SELinux bases access to files mainly on the domain of the requesting

process and the context applied to the file.

In many cases, applications needn't be SELinux aware to work properly,

because SELinux can apply a default label to a file based on the label

of the directory in which it's created.

In the case of files such as /etc/krb5.keytab, however, this isn't

sufficient, as /etc/krb5.keytab will almost always need given a label

which differs from that of /etc/issue or /etc/resolv.conf.

To give the file the correct label, we can either force a "restorecon"

call to fix a file's label after it's created, or create the file with

the right label, as we do here.  We lean on THREEPARAMOPEN and define a

similar macro named WRITABLEFOPEN with which we replace several uses of

fopen().

diff -ur krb5-1.6.3/src/aclocal.m4 krb5-1.6.3/src/aclocal.m4

--- krb5-1.6.3/src/aclocal.m4	2008-03-06 19:04:59.000000000 -0500

+++ krb5-1.6.3/src/aclocal.m4	2008-03-06 17:31:21.000000000 -0500

@@ -102,6 +102,7 @@

 dnl

 KRB5_AC_PRAGMA_WEAK_REF

 WITH_LDAP

+KRB5_WITH_SELINUX

 KRB5_LIB_PARAMS

 KRB5_AC_INITFINI

 KRB5_AC_ENABLE_THREADS

@@ -1902,3 +1903,50 @@

 AC_SUBST(PAM_MAN)

 AC_SUBST(NON_PAM_MAN)

 ])dnl

+dnl

+dnl Use libselinux to set file contexts on newly-created files.

+dnl 

+AC_DEFUN(KRB5_WITH_SELINUX,[

+AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])],

+           withselinux="$withval",withselinux=auto)

+old_LIBS="$LIBS"

+if test "$withselinux" != no ; then

+       AC_MSG_RESULT([checking for libselinux...])

+       SELINUX_LIBS=

+       AC_CHECK_HEADERS(selinux/selinux.h)

+       if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then

+               if test "$withselinux" = auto ; then

+                       AC_MSG_RESULT([Unable to locate selinux/selinux.h.])

+                       withselinux=no

+               else

+                       AC_MSG_ERROR([Unable to locate selinux/selinux.h.])

+               fi

+       fi

+

+       LIBS=

+       unset ac_cv_func_setfscreatecon

+       AC_CHECK_FUNCS(setfscreatecon)

+       if test "x$ac_cv_func_setfscreatecon" = xno ; then

+               AC_CHECK_LIB(selinux,setfscreatecon)

+               unset ac_cv_func_setfscreatecon

+               AC_CHECK_FUNCS(setfscreatecon)

+               if test "x$ac_cv_func_setfscreatecon" = xyes ; then

+                       SELINUX_LIBS="$LIBS"

+               else

+                       if test "$withselinux" = auto ; then

+                               AC_MSG_RESULT([Unable to locate libselinux.])

+                               withselinux=no

+                       else

+                               AC_MSG_ERROR([Unable to locate libselinux.])

+                       fi

+               fi

+       fi

+       if test "$withselinux" != no ; then

+               AC_MSG_RESULT([Using SELinux.])

+               AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.])

+               SELINUX_LIBS="$LIBS"

+       fi

+fi

+LIBS="$old_LIBS"

+AC_SUBST(SELINUX_LIBS)

+])dnl

diff -ur krb5-1.6.3/src/appl/bsd/configure.in krb5-1.6.3/src/appl/bsd/configure.in

--- krb5-1.6.3/src/appl/bsd/configure.in	2008-03-06 19:04:59.000000000 -0500

+++ krb5-1.6.3/src/appl/bsd/configure.in	2008-03-06 18:05:45.000000000 -0500

@@ -25,6 +25,7 @@

       LOGINLIBS="$LOGINLIBS -lodm -ls -lcfg" 

       )))

 KRB5_WITH_PAM

+KRB5_WITH_SELINUX

 dnl

 dnl Make our operating system-specific security checks and definitions for

 dnl login.

diff -ur krb5-1.6.3/src/appl/gssftp/configure.in krb5-1.6.3/src/appl/gssftp/configure.in

--- krb5-1.6.3/src/appl/gssftp/configure.in	2008-03-06 19:04:59.000000000 -0500

+++ krb5-1.6.3/src/appl/gssftp/configure.in	2008-03-06 18:08:03.000000000 -0500

@@ -18,6 +18,7 @@

 AC_CHECK_FUNCS(getcwd getdtablesize getusershell seteuid setreuid setresuid strerror getenv)

