Relevant BUGIDs:

Purpose of commit: cleanup Commit summary: --------------- 2006-08-30 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam() instead of getpwnam().
author: Thorsten Kukuk <kukuk@thkukuk.de> 2006-08-30 08:42:38 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2006-08-30 08:42:38 +0000
commit: d668e9e5eed079686000f0979391f3691a54408a (patch)
tree: d8d5e8be575b945e685467b5d71dd01d476f51c4
parent: 338f579d2d3a27de21f4d4ca32d031ff513a5d3c (diff)
download: pam-d668e9e5eed079686000f0979391f3691a54408a.tar.gz
pam-d668e9e5eed079686000f0979391f3691a54408a.tar.bz2
pam-d668e9e5eed079686000f0979391f3691a54408a.zip
2 files changed, 38 insertions, 34 deletions
diff --git a/ChangeLog b/ChangeLog
index 93b5cf89..11c63c46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-08-30  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam()
+	instead of getpwnam().
+
 2006-08-29  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* doc/sag/pam_loginuid.xml: New.
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 4e777be3..6bcd0916 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1,5 +1,5 @@
 /******************************************************************************
- * A module for Linux-PAM that will set the default namespace after 
+ * A module for Linux-PAM that will set the default namespace after
  * establishing a session via PAM.
  *
  * (C) Copyright IBM Corporation 2005
@@ -53,7 +53,7 @@ static int copy_ent(const struct polydir_s *ent, struct polydir_s *pent)
 		for (i = 0, pptr = pent->uid, eptr = ent->uid; i < ent->num_uids;
 				i++, eptr++, pptr++)
 			*pptr = *eptr;
-	} else 
+	} else
 		pent->uid = NULL;
 	return 0;
 }
@@ -63,7 +63,7 @@ static int copy_ent(const struct polydir_s *ent, struct polydir_s *pent)
  * polyinstantiated directories. It is called from process_line() while
  * parsing the namespace configuration file.
  */
-static int add_polydir_entry(struct instance_data *idata, 
+static int add_polydir_entry(struct instance_data *idata,
 	const struct polydir_s *ent)
 {
     struct polydir_s *pent;
@@ -76,7 +76,7 @@ static int add_polydir_entry(struct instance_data *idata,
      * directories.
      */
     pent = (struct polydir_s *) malloc(sizeof(struct polydir_s));
-	if (!pent) { 
+	if (!pent) {
 		rc = -1;
 		goto out;
 	}
@@ -129,7 +129,7 @@ static void del_polydir_list(struct polydir_s *polydirs_ptr)
  * polyinstatiated directory structure and then calling add_polydir_entry to
  * add that entry to the linked list of polyinstantiated directories.
  */
-static int process_line(char *line, const char *home, 
+static int process_line(char *line, const char *home,
 			struct instance_data *idata)
 {
     const char *dir, *instance_prefix;
@@ -295,7 +295,7 @@ static int process_line(char *line, const char *home,
             if (tptr)
                 *tptr = '\0';
 
-            pwd = getpwnam(ustr);
+            pwd = pam_modutil_getpwnam(idata->pamh, ustr);
             *uidptr = pwd->pw_uid;
             if (i < count - 1) {
                 ustr = tptr + 1;
@@ -342,14 +342,14 @@ static int parse_config_file(struct instance_data *idata)
     size_t len = 0;
 
     if (idata->flags & PAMNS_DEBUG)
-        pam_syslog(idata->pamh, LOG_DEBUG, "Parsing config file %s", 
+        pam_syslog(idata->pamh, LOG_DEBUG, "Parsing config file %s",
 		PAM_NAMESPACE_CONFIG);
 
