pam_xauth: skip context translation

The retrieved context is just passed to libselinux functions and not printed or otherwise made available to the outside, so a context translation to human readable MCS/MLS labels is not needed. (see man:setrans.conf(5))
author: Christian Göttsche <cgzones@googlemail.com> 2020-08-03 20:18:11 +0200
committer: Tomáš Mráz <tmraz@redhat.com> 2020-08-05 16:30:03 +0200
commit: 1bdc5b65e7ff7754a414047cb987e44e25907b5b (patch)
tree: aaf03b8d4974dbf2eeb716958c1e5bd25ede177e /modules/pam_xauth/pam_xauth.c
parent: b6edb24f87091104afd89cb53c6dd13be4ffeee1 (diff)
download: pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.tar.gz
pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.tar.bz2
pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 966b1b09..03f8dc78 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -532,7 +532,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 			  xauth, "-f", cookiefile, "nlist", display,
 			  NULL) == 0) {
 #ifdef WITH_SELINUX
-		char *context = NULL;
+		char *context_raw = NULL;
 #endif
 		PAM_MODUTIL_DEF_PRIVS(privs);
 
@@ -626,16 +626,16 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		if (is_selinux_enabled() > 0) {
 			struct selabel_handle *ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
 			if (ctx != NULL) {
-				if (selabel_lookup(ctx, &context,
-						   xauthority + sizeof(XAUTHENV), S_IFREG) != 0) {
+				if (selabel_lookup_raw(ctx, &context_raw,
+						       xauthority + sizeof(XAUTHENV), S_IFREG) != 0) {
 					pam_syslog(pamh, LOG_WARNING,
 						   "could not get SELinux label for '%s'",
 						   xauthority + sizeof(XAUTHENV));
 				}
 				selabel_close(ctx);
-				if (setfscreatecon(context)) {
+				if (setfscreatecon_raw(context_raw)) {
 					pam_syslog(pamh, LOG_WARNING,
-						   "setfscreatecon(%s) failed: %m", context);
+						   "setfscreatecon_raw(%s) failed: %m", context_raw);
 				}
 			}
 		}
@@ -646,9 +646,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 				   "error creating temporary file `%s': %m",
 				   xauthority + sizeof(XAUTHENV));
 #ifdef WITH_SELINUX
-		if (context != NULL) {
-			free(context);
-			setfscreatecon(NULL);
+		if (context_raw != NULL) {
+			free(context_raw);
+			setfscreatecon_raw(NULL);
 		}
 #endif /* WITH_SELINUX */
 		if (fd >= 0)
author	Christian Göttsche <cgzones@googlemail.com>	2020-08-03 20:18:11 +0200
committer	Tomáš Mráz <tmraz@redhat.com>	2020-08-05 16:30:03 +0200
commit	1bdc5b65e7ff7754a414047cb987e44e25907b5b (patch)
tree	aaf03b8d4974dbf2eeb716958c1e5bd25ede177e /modules/pam_xauth/pam_xauth.c
parent	b6edb24f87091104afd89cb53c6dd13be4ffeee1 (diff)
download	pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.tar.gz pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.tar.bz2 pam-1bdc5b65e7ff7754a414047cb987e44e25907b5b.zip