From 52f517dd540bdd12c5fa239bd7f60b51aaea9326 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 22 Apr 2008 19:21:37 +0000 Subject: Relevant BUGIDs: rhbz#443667 Purpose of commit: bugfix Commit summary: --------------- 2008-04-22 Tomas Mraz * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix regression from the change from 2008-03-20. setexeccon() must be called also with NULL prev_context. --- modules/pam_selinux/pam_selinux.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index f679e33d..da49f3f9 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -702,21 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, free(ttyn); ttyn=NULL; } - if (prev_user_context) { - if (setexeccon(prev_user_context)) { + + if (setexeccon(prev_user_context)) { pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.", - prev_user_context); + prev_user_context ? prev_user_context : ""); if (security_getenforce() == 1) status = PAM_AUTH_ERR; else status = PAM_SUCCESS; - } + } else if (debug) + pam_syslog(pamh, LOG_NOTICE, "Executable context back to original"); + + if (prev_user_context) { freecon(prev_user_context); prev_user_context = NULL; } - if (debug) - pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal"); - return status; } -- cgit v1.2.3 From 8aab1ab0b2564be02ac942fc39c043cd7b32008e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 2 May 2008 12:41:32 +0000 Subject: Relevant BUGIDs: Purpose of commit: cleanup Commit summary: --------------- 2008-05-02 Tomas Mraz * modules/pam_selinux/pam_selinux.c(query_response): Add handling for NULL response. (manual_context): Handle failed query_response() properly. Rename variable responses to response which is more correct name. (config_context): Likewise. (pam_sm_open_session): Do not base decision on whether there is a tty. --- ChangeLog | 13 +++-- modules/pam_selinux/pam_selinux.c | 120 ++++++++++++++++++++------------------ 2 files changed, 72 insertions(+), 61 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/ChangeLog b/ChangeLog index f1537404..23ef2d9b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2008-05-02 Tomas Mraz + + * modules/pam_selinux/pam_selinux.c(query_response): Add handling + for NULL response. + (manual_context): Handle failed query_response() properly. Rename + variable responses to response which is more correct name. + (config_context): Likewise. + (pam_sm_open_session): Do not base decision on whether there is a tty. + 2008-04-22 Tomas Mraz * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix @@ -75,10 +84,6 @@ * po/sr@latin.po: Likewise. * po/LINGUAS: Add sr and sr@latin. -2008-03-25 Leah Liu - - * po/zh_CN.po: Updated translation. - 2008-04-03 Thorsten Kukuk * release version 1.0.0 diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index da49f3f9..da1290f0 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -138,15 +138,22 @@ send_text (pam_handle_t *pamh, const char *text, int debug) */ static int query_response (pam_handle_t *pamh, const char *text, const char *def, - char **responses, int debug) + char **response, int debug) { int rc; if (def) - rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def); + rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); else - rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text); - if (debug) - pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]); + rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); + + if (*response == NULL) { + rc = PAM_CONV_ERR; + } + + if (rc != PAM_SUCCESS) { + pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); + } else if (debug) + pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response); return rc; } @@ -157,13 +164,15 @@ manual_context (pam_handle_t *pamh, const char *user, int debug) context_t new_context; int mls_enabled = is_selinux_mls_enabled(); char *type=NULL; - char *responses=NULL; + char *response=NULL; while (1) { - query_response(pamh, - _("Would you like to enter a security context? [N] "), NULL, - &responses,debug); - if ((responses[0] == 'y') || (responses[0] == 'Y')) + if (query_response(pamh, + _("Would you like to enter a security context? [N] "), NULL, + &response, debug) != PAM_SUCCESS) + return NULL; + + if ((response[0] == 'y') || (response[0] == 'Y')) { if (mls_enabled) new_context = context_new ("user:role:type:level"); @@ -176,26 +185,29 @@ manual_context (pam_handle_t *pamh, const char *user, int debug) if (context_user_set (new_context, user)) goto fail_set; - _pam_drop(responses); + _pam_drop(response); /* Allow the user to enter each field of the context individually */ - query_response(pamh,_("role:"), NULL, &responses,debug); - if (responses[0] != '\0') { - if (context_role_set (new_context, responses)) + if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS && + response[0] != '\0') { + if (context_role_set (new_context, response)) goto fail_set; - if (get_default_type(responses, &type)) + if (get_default_type(response, &type)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; } - _pam_drop(responses); + _pam_drop(response); + if (mls_enabled) { - query_response(pamh,_("level:"), NULL, &responses,debug); - if (responses[0] != '\0') { - if (context_range_set (new_context, responses)) + if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS && + response[0] != '\0') { + if (context_range_set (new_context, response)) goto fail_set; } + _pam_drop(response); } + /* Get the string value of the context and see if it is valid. */ if (!security_check_context(context_str(new_context))) { newcon = strdup(context_str(new_context)); @@ -204,16 +216,17 @@ manual_context (pam_handle_t *pamh, const char *user, int debug) } else send_text(pamh,_("Not a valid security context"),debug); - context_free (new_context); + + context_free (new_context); } else { - _pam_drop(responses); + _pam_drop(response); return NULL; } } /* end while */ fail_set: free(type); - _pam_drop(responses); + _pam_drop(response); context_free (new_context); return NULL; } @@ -244,49 +257,52 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) security_context_t newcon=NULL; context_t new_context; int mls_enabled = is_selinux_mls_enabled(); - char *responses=NULL; + char *response=NULL; char *type=NULL; char resp_val = 0; pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); while (1) { - query_response(pamh, + if (query_response(pamh, _("Would you like to enter a different role or level?"), "n", - &responses,debug); - - resp_val = responses[0]; - _pam_drop(responses); + &response, debug) == PAM_SUCCESS) { + resp_val = response[0]; + _pam_drop(response); + } else { + resp_val = 'N'; + } if ((resp_val == 'y') || (resp_val == 'Y')) { - new_context = context_new(puser_context); - + if ((new_context = context_new(puser_context)) == NULL) + goto fail_set; + /* Allow the user to enter role and level individually */ - query_response(pamh,_("role:"), context_role_get(new_context), - &responses, debug); - if (responses[0]) { - if (get_default_type(responses, &type)) { - pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses); - _pam_drop(responses); + if (query_response(pamh, _("role:"), context_role_get(new_context), + &response, debug) == PAM_SUCCESS && response[0]) { + if (get_default_type(response, &type)) { + pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); + _pam_drop(response); continue; } else { - if (context_role_set(new_context, responses)) + if (context_role_set(new_context, response)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; } } - _pam_drop(responses); + _pam_drop(response); + if (mls_enabled) { - query_response(pamh,_("level:"), context_range_get(new_context), - &responses, debug); - if (responses[0]) { - if (context_range_set(new_context, responses)) + if (query_response(pamh, _("level:"), context_range_get(new_context), + &response, debug) == PAM_SUCCESS && response[0]) { + if (context_range_set(new_context, response)) goto fail_set; } - _pam_drop(responses); + _pam_drop(response); } + if (debug) pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); @@ -322,7 +338,7 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) fail_set: free(type); - _pam_drop(responses); + _pam_drop(response); context_free (new_context); send_audit_message(pamh, 0, puser_context, NULL); fail_range: @@ -439,7 +455,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - int i, debug = 0, ttys=1, has_tty=isatty(0); + int i, debug = 0, ttys=1; int verbose=0, close_session=0; int select_context = 0; int use_current_range = 0; @@ -513,7 +529,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, return PAM_AUTH_ERR; } user_context = default_user_context; - if (select_context && has_tty) { + if (select_context) { user_context = config_context(pamh, default_user_context, debug); if (user_context == NULL) { freecon(default_user_context); @@ -528,7 +544,6 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, } } else { - if (has_tty) { user_context = manual_context(pamh,seuser,debug); if (user_context == NULL) { pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", @@ -538,15 +553,6 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, else return PAM_SUCCESS; } - } else { - pam_syslog (pamh, LOG_ERR, - "Unable to get valid context for %s, No valid tty", - username); - if (security_getenforce() == 1) - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; - } } if (use_current_range && is_selinux_mls_enabled()) { @@ -613,7 +619,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, } } } - if(ttys && tty ) { + if (ttys && tty) { ttyn=strdup(tty); ttyn_context=security_label_tty(pamh,ttyn,user_context); } -- cgit v1.2.3 From 3c3bb4c3659615ffba1b23f537120ea996e8a774 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 11 Jul 2008 15:37:28 