858c76dcd3
- do not fail if btmp file is corrupted (#906852) - fix strict aliasing warnings in build - UsrMove - use authtok_type with pam_pwquality in system-auth - remove manual_context handling from pam_selinux (#876976) - other minor specfile cleanups
98 lines
2.8 KiB
Diff
98 lines
2.8 KiB
Diff
diff -up Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c.manualctx Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c
|
|
--- Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c.manualctx 2012-09-03 15:23:21.000000000 +0200
|
|
+++ Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c 2012-11-30 21:03:40.000000000 +0100
|
|
@@ -161,81 +161,6 @@ query_response (pam_handle_t *pamh, cons
|
|
return rc;
|
|
}
|
|
|
|
-static security_context_t
|
|
-manual_context (pam_handle_t *pamh, const char *user, int debug)
|
|
-{
|
|
- security_context_t newcon=NULL;
|
|
- context_t new_context;
|
|
- int mls_enabled = is_selinux_mls_enabled();
|
|
- char *type=NULL;
|
|
- char *response=NULL;
|
|
-
|
|
- while (1) {
|
|
- if (query_response(pamh,
|
|
- _("Would you like to enter a security context? [N] "), NULL,
|
|
- &response, debug) != PAM_SUCCESS)
|
|
- return NULL;
|
|
-
|
|
- if ((response[0] == 'y') || (response[0] == 'Y'))
|
|
- {
|
|
- if (mls_enabled)
|
|
- new_context = context_new ("user:role:type:level");
|
|
- else
|
|
- new_context = context_new ("user:role:type");
|
|
-
|
|
- if (!new_context)
|
|
- goto fail_set;
|
|
-
|
|
- if (context_user_set (new_context, user))
|
|
- goto fail_set;
|
|
-
|
|
- _pam_drop(response);
|
|
- /* Allow the user to enter each field of the context individually */
|
|
- if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS &&
|
|
- response[0] != '\0') {
|
|
- if (context_role_set (new_context, response))
|
|
- goto fail_set;
|
|
- if (get_default_type(response, &type))
|
|
- goto fail_set;
|
|
- if (context_type_set (new_context, type))
|
|
- goto fail_set;
|
|
- _pam_drop(type);
|
|
- }
|
|
- _pam_drop(response);
|
|
-
|
|
- if (mls_enabled)
|
|
- {
|
|
- if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS &&
|
|
- response[0] != '\0') {
|
|
- if (context_range_set (new_context, response))
|
|
- goto fail_set;
|
|
- }
|
|
- _pam_drop(response);
|
|
- }
|
|
-
|
|
- /* Get the string value of the context and see if it is valid. */
|
|
- if (!security_check_context(context_str(new_context))) {
|
|
- newcon = strdup(context_str(new_context));
|
|
- context_free (new_context);
|
|
- return newcon;
|
|
- }
|
|
- else
|
|
- send_text(pamh,_("Not a valid security context"),debug);
|
|
-
|
|
- context_free (new_context);
|
|
- }
|
|
- else {
|
|
- _pam_drop(response);
|
|
- return NULL;
|
|
- }
|
|
- } /* end while */
|
|
- fail_set:
|
|
- free(type);
|
|
- _pam_drop(response);
|
|
- context_free (new_context);
|
|
- return NULL;
|
|
-}
|
|
-
|
|
static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug)
|
|
{
|
|
struct av_decision avd;
|
|
@@ -606,11 +531,6 @@ compute_exec_context(pam_handle_t *pamh,
|
|
data->exec_context = context_from_env(pamh, data->default_user_context,
|
|
env_params, use_current_range,
|
|
debug);
|
|
- } else {
|
|
- if (seuser) {
|
|
- data->exec_context = manual_context(pamh, seuser, debug);
|
|
- free(seuser);
|
|
- }
|
|
}
|
|
|
|
if (!data->exec_context) {
|