summaryrefslogtreecommitdiff
path: root/modules/pam_sepermit/pam_sepermit.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_sepermit/pam_sepermit.c')
-rw-r--r--modules/pam_sepermit/pam_sepermit.c17
1 files changed, 6 insertions, 11 deletions
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index c6532907..f7d98d5b 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -1,5 +1,5 @@
/******************************************************************************
- * A module for Linux-PAM that allows/denies acces based on SELinux state.
+ * A module for Linux-PAM that allows/denies access based on SELinux state.
*
* Copyright (c) 2007, 2008, 2009 Red Hat, Inc.
* Originally written by Tomas Mraz <tmraz@redhat.com>
@@ -35,7 +35,6 @@
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
- *
*/
#include "config.h"
@@ -53,12 +52,8 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
-#include <pwd.h>
#include <dirent.h>
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
@@ -232,7 +227,8 @@ sepermit_lock(pam_handle_t *pamh, const char *user, int debug)
struct passwd *pw = pam_modutil_getpwnam( pamh, user );
if (!pw) {
- pam_syslog(pamh, LOG_ERR, "Unable to find uid for user %s", user);
+ pam_syslog(pamh, LOG_NOTICE, "Unable to find uid for user %s",
+ user);
return -1;
}
if (check_running(pamh, pw->pw_uid, 0, debug) > 0) {
@@ -353,7 +349,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
if (*sense == PAM_SUCCESS) {
if (ignore)
*sense = PAM_IGNORE;
- if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1)
+ if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1)
if (sepermit_lock(pamh, user, debug) < 0)
*sense = PAM_AUTH_ERR;
}
@@ -389,9 +385,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
if (debug)
pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile);
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
- || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name");
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}