diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_sepermit/pam_sepermit.c | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_sepermit/pam_sepermit.c')
| -rw-r--r-- | modules/pam_sepermit/pam_sepermit.c | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index c6532907..f7d98d5b 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -1,5 +1,5 @@ /****************************************************************************** - * A module for Linux-PAM that allows/denies acces based on SELinux state. + * A module for Linux-PAM that allows/denies access based on SELinux state. * * Copyright (c) 2007, 2008, 2009 Red Hat, Inc. * Originally written by Tomas Mraz <tmraz@redhat.com> @@ -35,7 +35,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #include "config.h" @@ -53,12 +52,8 @@ #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> -#include <pwd.h> #include <dirent.h> -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT - #include <security/pam_modules.h> #include <security/_pam_macros.h> #include <security/pam_modutil.h> @@ -232,7 +227,8 @@ sepermit_lock(pam_handle_t *pamh, const char *user, int debug) struct passwd *pw = pam_modutil_getpwnam( pamh, user ); if (!pw) { - pam_syslog(pamh, LOG_ERR, "Unable to find uid for user %s", user); + pam_syslog(pamh, LOG_NOTICE, "Unable to find uid for user %s", + user); return -1; } if (check_running(pamh, pw->pw_uid, 0, debug) > 0) { @@ -353,7 +349,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, if (*sense == PAM_SUCCESS) { if (ignore) *sense = PAM_IGNORE; - if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1) + if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1) if (sepermit_lock(pamh, user, debug) < 0) *sense = PAM_AUTH_ERR; } @@ -389,9 +385,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, if (debug) pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile); - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL - || *user == '\0') { - pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name"); + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') { + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); return PAM_USER_UNKNOWN; } |