rpms/pam/FC-6 pam-0.99.6.2-selinux-select-context.patch, 1.2, 1.3 pam.spec, 1.136, 1.137

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Feb 22 16:48:56 UTC 2007 

Author: tmraz

Update of /cvs/dist/rpms/pam/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv4089

Modified Files:
	pam-0.99.6.2-selinux-select-context.patch pam.spec 
Log Message:
* Thu Feb 22 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.16
- pam_selinux in some cases did not set the context (#229039)


pam-0.99.6.2-selinux-select-context.patch:
 pam_selinux.8.xml |   14 ++
 pam_selinux.c     |  290 ++++++++++++++++++++++++++++++++++++++++++++----------
 2 files changed, 254 insertions(+), 50 deletions(-)

Index: pam-0.99.6.2-selinux-select-context.patch
===================================================================
RCS file: /cvs/dist/rpms/pam/FC-6/pam-0.99.6.2-selinux-select-context.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- pam-0.99.6.2-selinux-select-context.patch	5 Feb 2007 19:19:42 -0000	1.2
+++ pam-0.99.6.2-selinux-select-context.patch	22 Feb 2007 16:48:54 -0000	1.3
@@ -1,5 +1,5 @@
---- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context	2006-12-27 10:59:06.000000000 -0500
-+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml	2006-12-27 10:59:06.000000000 -0500
+--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml.select-context	2007-02-21 20:38:10.000000000 +0100
++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.8.xml	2007-02-21 20:38:11.000000000 +0100
 @@ -33,6 +33,9 @@
        <arg choice="opt">
  	verbose
@@ -28,8 +28,8 @@
      </variablelist>
    </refsect1>
  
---- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context	2006-12-27 10:59:06.000000000 -0500
-+++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c	2007-01-03 16:06:21.000000000 -0500
+--- Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c.select-context	2007-02-21 20:38:10.000000000 +0100
++++ Linux-PAM-0.99.6.2/modules/pam_selinux/pam_selinux.c	2007-02-21 20:44:01.000000000 +0100
 @@ -63,9 +63,64 @@
  #include <selinux/selinux.h>
  #include <selinux/get_context_list.h>
@@ -360,7 +360,7 @@
                     username == NULL) {
      return PAM_USER_UNKNOWN;
    }
-@@ -319,19 +485,38 @@
+@@ -319,19 +485,39 @@
  							     &contextlist);
  	  if (debug)
  		  pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User = %s Level= %s",
@@ -378,6 +378,7 @@
 +	  pam_syslog(pamh, LOG_ERR, _("Out of memory"));
 +          return PAM_AUTH_ERR;
 +    }
++    user_context = default_user_context;
 +    if (select_context && has_tty) {
 +      user_context = config_context(pamh, default_user_context, debug);
 +      if (user_context == NULL) {
@@ -404,7 +405,7 @@
          if (security_getenforce() == 1)
            return PAM_AUTH_ERR;
          else
-@@ -340,7 +525,7 @@
+@@ -340,7 +526,7 @@
      } else {
          pam_syslog (pamh, LOG_ERR,
  		    "Unable to get valid context for %s, No valid tty",
@@ -413,17 +414,18 @@
          if (security_getenforce() == 1)
            return PAM_AUTH_ERR;
          else
-@@ -371,6 +556,9 @@
+@@ -371,6 +557,10 @@
      ttyn=strdup(tty);
      ttyn_context=security_label_tty(pamh,ttyn,user_context);
    }
 +  send_audit_message(pamh, 1, default_user_context, user_context);
-+  freecon(default_user_context);
-+
++  if (default_user_context != user_context) {
++    freecon(default_user_context);
++  }
    ret = setexeccon(user_context);
    if (ret==0 && verbose) {
      char msg[PATH_MAX];
-@@ -381,7 +569,7 @@
+@@ -381,7 +571,7 @@
    if (ret) {
      pam_syslog(pamh, LOG_ERR,
  	       "Error!  Unable to set %s executable context %s.",
@@ -432,7 +434,7 @@
      if (security_getenforce() == 1) {
         freecon(user_context);
         return PAM_AUTH_ERR;
-@@ -389,7 +577,7 @@
+@@ -389,7 +579,7 @@
    } else {
      if (debug)
        pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
@@ -441,7 +443,7 @@
    }
  #ifdef HAVE_SETKEYCREATECON
    ret = setkeycreatecon(user_context);
-@@ -402,7 +590,7 @@
+@@ -402,7 +592,7 @@
    if (ret) {
      pam_syslog(pamh, LOG_ERR,
  	       "Error!  Unable to set %s key creation context %s.",
@@ -450,7 +452,7 @@
      if (security_getenforce() == 1) {
         freecon(user_context);
         return PAM_AUTH_ERR;
-@@ -410,7 +598,7 @@
+@@ -410,7 +600,7 @@
    } else {
      if (debug)
        pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",


Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/FC-6/pam.spec,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- pam.spec	5 Feb 2007 19:19:42 -0000	1.136
+++ pam.spec	22 Feb 2007 16:48:54 -0000	1.137
@@ -11,7 +11,7 @@
 Summary: A security tool which provides authentication for applications
 Name: pam
 Version: 0.99.6.2
-Release: 3.15%{?dist}
+Release: 3.16%{?dist}
 License: GPL or BSD
 Group: System Environment/Base
 Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -401,6 +401,9 @@
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Thu Feb 22 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.16
+- pam_selinux in some cases did not set the context (#229039)
+
 * Mon Feb 15 2007 Tomas Mraz <tmraz at redhat.com> 0.99.6.2-3.15
 - pam_namespace: unmount poly dir for override users

More information about the fedora-cvs-commits mailing list