From 2fe275aed5c0c285781e6487242a9e4a13071e4f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 17 Dec 2008 14:27:24 +0000 Subject: [PATCH] Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2008-12-17 Tomas Mraz * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. * configure.in: Test for getseuser(). * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() instead of getseuserbyname() if the function is available. --- ChangeLog | 4 ++++ configure.in | 1 + modules/pam_selinux/pam_selinux.c | 24 ++++++++++++++++++++---- 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6f14ba4d..30aec406 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. + * configure.in: Test for getseuser(). + * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() + instead of getseuserbyname() if the function is available. + 2008-12-12 Thorsten Kukuk * release version 1.0.90 diff --git a/configure.in b/configure.in index ff14401c..5e692dee 100644 --- a/configure.in +++ b/configure.in @@ -428,6 +428,7 @@ if test ! -z "$LIBSELINUX" ; then BACKUP_LIBS=$LIBS LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(setkeycreatecon) + AC_CHECK_FUNCS(getseuser) LIBS=$BACKUP_LIBS fi diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index e45d6f99..c6f887a6 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -577,11 +577,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, security_context_t* contextlist = NULL; int num_contexts = 0; int env_params = 0; - const char *username = NULL; + const char *username; + const void *void_username; const void *tty = NULL; char *seuser=NULL; char *level=NULL; security_context_t default_user_context=NULL; +#ifdef HAVE_GETSEUSER + const void *void_service; + const char *service; +#endif /* Parse arguments. */ for (i = 0; i < argc; i++) { @@ -623,12 +628,23 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (!(selinux_enabled = is_selinux_enabled()>0) ) return PAM_SUCCESS; - if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS || - username == NULL) { + if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS || + void_username == NULL) { return PAM_USER_UNKNOWN; } + username = void_username; + +#ifdef HAVE_GETSEUSER + if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS || + void_service == NULL) { + return PAM_SESSION_ERR; + } + service = void_service; - if (getseuserbyname(username, &seuser, &level)==0) { + if (getseuser(username, service, &seuser, &level) == 0) { +#else + if (getseuserbyname(username, &seuser, &level) == 0) { +#endif num_contexts = get_ordered_context_list_with_level(seuser, level, NULL, -- 2.40.0