Relevant BUGIDs: none

Purpose of commit: new feature Commit summary: --------------- Add SELinux support, based on Patch from Red Hat
author: Thorsten Kukuk <kukuk@thkukuk.de> 2005-05-16 11:03:02 +0000
committer: Thorsten Kukuk <kukuk@thkukuk.de> 2005-05-16 11:03:02 +0000
commit: 67aab1ff5515054341a438cf9804e9c9b3a88033 (patch)
tree: 5a962491b37bde5928d382b6df1e4e5a5373df6a /modules/pam_rootok/pam_rootok.c
parent: b4eda70f951a7d46df41831b96d87cd50910d61e (diff)
download: pam-67aab1ff5515054341a438cf9804e9c9b3a88033.tar.gz
pam-67aab1ff5515054341a438cf9804e9c9b3a88033.tar.bz2
pam-67aab1ff5515054341a438cf9804e9c9b3a88033.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index a7342104..93e31691 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -39,6 +39,11 @@ static void _pam_log(int err, const char *format, ...)
 }
 
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/av_permissions.h>
+#endif
+
 /* argument parsing */
 
 #define PAM_DEBUG_ARG       01
@@ -73,6 +78,9 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc
 
     ctrl = _pam_parse(argc, argv);
     if (getuid() == 0)
+#ifdef WITH_SELINUX
+      if (is_selinux_enabled()<1 || checkPasswdAccess(PASSWD__ROOTOK)==0)
+#endif
 	retval = PAM_SUCCESS;
 
     if (ctrl & PAM_DEBUG_ARG) {
author	Thorsten Kukuk <kukuk@thkukuk.de>	2005-05-16 11:03:02 +0000
committer	Thorsten Kukuk <kukuk@thkukuk.de>	2005-05-16 11:03:02 +0000
commit	67aab1ff5515054341a438cf9804e9c9b3a88033 (patch)
tree	5a962491b37bde5928d382b6df1e4e5a5373df6a /modules/pam_rootok/pam_rootok.c
parent	b4eda70f951a7d46df41831b96d87cd50910d61e (diff)
download	pam-67aab1ff5515054341a438cf9804e9c9b3a88033.tar.gz pam-67aab1ff5515054341a438cf9804e9c9b3a88033.tar.bz2 pam-67aab1ff5515054341a438cf9804e9c9b3a88033.zip