 AC_CHECK_LIB(crypt,crypt) dnl 

 KRB5_WITH_PAM

+KRB5_WITH_SELINUX

 KRB5_AC_LIBUTIL

 dnl 

 dnl copied from appl/bsd/configure.in

diff -ur krb5-1.6.3/src/appl/telnet/configure.in krb5-1.6.3/src/appl/telnet/configure.in

--- krb5-1.6.3/src/appl/telnet/configure.in	2006-03-27 23:35:02.000000000 -0500

+++ krb5-1.6.3/src/appl/telnet/configure.in	2008-03-06 18:08:49.000000000 -0500

@@ -163,6 +163,7 @@

 if test $krb5_cv_sys_setpgrp_two = yes; then

   AC_DEFINE(SETPGRP_TWOARG,1,[Define if setpgrp takes two arguments])

 fi

+KRB5_USE_SELINUX

 dnl

 KRB5_NEED_PROTO([#include <stdlib.h>],unsetenv,1)

 dnl KRB5_NEED_PROTO([#include <stdlib.h>],setenv,1)

diff -ur krb5-1.6.3/src/config/pre.in krb5-1.6.3/src/config/pre.in

--- krb5-1.6.3/src/config/pre.in	2008-03-06 19:04:59.000000000 -0500

+++ krb5-1.6.3/src/config/pre.in	2008-03-06 17:53:07.000000000 -0500

@@ -181,6 +181,7 @@

 CLNTLIBS = @CLNTLIBS@

 CLNTDEPLIBS = @CLNTDEPLIBS@

 PAM_LIBS = @PAM_LIBS@

+SELINUX_LIBS=@SELINUX_LIBS@

 INSTALL=@INSTALL@

 INSTALL_STRIP=

@@ -391,7 +392,7 @@

 # HESIOD_LIBS is -lhesiod...

 HESIOD_LIBS	= @HESIOD_LIBS@

-KRB5_BASE_LIBS	= $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB)

+KRB5_BASE_LIBS	= $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB)

 KRB4COMPAT_LIBS	= $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS)

 KDB5_LIBS	= $(KDB5_LIB)

 GSS_LIBS	= $(GSS_KRB5_LIB)

diff -ur krb5-1.6.3/src/configure.in krb5-1.6.3/src/configure.in

--- krb5-1.6.3/src/configure.in	2008-03-06 19:04:59.000000000 -0500

+++ krb5-1.6.3/src/configure.in	2008-03-06 17:39:53.000000000 -0500

@@ -945,6 +945,8 @@

 KRB5_WITH_PAM

+KRB5_WITH_SELINUX

+

 AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])

 mansysconfdir=$sysconfdir

diff -ur krb5-1.6.3/src/include/autoconf.h.in krb5-1.6.3/src/include/autoconf.h.in

--- krb5-1.6.3/src/include/autoconf.h.in	2007-10-21 23:35:17.000000000 -0400

+++ krb5-1.6.3/src/include/autoconf.h.in	2008-03-06 17:39:13.000000000 -0500

@@ -358,6 +358,9 @@

 /* Define to 1 if you have the `sched_yield' function. */

 #undef HAVE_SCHED_YIELD

+/* Define to 1 if you have the <selinux/selinux.h> header file. */

+#undef HAVE_SELINUX_SELINUX_H

+

 /* Define to 1 if you have the <semaphore.h> header file. */

 #undef HAVE_SEMAPHORE_H

@@ -370,6 +373,9 @@

 /* Define to 1 if you have the `setegid' function. */

 #undef HAVE_SETEGID

+/* Define to 1 if you have the `setfscreatecon' function. */

+#undef HAVE_SETFSCREATECON

+

 /* Define to 1 if you have the `setenv' function. */

 #undef HAVE_SETENV

@@ -695,6 +701,10 @@

 /* Define if the KDC should use a replay cache */

 #undef USE_RCACHE

+/* Define if Kerberos-aware tools should set SELinux file contexts when

+   creating files. */

+#undef USE_SELINUX

+

 /* Define if sigprocmask should be used */

 #undef USE_SIGPROCMASK

diff -ur krb5-1.6.3/src/include/k5-int.h krb5-1.6.3/src/include/k5-int.h

--- krb5-1.6.3/src/include/k5-int.h	2007-10-04 16:17:48.000000000 -0400

+++ krb5-1.6.3/src/include/k5-int.h	2008-03-06 18:51:29.000000000 -0500

@@ -128,6 +128,20 @@

 typedef UINT64_TYPE krb5_ui_8;

 typedef INT64_TYPE krb5_int64;