     /*
      * Extract the user's home directory to resolve $HOME entries
      * in the namespace configuration file.
      */
-    cpwd = getpwnam(idata->user);
+    cpwd = pam_modutil_getpwnam(idata->pamh, idata->user);
     if (!cpwd) {
         pam_syslog(idata->pamh, LOG_ERR,
                "Error getting home dir for '%s'", idata->user);
@@ -457,7 +457,7 @@ static int form_context(const struct polydir_s *polyptr,
 	if ((polyptr->method == CONTEXT) || (polyptr->method == BOTH)) {
 		rc = getexeccon(&scon);
 		if (rc < 0 || scon == NULL) {
-			pam_syslog(idata->pamh, LOG_ERR, 
+			pam_syslog(idata->pamh, LOG_ERR,
 					"Error getting exec context, %m");
 			return PAM_SESSION_ERR;
 		}
@@ -470,7 +470,7 @@ static int form_context(const struct polydir_s *polyptr,
 			freecon(scon);
 			return PAM_SESSION_ERR;
 		} else if (idata->flags & PAMNS_DEBUG)
-			pam_syslog(idata->pamh, LOG_DEBUG, 
+			pam_syslog(idata->pamh, LOG_DEBUG,
 					"member context returned by policy %s", *i_context);
 		freecon(scon);
 	}
@@ -490,7 +490,7 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
 	security_context_t *i_context, security_context_t *origcon,
         struct instance_data *idata)
 #else
-static int poly_name(const struct polydir_s *polyptr, char **i_name, 
+static int poly_name(const struct polydir_s *polyptr, char **i_name,
 	struct instance_data *idata)
 #endif
 {
@@ -596,7 +596,7 @@ static int check_inst_parent(char *ipath, struct instance_data *idata)
 * execute it and pass directory to polyinstantiate and instance
 * directory as arguments.
 */
-static int inst_init(const struct polydir_s *polyptr, char *ipath,  
+static int inst_init(const struct polydir_s *polyptr, char *ipath,
 	   struct instance_data *idata)
 {
 	pid_t rc, pid;
@@ -662,7 +662,7 @@ out:
  * Create polyinstantiated instance directory (ipath).
  */
 #ifdef WITH_SELINUX
-static int create_dirs(const struct polydir_s *polyptr, char *ipath, 
+static int create_dirs(const struct polydir_s *polyptr, char *ipath,
         security_context_t icontext, security_context_t ocontext,
 	struct instance_data *idata)
 #else
@@ -692,7 +692,7 @@ static int create_dirs(const struct polydir_s *polyptr, char *ipath,
 		polyptr->dir);
         return PAM_SESSION_ERR;
     }
-	
+
 	/*
 	 * Check to make sure instance parent is valid.
 	 */
@@ -728,7 +728,7 @@ static int create_dirs(const struct polydir_s *polyptr, char *ipath,
         /* If method is USER, icontext is NULL */
         if (icontext) {
             if (fsetfilecon(fd, icontext) < 0) {
-                pam_syslog(idata->pamh, LOG_ERR, 
+                pam_syslog(idata->pamh, LOG_ERR,
 			"Error setting context of %s to %s", ipath, icontext);
                 close(fd);
 		rmdir(ipath);
@@ -779,7 +779,7 @@ static int create_dirs(const struct polydir_s *polyptr, char *ipath,
      */
 
 inst_init:
-	rc = inst_init(polyptr, ipath, idata); 
+	rc = inst_init(polyptr, ipath, idata);
     return rc;
 }
 
@@ -819,7 +819,7 @@ static int md5hash(char **instname, struct instance_data *idata)
 
 /*
  * This function performs the namespace setup for a particular directory
- * that is being polyinstantiated. It creates an MD5 hash of instance 
+ * that is being polyinstantiated. It creates an MD5 hash of instance
  * directory, calls create_dirs to create it with appropriate
  * security attributes, and performs bind mount to setup the process
  * namespace.
@@ -979,13 +979,13 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
     for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) {
         if (ns_override(pptr, idata)) {
             if (idata->flags & PAMNS_DEBUG)
-                pam_syslog(idata->pamh, LOG_DEBUG, 
+                pam_syslog(idata->pamh, LOG_DEBUG,
 			"Overriding poly for user %d for dir %s",
 			idata->uid, pptr->dir);
             continue;
         } else {
             if (idata->flags & PAMNS_DEBUG)
-                pam_syslog(idata->pamh, LOG_DEBUG, 
+                pam_syslog(idata->pamh, LOG_DEBUG,
 			"Need poly ns for user %d for dir %s",
 			idata->uid, pptr->dir);
             need_poly = 1;
@@ -1045,7 +1045,7 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
         	    else if (cptr)
         	        *cptr = '\0';
                     if (chdir(poly_parent) < 0) {
-                        pam_syslog(idata->pamh, LOG_ERR, 
+                        pam_syslog(idata->pamh, LOG_ERR,
 				"Can't chdir to %s, %m", poly_parent);
                     }
                 }
@@ -1063,7 +1063,7 @@ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt)
 
 	    if (unmnt != UNMNT_ONLY) {
                 retval = ns_setup(pptr, idata);
-                if (retval != PAM_SUCCESS) 
+                if (retval != PAM_SUCCESS)
                      break;
 	    }
         }
@@ -1082,7 +1082,7 @@ static int orig_namespace(struct instance_data *idata)
     struct polydir_s *pptr;
 
     if (idata->flags & PAMNS_DEBUG)
-        pam_syslog(idata->pamh, LOG_DEBUG, "orig namespace for pid %d", 
+        pam_syslog(idata->pamh, LOG_DEBUG, "orig namespace for pid %d",
 		getpid());
 
