- Fix selection of role
This commit is contained in:
parent
03d7f35c89
commit
7ce306a7c7
@ -1,5 +1,5 @@
|
|||||||
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context 2006-11-10 17:48:59.000000000 +0100
|
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context 2006-12-27 10:59:06.000000000 -0500
|
||||||
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml 2006-11-10 17:52:36.000000000 +0100
|
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml 2006-12-27 10:59:06.000000000 -0500
|
||||||
@@ -33,6 +33,9 @@
|
@@ -33,6 +33,9 @@
|
||||||
<arg choice="opt">
|
<arg choice="opt">
|
||||||
verbose
|
verbose
|
||||||
@ -28,36 +28,154 @@
|
|||||||
</variablelist>
|
</variablelist>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context 2006-11-10 17:48:59.000000000 +0100
|
--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context 2006-12-27 10:59:06.000000000 -0500
|
||||||
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2006-11-10 18:00:11.000000000 +0100
|
+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c 2007-01-03 13:40:24.000000000 -0500
|
||||||
@@ -63,6 +63,7 @@
|
@@ -63,8 +63,10 @@
|
||||||
#include <selinux/selinux.h>
|
#include <selinux/selinux.h>
|
||||||
#include <selinux/get_context_list.h>
|
#include <selinux/get_context_list.h>
|
||||||
#include <selinux/flask.h>
|
#include <selinux/flask.h>
|
||||||
+#include <selinux/av_permissions.h>
|
+#include <selinux/av_permissions.h>
|
||||||
#include <selinux/selinux.h>
|
#include <selinux/selinux.h>
|
||||||
#include <selinux/context.h>
|
#include <selinux/context.h>
|
||||||
|
+#include <selinux/get_default_type.h>
|
||||||
|
|
||||||
@@ -151,6 +152,8 @@
|
static int
|
||||||
|
send_text (pam_handle_t *pamh, const char *text, int debug)
|
||||||
|
@@ -79,69 +81,64 @@
|
||||||
|
* is responsible for freeing the responses.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
-query_response (pam_handle_t *pamh, const char *text,
|
||||||
|
+query_response (pam_handle_t *pamh, const char *text, const char *def,
|
||||||
|
char **responses, int debug)
|
||||||
|
{
|
||||||
|
+ int rc;
|
||||||
|
+ if (def)
|
||||||
|
+ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def);
|
||||||
|
+ else
|
||||||
|
+ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text);
|
||||||
|
if (debug)
|
||||||
|
- pam_syslog(pamh, LOG_NOTICE, "%s", text);
|
||||||
|
-
|
||||||
|
- return pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s", text);
|
||||||
|
+ pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]);
|
||||||
|
+ return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static security_context_t
|
||||||
|
manual_context (pam_handle_t *pamh, const char *user, int debug)
|
||||||
|
{
|
||||||
|
- security_context_t newcon;
|
||||||
|
+ security_context_t newcon=NULL;
|
||||||
|
context_t new_context;
|
||||||
|
int mls_enabled = is_selinux_mls_enabled();
|
||||||
|
-
|
||||||
|
- char *responses;
|
||||||
|
+ char *type=NULL;
|
||||||
|
+ char *responses=NULL;
|
||||||
|
|
||||||
|
while (1) {
|
||||||
|
query_response(pamh,
|
||||||
|
- _("Would you like to enter a security context? [y] "),
|
||||||
|
+ _("Would you like to enter a security context? [n] "), NULL,
|
||||||
|
&responses,debug);
|
||||||
|
- if ((responses[0] == 'y') || (responses[0] == 'Y') ||
|
||||||
|
- (responses[0] == '\0') )
|
||||||
|
+ if ((responses[0] == 'y') || (responses[0] == 'Y'))
|
||||||
|
{
|
||||||
|
if (mls_enabled)
|
||||||
|
new_context = context_new ("user:role:type:level");
