From 2fe275aed5c0c285781e6487242a9e4a13071e4f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 17 Dec 2008 14:27:24 +0000
Subject: Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2008-12-17  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do
        not abort on unknown option. Avoid double free of old_status.
        (pam_sm_close_session): Use LOG_DEBUG for restored status message.

        * configure.in: Test for getseuser().
        * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser()
        instead of getseuserbyname() if the function is available.
---
 modules/pam_selinux/pam_selinux.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'modules/pam_selinux/pam_selinux.c')

diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index e45d6f99..c6f887a6 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -577,11 +577,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
   security_context_t* contextlist = NULL;
   int num_contexts = 0;
   int env_params = 0;
-  const char *username = NULL;
+  const char *username;
+  const void *void_username;
   const void *tty = NULL;
   char *seuser=NULL;
   char *level=NULL;
   security_context_t default_user_context=NULL;
+#ifdef HAVE_GETSEUSER
+  const void *void_service;
+  const char *service;
+#endif
 
   /* Parse arguments. */
   for (i = 0; i < argc; i++) {
@@ -623,12 +628,23 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
   if (!(selinux_enabled = is_selinux_enabled()>0) )
       return PAM_SUCCESS;
 
-  if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
-                   username == NULL) {
+  if (pam_get_item(pamh, PAM_USER, &void_username) != PAM_SUCCESS ||
+                   void_username == NULL) {
     return PAM_USER_UNKNOWN;
   }
+  username = void_username;
+
+#ifdef HAVE_GETSEUSER
+  if (pam_get_item(pamh, PAM_SERVICE, (void *) &void_service) != PAM_SUCCESS ||
+                   void_service == NULL) {
+    return PAM_SESSION_ERR;
+  }
+  service = void_service;
 
-  if (getseuserbyname(username, &seuser, &level)==0) {
+  if (getseuser(username, service, &seuser, &level) == 0) {
+#else
+  if (getseuserbyname(username, &seuser, &level) == 0) {
+#endif
 	  num_contexts = get_ordered_context_list_with_level(seuser, 
 							     level,
 							     NULL, 
-- 
cgit v1.2.3