]>
Commit | Line | Data |
---|---|---|
83f626c2 JR |
1 | --- Linux-PAM-0.99.2.1/modules/pam_selinux/pam_selinux.c.nofail 2005-11-29 10:22:05.000000000 +0100 |
2 | +++ Linux-PAM-0.99.2.1/modules/pam_selinux/pam_selinux.c 2005-12-15 14:12:54.000000000 +0100 | |
3 | @@ -327,6 +327,8 @@ | |
4 | int num_contexts = 0; | |
5 | const void *username = NULL; | |
6 | const void *tty = NULL; | |
7 | + char *seuser=NULL; | |
8 | + char *level=NULL; | |
9 | ||
10 | /* Parse arguments. */ | |
11 | for (i = 0; i < argc; i++) { | |
12 | @@ -361,7 +363,18 @@ | |
13 | username == NULL) { | |
14 | return PAM_AUTH_ERR; | |
15 | } | |
16 | - num_contexts = get_ordered_context_list(username, 0, &contextlist); | |
17 | + | |
18 | + if (getseuserbyname(username, &seuser, &level)==0) { | |
19 | + num_contexts = get_ordered_context_list_with_level(seuser, | |
20 | + level, | |
21 | + NULL, | |
22 | + &contextlist); | |
23 | + if (debug) | |
24 | + pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s", | |
25 | + (const char *)username, seuser, level); | |
26 | + free(seuser); | |
27 | + free(level); | |
28 | + } | |
29 | if (num_contexts > 0) { | |
30 | if (multiple && (num_contexts > 1) && has_tty) { | |
31 | user_context = select_context(pamh,contextlist, debug); | |
32 | @@ -376,13 +389,19 @@ | |
33 | if (user_context == NULL) { | |
34 | pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", | |
35 | (const char *)username); | |
36 | - return PAM_AUTH_ERR; | |
37 | + if (security_getenforce() == 1) | |
38 | + return PAM_AUTH_ERR; | |
39 | + else | |
40 | + return PAM_SUCCESS; | |
41 | } | |
42 | } else { | |
43 | pam_syslog (pamh, LOG_ERR, | |
44 | "Unable to get valid context for %s, No valid tty", | |
45 | (const char *)username); | |
46 | - return PAM_AUTH_ERR; | |
47 | + if (security_getenforce() == 1) | |
48 | + return PAM_AUTH_ERR; | |
49 | + else | |
50 | + return PAM_SUCCESS; | |
51 | } | |
52 | } | |
53 | if (getexeccon(&prev_user_context)<0) { | |
54 | @@ -420,8 +439,10 @@ | |
55 | pam_syslog(pamh, LOG_ERR, | |
56 | "Error! Unable to set %s executable context %s.", | |
57 | (const char *)username, user_context); | |
58 | - freecon(user_context); | |
59 | - return PAM_AUTH_ERR; | |
60 | + if (security_getenforce() == 1) { | |
61 | + freecon(user_context); | |
62 | + return PAM_AUTH_ERR; | |
63 | + } | |
64 | } else { | |
65 | if (debug) | |
66 | pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s", | |
67 | @@ -471,7 +492,10 @@ | |
68 | if (status) { | |
69 | pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.", | |
70 | prev_user_context); | |
71 | - return PAM_AUTH_ERR; | |
72 | + if (security_getenforce() == 1) | |
73 | + return PAM_AUTH_ERR; | |
74 | + else | |
75 | + return PAM_SUCCESS; | |
76 | } | |
77 | ||
78 | if (debug) |