aboutsummaryrefslogtreecommitdiff
path: root/modules/pam_selinux/pam_selinux.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove "--enable-static-modules" option and support fromThorsten Kukuk2016-03-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. * doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * libpam/Makefile.am: Remove STATIC_MODULES cases. * libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. * libpam/pam_dynamic.c: Likewise. * libpam/pam_handlers.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_static.c: Remove file. * libpam/pam_static_modules.h: Remove header file. * modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. * modules/pam_cracklib/pam_cracklib.c: Likewise. * modules/pam_debug/pam_debug.c: Likewise. * modules/pam_deny/pam_deny.c: Likewise. * modules/pam_echo/pam_echo.c: Likewise. * modules/pam_env/pam_env.c: Likewise. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_faildelay/pam_faildelay.c: Likewise. * modules/pam_filter/pam_filter.c: Likewise. * modules/pam_ftp/pam_ftp.c: Likewise. * modules/pam_group/pam_group.c: Likewise. * modules/pam_issue/pam_issue.c: Likewise. * modules/pam_keyinit/pam_keyinit.c: Likewise. * modules/pam_lastlog/pam_lastlog.c: Likewise. * modules/pam_limits/pam_limits.c: Likewise. * modules/pam_listfile/pam_listfile.c: Likewise. * modules/pam_localuser/pam_localuser.c: Likewise. * modules/pam_loginuid/pam_loginuid.c: Likewise. * modules/pam_mail/pam_mail.c: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_motd/pam_motd.c: Likewise. * modules/pam_namespace/pam_namespace.c: Likewise. * modules/pam_nologin/pam_nologin.c: Likewise. * modules/pam_permit/pam_permit.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_rhosts/pam_rhosts.c: Likewise. * modules/pam_rootok/pam_rootok.c: Likewise. * modules/pam_securetty/pam_securetty.c: Likewise. * modules/pam_selinux/pam_selinux.c: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_shells/pam_shells.c: Likewise. * modules/pam_stress/pam_stress.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.c: Likewise. * modules/pam_tally/pam_tally.c: Likewise. * modules/pam_tally2/pam_tally2.c: Likewise. * modules/pam_time/pam_time.c: Likewise. * modules/pam_timestamp/pam_timestamp.c: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. * modules/pam_umask/pam_umask.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. * modules/pam_warn/pam_warn.c: Likewise. * modules/pam_wheel/pam_wheel.c: Likewise. * modules/pam_xauth/pam_xauth.c: Likewise. * modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. * modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_static.c: Removed. * modules/pam_unix/pam_unix_static.h: Removed. * po/POTFILES.in: Remove removed files. * tests/tst-dlopen.c: Remove PAM_STATIC part.
* pam_selinux: canonicalize user nameTomas Mraz2014-03-111-0/+5
| | | | | | SELinux expects canonical user name for example without domain component. * modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam().
* pam_selinux: Drop obsolete and unsupported manual context selection.Tomas Mraz2012-11-301-80/+0
| | | | | modules/pam_selinux/pam_selinux.c (manual_context): Drop function. (compute_exec_context): Drop manual_context() call.
* pam_selinux, pam_tally2: Add tty and rhost to audit data.Tomas Mraz2012-09-061-1/+4
| | | | | | | | modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit.
* pam_selinux.c: add "restore" optionDmitry V. Levin2011-11-031-1/+8
| | | | | * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new "restore" option.
* pam_selinux.c: rewrite using pam_get_data/pam_set_dataDmitry V. Levin2011-11-031-266/+336
| | | | | | | | | | | | * modules/pam_selinux/pam_selinux.c (security_restorelabel_tty, security_label_tty): Remove old functions. (module_data_t): New structure. (free_module_data, cleanup, get_module_data, get_item, set_exec_context, set_file_context, compute_exec_context, compute_tty_context, restore_context, set_context, create_context): New functions. (pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session, pam_sm_close_session): Use them.
* Fix whitespace issuesDmitry V. Levin2011-10-261-22/+22
| | | | | | Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD
* Relevant BUGIDs:Tomas Mraz2011-03-171-7/+12
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2011-03-17 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. (manual_context): Likewise. (context_from_env): Remove extraneous auditing in success case. * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra close() call.
* Relevant BUGIDs:Tomas Mraz2010-12-211-5/+21
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-12-21 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode values for security class and av permission bit.
* Relevant BUGIDs:Tomas Mraz2010-11-111-2/+5
| | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-11-11 Tomas Mraz <tm@t8m.info> * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines.
* Relevant BUGIDs:Dmitry V. Levin2010-10-191-12/+2
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2010-10-19 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. (pam_sm_open_session): Call send_text() instead of verbose_message().
* Relevant BUGIDs:Dmitry V. Levin2010-10-081-2/+2
| | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2010-10-07 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format string.
* Relevant BUGIDs:Tomas Mraz2008-12-171-4/+20
| | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-12-17 Tomas Mraz <t8m@centrum.cz> * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. * configure.in: Test for getseuser(). * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() instead of getseuserbyname() if the function is available.
* Relevant BUGIDs:Tomas Mraz2008-07-111-65/+143
| | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2008-07-11 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c (config_context): Do not ask for the level if use_current_range is set. (context_from_env): New function to obtain the context from PAM environment variables. (pam_sm_open_session): Call context_from_env() if env_params option is present. use_current_range now modifies behavior of the context_from_env and config_context options. * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params option. Adjust description of use_current_range option.