|
||||||
|
else
|
||||||
|
new_context = context_new ("user:role:type");
|
||||||
|
- _pam_drop(responses);
|
||||||
|
|
||||||
|
- /* Allow the user to enter each field of the context individually */
|
||||||
|
+ if (!new_context)
|
||||||
|
+ goto fail_set;
|
||||||
|
+
|
||||||
|
if (context_user_set (new_context, user))
|
||||||
|
- {
|
||||||
|
- context_free (new_context);
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
- query_response(pamh,_("role: "),&responses,debug);
|
||||||
|
- if (context_role_set (new_context, responses))
|
||||||
|
- {
|
||||||
|
- _pam_drop(responses);
|
||||||
|
- context_free (new_context);
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
+ goto fail_set;
|
||||||
|
+
|
||||||
|
_pam_drop(responses);
|
||||||
|
- query_response(pamh,_("type: "),&responses,debug);
|
||||||
|
- if (context_type_set (new_context, responses))
|
||||||
|
- {
|
||||||
|
- _pam_drop(responses);
|
||||||
|
- context_free (new_context);
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
+ /* Allow the user to enter each field of the context individually */
|
||||||
|
+ query_response(pamh,_("role:"), NULL, &responses,debug);
|
||||||
|
+ if (responses[0] != '\0') {
|
||||||
|
+ if (context_role_set (new_context, responses))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ if (get_default_type(responses, &type))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ if (context_type_set (new_context, type))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ }
|
||||||
|
_pam_drop(responses);
|
||||||
|
if (mls_enabled)
|
||||||
|
{
|
||||||
|
- query_response(pamh,_("level: "),&responses,debug);
|
||||||
|
- if (context_range_set (new_context, responses))
|
||||||
|
- {
|
||||||
|
- _pam_drop(responses);
|
||||||
|
- context_free (new_context);
|
||||||
|
- return NULL;
|
||||||
|
- }
|
||||||
|
- _pam_drop(responses);
|
||||||
|
+ query_response(pamh,_("level:"), NULL, &responses,debug);
|
||||||
|
+ if (responses[0] != '\0') {
|
||||||
|
+ if (context_range_set (new_context, responses))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
/* Get the string value of the context and see if it is valid. */
|
||||||
|
if (!security_check_context(context_str(new_context))) {
|
||||||
|
@@ -151,14 +148,125 @@
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
send_text(pamh,_("Not a valid security context"),debug);
|
send_text(pamh,_("Not a valid security context"),debug);
|
||||||
+
|
+ context_free (new_context);
|
||||||
+ context_free(new_context); /* next time around allocates another */
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
_pam_drop(responses);
|
_pam_drop(responses);
|
||||||
@@ -161,6 +164,86 @@
|
return NULL;
|
||||||
return NULL;
|
}
|
||||||
}
|
} /* end while */
|
||||||
|
+ fail_set:
|
||||||
+static int mls_range_allowed(security_context_t src, security_context_t dst)
|
+ free(type);
|
||||||
|
+ _pam_drop(responses);
|
||||||
|
+ context_free (new_context);
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug)
|
||||||
+{
|
+{
|
||||||
+ struct av_decision avd;
|
+ struct av_decision avd;
|
||||||
+ int retval;
|
+ int retval;
|
||||||
+ unsigned int bit = CONTEXT__CONTAINS;
|
+ unsigned int bit = CONTEXT__CONTAINS;
|
||||||
+
|
+ context_t src_context = context_new (src);
|
||||||
+ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
|
+ context_t dst_context = context_new (dst);
|
||||||
|
+ context_range_set(dst_context, context_range_get(src_context));
|
||||||
|
+ if (debug)
|
