|
 |
f06eb03 |
--- Linux-PAM-0.99.2.1/modules/pam_selinux/pam_selinux.c.nofail 2005-11-29 10:22:05.000000000 +0100
|
|
|
f06eb03 |
+++ Linux-PAM-0.99.2.1/modules/pam_selinux/pam_selinux.c 2005-12-15 14:12:54.000000000 +0100
|
|
|
f06eb03 |
@@ -327,6 +327,8 @@
|
|
|
f06eb03 |
int num_contexts = 0;
|
|
|
f06eb03 |
const void *username = NULL;
|
|
|
f06eb03 |
const void *tty = NULL;
|
|
|
f06eb03 |
+ char *seuser=NULL;
|
|
|
f06eb03 |
+ char *level=NULL;
|
|
|
f06eb03 |
|
|
|
f06eb03 |
/* Parse arguments. */
|
|
|
f06eb03 |
for (i = 0; i < argc; i++) {
|
|
|
f06eb03 |
@@ -361,7 +363,18 @@
|
|
|
f06eb03 |
username == NULL) {
|
|
|
f06eb03 |
return PAM_AUTH_ERR;
|
|
|
f06eb03 |
}
|
|
|
f06eb03 |
- num_contexts = get_ordered_context_list(username, 0, &contextlist);
|
|
|
f06eb03 |
+
|
|
|
f06eb03 |
+ if (getseuserbyname(username, &seuser, &level)==0) {
|
|
|
f06eb03 |
+ num_contexts = get_ordered_context_list_with_level(seuser,
|
|
|
f06eb03 |
+ level,
|
|
|
f06eb03 |
+ NULL,
|
|
|
f06eb03 |
+ &contextlist);
|
|
|
f06eb03 |
+ if (debug)
|
|
|
f06eb03 |
+ pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
|
|
|
f06eb03 |
+ (const char *)username, seuser, level);
|
|
|
f06eb03 |
+ free(seuser);
|
|
|
f06eb03 |
+ free(level);
|
|
|
f06eb03 |
+ }
|
|
|
f06eb03 |
if (num_contexts > 0) {
|
|
|
f06eb03 |
if (multiple && (num_contexts > 1) && has_tty) {
|
|
|
f06eb03 |
user_context = select_context(pamh,contextlist, debug);
|
|
|
f06eb03 |
@@ -376,13 +389,19 @@
|
|
|
f06eb03 |
if (user_context == NULL) {
|
|
|
f06eb03 |
pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
|
|
|
f06eb03 |
(const char *)username);
|
|
|
f06eb03 |
- return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ if (security_getenforce() == 1)
|
|
|
f06eb03 |
+ return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ else
|
|
|
f06eb03 |
+ return PAM_SUCCESS;
|
|
|
f06eb03 |
}
|
|
|
f06eb03 |
} else {
|
|
|
f06eb03 |
pam_syslog (pamh, LOG_ERR,
|
|
|
f06eb03 |
"Unable to get valid context for %s, No valid tty",
|
|
|
f06eb03 |
(const char *)username);
|
|
|
f06eb03 |
- return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ if (security_getenforce() == 1)
|
|
|
f06eb03 |
+ return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ else
|
|
|
f06eb03 |
+ return PAM_SUCCESS;
|
|
|
f06eb03 |
}
|
|
|
f06eb03 |
}
|
|
|
f06eb03 |
if (getexeccon(&prev_user_context)<0) {
|
|
|
f06eb03 |
@@ -420,8 +439,10 @@
|
|
|
f06eb03 |
pam_syslog(pamh, LOG_ERR,
|
|
|
f06eb03 |
"Error! Unable to set %s executable context %s.",
|
|
|
f06eb03 |
(const char *)username, user_context);
|
|
|
f06eb03 |
- freecon(user_context);
|
|
|
f06eb03 |
- return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ if (security_getenforce() == 1) {
|
|
|
f06eb03 |
+ freecon(user_context);
|
|
|
f06eb03 |
+ return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ }
|
|
|
f06eb03 |
} else {
|
|
|
f06eb03 |
if (debug)
|
|
|
f06eb03 |
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
|
|
|
f06eb03 |
@@ -471,7 +492,10 @@
|
|
|
f06eb03 |
if (status) {
|
|
|
f06eb03 |
pam_syslog(pamh, LOG_ERR, "Error! Unable to set executable context %s.",
|
|
|
f06eb03 |
prev_user_context);
|
|
|
f06eb03 |
- return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ if (security_getenforce() == 1)
|
|
|
f06eb03 |
+ return PAM_AUTH_ERR;
|
|
|
f06eb03 |
+ else
|
|
|
f06eb03 |
+ return PAM_SUCCESS;
|
|
|
f06eb03 |
}
|
|
|
f06eb03 |
|
|
|
f06eb03 |
if (debug)
|