* Relevant BUGIDs:Tomas Mraz2008-05-021-57/+63
| | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2008-05-02 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c(query_response): Add handling for NULL response. (manual_context): Handle failed query_response() properly. Rename variable responses to response which is more correct name. (config_context): Likewise. (pam_sm_open_session): Do not base decision on whether there is a tty.
* Relevant BUGIDs: rhbz#443667Tomas Mraz2008-04-221-7/+7
| | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-04-22 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix regression from the change from 2008-03-20. setexeccon() must be called also with NULL prev_context.
* Relevant BUGIDs: rhbz#438338, rhbz#438264Tomas Mraz2008-03-201-10/+12
| | | | | | | | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- 2008-03-20 Tomas Mraz <t8m@centrum.cz> * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER method only when appropriate. (setup_namespace): Do not umount when not mounted with RUSER. * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call freecontext() after the context is logged not before.
* Relevant BUGIDs:Tomas Mraz2008-03-031-7/+7
| | | | | | | | | | | Purpose of commit: translations Commit summary: --------------- 2008-03-03 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages. * po/Linux-PAM.pot: Update.
* Relevant BUGIDs:Tomas Mraz2007-06-151-112/+350
| | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: new feature Commit summary: --------------- 2007-06-15 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option, add select_context and use_current_range options. * modules/pam_selinux/pam_selinux.c (send_audit_message): Added function for auditing role/level changes. (query_response): Add default response. (select_context): Removed. (manual_context): Query only role and level. (mls_range_allowed): Added function for range check. (config_context): Added function for role and level override. (pam_sm_open_session): Remove multiple option, add select_context and use_current_range_options. Use getseuserbyname to obtain SELinux user and level. Audit role/level changes. Call setkeycreatecon to assign key creation context. Don't fail on errors when SELinux is not in enforcing mode.
* Relevant BUGIDs:Tomas Mraz2006-08-031-2/+3
| | | | | | | | | Purpose of commit: bugfix Commit summary: --------------- * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log relabelling error when the tty device doesn't exist (ENOENT).
* Relevant BUGIDs:Thorsten Kukuk2006-06-181-1/+1
| | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2006-06-18 Thorsten Kukuk <kukuk@thkukuk.de> * modules/pam_selinux/Makefile.am: Include Make.xml.rules. * modules/pam_selinux/pam_selinux.8.xml: New. * modules/pam_selinux/pam_selinux.8: Regenerated from xml file. * modules/pam_selinux/README.xml: New. * modules/pam_selinux/README: Regenerated from xml file.
* Relevant BUGIDs: noneDmitry V. Levin2005-11-241-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- 2005-11-24 Dmitry V. Levin <ldv@altlinux.org> * configure.in: Do not check for strerror. * libpam_misc/misc_conv.c (read_string): Replace strerror() call with %m specifier. * libpamc/pamc_converse.c (pamc_converse): Likewise. * modules/pam_echo/pam_echo.c (pam_echo): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_selinux/pam_selinux.c (security_label_tty): Likewise. (security_restorelabel_tty, security_label_tty): Append %m specifier where appropriate. * modules/pam_selinux/pam_selinux_check.c (main): Replace strerror() call with %m specifier. * modules/pam_unix/pam_unix_passwd.c (save_old_password, _update_passwd, _update_shadow): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise. * po/Linux-PAM.pot: Update strings from pam_selinux. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise.
* Relevant BUGIDs:Tomas Mraz2005-09-211-1/+1
| | | | | | | | Purpose of commit: new feature Commit summary: --------------- Moved functions from pammodutil to libpam.
* Relevant BUGIDs:Tomas Mraz2005-09-191-3/+3
| | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Added PAM_NONNULL attributes to some public API (by ldv) Removed const qualifiers from pam_get_item, pam_get_data to comply with spec
* Relevant BUGIDs: noneThorsten Kukuk2005-09-051-329/+154
| | | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Move pam_selinux_check.c code from pam_selinux.c to main fail. Replace syslog with pam_syslog Use pam_prompt instead of conv() functions.
* Relevant BUGIDs: noneThorsten Kukuk2005-08-291-0/+1
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- cleanup the header files, don't include allways all other header files.
* Relevant BUGIDs: noneThorsten Kukuk2005-07-201-20/+18
| | | | | | | | | Purpose of commit: new feature Commit summary: --------------- Mark message strings for translation
* Relevant BUGIDs: noneThorsten Kukuk2005-07-201-1/+1
| | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Rename _pam_aconf.h to config.h.
* Relevant BUGIDs: noneThorsten Kukuk2005-07-151-4/+3
| | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Remove duplicate/wrong place of _pam_aconf.h inclusion
* Relevant BUGIDs: noneThorsten Kukuk2005-06-091-21/+34
| | | | | | | | | | Purpose of commit: cleanup Commit summary: --------------- Fix all occurrence of dereferencing type-punned pointer will break strict-aliasing rules warnings
* Relevant BUGIDs: noneThorsten Kukuk2005-05-161-0/+645
Purpose of commit: new feature Commit summary: --------------- Add pam_selinux module
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-10 22:03:01 +0000