||||||
|
+ pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context));
|
||||||
|
+
|
||||||
|
+ retval = security_compute_av(context_str(dst_context), dst, SECCLASS_CONTEXT, bit, &avd);
|
||||||
|
+ context_free(src_context);
|
||||||
|
+ context_free(dst_context);
|
||||||
+ if (retval || ((bit & avd.allowed) != bit))
|
+ if (retval || ((bit & avd.allowed) != bit))
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+
|
+
|
||||||
@ -67,35 +185,54 @@
|
|||||||
+static security_context_t
|
+static security_context_t
|
||||||
+config_context (pam_handle_t *pamh, security_context_t puser_context, int debug)
|
+config_context (pam_handle_t *pamh, security_context_t puser_context, int debug)
|
||||||
+{
|
+{
|
||||||
+ security_context_t newcon;
|
+ security_context_t newcon=NULL;
|
||||||
+ context_t new_context;
|
+ context_t new_context;
|
||||||
+ int mls_enabled = is_selinux_mls_enabled();
|
+ int mls_enabled = is_selinux_mls_enabled();
|
||||||
+ char *responses;
|
+ char *responses=NULL;
|
||||||
|
+ char *type=NULL;
|
||||||
+ char resp_val = 0;
|
+ char resp_val = 0;
|
||||||
+
|
+
|
||||||
|
+ pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context);
|
||||||
|
+
|
||||||
+ while (1) {
|
+ while (1) {
|
||||||
+ query_response(pamh,
|
+ query_response(pamh,
|
||||||
+ _("Would you like to enter a role/level? [y] "),
|
+ _("Would you like to enter a different role or level?"), "n",
|
||||||
+ &responses,debug);
|
+ &responses,debug);
|
||||||
+
|
+
|
||||||
+ resp_val = responses[0];
|
+ resp_val = responses[0];
|
||||||
+ _pam_drop(responses);
|
+ _pam_drop(responses);
|
||||||
+ if ((resp_val == 'y') || (resp_val == 'Y') || (resp_val == '\0'))
|
+ if ((resp_val == 'y') || (resp_val == 'Y'))
|
||||||
+ {
|
+ {
|
||||||
+ new_context = context_new(puser_context);
|
+ new_context = context_new(puser_context);
|
||||||
+
|
+
|
||||||
+ /* Allow the user to enter role and level individually */
|
+ /* Allow the user to enter role and level individually */
|
||||||
+ query_response(pamh,_("role: "),&responses,debug);
|
+ query_response(pamh,_("role:"), context_role_get(new_context),
|
||||||
+ if (responses[0] && context_role_set(new_context, responses))
|
+ &responses, debug);
|
||||||
+ goto fail_set;
|
+ if (responses[0]) {
|
||||||
|
+ if (get_default_type(responses, &type)) {
|
||||||
|
+ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses);
|
||||||
|
+ _pam_drop(responses);
|
||||||
|
+ continue;
|
||||||
|
+ } else {
|
||||||
|
+ if (context_role_set(new_context, responses))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ if (context_type_set (new_context, type))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
+ _pam_drop(responses);
|
+ _pam_drop(responses);
|
||||||
+ if (mls_enabled)
|
+ if (mls_enabled)
|
||||||
+ {
|
+ {
|
||||||
+ query_response(pamh,_("level: "),&responses,debug);
|
+ query_response(pamh,_("level:"), context_range_get(new_context),
|
||||||
+ if (responses[0] && context_range_set(new_context, responses))
|
+ &responses, debug);
|
||||||
+ goto fail_set;
|
+ if (responses[0]) {
|
||||||
|
+ if (context_range_set(new_context, responses))
|
||||||
|
+ goto fail_set;
|
||||||
|
+ }
|
||||||
+ _pam_drop(responses);
|
+ _pam_drop(responses);
|
||||||
+ }
|
+ }
|
||||||
|
+ if (debug)
|
||||||
|
+ pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context));
|
||||||
+
|
+
|
||||||
+ /* Get the string value of the context and see if it is valid. */
|
+ /* Get the string value of the context and see if it is valid. */
