summaryrefslogtreecommitdiff
path: root/modules/pam_unix/lckpwdf.-c
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2005-05-16 11:03:02 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2005-05-16 11:03:02 +0000
commit67aab1ff5515054341a438cf9804e9c9b3a88033 (patch)
tree5a962491b37bde5928d382b6df1e4e5a5373df6a /modules/pam_unix/lckpwdf.-c
parentb4eda70f951a7d46df41831b96d87cd50910d61e (diff)
Relevant BUGIDs: none
Purpose of commit: new feature Commit summary: --------------- Add SELinux support, based on Patch from Red Hat
Diffstat (limited to 'modules/pam_unix/lckpwdf.-c')
-rw-r--r--modules/pam_unix/lckpwdf.-c25
1 files changed, 25 insertions, 0 deletions
diff --git a/modules/pam_unix/lckpwdf.-c b/modules/pam_unix/lckpwdf.-c
index b5ff4585..7145617e 100644
--- a/modules/pam_unix/lckpwdf.-c
+++ b/modules/pam_unix/lckpwdf.-c
@@ -26,6 +26,9 @@
#include <fcntl.h>
#include <signal.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif
#define LOCKFILE "/etc/.pwd.lock"
#define TIMEOUT 15
@@ -64,6 +67,28 @@ static int lckpwdf(void)
if (lockfd != -1)
return -1;
+#ifdef WITH_SELINUX
+ if(is_selinux_enabled()>0)
+ {
+ lockfd = open(LOCKFILE, O_WRONLY);
+ if(lockfd == -1 && errno == ENOENT)
+ {
+ security_context_t create_context;
+ int rc;
+
+ if(getfilecon("/etc/passwd", &create_context))
+ return -1;
+ rc = setfscreatecon(create_context);
+ freecon(create_context);
+ if(rc)
+ return -1;
+ lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600);
+ if(setfscreatecon(NULL))
+ return -1;
+ }
+ }
+ else
+#endif
lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600);
if (lockfd == -1)
return -1;