6 +2423,7 @@ int main
219	if (flag_exp > 1)
220	printf(_(" User Inode "));
221	print_progname_banner();
222	+ print_selinux_banner();
223	if (flag_opt)
224	printf(_(" Timer")); /* xxx */
225	printf("\n");