     /*
@@ -1096,7 +1096,7 @@ static int orig_namespace(struct instance_data *idata)
             continue;
         else {
             if (idata->flags & PAMNS_DEBUG)
-                pam_syslog(idata->pamh, LOG_DEBUG, 
+                pam_syslog(idata->pamh, LOG_DEBUG,
 			"Unmounting instance dir for user %d & dir %s",
                        idata->uid, pptr->dir);
 
@@ -1118,7 +1118,7 @@ static int orig_namespace(struct instance_data *idata)
  * This function checks if the calling program has requested context
  * change by calling setexeccon(). If context change is not requested
  * then it does not make sense to polyinstantiate based on context.
- * The return value from this function is used when selecting the 
+ * The return value from this function is used when selecting the
  * polyinstantiation method. If context change is not requested then
  * the polyinstantiation method is set to USER, even if the configuration
  * file lists the method as "context" or "both".
@@ -1178,7 +1178,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
             unmnt = UNMNT_ONLY;
 	if (strcmp(argv[i], "require_selinux") == 0) {
 		if (~(idata.flags & PAMNS_SELINUX_ENABLED)) {
-        		pam_syslog(idata.pamh, LOG_ERR, 
+        		pam_syslog(idata.pamh, LOG_ERR,
 		    "selinux_required option given and selinux is disabled");
 			return PAM_SESSION_ERR;
 		}
@@ -1187,7 +1187,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
     if (idata.flags & PAMNS_DEBUG)
         pam_syslog(idata.pamh, LOG_DEBUG, "open_session - start");
 
-    /* 
+    /*
      * Lookup user and fill struct items
      */
     retval = pam_get_item(idata.pamh, PAM_USER, (void*) &user_name );
@@ -1196,7 +1196,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
         return PAM_SESSION_ERR;
     }
 
-    pwd = getpwnam(user_name);
+    pwd = pam_modutil_getpwnam(idata.pamh, user_name);
     if (!pwd) {
         pam_syslog(idata.pamh, LOG_ERR, "user unknown '%s'", user_name);
         return PAM_SESSION_ERR;
@@ -1262,7 +1262,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
 
     /* Parse arguments. */
     for (i = 0; i < argc; i++) {
-        if (strcmp(argv[i], "debug") == 0) 
+        if (strcmp(argv[i], "debug") == 0)
             idata.flags |= PAMNS_DEBUG;
         if (strcmp(argv[i], "ignore_config_error") == 0)
             idata.flags |= PAMNS_IGN_CONFIG_ERR;
@@ -1271,7 +1271,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
     if (idata.flags & PAMNS_DEBUG)
         pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start");
 
-    /* 
+    /*
      * Lookup user and fill struct items
      */
     retval = pam_get_item(idata.pamh, PAM_USER, (void*) &user_name );
@@ -1280,7 +1280,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
         return PAM_SESSION_ERR;
     }
 
-    pwd = getpwnam(user_name);
+    pwd = pam_modutil_getpwnam(idata.pamh, user_name);
     if (!pwd) {
         pam_syslog(idata.pamh, LOG_ERR, "user unknown '%s'", user_name);
         return PAM_SESSION_ERR;
@@ -1310,11 +1310,11 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
 
     retval = orig_namespace(&idata);
     if (idata.flags & PAMNS_DEBUG) {
-        if (retval) 
+        if (retval)
             pam_syslog(idata.pamh, LOG_DEBUG,
 		"resetting namespace failed for pid %d", getpid());
-        else 
-            pam_syslog(idata.pamh, LOG_DEBUG, 
+        else
+            pam_syslog(idata.pamh, LOG_DEBUG,
 		"resetting namespace ok for pid %d", getpid());
     }
     del_polydir_list(idata.polydirs_ptr);
@@ -1335,4 +1335,3 @@ struct pam_module _pam_namespace_modstruct = {
      NULL
 };
 #endif
-
author	Thorsten Kukuk <kukuk@thkukuk.de>	2006-08-30 08:42:38 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2006-08-30 08:42:38 +0000
commit	d668e9e5eed079686000f0979391f3691a54408a (patch)
tree	d8d5e8be575b945e685467b5d71dd01d476f51c4
parent	338f579d2d3a27de21f4d4ca32d031ff513a5d3c (diff)
download	pam-d668e9e5eed079686000f0979391f3691a54408a.tar.gz pam-d668e9e5eed079686000f0979391f3691a54408a.tar.bz2 pam-d668e9e5eed079686000f0979391f3691a54408a.zip