From 82d45174fcaac68e318a868689689085881b9dac Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Mon, 3 Mar 2008 08:09:10 +0000
Subject: Relevant BUGIDs:

Purpose of commit: translations

Commit summary:
---------------
2008-03-03  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages.
        * po/Linux-PAM.pot: Update.
---
 modules/pam_selinux/pam_selinux.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'modules/pam_selinux/pam_selinux.c')

diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index f0935896..8959c8cf 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -91,26 +91,26 @@ int send_audit_message(pam_handle_t *pamh, int success, security_context_t defau
 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
                                         errno == EAFNOSUPPORT)
                         return 0; /* No audit support in kernel */
-		pam_syslog(pamh, LOG_ERR, _("Error connecting to audit system."));
+		pam_syslog(pamh, LOG_ERR, "Error connecting to audit system.");
 		return rc;
 	}
 	if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
-		pam_syslog(pamh, LOG_ERR, _("Error translating default context."));
+		pam_syslog(pamh, LOG_ERR, "Error translating default context.");
 		default_raw = NULL;
 	}
 	if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
-		pam_syslog(pamh, LOG_ERR, _("Error translating selected context."));
+		pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
 		selected_raw = NULL;
 	}
 	if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
 		     default_raw ? default_raw : (default_context ? default_context : "?"),
 		     selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
-		pam_syslog(pamh, LOG_ERR, ("Error allocating memory."));
+		pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
 		goto out;
 	}
 	if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
 				   msg, NULL, NULL, NULL, success) <= 0) {
-		pam_syslog(pamh, LOG_ERR, _("Error sending audit message."));
+		pam_syslog(pamh, LOG_ERR, "Error sending audit message.");
 		goto out;
 	}
 	rc = 0;
@@ -509,7 +509,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
     default_user_context=strdup(contextlist[0]);
     freeconary(contextlist);
     if (default_user_context == NULL) {
-	  pam_syslog(pamh, LOG_ERR, _("Out of memory"));
+	  pam_syslog(pamh, LOG_ERR, "Out of memory");
           return PAM_AUTH_ERR;
     }
     user_context = default_user_context;
@@ -517,7 +517,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
       user_context = config_context(pamh, default_user_context, debug);
       if (user_context == NULL) {
 	freecon(default_user_context);
-	pam_syslog(pamh, LOG_ERR, _("Unable to get valid context for %s"),
+	pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s",
 		    username);
 	pam_prompt (pamh, PAM_ERROR_MSG, NULL,  _("Unable to get valid context for %s"), username);
         if (security_getenforce() == 1)
-- 
cgit v1.2.3


From ffe3830f997b26538dabbac0c7cbc359e71a3c34 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Thu, 20 Mar 2008 17:06:32 +0000
Subject: Relevant BUGIDs: rhbz#438338, rhbz#438264

Purpose of commit: bugfix

Commit summary:
---------------
2008-03-20  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER
        method only when appropriate.
        (setup_namespace): Do not umount when not mounted with RUSER.

        * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call
        freecontext() after the context is logged not before.
---
 modules/pam_selinux/pam_selinux.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

(limited to 'modules/pam_selinux/pam_selinux.c')

diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 8959c8cf..f679e33d 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -672,7 +672,7 @@ PAM_EXTERN int
 pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
 		     int argc, const char **argv)
 {
-  int i, debug = 0,status=0, open_session=0;
+  int i, debug = 0, status = PAM_SUCCESS, open_session = 0;
   if (! (selinux_enabled ))
       return PAM_SUCCESS;
 
@@ -702,19 +702,21 @@ pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
     free(ttyn);
     ttyn=NULL;
   }
-  status=setexeccon(prev_user_context);
-  freecon(prev_user_context);
-  if (status) {
-    pam_syslog(pamh, LOG_ERR, "Error!  Unable to set executable context %s.",
+  if (prev_user_context) {
+    if (setexeccon(prev_user_context)) {
+      pam_syslog(pamh, LOG_ERR, "Unable to restore executable context %s.",
 	       prev_user_context);
-    if (security_getenforce() == 1)
-       return PAM_AUTH_ERR;
-    else
-       return PAM_SUCCESS;
+      if (security_getenforce() == 1)
+         status = PAM_AUTH_ERR;
+      else
+         status = PAM_SUCCESS;
+    }
+    freecon(prev_user_context);
+    prev_user_context = NULL;
   }
 
   if (debug)
     pam_syslog(pamh, LOG_NOTICE, "setcontext back to orginal");
 
-  return PAM_SUCCESS;
+  return status;
 }
-- 
cgit v1.2.3