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2008-07-11 Tomas Mraz * modules/pam_selinux/pam_selinux.c (config_context): Do not ask for the level if use_current_range is set. (context_from_env): New function to obtain the context from PAM environment variables. (pam_sm_open_session): Call context_from_env() if env_params option is present. use_current_range now modifies behavior of the context_from_env and config_context options. * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params option. Adjust description of use_current_range option. --- ChangeLog | 10 ++ modules/pam_selinux/pam_selinux.8.xml | 25 +++- modules/pam_selinux/pam_selinux.c | 208 +++++++++++++++++++++++----------- 3 files changed, 176 insertions(+), 67 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/ChangeLog b/ChangeLog index 0301b581..e493494f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,16 @@ * modules/pam_unix/support.h: Define upper limit of fds we will attempt to close. + * modules/pam_selinux/pam_selinux.c (config_context): Do not + ask for the level if use_current_range is set. + (context_from_env): New function to obtain the context from + PAM environment variables. + (pam_sm_open_session): Call context_from_env() if env_params option + is present. use_current_range now modifies behavior of the + context_from_env and config_context options. + * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params + option. Adjust description of use_current_range option. + 2008-07-09 Thorsten Kukuk * modules/pam_exec/pam_exec.c (call_exec): Move all variable diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 3acd1322..ab368a87 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -36,6 +36,9 @@ select_context + + env_params + use_current_range @@ -135,14 +138,32 @@ + + + + + + + Attempt to obtain a custom security context role from PAM environment. + If MLS is on obtain also sensitivity level. This option and the + select_context option are mutually exclusive. The respective PAM + environment variables are SELINUX_ROLE_REQUESTED, + SELINUX_LEVEL_REQUESTED, and + SELINUX_USE_CURRENT_RANGE. The first two variables + are self describing and the last one if set to 1 makes the PAM module behave as + if the use_current_range was specified on the command line of the module. + + + - Use the sensitivity range of the process for the user context. - This option and the select_context option are mutually exclusive. + Use the sensitivity level of the current process for the user context + instead of the default level. Also supresses asking of the + sensitivity level from the user or obtaining it from PAM environment. diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index da1290f0..e45d6f99 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -2,8 +2,9 @@ * A module for Linux-PAM that will set the default security context after login * via PAM. * - * Copyright (c) 2003 Red Hat, Inc. + * Copyright (c) 2003-2008 Red Hat, Inc. * Written by Dan Walsh + * Additional improvements by Tomas Mraz * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -252,7 +253,7 @@ static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, securit } static security_context_t -config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) +config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) { security_context_t newcon=NULL; context_t new_context; @@ -261,7 +262,7 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) char *type=NULL; char resp_val = 0; - pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); + pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); while (1) { if (query_response(pamh, @@ -274,7 +275,7 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) } if ((resp_val == 'y') || (resp_val == 'Y')) { - if ((new_context = context_new(puser_context)) == NULL) + if ((new_context = context_new(defaultcon)) == NULL) goto fail_set; /* Allow the user to enter role and level individually */ @@ -295,10 +296,27 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) if (mls_enabled) { - if (query_response(pamh, _("level:"), context_range_get(new_context), + if (use_current_range) { + security_context_t mycon = NULL; + context_t my_context; + + if (getcon(&mycon) != 0) + goto fail_set; + my_context = context_new(mycon); + if (my_context == NULL) { + freecon(mycon); + goto fail_set; + } + freecon(mycon); + if (context_range_set(new_context, context_range_get(my_context))) { + context_free(my_context); + goto fail_set; + } + context_free(my_context); + } else if (query_response(pamh, _("level:"), context_range_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { - if (context_range_set(new_context, response)) - goto fail_set; + if (context_range_set(new_context, response)) + goto fail_set; } _pam_drop(response); } @@ -309,15 +327,17 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) /* Get the string value of the