|
||||||
+ if (!security_check_context(context_str(new_context))) {
|
+ if (!security_check_context(context_str(new_context))) {
|
||||||
@ -105,10 +242,12 @@
|
|||||||
+ /* we have to check that this user is allowed to go into the
|
+ /* we have to check that this user is allowed to go into the
|
||||||
+ range they have specified ... role is tied to an seuser, so that'll
|
+ range they have specified ... role is tied to an seuser, so that'll
|
||||||
+ be checked at setexeccon time */
|
+ be checked at setexeccon time */
|
||||||
+ if (mls_enabled && !mls_range_allowed(puser_context, newcon))
|
+ if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) {
|
||||||
+ goto fail_range;
|
+ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon);
|
||||||
+
|
+
|
||||||
+ freecon(puser_context);
|
+
|
||||||
|
+ goto fail_range;
|
||||||
|
+ }
|
||||||
+ return newcon;
|
+ return newcon;
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
@ -117,24 +256,21 @@
|
|||||||
+ context_free(new_context); /* next time around allocates another */
|
+ context_free(new_context); /* next time around allocates another */
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ break;
|
+ return strdup(puser_context);
|
||||||
+ } /* end while */
|
+ } /* end while */
|
||||||
+
|
|
||||||
+ freecon(puser_context);
|
return NULL;
|
||||||
+ return NULL;
|
|
||||||
+
|
+
|
||||||
+ fail_set:
|
+ fail_set:
|
||||||
|
+ free(type);
|
||||||
+ _pam_drop(responses);
|
+ _pam_drop(responses);
|
||||||
+ context_free (new_context);
|
+ context_free (new_context);
|
||||||
+ fail_range:
|
+ fail_range:
|
||||||
+ freecon(puser_context);
|
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+}
|
}
|
||||||
+
|
|
||||||
static void
|
static void
|
||||||
security_restorelabel_tty(const pam_handle_t *pamh,
|
@@ -273,10 +381,11 @@
|
||||||
const char *tty, security_context_t context)
|
|
||||||
@@ -273,10 +356,12 @@
|
|
||||||
{
|
{
|
||||||
int i, debug = 0, ttys=1, has_tty=isatty(0);
|
int i, debug = 0, ttys=1, has_tty=isatty(0);
|
||||||
int verbose=0, close_session=0;
|
int verbose=0, close_session=0;
|
||||||
@ -143,12 +279,11 @@
|
|||||||
security_context_t* contextlist = NULL;
|
security_context_t* contextlist = NULL;
|
||||||
int num_contexts = 0;
|
int num_contexts = 0;
|
||||||
- const void *username = NULL;
|
- const void *username = NULL;
|
||||||
+ const void *pusername = NULL;
|
|
||||||
+ const char *username = NULL;
|
+ const char *username = NULL;
|
||||||
const void *tty = NULL;
|
const void *tty = NULL;
|
||||||
char *seuser=NULL;
|
char *seuser=NULL;
|
||||||
char *level=NULL;
|
char *level=NULL;
|
||||||
@@ -295,6 +380,9 @@
|
@@ -295,6 +404,9 @@
|
||||||
if (strcmp(argv[i], "close") == 0) {
|
if (strcmp(argv[i], "close") == 0) {
|
||||||
close_session = 1;
|
close_session = 1;
|
||||||
}
|
}
|
||||||
@ -158,21 +293,16 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (debug)
|
if (debug)
|
||||||
@@ -307,10 +395,11 @@
|
@@ -307,7 +419,7 @@
|
||||||
if (!(selinux_enabled = is_selinux_enabled()>0) )
|
if (!(selinux_enabled = is_selinux_enabled()>0) )
|
||||||
return PAM_SUCCESS;
|
return PAM_SUCCESS;
|
||||||
|
|
||||||
- if (pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS ||
|
- if (pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS ||
|
||||||
- username == NULL) {
|
+ if (pam_get_item(pamh, PAM_USER, (void *) &username) != PAM_SUCCESS ||
|
||||||
+ if (pam_get_item(pamh, PAM_USER, &pusername) != PAM_SUCCESS ||
|
