[packages/pam.git] / pam-selinux-keycreate.patch

--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate	2006-08-31 17:26:46.000000000 +0200
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c	2006-08-31 19:01:05.000000000 +0200
@@ -391,6 +391,28 @@
       pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
 		 (const char *)username, user_context);
   }
+#ifdef HAVE_SETKEYCREATECON
+  ret = setkeycreatecon(user_context);
+  if (ret==0 && verbose) {
+    char msg[PATH_MAX];
+    snprintf(msg, sizeof(msg),
+	     _("Key Creation Context %s Assigned"), user_context);
+    verbose_message(pamh, msg, debug);
+  }
+  if (ret) {
+    pam_syslog(pamh, LOG_ERR,
+	       "Error!  Unable to set %s key creation context %s.",
+	       (const char *)username, user_context);
+    if (security_getenforce() == 1) {
+       freecon(user_context);
+       return PAM_AUTH_ERR;
+    }
+  } else {
+    if (debug)
+      pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
+		 (const char *)username, user_context);
+  }
+#endif
   freecon(user_context);
 
   return PAM_SUCCESS;
--- Linux-PAM-0.99.6.2/configure.in.keycreate	2006-08-31 17:26:46.000000000 +0200
+++ Linux-PAM-0.99.6.2/configure.in	2006-08-31 18:59:52.000000000 +0200
@@ -397,6 +397,11 @@
 AC_CHECK_FUNCS(getgrouplist getline getdelim)
 AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
 
+AC_CHECK_LIB([selinux],[setkeycreatecon], SETKEYCREATECON="yes", SETKEYCREATECON="")
+if test "$SETKEYCREATECON" == "yes" ; then
+    AC_DEFINE([HAVE_SETKEYCREATECON], 1, [Defined if SE Linux have setkeycreatecon function])
+fi
+
 AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
 AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
Commit	Line	Data
83f626c2 JR	1	--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.keycreate 2006-08-31 17:26:46.000000000 +0200
	2	+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-08-31 19:01:05.000000000 +0200
	3	@@ -391,6 +391,28 @@
	4	pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
	5	(const char *)username, user_context);
	6	}
	7	+#ifdef HAVE_SETKEYCREATECON
	8	+ ret = setkeycreatecon(user_context);
	9	+ if (ret==0 && verbose) {
	10	+ char msg[PATH_MAX];
	11	+ snprintf(msg, sizeof(msg),
	12	+ _("Key Creation Context %s Assigned"), user_context);
	13	+ verbose_message(pamh, msg, debug);
	14	+ }
	15	+ if (ret) {
	16	+ pam_syslog(pamh, LOG_ERR,
	17	+ "Error! Unable to set %s key creation context %s.",
	18	+ (const char *)username, user_context);
	19	+ if (security_getenforce() == 1) {
	20	+ freecon(user_context);
	21	+ return PAM_AUTH_ERR;
	22	+ }
	23	+ } else {
	24	+ if (debug)
	25	+ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
	26	+ (const char *)username, user_context);
	27	+ }
	28	+#endif
	29	freecon(user_context);
	30
	31	return PAM_SUCCESS;
	32	--- Linux-PAM-0.99.6.2/configure.in.keycreate 2006-08-31 17:26:46.000000000 +0200
	33	+++ Linux-PAM-0.99.6.2/configure.in 2006-08-31 18:59:52.000000000 +0200
ed5cda94	34	@@ -397,6 +397,11 @@
83f626c2	35	AC_CHECK_FUNCS(getgrouplist getline getdelim)
ed5cda94	36	AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
83f626c2	37
ed5cda94 JR	38	+AC_CHECK_LIB([selinux],[setkeycreatecon], SETKEYCREATECON="yes", SETKEYCREATECON="")
	39	+if test "$SETKEYCREATECON" == "yes" ; then
	40	+ AC_DEFINE([HAVE_SETKEYCREATECON], 1, [Defined if SE Linux have setkeycreatecon function])
	41	+fi
	42	+
83f626c2 JR	43	AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
83f626c2 JR	44	AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
ed5cda94	45