context and see if it is valid. */ if (!security_check_context(context_str(new_context))) { newcon = strdup(context_str(new_context)); - context_free (new_context); + if (newcon == NULL) + goto fail_set; + context_free(new_context); /* we have to check that this user is allowed to go into the range they have specified ... role is tied to an seuser, so that'll be checked at setexeccon time */ - if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) { - pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon); + if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { + pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); - send_audit_message(pamh, 0, puser_context, newcon); + send_audit_message(pamh, 0, defaultcon, newcon); free(newcon); goto fail_range; @@ -325,13 +345,13 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) return newcon; } else { - send_audit_message(pamh, 0, puser_context, context_str(new_context)); + send_audit_message(pamh, 0, defaultcon, context_str(new_context)); send_text(pamh,_("Not a valid security context"),debug); } context_free(new_context); /* next time around allocates another */ } else - return strdup(puser_context); + return strdup(defaultcon); } /* end while */ return NULL; @@ -340,11 +360,105 @@ config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) free(type); _pam_drop(response); context_free (new_context); - send_audit_message(pamh, 0, puser_context, NULL); + send_audit_message(pamh, 0, defaultcon, NULL); fail_range: return NULL; } +static security_context_t +context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug) +{ + security_context_t newcon = NULL; + context_t new_context; + context_t my_context = NULL; + int mls_enabled = is_selinux_mls_enabled(); + const char *env = NULL; + char *type = NULL; + + if ((new_context = context_new(defaultcon)) == NULL) + goto fail_set; + + if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') { + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env); + + if (get_default_type(env, &type)) { + pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); + goto fail_set; + } else { + if (context_role_set(new_context, env)) + goto fail_set; + if (context_type_set(new_context, type)) + goto fail_set; + } + } + + if (mls_enabled) { + if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') { + if (debug) + pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set"); + use_current_range = 1; + } + + if (use_current_range) { + security_context_t mycon = NULL; + + if (getcon(&mycon) != 0) + goto fail_set; + my_context = context_new(mycon); + if (my_context == NULL) { + freecon(mycon); + goto fail_set; + } + freecon(mycon); + env = context_range_get(my_context); + } else { + env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED"); + } + + if (env != NULL && env[0] != '\0') { + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env); + if (context_range_set(new_context, env)) + goto fail_set; + } + } + + newcon = strdup(context_str(new_context)); + if (newcon == NULL) + goto fail_set; + + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); + + /* Get the string value of the context and see if it is valid. */ + if (security_check_context(newcon)) { + pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); + send_audit_message(pamh, 0, defaultcon, newcon); + freecon(newcon); + newcon = NULL; + + goto fail_set; + } + + /* we have to check that this user is allowed to go into the + range they have specified ... role is tied to an seuser, so that'll + be checked at setexeccon time */ + if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { + pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); + send_audit_message(pamh, 0, defaultcon, newcon); + freecon(newcon); + newcon = NULL; + } + + fail_set: + free(type); + context_free(my_context); + context_free(new_context); + send_audit_message(pamh, 0, defaultcon, NULL); + return newcon; +} + static void security_restorelabel_tty(const pam_handle_t *pamh, const char *tty, security_context_t context) @@ -462,6 +576,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int ret = 0; security_context_t* contextlist = NULL; int num_contexts = 0; + int env_params = 0; const char *username = NULL; const void *tty = NULL; char *seuser=NULL; @@ -488,13 +603,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (strcmp(argv[i], "use_current_range") == 0) { use_current_range = 1; } + if (strcmp(argv[i], "env_params") == 0) { + env_params = 1; + } } if (debug) pam_syslog(pamh, LOG_NOTICE, "Open Session"); - if (select_context && use_current_range) { - pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range"); + if (select_context && env_params) { + pam_syslog(pamh, LOG_ERR, "select_context cannot be used with env_params"); select_context = 0; } @@ -526,12 +644,17 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, freeconary(contextlist); if (default_user_context == NULL) { pam_syslog(pamh, LOG_ERR, "Out of memory"); - return PAM_AUTH_ERR; + return PAM_BUF_ERR; } + user_context = default_user_context; if (select_context) { - user_context = config_context(pamh, default_user_context, debug); - if (user_context == NULL) { + user_context = config_context(pamh, default_user_context, use_current_range, debug); + } else if (env_params || use_current_range) { + user_context = context_from_env(pamh, default_user_context, env_params, use_current_range, debug); + } + + if (user_context == NULL) { freecon(default_user_context); pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username); @@ -540,8 +663,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, return PAM_AUTH_ERR; else return PAM_SUCCESS; - } - } + } } else { user_context = manual_context(pamh,seuser,debug); @@ -555,50 +677,6 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, } } - if (use_current_range && is_selinux_mls_enabled()) { - security_context_t process_context=NULL; - if (getcon(&process_context) == 0) { - context_t pcon, ucon; - char *process_level=NULL; - security_context_t orig_context; - - if (user_context) - orig_context = user_context; - else - orig_context = default_user_context; - - pcon = context_new(process_context); - freecon(process_context); - process_level = strdup(context_range_get(pcon)); - context_free(pcon); - - if (debug) - pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level); - - ucon = context_new(orig_context); - - context_range_set(ucon, process_level); - free(process_level); - - if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) { - send_text(pamh, _("Requested MLS level not in permitted range"), debug); - /* even if default_user_context is NULL audit that anyway */ - send_audit_message(pamh, 0, default_user_context, context_str(ucon)); - context_free(ucon); - return PAM_AUTH_ERR; - } - - if (debug) - pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon)); - - /* replace the user context with the level adjusted one */ - freecon(user_context); - user_context = strdup(context_str(ucon)); - - context_free(ucon); - } - } - if (getexeccon(&prev_user_context)<0) { prev_user_context=NULL; } -- cgit v1.2.3 From 2fe275aed5c0c285781e6487242a9e4a13071e4f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 17 Dec 2008 14:27:24 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2008-12-17 Tomas Mraz * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. * configure.in: Test for getseuser(). * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() instead of getseuserbyname() if the function is available. --- ChangeLog | 4 ++++ configure.in | 1 + modules/pam_selinux/pam_selinux.c | 24 ++++++++++++++++++++---- 3 files changed, 25 insertions(+), 4 deletions(-) (limited to 'modules/pam_selinux/pam_selinux.c') diff --git a/ChangeLog b/ChangeLog index 6f14ba4d..30aec406 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. + * configure.in: Test for getseuser(). + * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() + instead of getseuserbyname() if the function is available. + 2008-12-12 Thorsten Kukuk * release version 1.0.90 diff --git a/configure.in b/configure.in index ff14401c..5e692dee 100644 --- a/configure.in +++ b/configure.in @@ -428,6 +428,7 @@ if test ! -z "$LIBSELINUX" ; then BACKUP_LIBS=$LIBS LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(setkeycreatecon) + AC_CHECK_FUNCS(getseuser) LIBS=$BACKUP_LIBS fi diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index e45d6f99..c6f887a6 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -577,11 +577,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, security_context_t* contextlist = NULL; int num_contexts = 0; int env_params = 0; - const char *username = NULL; + const char *username; + const void *void_username; const void *tty = NULL; char *seuser=NULL; char *level=NULL; security_context_t default_user_context=NULL; +#ifdef HAVE_GETSEUSER + const void *void_service; + const char *service; +#endif /* Parse arguments. */ for (i = 0; i < argc; i++) { @@ -623,12 +628,23 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, if (!(selinux_enabled = is_selinux_enabled()>0) ) return PAM_SUCCESS; - if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS || - username == NULL) { + if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS || + void_username == NULL) { return PAM_USER_UNKNOWN; } + username = void_username; + +#ifdef HAVE_GETSEUSER + if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS || + void_service == NULL) { + return PAM_SESSION_ERR; + } + service = void_service; - if (getseuserbyname(username, &seuser, &level)==0) { + if (getseuser(username, service, &seuser, &level) == 0) { +#else + if (getseuserbyname(username, &seuser, &level) == 0) { +#endif num_contexts = get_ordered_context_list_with_level(seuser, level, NULL, -- cgit v1.2.3