/* id -- print real and effective UIDs and GIDs
- Copyright (C) 1989-2005 Free Software Foundation, Inc.
+ Copyright (C) 1989-2007 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#include <pwd.h>
#include <grp.h>
#include <getopt.h>
+#include <selinux/selinux.h>
#include "system.h"
#include "error.h"
int getugroups ();
+/* If nonzero, output only the SELinux context. -Z */
+static int just_context = 0;
+
static void print_user (uid_t uid);
static void print_group (gid_t gid);
static void print_group_list (const char *username);
/* True unless errors have been encountered. */
static bool ok = true;
+/* The SELinux context. Start with a known invalid value so print_full_info
+ knows when `context' has not been set to a meaningful value. */
+static security_context_t context = NULL;
+
static struct option const longopts[] =
{
+ {"context", no_argument, NULL, 'Z'},
{"group", no_argument, NULL, 'g'},
{"groups", no_argument, NULL, 'G'},
{"name", no_argument, NULL, 'n'},
Print information for USERNAME, or the current user.\n\
\n\
-a ignore, for compatibility with other versions\n\
+ -Z, --context print only the security context of the current user\n\
-g, --group print only the effective group ID\n\
-G, --groups print all group IDs\n\
-n, --name print a name instead of a number, for -ugG\n\
main (int argc, char **argv)
{
int optc;
+ int selinux_enabled = (is_selinux_enabled () > 0);
/* If true, output the list of all group IDs. -G */
bool just_group_list = false;
atexit (close_stdout);
- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
+ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
{
switch (optc)
{
case 'a':
/* Ignore -a, for compatibility with SVR4. */
break;
+
+ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
+ if (!selinux_enabled)
+ error (EXIT_FAILURE, 0, _("--context (-Z) can be used only on "
+ "an SELinux-enabled kernel"));
+ just_context = 1;
+ break;
+
case 'g':
just_group = true;
break;
}
}
- if (just_user + just_group + just_group_list > 1)
- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
-
- if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
- error (EXIT_FAILURE, 0,
- _("cannot print only names or real IDs in default format"));
-
- if (argc - optind > 1)
+ if (1 < argc - optind)
{
error (0, 0, _("extra operand %s"), quote (argv[optind + 1]));
usage (EXIT_FAILURE);
}
+ if (argc - optind == 1 && just_context)
+ error (EXIT_FAILURE, 0,
+ _("cannot print security context when user specified"));
+
+ if (just_context && !selinux_enabled)
+ error (EXIT_FAILURE, 0, _("\
+cannot display context when selinux not enabled or when displaying the id\n\
+of a different user"));
+
+ /* If we are on a selinux-enabled kernel, get our context.
+ Otherwise, leave the context variable alone - it has
+ been initialized known invalid value; if we see this invalid
+ value later, we will know we are on a non-selinux kernel. */
+ if (selinux_enabled)
+ {
+ if (getcon (&context) && just_context)
+ error (EXIT_FAILURE, 0, _("can't get process context"));
+ }
+
+ if (just_user + just_group + just_group_list + just_context > 1)
+ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
+
+ if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
+ error (EXIT_FAILURE, 0,
+ _("cannot print only names or real IDs in default format"));
+
if (argc - optind == 1)
{
struct passwd *pwd = getpwnam (argv[optind]);
print_group (use_real ? rgid : egid);
else if (just_group_list)
print_group_list (argv[optind]);
+ else if (just_context)
+ fputs (context, stdout);
else
print_full_info (argv[optind]);
putchar ('\n');
free (groups);
}
#endif /* HAVE_GETGROUPS */
+ if (context != NULL)
+ printf (" context=%s", context);
}
projects / thirdparty / coreutils.git / commitdiff
