1 --- Linux-PAM-0.99.2.1/modules/pam_selinux/pam_selinux.c.nofail 2005-11-29 10:22:05.000000000 +0100
2 +++ Linux-PAM-0.99.2.1/modules/pam_selinux/pam_selinux.c 2005-12-15 14:12:54.000000000 +0100
5 const void *username = NULL;
6 const void *tty = NULL;
10 /* Parse arguments. */
11 for (i = 0; i < argc; i++) {
16 - num_contexts = get_ordered_context_list(username, 0, &contextlist);
18 + if (getseuserbyname(username, &seuser, &level)==0) {
19 + num_contexts = get_ordered_context_list_with_level(seuser,
24 + pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
25 + (const char *)username, seuser, level);
29 if (num_contexts > 0) {
30 if (multiple && (num_contexts > 1) && has_tty) {
31 user_context = select_context(pamh,contextlist, debug);
33 if (user_context == NULL) {
34 pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
35 (const char *)username);
36 - return PAM_AUTH_ERR;
37 + if (security_getenforce() == 1)
38 + return PAM_AUTH_ERR;
43 pam_syslog (pamh, LOG_ERR,
44 "Unable to get valid context for %s, No valid tty",
45 (const char *)username);
46 - return PAM_AUTH_ERR;
47 + if (security_getenforce() == 1)
48 + return PAM_AUTH_ERR;
53 if (getexeccon(&prev_user_context)<0) {
55 pam_syslog(pamh, LOG_ERR,
56 "Error! Unable to set %s executable context %s.",
57 (const char *)username, user_context);
58 - freecon(user_context);
59 - return PAM_AUTH_ERR;
60 + if (security_getenforce() == 1) {
61 + freecon(user_context);
62 + return PAM_AUTH_ERR;
66 pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
69 pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.",
71 - return PAM_AUTH_ERR;
72 + if (security_getenforce() == 1)
73 + return PAM_AUTH_ERR;