diff options
Diffstat (limited to 'modules/pam_rootok/pam_rootok.c')
-rw-r--r-- | modules/pam_rootok/pam_rootok.c | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index 17baabe4..9bc15abf 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -1,7 +1,5 @@ -/* pam_rootok module */ - /* - * $Id$ + * pam_rootok module * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 */ @@ -14,15 +12,6 @@ #include <stdarg.h> #include <string.h> -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_AUTH - #include <security/pam_modules.h> #include <security/pam_ext.h> @@ -61,28 +50,34 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) #ifdef WITH_SELINUX static int -log_callback (int type, const char *fmt, ...) +PAM_FORMAT((printf, 2, 3)) +log_callback (int type UNUSED, const char *fmt, ...) { - int audit_fd; va_list ap; - va_start(ap, fmt); #ifdef HAVE_LIBAUDIT - audit_fd = audit_open(); + int audit_fd = audit_open(); if (audit_fd >= 0) { char *buf; + int ret; - if (vasprintf (&buf, fmt, ap) < 0) + va_start(ap, fmt); + ret = vasprintf (&buf, fmt, ap); + va_end(ap); + if (ret < 0) { return 0; + } audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); audit_close(audit_fd); free(buf); + va_end(ap); return 0; } #endif + va_start(ap, fmt); vsyslog (LOG_USER | LOG_INFO, fmt, ap); va_end(ap); return 0; @@ -92,7 +87,7 @@ static int selinux_check_root (void) { int status = -1; - security_context_t user_context; + char *user_context_raw; union selinux_callback old_callback; if (is_selinux_enabled() < 1) @@ -101,15 +96,15 @@ selinux_check_root (void) old_callback = selinux_get_callback(SELINUX_CB_LOG); /* setup callbacks */ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback); - if ((status = getprevcon(&user_context)) < 0) { + if ((status = getprevcon_raw(&user_context_raw)) < 0) { selinux_set_callback(SELINUX_CB_LOG, old_callback); return status; } - status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL); + status = selinux_check_access(user_context_raw, user_context_raw, "passwd", "rootok", NULL); selinux_set_callback(SELINUX_CB_LOG, old_callback); - freecon(user_context); + freecon(user_context_raw); return status; } #endif |