username == NULL) {
|
||||||
+ pusername == NULL) {
|
|
||||||
return PAM_USER_UNKNOWN;
|
return PAM_USER_UNKNOWN;
|
||||||
}
|
}
|
||||||
+ username = pusername;
|
@@ -319,19 +431,38 @@
|
||||||
|
|
||||||
if (getseuserbyname(username, &seuser, &level)==0) {
|
|
||||||
num_contexts = get_ordered_context_list_with_level(seuser,
|
|
||||||
@@ -319,19 +408,32 @@
|
|
||||||
&contextlist);
|
&contextlist);
|
||||||
if (debug)
|
if (debug)
|
||||||
pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
|
pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
|
||||||
@ -182,24 +312,33 @@
|
|||||||
free(level);
|
free(level);
|
||||||
}
|
}
|
||||||
if (num_contexts > 0) {
|
if (num_contexts > 0) {
|
||||||
user_context = (security_context_t) strdup(contextlist[0]);
|
- user_context = (security_context_t) strdup(contextlist[0]);
|
||||||
+
|
+ security_context_t puser_context=strdup(contextlist[0]);
|
||||||
|
freeconary(contextlist);
|
||||||
|
- } else {
|
||||||
|
+ if (puser_context == NULL) {
|
||||||
|
+ pam_syslog(pamh, LOG_ERR, _("Out of memory"));
|
||||||
|
+ return PAM_AUTH_ERR;
|
||||||
|
+ }
|
||||||
|
+ user_context = puser_context;
|
||||||
+ if (select_context && has_tty) {
|
+ if (select_context && has_tty) {
|
||||||
+ user_context = config_context(pamh, user_context, debug);
|
+ user_context = config_context(pamh, puser_context, debug);
|
||||||
|
+ freecon(puser_context);
|
||||||
+ if (user_context == NULL) {
|
+ if (user_context == NULL) {
|
||||||
+ pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s",
|
+ pam_syslog(pamh, LOG_ERR, _("Unable to get valid context for %s"),
|
||||||
+ username);
|
+ username);
|
||||||
|
+ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username);
|
||||||
+ if (security_getenforce() == 1)
|
+ if (security_getenforce() == 1)
|
||||||
+ return PAM_AUTH_ERR;
|
+ return PAM_AUTH_ERR;
|
||||||
+ else
|
+ else
|
||||||
+ return PAM_SUCCESS;
|
+ return PAM_SUCCESS;
|
||||||
+ }
|
+ }
|
||||||
+ }
|
+ }
|
||||||
+
|
+ }
|
||||||
freeconary(contextlist);
|
+ else {
|
||||||
} else {
|
|
||||||
if (has_tty) {
|
if (has_tty) {
|
||||||
user_context = manual_context(pamh,username,debug);
|
- user_context = manual_context(pamh,username,debug);
|
||||||
|
+ user_context = manual_context(pamh,seuser,debug);
|
||||||
if (user_context == NULL) {
|
if (user_context == NULL) {
|
||||||
pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
|
pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s",
|
||||||
- (const char *)username);
|
- (const char *)username);
|
||||||
@ -207,7 +346,7 @@
|
|||||||
if (security_getenforce() == 1)
|
if (security_getenforce() == 1)
|
||||||
return PAM_AUTH_ERR;
|
return PAM_AUTH_ERR;
|
||||||
else
|
else
|
||||||
@@ -340,7 +442,7 @@
|
@@ -340,7 +471,7 @@
|
||||||
} else {
|
} else {
|
||||||
pam_syslog (pamh, LOG_ERR,
|
pam_syslog (pamh, LOG_ERR,
|
||||||
"Unable to get valid context for %s, No valid tty",
|
"Unable to get valid context for %s, No valid tty",
|
||||||
@ -216,7 +355,7 @@
|
|||||||
if (security_getenforce() == 1)
|
if (security_getenforce() == 1)
|
||||||
return PAM_AUTH_ERR;
|
return PAM_AUTH_ERR;
|
||||||
else
|
else
|
||||||
@@ -381,7 +483,7 @@
|
@@ -381,7 +512,7 @@
|
||||||
if (ret) {
|
if (ret) {
|
||||||
pam_syslog(pamh, LOG_ERR,
|
pam_syslog(pamh, LOG_ERR,
|
||||||
"Error! Unable to set %s executable context %s.",
|
"Error! Unable to set %s executable context %s.",
|
||||||
@ -225,7 +364,7 @@
|
|||||||
if (security_getenforce() == 1) {
|
if (security_getenforce() == 1) {
