Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2008-12-17  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
        not abort on unknown option. Avoid double free of old_status.
        (pam_sm_close_session): Use LOG_DEBUG for restored status message.

        * configure.in: Test for getseuser().
        * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
        instead of getseuserbyname() if the function is available.

diff --git a/ChangeLog b/ChangeLog
index 6f14ba4dbf3310a4eb06d22583b2c294b2e4c584..30aec4062c1407245e51f46e753e7399ceb0fa9d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@
        not abort on unknown option. Avoid double free of old_status.
        (pam_sm_close_session): Use LOG_DEBUG for restored status message.
 
+       * configure.in: Test for getseuser().
+       * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
+       instead of getseuserbyname() if the function is available.
+
 2008-12-12  Thorsten Kukuk  <kukuk@thkukuk.de>
 
        * release version 1.0.90

diff --git a/configure.in b/configure.in
index ff14401c3bbc679dd9b66f3ca2c302cfafd71ce8..5e692dee6cddc35682e40d5f75942de64c4db2f1 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -428,6 +428,7 @@ if test ! -z "$LIBSELINUX" ; then
     BACKUP_LIBS=$LIBS
     LIBS="$LIBS $LIBSELINUX"
     AC_CHECK_FUNCS(setkeycreatecon)
+    AC_CHECK_FUNCS(getseuser)
     LIBS=$BACKUP_LIBS
 fi
 

diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index e45d6f991684b0b0865157ca364e3efc376a7c8d..c6f887a6b50565306034264904089c4c97db69b0 100644 (file)
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -577,11 +577,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
   security_context_t* contextlist = NULL;
   int num_contexts = 0;
   int env_params = 0;
-  const char *username = NULL;
+  const char *username;
+  const void *void_username;
   const void *tty = NULL;
   char *seuser=NULL;
   char *level=NULL;
   security_context_t default_user_context=NULL;
+#ifdef HAVE_GETSEUSER
+  const void *void_service;
+  const char *service;
+#endif
 
   /* Parse arguments. */
   for (i = 0; i < argc; i++) {
@@ -623,12 +628,23 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
   if (!(selinux_enabled = is_selinux_enabled()>0) )
       return PAM_SUCCESS;
 
-  if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
-                   username == NULL) {
+  if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS ||
+                   void_username == NULL) {
     return PAM_USER_UNKNOWN;
   }
+  username = void_username;
+
+#ifdef HAVE_GETSEUSER
+  if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS ||
+                   void_service == NULL) {
+    return PAM_SESSION_ERR;
+  }
+  service = void_service;
 
-  if (getseuserbyname(username, &seuser, &level)==0) {
+  if (getseuser(username, service, &seuser, &level) == 0) {
+#else
+  if (getseuserbyname(username, &seuser, &level) == 0) {
+#endif
          num_contexts = get_ordered_context_list_with_level(seuser, 
                                                             level,
                                                             NULL,