policycoreutils/policycoreutils-rhat.patch
Daniel J Walsh af6aa62ce9 * Tue Jun 14 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-4
- Fix Ivan's patch for user role changes
2005-06-14 17:02:07 +00:00

81 lines
3.7 KiB
Diff

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.23.11/load_policy/load_policy.c
--- nsapolicycoreutils/load_policy/load_policy.c 2005-04-14 07:22:16.000000000 -0400
+++ policycoreutils-1.23.11/load_policy/load_policy.c 2005-05-28 01:25:28.000000000 -0400
@@ -103,7 +103,7 @@
if (errno == ENOENT || errno == EINVAL) {
/* No booleans file or stale booleans in the file; non-fatal. */
if (! quiet)
- fprintf(stderr, _("%s: Warning! Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
+ fprintf(stderr, _("%s: Warning while setting booleans from %s\n"), argv[0], boolpath);
} else {
fprintf(stderr, _("%s: Error while setting booleans from %s: %s\n"), argv[0], boolpath, strerror(errno));
exit(2);
@@ -115,7 +115,7 @@
if (ret) {
/* Possibly ok, as there may be no booleans. */
if (! quiet)
- fprintf(stderr, _("%s: Warning! Error while getting boolean names: %s\n"), argv[0], strerror(errno));
+ fprintf(stderr, _("%s: Warning! unable to get boolean names: %s\n"), argv[0], strerror(errno));
goto load;
}
if (!len)
@@ -137,7 +137,7 @@
if (errno == EINVAL) {
/* Stale booleans in the file; non-fatal. */
if (! quiet)
- fprintf(stderr, _("%s: Warning! Error while setting booleans: %s\n"), argv[0], strerror(errno));
+ fprintf(stderr, _("%s: Warning! Unable to reset all booleans\n"), argv[0]);
} else {
fprintf(stderr, _("%s: Error while setting booleans: %s\n"), argv[0], strerror(errno));
exit(2);
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.23.11/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2005-05-20 13:15:12.000000000 -0400
+++ policycoreutils-1.23.11/newrole/newrole.c 2005-05-28 01:25:28.000000000 -0400
@@ -198,6 +198,11 @@
result = 0; /* user authenticated OK! */
}
+ /* Ask PAM to verify acct_mgmt */
+ if( PAM_SUCCESS != pam_acct_mgmt(pam_handle,0) ) {
+ result = 0; /* user authenticated OK! */
+ }
+
/* We're done with PAM. Free `pam_handle'. */
pam_end( pam_handle, PAM_SUCCESS );
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-1.23.11/scripts/genhomedircon
--- nsapolicycoreutils/scripts/genhomedircon 2005-04-14 07:22:16.000000000 -0400
+++ policycoreutils-1.23.11/scripts/genhomedircon 2005-06-14 13:01:12.000000000 -0400
@@ -357,16 +357,22 @@
return udict
def getHomeDirContext(self, user, home, role):
- ret="\n\n#\n# Context for user %s\n#\n\n" % user
+ ret="\n\n#\n# Home Context for user %s\n#\n\n" % user
rc=commands.getstatusoutput("grep '^HOME_DIR' %s | sed -e 's|HOME_DIR|%s|' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), home, role, user))
return ret + rc[1] + "\n"
+ def getUserContext(self, user, sel_user, role):
+ ret="\n\n#\n# Other Context for user %s\n#\n\n" % user
+ rc=commands.getstatusoutput("grep 'USER' %s | sed -e 's/USER/%s/' -e 's/ROLE/%s/' -e 's/system_u/%s/'" % (self.getHomeDirTemplate(), user, role, sel_user))
+ return ret + rc[1] + "\n"
+
def genHomeDirContext(self):
users = self.getUsers()
ret=""
# Fill in HOME and ROLE for users that are defined
for u in users.keys():
ret += self.getHomeDirContext (u, users[u]["home"], users[u]["role"])
+ ret += self.getUserContext (u, u, users[u]["role"])
return ret+"\n"
def checkExists(self, home):
@@ -429,6 +435,7 @@
for h in self.getHomeDirs():
ret += self.getHomeDirContext ("user_u" , h+'/[^/]*', "user")
ret += self.getHomeRootContext(h)
+ ret += self.getUserContext(".*", "user_u", "user") + "\n"
ret += self.genHomeDirContext()
return ret