+#include "k5-platform.h"

+

+#ifdef THREEPARAMOPEN

+#undef THREEPARAMOPEN

+#endif

+

+#ifdef USE_SELINUX

+#include "k5-label.h"

+#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z)

+#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y)

+#else

+#define WRITABLEFOPEN(x,y) fopen(x,y)

+#define THREEPARAMOPEN(x,y,z) open(x,y,z)

+#endif

 #define DEFAULT_PWD_STRING1 "Enter password"

 #define DEFAULT_PWD_STRING2 "Re-enter password for verification"

diff -ur krb5-1.6.3/src/include/krb5/krb5.hin krb5-1.6.3/src/include/krb5/krb5.hin

--- krb5-1.6.3/src/include/krb5/krb5.hin	2007-09-17 23:36:09.000000000 -0400

+++ krb5-1.6.3/src/include/krb5/krb5.hin	2008-03-06 18:17:29.000000000 -0500

@@ -91,6 +91,12 @@

 #define THREEPARAMOPEN(x,y,z) open(x,y,z)

 #endif

+#if KRB5_PRIVATE

+#ifndef WRITABLEFOPEN

+#define WRITABLEFOPEN(x,y) fopen(x,y)

+#endif

+#endif

+

 #define KRB5_OLD_CRYPTO

 #include <stdlib.h>

diff -ur krb5-1.6.3/src/kadmin/dbutil/dump.c krb5-1.6.3/src/kadmin/dbutil/dump.c

--- krb5-1.6.3/src/kadmin/dbutil/dump.c	2006-12-18 18:11:15.000000000 -0500

+++ krb5-1.6.3/src/kadmin/dbutil/dump.c	2008-03-06 18:33:44.000000000 -0500

@@ -1148,7 +1148,7 @@

 	 * want to get into.

 	 */

 	unlink(ofile);

-	if (!(f = fopen(ofile, "w"))) {

+	if (!(f = WRITABLEFOPEN(ofile, "w"))) {

 	    fprintf(stderr, ofopen_error,

 		    programname, ofile, error_message(errno));

 	    exit_status++;

diff -ur krb5-1.6.3/src/kadmin/dbutil/dumpv4.c krb5-1.6.3/src/kadmin/dbutil/dumpv4.c

--- krb5-1.6.3/src/kadmin/dbutil/dumpv4.c	2002-11-05 19:42:57.000000000 -0500

+++ krb5-1.6.3/src/kadmin/dbutil/dumpv4.c	2008-03-06 18:33:50.000000000 -0500

@@ -324,7 +324,7 @@

 		 * want to get into.

 		 */

 		unlink(outname);

-		if (!(f = fopen(outname, "w"))) {

+		if (!(f = WRITABLEFOPEN(outname, "w"))) {

 			com_err(argv[0], errno,

 				"While opening file %s for writing", outname);

 			exit_status++;

diff -ur krb5-1.6.3/src/kadmin/ktutil/ktutil_funcs.c krb5-1.6.3/src/kadmin/ktutil/ktutil_funcs.c

--- krb5-1.6.3/src/kadmin/ktutil/ktutil_funcs.c	2005-10-12 16:48:36.000000000 -0400

+++ krb5-1.6.3/src/kadmin/ktutil/ktutil_funcs.c	2008-03-06 18:34:19.000000000 -0500

@@ -520,7 +520,7 @@

     umask(0077); /*Changing umask for all of ktutil is OK

 		  * We don't ever write out anything that should use

 		  * default umask.*/

-    fp = fopen(name, "w");

+    fp = WRITABLEFOPEN(name, "w");

     if (!fp) {

 	retval = EIO;

 	goto free_pruned;

diff -ur krb5-1.6.3/src/krb5-config.in krb5-1.6.3/src/krb5-config.in

--- krb5-1.6.3/src/krb5-config.in	2006-06-15 20:26:49.000000000 -0400

+++ krb5-1.6.3/src/krb5-config.in	2008-03-06 17:29:57.000000000 -0500

@@ -39,6 +39,7 @@

 RPATH_FLAG='@RPATH_FLAG@'

 PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'

 DL_LIB='@DL_LIB@'

+SELINUX_LIBS='@SELINUX_LIBS@'

 LIBS='@LIBS@'

 GEN_LIB=@GEN_LIB@

@@ -217,7 +218,7 @@

     fi

     if test $library = 'krb5'; then

-	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB"

+	lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"

     fi

     echo $lib_flags

diff -ur krb5-1.6.3/src/lib/kadm5/logger.c krb5-1.6.3/src/lib/kadm5/logger.c

--- krb5-1.6.3/src/lib/kadm5/logger.c	2007-04-04 17:08:05.000000000 -0400

+++ krb5-1.6.3/src/lib/kadm5/logger.c	2008-03-06 18:30:32.000000000 -0500

@@ -425,7 +425,7 @@

 		     * Check for append/overwrite, then open the file.

 		     */

 		    if (cp[4] == ':' || cp[4] == '=') {

-			f = fopen(&cp[5], (cp[4] == ':') ? "a+" : "w");

+			f = WRITABLEFOPEN(&cp[5], (cp[4] == ':') ? "a+" : "w");

 			if (f) {

 			    log_control.log_entries[i].lfu_filep = f;

 			    log_control.log_entries[i].log_type = K_LOG_FILE;

@@ -959,7 +959,7 @@

 	     * In case the old logfile did not get moved out of the

 	     * way, open for append to prevent squashing the old logs.

 	     */

-	    f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");

+	    f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+");

 	    if (f) {

 		log_control.log_entries[lindex].lfu_filep = f;

 	    } else {

diff -ur krb5-1.6.3/src/lib/kdb/kdb_default.c krb5-1.6.3/src/lib/kdb/kdb_default.c

--- krb5-1.6.3/src/lib/kdb/kdb_default.c	2006-10-11 22:39:14.000000000 -0400

+++ krb5-1.6.3/src/lib/kdb/kdb_default.c	2008-03-06 18:31:18.000000000 -0500

@@ -161,9 +161,9 @@

     oumask = umask(077);

 #endif

 #ifdef ANSI_STDIO

-    if (!(kf = fopen(keyfile, "wb")))

+    if (!(kf = WRITABLEFOPEN(keyfile, "wb")))

 #else

-    if (!(kf = fopen(keyfile, "w")))

+    if (!(kf = WRITABLEFOPEN(keyfile, "w")))

 #endif

     {

 	int e = errno;

diff -ur krb5-1.6.3/src/lib/krb4/klog.c krb5-1.6.3/src/lib/krb4/klog.c

--- krb5-1.6.3/src/lib/krb4/klog.c	2006-03-11 17:23:28.000000000 -0500

+++ krb5-1.6.3/src/lib/krb4/klog.c	2008-03-06 18:48:01.000000000 -0500

@@ -24,6 +24,7 @@

  * or implied warranty.

  */

+#include "k5-int.h"

 #include "krb.h"

 #include "autoconf.h"

 #ifdef HAVE_TIME_H

@@ -96,7 +97,7 @@

     if (!logtype_array[type])

 	return(logtxt);

-    if ((logfile = fopen(log_name,"a")) == NULL)

+    if ((logfile = WRITABLEFOPEN(log_name,"a")) == NULL)

         return(logtxt);

     (void) time(&now;;

diff -ur krb5-1.6.3/src/lib/krb4/kparse.c krb5-1.6.3/src/lib/krb4/kparse.c

--- krb5-1.6.3/src/lib/krb4/kparse.c	2006-06-16 02:58:42.000000000 -0400

+++ krb5-1.6.3/src/lib/krb4/kparse.c	2008-03-06 18:35:18.000000000 -0500

@@ -583,7 +583,7 @@

     FILE *fp;

     if (--argc) {

-        fp = fopen(*++argv,"ra");

+        fp = WRITABLEOPEN(*++argv,"ra");

         if (fp == (FILE *)NULL) {

             fprintf(stderr,"can\'t open \"%s\"\n",*argv);

         }

diff -ur krb5-1.6.3/src/lib/krb4/log.c krb5-1.6.3/src/lib/krb4/log.c

--- krb5-1.6.3/src/lib/krb4/log.c	2006-03-11 17:23:28.000000000 -0500

+++ krb5-1.6.3/src/lib/krb4/log.c	2008-03-06 18:47:49.000000000 -0500

@@ -30,6 +30,7 @@

    krb_set_logfile, or change all the invokers. */

 #endif

+#include "k5-int.h"

