summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--configure.in1
-rw-r--r--modules/pam_selinux/pam_selinux.c24
3 files changed, 25 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 6f14ba4d..30aec406 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@
not abort on unknown option. Avoid double free of old_status.
(pam_sm_close_session): Use LOG_DEBUG for restored status message.
+ * configure.in: Test for getseuser().
+ * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
+ instead of getseuserbyname() if the function is available.
+
2008-12-12 Thorsten Kukuk <kukuk@thkukuk.de>
* release version 1.0.90
diff --git a/configure.in b/configure.in
index ff14401c..5e692dee 100644
--- a/configure.in
+++ b/configure.in
@@ -428,6 +428,7 @@ if test ! -z "$LIBSELINUX" ; then
BACKUP_LIBS=$LIBS
LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(setkeycreatecon)
+ AC_CHECK_FUNCS(getseuser)
LIBS=$BACKUP_LIBS
fi
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index e45d6f99..c6f887a6 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -577,11 +577,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
security_context_t* contextlist = NULL;
int num_contexts = 0;
int env_params = 0;
- const char *username = NULL;
+ const char *username;
+ const void *void_username;
const void *tty = NULL;
char *seuser=NULL;
char *level=NULL;
security_context_t default_user_context=NULL;
+#ifdef HAVE_GETSEUSER
+ const void *void_service;
+ const char *service;
+#endif
/* Parse arguments. */
for (i = 0; i < argc; i++) {
@@ -623,12 +628,23 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
if (!(selinux_enabled = is_selinux_enabled()>0) )
return PAM_SUCCESS;
- if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
- username == NULL) {
+ if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS ||
+ void_username == NULL) {
return PAM_USER_UNKNOWN;
}
+ username = void_username;
+
+#ifdef HAVE_GETSEUSER
+ if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS ||
+ void_service == NULL) {
+ return PAM_SESSION_ERR;
+ }
+ service = void_service;
- if (getseuserbyname(username, &seuser, &level)==0) {
+ if (getseuser(username, service, &seuser, &level) == 0) {
+#else
+ if (getseuserbyname(username, &seuser, &level) == 0) {
+#endif
num_contexts = get_ordered_context_list_with_level(seuser,
level,
NULL,