diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2014-03-11 09:59:12 +0100 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2014-03-11 09:59:12 +0100 |
| commit | da695db7a453b1e2a5ef63fcca21d59a2ed75dda (patch) | |
| tree | d3074ec1c65a09fb2ab242f590c46f6f1123f45d /modules | |
| parent | 316e993f24778395b4769f5e8f49ea03227446e4 (diff) | |
| download | pam-da695db7a453b1e2a5ef63fcca21d59a2ed75dda.tar.gz pam-da695db7a453b1e2a5ef63fcca21d59a2ed75dda.tar.bz2 pam-da695db7a453b1e2a5ef63fcca21d59a2ed75dda.zip | |
pam_selinux: canonicalize user name
SELinux expects canonical user name for example without domain component.
* modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_selinux/pam_selinux.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index b96cc236..b2a75e02 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -491,12 +491,17 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data, char *level = NULL; security_context_t *contextlist = NULL; int num_contexts = 0; + const struct passwd *pwd; if (!(username = get_item(pamh, PAM_USER))) { pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name"); return PAM_USER_UNKNOWN; } + if ((pwd = pam_modutil_getpwnam(pamh, username)) != NULL) { + username = pwd->pw_name; + } /* ignore error and keep using original username */ + /* compute execute context */ #ifdef HAVE_GETSEUSER if (!(service = get_item(pamh, PAM_SERVICE))) { |