diff options
Diffstat (limited to 'modules/pam_rootok/pam_rootok.c')
-rw-r--r-- | modules/pam_rootok/pam_rootok.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index 3a00d545..9bc15abf 100644 --- a/modules/pam_rootok/pam_rootok.c +++ b/modules/pam_rootok/pam_rootok.c @@ -50,20 +50,22 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) #ifdef WITH_SELINUX static int +PAM_FORMAT((printf, 2, 3)) log_callback (int type UNUSED, const char *fmt, ...) { - int audit_fd; va_list ap; - va_start(ap, fmt); #ifdef HAVE_LIBAUDIT - audit_fd = audit_open(); + int audit_fd = audit_open(); if (audit_fd >= 0) { char *buf; + int ret; - if (vasprintf (&buf, fmt, ap) < 0) { - va_end(ap); + va_start(ap, fmt); + ret = vasprintf (&buf, fmt, ap); + va_end(ap); + if (ret < 0) { return 0; } audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, @@ -75,6 +77,7 @@ log_callback (int type UNUSED, const char *fmt, ...) } #endif + va_start(ap, fmt); vsyslog (LOG_USER | LOG_INFO, fmt, ap); va_end(ap); return 0; @@ -84,7 +87,7 @@ static int selinux_check_root (void) { int status = -1; - security_context_t user_context; + char *user_context_raw; union selinux_callback old_callback; if (is_selinux_enabled() < 1) @@ -93,15 +96,15 @@ selinux_check_root (void) old_callback = selinux_get_callback(SELINUX_CB_LOG); /* setup callbacks */ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback); - if ((status = getprevcon(&user_context)) < 0) { + if ((status = getprevcon_raw(&user_context_raw)) < 0) { selinux_set_callback(SELINUX_CB_LOG, old_callback); return status; } - status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL); + status = selinux_check_access(user_context_raw, user_context_raw, "passwd", "rootok", NULL); selinux_set_callback(SELINUX_CB_LOG, old_callback); - freecon(user_context); + freecon(user_context_raw); return status; } #endif |