 #include "krb.h"

 #include "autoconf.h"

 #ifdef HAVE_TIME_H

@@ -79,7 +80,7 @@

     va_start(args, format);

-    if ((logfile = fopen(log_name,"a")) != NULL) {

+    if ((logfile = WRITABLEFOPEN(log_name,"a")) != NULL) {

 	(void) time(&now;;

 	tm = localtime(&now;;

diff -ur krb5-1.6.3/src/lib/krb5/keytab/kt_file.c krb5-1.6.3/src/lib/krb5/keytab/kt_file.c

--- krb5-1.6.3/src/lib/krb5/keytab/kt_file.c	2007-08-31 17:38:41.000000000 -0400

+++ krb5-1.6.3/src/lib/krb5/keytab/kt_file.c	2008-03-06 18:19:56.000000000 -0500

@@ -1062,7 +1062,7 @@

     KTCHECKLOCK(id);

     errno = 0;

-    KTFILEP(id) = fopen(KTFILENAME(id),

+    KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id),

 			(mode == KRB5_LOCKMODE_EXCLUSIVE) ?

 			  fopen_mode_rbplus : fopen_mode_rb);

     if (!KTFILEP(id)) {

@@ -1070,7 +1070,7 @@

 	    /* try making it first time around */

             krb5_create_secure_file(context, KTFILENAME(id));

 	    errno = 0;

-	    KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus);

+	    KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), fopen_mode_rbplus);

 	    if (!KTFILEP(id))

 		return errno ? errno : EMFILE;

 	    writevno = 1;

diff -ur krb5-1.6.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c krb5-1.6.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c

--- krb5-1.6.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c	2000-07-02 23:43:42.000000000 -0400

+++ krb5-1.6.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c	2008-03-06 18:27:37.000000000 -0500

@@ -58,6 +58,7 @@

 #include <string.h>

 #include <unistd.h>

+#include <k5-int.h>

 #include "db-int.h"

 #include "btree.h"

@@ -201,7 +202,7 @@

 			goto einval;

 		}

-		if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0)

+		if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)

 			goto err;

 	} else {

diff -ur krb5-1.6.3/src/plugins/kdb/db2/libdb2/hash/hash.c krb5-1.6.3/src/plugins/kdb/db2/libdb2/hash/hash.c

--- krb5-1.6.3/src/plugins/kdb/db2/libdb2/hash/hash.c	2006-06-14 22:35:44.000000000 -0400

+++ krb5-1.6.3/src/plugins/kdb/db2/libdb2/hash/hash.c	2008-03-06 18:29:17.000000000 -0500

@@ -51,6 +51,7 @@

 #include <assert.h>

 #endif

+#include <k5-int.h>

 #include "db-int.h"

 #include "hash.h"

 #include "page.h"

@@ -140,7 +141,7 @@

 		new_table = 1;

 	}

 	if (file) {

-		if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1)

+		if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1)

 			RETURN_ERROR(errno, error0);

 		(void)fcntl(hashp->fp, F_SETFD, 1);

 	}

diff -ur krb5-1.6.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c krb5-1.6.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c

--- krb5-1.6.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c	1998-01-21 11:33:31.000000000 -0500

+++ krb5-1.6.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c	2008-03-06 18:27:01.000000000 -0500

@@ -51,6 +51,7 @@

 #include <stdio.h>

 #include <unistd.h>

+#include <k5-int.h>

 #include "db-int.h"

 #include "recno.h"

@@ -68,7 +69,7 @@

 	int rfd, sverrno;

 	/* Open the user's file -- if this fails, we're done. */

-	if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)

+	if (fname != NULL && (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)

 		return (NULL);

 	/* Create a btree in memory (backed by disk). */

diff -ur krb5-1.6.3/src/util/profile/prof_file.c krb5-1.6.3/src/util/profile/prof_file.c

--- krb5-1.6.3/src/util/profile/prof_file.c	2005-10-21 16:03:44.000000000 -0400

+++ krb5-1.6.3/src/util/profile/prof_file.c	2008-03-06 19:02:44.000000000 -0500

@@ -29,6 +29,7 @@

 #endif

 #include "k5-platform.h"

