rpms/pam/devel pam-0.99.5.0-selinux-keycreate.patch, NONE, 1.1 pam.spec, 1.129, 1.130
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Aug 10 20:26:56 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/pam/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5693
Modified Files:
pam.spec
Added Files:
pam-0.99.5.0-selinux-keycreate.patch
Log Message:
* Thu Aug 10 2006 Dan Walsh <dwalsh at redhat.com> 0.99.5.0-8
- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
pam-0.99.5.0-selinux-keycreate.patch:
pam_selinux.c | 20 ++++++++++++++++++++
1 files changed, 20 insertions(+)
--- NEW FILE pam-0.99.5.0-selinux-keycreate.patch ---
diff -uprN Linux-PAM-0.99.4.0.orig/modules/pam_selinux/pam_selinux.c Linux-PAM-0.99.4.0.keycreate/modules/pam_selinux/pam_selinux.c
--- Linux-PAM-0.99.4.0.orig/modules/pam_selinux/pam_selinux.c 2006-06-22 10:11:05.000000000 -0400
+++ Linux-PAM-0.99.4.0.keycreate/modules/pam_selinux/pam_selinux.c 2006-06-22 10:17:55.000000000 -0400
@@ -390,6 +390,26 @@ pam_sm_open_session(pam_handle_t *pamh,
pam_syslog(pamh, LOG_NOTICE, "set %s security context to %s",
(const char *)username, user_context);
}
+ ret = setkeycreatecon(user_context);
+ if (ret==0 && verbose) {
+ char msg[PATH_MAX];
+ snprintf(msg, sizeof(msg),
+ _("Key Creation Context %s Assigned"), user_context);
+ verbose_message(pamh, msg, debug);
+ }
+ if (ret) {
+ pam_syslog(pamh, LOG_ERR,
+ "Error! Unable to set %s key creation context %s.",
+ (const char *)username, user_context);
+ if (security_getenforce() == 1) {
+ freecon(user_context);
+ return PAM_AUTH_ERR;
+ }
+ } else {
+ if (debug)
+ pam_syslog(pamh, LOG_NOTICE, "set %s key creation context to %s",
+ (const char *)username, user_context);
+ }
freecon(user_context);
return PAM_SUCCESS;
Index: pam.spec
===================================================================
RCS file: /cvs/dist/rpms/pam/devel/pam.spec,v
retrieving revision 1.129
retrieving revision 1.130
diff -u -r1.129 -r1.130
--- pam.spec 10 Aug 2006 13:34:26 -0000 1.129
+++ pam.spec 10 Aug 2006 20:26:54 -0000 1.130
@@ -11,7 +11,7 @@
Summary: A security tool which provides authentication for applications
Name: pam
Version: 0.99.5.0
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPL or BSD
Group: System Environment/Base
Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@@ -41,6 +41,7 @@
Patch89: pam-0.99.5.0-keyinit-revoke-user.patch
Patch90: pam-0.99.5.0-namespace-init.patch
Patch91: pam-0.99.5.0-succif-unknown-user.patch
+Patch92: pam-0.99.5.0-selinux-keycreate.patch
BuildRoot: %{_tmppath}/%{name}-root
Requires: cracklib, cracklib-dicts >= 2.8
@@ -109,6 +110,7 @@
%patch89 -p1 -b .revoke-user
%patch90 -p1 -b .namespace-init
%patch91 -p1 -b .unknown-user
+%patch92 -p1 -b .keycreate
for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
@@ -375,6 +377,9 @@
%{_libdir}/libpam_misc.so
%changelog
+* Thu Aug 10 2006 Dan Walsh <dwalsh at redhat.com> 0.99.5.0-8
+- Add new setkeycreatecon call to pam_selinux to make sure keyring has correct context
+
* Thu Aug 10 2006 Tomas Mraz <tmraz at redhat.com> 0.99.5.0-7
- revoke keyrings properly when pam_keyinit called as root (#201048)
- pam_succeed_if should return PAM_USER_UNKNOWN when getpwnam fails (#197748)
More information about the fedora-cvs-commits
mailing list