|
||||||
freecon(user_context);
|
freecon(user_context);
|
||||||
return PAM_AUTH_ERR;
|
return PAM_AUTH_ERR;
|
||||||
@@ -389,7 +491,7 @@
|
@@ -389,7 +520,7 @@
|
||||||
} else {
|
} else {
|
||||||
if (debug)
|
if (debug)
|
||||||
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
|
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
|
||||||
@ -234,7 +373,7 @@
|
|||||||
}
|
}
|
||||||
#ifdef HAVE_SETKEYCREATECON
|
#ifdef HAVE_SETKEYCREATECON
|
||||||
ret = setkeycreatecon(user_context);
|
ret = setkeycreatecon(user_context);
|
||||||
@@ -402,7 +504,7 @@
|
@@ -402,7 +533,7 @@
|
||||||
if (ret) {
|
if (ret) {
|
||||||
pam_syslog(pamh, LOG_ERR,
|
pam_syslog(pamh, LOG_ERR,
|
||||||
"Error! Unable to set %s key creation context %s.",
|
"Error! Unable to set %s key creation context %s.",
|
||||||
@ -243,7 +382,7 @@
|
|||||||
if (security_getenforce() == 1) {
|
if (security_getenforce() == 1) {
|
||||||
freecon(user_context);
|
freecon(user_context);
|
||||||
return PAM_AUTH_ERR;
|
return PAM_AUTH_ERR;
|
||||||
@@ -410,7 +512,7 @@
|
@@ -410,7 +541,7 @@
|
||||||
} else {
|
} else {
|
||||||
if (debug)
|
if (debug)
|
||||||
pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
|
pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
|
||||||
|
11
pam.spec
11
pam.spec
@ -11,7 +11,7 @@
|
|||||||
Summary: A security tool which provides authentication for applications
|
Summary: A security tool which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 0.99.6.2
|
Version: 0.99.6.2
|
||||||
Release: 5%{?dist}
|
Release: 7%{?dist}
|
||||||
License: GPL or BSD
|
License: GPL or BSD
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
|
Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
|
||||||
@ -41,6 +41,7 @@ Patch90: pam-0.99.6.2-keyinit-setgid.patch
|
|||||||
Patch91: pam-0.99.6.2-unix-username.patch
|
Patch91: pam-0.99.6.2-unix-username.patch
|
||||||
Patch92: pam-0.99.6.2-selinux-select-context.patch
|
Patch92: pam-0.99.6.2-selinux-select-context.patch
|
||||||
Patch100: pam-0.99.6.2-reconf.patch
|
Patch100: pam-0.99.6.2-reconf.patch
|
||||||
|
Patch101: pam-0.99.6.2-selinux-namespace.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-root
|
BuildRoot: %{_tmppath}/%{name}-root
|
||||||
Requires: cracklib, cracklib-dicts >= 2.8
|
Requires: cracklib, cracklib-dicts >= 2.8
|
||||||
@ -110,6 +111,7 @@ cp %{SOURCE7} .
|
|||||||
%patch92 -p1 -b .select-context
|
%patch92 -p1 -b .select-context
|
||||||
|
|
||||||
%patch100 -p1 -b .reconf
|
%patch100 -p1 -b .reconf
|
||||||
|
%patch101 -p1 -b .selinux-namespace
|
||||||
#autoreconf
|
#autoreconf
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -386,6 +388,13 @@ fi
|
|||||||
%doc doc/adg/*.txt doc/adg/html
|
%doc doc/adg/*.txt doc/adg/html
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-7
|
||||||
|
- Fix selection of role
|
||||||
|
|
||||||
|
* Thu Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 0.99.6.2-6
|
||||||
|
- Fix pam_namespace to only change MLS componant
|
||||||
|
Resolves: Bug #216184
|
||||||
|
|
||||||
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-5
|
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> 0.99.6.2-5
|
||||||
- add select-context option to pam_selinux (#213812)
|
- add select-context option to pam_selinux (#213812)
|
||||||
- autoreconf won't work with autoconf-2.61 as configure.in is not yet adjusted
|
- autoreconf won't work with autoconf-2.61 as configure.in is not yet adjusted
|
||||||
|
Loading…
Reference in New Issue
Block a user