+#include "k5-int.h"

 struct global_shared_profile_data {

 	/* This is the head of the global list of shared trees */

@@ -419,7 +420,7 @@

 	errno = 0;

-	f = fopen(new_file, "w");

+	f = WRITABLEFOPEN(new_file, "w");

 	if (!f) {

 		retval = errno;

 		if (retval == 0)

diff -ur krb5-1.6.3/src/util/support/libkrb5support.exports krb5-1.6.3/src/util/support/libkrb5support.exports

--- krb5-1.6.3/src/util/support/libkrb5support.exports	2006-05-04 14:35:01.000000000 -0400

+++ krb5-1.6.3/src/util/support/libkrb5support.exports	2008-03-06 17:33:30.000000000 -0500

@@ -32,3 +32,6 @@

 krb5int_clear_error

 krb5int_set_error_info_callout_fn

 krb5int_gmt_mktime

+krb5int_labeled_open

+krb5int_labeled_fopen

+krb5int_labeled_creat

diff -ur krb5-1.6.3/src/util/support/Makefile.in krb5-1.6.3/src/util/support/Makefile.in

--- krb5-1.6.3/src/util/support/Makefile.in	2006-10-17 23:15:24.000000000 -0400

+++ krb5-1.6.3/src/util/support/Makefile.in	2008-03-06 17:33:30.000000000 -0500

@@ -27,6 +27,7 @@

 STLIBOBJS= \

 	threads.o \

+	selinux.o \

 	init-addrinfo.o \

 	plugins.o \

 	errors.o \

@@ -55,7 +56,7 @@

 	$(srcdir)/fake-addrinfo.c

 SHLIB_EXPDEPS =

 # Add -lm if dumping thread stats, for sqrt.

-SHLIB_EXPLIBS= $(LIBS) $(DL_LIB)

+SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB)

 SHLIB_DIRS=

 SHLIB_RDIRS=$(KRB5_LIBDIR)

--- krb5-1.6.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c	2008-03-06 19:20:37.000000000 -0500

+++ krb5-1.6.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c	2008-03-06 19:20:28.000000000 -0500

@@ -1083,7 +1083,7 @@

     /* Create a temporary file which contains all the entries except the

        entry for the given service dn */

-    pfile = fopen(file_name, "r+");

+    pfile = WRITABLEFOPEN(file_name, "r+");

     if (pfile == NULL) {

 	com_err(me, errno, "while deleting entry from file %s", file_name);

 	goto cleanup;

@@ -1764,7 +1764,7 @@

     /* TODO: file lock for the service password file */

     /* set password in the file */

-    pfile = fopen(file_name, "r+");

+    pfile = WRITABLEFOPEN(file_name, "r+");

     if (pfile == NULL) {

 	com_err(me, errno, "Failed to open file %s", file_name);

 	goto cleanup;

@@ -1806,7 +1806,7 @@

 	sprintf(tmp_file,"%s.%s",file_name,"tmp");

 	omask = umask(077);

-	newfile = fopen(tmp_file, "w+");

+	newfile = WRITABLEFOPEN(tmp_file, "w+");

 	umask(omask);

 	if (newfile == NULL) {

 	    com_err(me, errno, "Error creating file %s", tmp_file);

@@ -2031,7 +2031,7 @@

     /* set password in the file */

     old_mode = umask(0177);

-    pfile = fopen(file_name, "a+");

+    pfile = WRITABLEFOPEN(file_name, "a+");

     if (pfile == NULL) {

 	com_err(me, errno, "Failed to open file %s: %s", file_name,

 		strerror (errno));

@@ -2082,7 +2082,7 @@

 	sprintf(tmp_file,"%s.%s",file_name,"tmp");

 	omask = umask(077);

-	newfile = fopen(tmp_file, "w");

+	newfile = WRITABLEFOPEN(tmp_file, "w");

 	umask (omask);

 	if (newfile == NULL) {

 	    com_err(me, errno, "Error creating file %s", tmp_file);

--- krb5-1.6.3/src/util/support/selinux.c	2007-08-25 03:19:00.000000000 -0400

+++ krb5-1.6.3/src/util/support/selinux.c	2007-08-24 23:38:39.000000000 -0400

@@ -0,0 +1,256 @@

+/*

+ * Copyright 2007,2008 Red Hat, Inc.  All Rights Reserved.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions are met:

+ *

+ *  Redistributions of source code must retain the above copyright notice, this

+ *  list of conditions and the following disclaimer.

