af6aa62ce9
- Fix Ivan's patch for user role changes
81 lines
3.7 KiB
Diff
81 lines
3.7 KiB
Diff
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c
|
|
--- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400
|
|
+++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-28 01:25:28.000000000 -0400
|
|
@@ -103,7 +103,7 @@
|
|
if (errno == ENOENT || errno == EINVAL) {
|
|
/* No booleans file or stale booleans in the file; non-fatal. */
|
|
if (! quiet)
|
|
- fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
|
|
+ fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath);
|
|
} else {
|
|
fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
|
|
exit(2);
|
|
@@ -115,7 +115,7 @@
|
|
if (ret) {
|
|
/* Possibly ok, as there may be no booleans. */
|
|
if (! quiet)
|
|
- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno));
|
|
+ fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno));
|
|
goto load;
|
|
}
|
|
if (!len)
|
|
@@ -137,7 +137,7 @@
|
|
if (errno == EINVAL) {
|
|
/* Stale booleans in the file; non-fatal. */
|
|
if (! quiet)
|
|
- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno));
|
|
+ fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]);
|
|
} else {
|
|
fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno));
|
|
exit(2);
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c
|
|
--- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400
|
|
+++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-28 01:25:28.000000000 -0400
|
|
@@ -198,6 +198,11 @@
|
|
result = 0; /* user authenticated OK! */
|
|
}
|
|
|
|
+ /* Ask PAM to verify acct_mgmt */
|
|
+ if( PAM_SUCCESS != pam_acct_mgmt(pam_handle,0) ) {
|
|
+ result = 0; /* user authenticated OK! */
|
|
+ }
|
|
+
|
|
/* We're done with PAM. Free `pam_handle'. */
|
|
pam_end( pam_handle, PAM_SUCCESS );
|
|
|
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.23.11/scripts/genhomedircon
|
|
--- nsapolicycoreutils/scripts/genhomedircon 2005-04-14 07:22:16.000000000 -0400
|
|
+++ policycoreutils-1.23.11/scripts/genhomedircon 2005-06-14 13:01:12.000000000 -0400
|
|
@@ -357,16 +357,22 @@
|
|
return udict
|
|
|
|
def getHomeDirContext(self, user, home, role):
|
|
- ret="\n\n#\n# Context for user %s\n#\n\n" % user
|
|
+ ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
|
|
rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
|
|
return ret + rc[1] + "\n"
|
|
|
|
+ def getUserContext(self, user, sel_user, role):
|
|
+ ret="\n\n#\n# Other Context for user %s\n#\n\n" % user
|
|
+ rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))
|
|
+ return ret + rc[1] + "\n"
|
|
+
|
|
def genHomeDirContext(self):
|
|
users = self.getUsers()
|
|
ret=""
|
|
# Fill in HOME and ROLE for users that are defined
|
|
for u in users.keys():
|
|
ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"])
|
|
+ ret += self.getUserContext (u, u, users[u]["role"])
|
|
return ret+"\n"
|
|
|
|
def checkExists(self, home):
|
|
@@ -429,6 +435,7 @@
|
|
for h in self.getHomeDirs():
|
|
ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user")
|
|
ret += self.getHomeRootContext(h)
|
|
+ ret += self.getUserContext(".*", "user_u", "user") + "\n"
|
|
ret += self.genHomeDirContext()
|
|
return ret
|
|
|