diff options
| author | Tomas Mraz <tm@t8m.info> | 2008-12-17 14:27:24 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2008-12-17 14:27:24 +0000 |
| commit | 2fe275aed5c0c285781e6487242a9e4a13071e4f (patch) | |
| tree | 201496523aea95c3151da45d5a1898aa4fd466b6 /modules | |
| parent | 96377420e795eaa52f3d8017dfec557f8c5948a0 (diff) | |
| download | pam-2fe275aed5c0c285781e6487242a9e4a13071e4f.tar.gz pam-2fe275aed5c0c285781e6487242a9e4a13071e4f.tar.bz2 pam-2fe275aed5c0c285781e6487242a9e4a13071e4f.zip | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2008-12-17 Tomas Mraz <t8m@centrum.cz>
* modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
not abort on unknown option. Avoid double free of old_status.
(pam_sm_close_session): Use LOG_DEBUG for restored status message.
* configure.in: Test for getseuser().
* modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
instead of getseuserbyname() if the function is available.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_selinux/pam_selinux.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index e45d6f99..c6f887a6 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -577,11 +577,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, security_context_t* contextlist = NULL; int num_contexts = 0; int env_params = 0; - const char *username = NULL; + const char *username; + const void *void_username; const void *tty = NULL; char *seuser=NULL; char *level=NULL; security_context_t default_user_context=NULL; +#ifdef HAVE_GETSEUSER + const void *void_service; + const char *service; +#endif /* Parse arguments. */ for (i = 0; i < argc; i++) { @@ -623,12 +628,23 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (!(selinux_enabled = is_selinux_enabled()>0) ) return PAM_SUCCESS; - if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS || - username == NULL) { + if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS || + void_username == NULL) { return PAM_USER_UNKNOWN; } + username = void_username; + +#ifdef HAVE_GETSEUSER + if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS || + void_service == NULL) { + return PAM_SESSION_ERR; + } + service = void_service; - if (getseuserbyname(username, &seuser, &level)==0) { + if (getseuser(username, service, &seuser, &level) == 0) { +#else + if (getseuserbyname(username, &seuser, &level) == 0) { +#endif num_contexts = get_ordered_context_list_with_level(seuser, level, NULL, |