+ *

+ *  Redistributions in binary form must reproduce the above copyright notice,

+ *  this list of conditions and the following disclaimer in the documentation

+ *  and/or other materials provided with the distribution.

+ *

+ *  Neither the name of Red Hat, Inc. nor the names of its contributors may be

+ *  used to endorse or promote products derived from this software without

+ *  specific prior written permission.

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

+ * POSSIBILITY OF SUCH DAMAGE.

+ * 

+ * File-opening wrappers for creating correctly-labeled files.  So far, we can

+ * assume that this is Linux-specific, so we make many simplifying assumptions.

+ */

+

+#include "../../include/autoconf.h"

+

+#ifdef USE_SELINUX

+

+#include <k5-label.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <errno.h>

+#include <fcntl.h>

+#include <limits.h>

+#include <pthread.h>

+#include <stdarg.h>

+#include <stdio.h>

+#include <stdlib.h>

+#include <string.h>

+#include <unistd.h>

+#include <selinux/selinux.h>

+

+/* #define DEBUG 1 */

+

+static pthread_mutex_t labeled_lock = PTHREAD_MUTEX_INITIALIZER;

+

+static security_context_t

+push_fscreatecon(const char *pathname, mode_t mode)

+{

+	security_context_t previous, next;

+	const char *fullpath;

+

+	previous = NULL;

+	if (is_selinux_enabled()) {

+		if (getfscreatecon(&previous) == 0) {

+			char *genpath;

+			genpath = NULL;

+			if (pathname[0] != '/') {

+				char *wd;

+				size_t len;

+				len = 0;

+				wd = getcwd(NULL, len);

+				if (wd == NULL) {

+					if (previous != NULL) {

+						freecon(previous);

+					}

+					return NULL;

+				}

+				len = strlen(wd) + 1 + strlen(pathname) + 1;

+				genpath = malloc(len);

+				if (genpath == NULL) {

+					free(wd);

+					if (previous != NULL) {

+						freecon(previous);

+					}

+					return NULL;

+				}

+				sprintf(genpath, "%s/%s", wd, pathname);

+				free(wd);

+				fullpath = genpath;

+			} else {

+				fullpath = pathname;

+			}

+			next = NULL;

+#ifdef DEBUG

+			if (isatty(fileno(stderr))) {

+				fprintf(stderr, "Looking up context for "

+					"\"%s\"(%05o).\n", fullpath, mode);

+			}

+#endif

+			if (matchpathcon(fullpath, mode, &next) != 0) {

+				free(genpath);

+				if (previous != NULL) {

+					freecon(previous);

+				}

+				return NULL;

+			}

+			free(genpath);

+#ifdef DEBUG

+			if (isatty(fileno(stderr))) {

+				fprintf(stderr, "Setting file creation context "

+					"to \"%s\".\n", next);

+			}

+#endif

+			if (setfscreatecon(next) != 0) {

+				freecon(next);

+				if (previous != NULL) {

+					freecon(previous);

+				}

+				return NULL;

+			}

+			freecon(next);

+#ifdef DEBUG

+		} else {

+			if (isatty(fileno(stderr))) {

+				fprintf(stderr, "Unable to determine "

+					"current context.\n");

+			}

+#endif

+		}

+	}

+	return previous;

+}

+

+static void

+pop_fscreatecon(security_context_t previous)

+{

+	if (is_selinux_enabled()) {

+#ifdef DEBUG

+		if (isatty(fileno(stderr))) {

+			if (previous != NULL) {

+				fprintf(stderr, "Resetting file creation "

+					"context to \"%s\".\n", previous);

+			} else {

+				fprintf(stderr, "Resetting file creation "

+					"context to default.\n");

+			}

+		}

+#endif

+		setfscreatecon(previous);

+		if (previous != NULL) {

+			freecon(previous);

+		}

+	}

+}

+

+FILE *

+krb5int_labeled_fopen(const char *path, const char *mode)

+{

+	FILE *fp;

+	int errno_save;

+	security_context_t ctx;

+

+	pthread_mutex_lock(&labeled_lock);

+	ctx = push_fscreatecon(path, 0);

+	fp = fopen(path, mode);

+	errno_save = errno;

+	pop_fscreatecon(ctx);

+	pthread_mutex_unlock(&labeled_lock);

+

+	errno = errno_save;

+	return fp;

+}

+