Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 290579 Details for
Bug 427098
newrole without tty
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to policycoreutils-1.34.11
newrole_no_tty_4.patch (text/plain), 19.13 KB, created by
Timothy Reed
on 2007-12-31 15:41:43 UTC
(
hide
)
Description:
Patch to policycoreutils-1.34.11
Filename:
MIME Type:
Creator:
Timothy Reed
Created:
2007-12-31 15:41:43 UTC
Size:
19.13 KB
patch
obsolete
>diff -Naur policycoreutils-1.34.11-orig/newrole/newrole.c policycoreutils-1.34.11/newrole/newrole.c >--- policycoreutils-1.34.11-orig/newrole/newrole.c 2007-12-31 10:34:29.000000000 -0500 >+++ policycoreutils-1.34.11/newrole/newrole.c 2007-12-31 10:37:23.000000000 -0500 >@@ -182,15 +182,17 @@ > int pam_rc; /* pam return code */ > const char *tty_name; > >- if (strncmp(ttyn, "/dev/", 5) == 0) >- tty_name = ttyn + 5; >- else >- tty_name = ttyn; >- >- pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name); >- if (pam_rc != PAM_SUCCESS) { >- fprintf(stderr, _("failed to set PAM_TTY\n")); >- goto out; >+ if (ttyn) { >+ if (strncmp(ttyn, "/dev/", 5) == 0) >+ tty_name = ttyn + 5; >+ else >+ tty_name = ttyn; >+ >+ pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name); >+ if (pam_rc != PAM_SUCCESS) { >+ fprintf(stderr, _("failed to set PAM_TTY\n")); >+ goto out; >+ } > } > > /* Ask PAM to authenticate the user running this program */ >@@ -635,6 +637,9 @@ > security_context_t tty_con = NULL; > security_context_t new_tty_con = NULL; > >+ if (!ttyn) >+ return 0; >+ > if (enforcing < 0) { > fprintf(stderr, _("Could not determine enforcing mode.\n")); > return -1; >@@ -703,6 +708,9 @@ > int rc = 0; > security_context_t chk_tty_context = NULL; > >+ if (!ttyn) >+ goto skip_relabel; >+ > if (!new_tty_context) > goto skip_relabel; > >@@ -800,12 +808,16 @@ > "specified\n")); > return -1; > } >- if (fgetfilecon(0, &tty_con) >= 0) { >- if (selinux_check_securetty_context(tty_con) < >- 0) { >- fprintf(stderr, >- _ >- ("Error: you are not allowed to change levels on a non secure terminal\n")); >+ if (ttyn) { >+ if (fgetfilecon(0, &tty_con) >= 0) { >+ if (selinux_check_securetty_context >+ (tty_con) < 0) { >+ fprintf(stderr, >+ _ >+ ("Error: you are not allowed to change levels on a non secure terminal \n")); >+ freecon(tty_con); >+ return -1; >+ } > freecon(tty_con); > return -1; > } >@@ -951,7 +963,7 @@ > > int fd; > pid_t childPid = 0; >- char *shell_argv0 = NULL; >+ char *shell_argv[4]; > > #ifdef USE_PAM > int rc; >@@ -1010,12 +1022,7 @@ > return -1; > } > >- ttyn = ttyname(0); >- if (!ttyn || *ttyn == '\0') { >- fprintf(stderr, >- _("Error! Could not retrieve tty information.\n")); >- return -1; >- } >+ ttyn = ttyname(STDIN_FILENO); > > if (parse_command_line_arguments(argc, argv, ttyn, old_context, > &new_context, &preserve_environment)) >@@ -1127,29 +1134,30 @@ > free(pw.pw_name); > free(pw.pw_dir); > free(pw.pw_shell); >- free(shell_argv0); > return exit_code; > } > > /* CHILD */ > /* Close the tty and reopen descriptors 0 through 2 */ >- if (close(fd) || close(0) || close(1) || close(2)) { >- fprintf(stderr, _("Could not close descriptors.\n")); >- goto err_close_pam; >- } >- fd = open(ttyn, O_RDONLY | O_NONBLOCK); >- if (fd != 0) >- goto err_close_pam; >- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >- fd = open(ttyn, O_RDWR | O_NONBLOCK); >- if (fd != 1) >- goto err_close_pam; >- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >- fd = open(ttyn, O_RDWR | O_NONBLOCK); >- if (fd != 2) >- goto err_close_pam; >- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >+ if (ttyn) { >+ if (close(fd) || close(0) || close(1) || close(2)) { >+ fprintf(stderr, _("Could not close descriptors.\n")); >+ goto err_close_pam; >+ } >+ fd = open(ttyn, O_RDONLY | O_NONBLOCK); >+ if (fd != 0) >+ goto err_close_pam; >+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >+ fd = open(ttyn, O_RDWR | O_NONBLOCK); >+ if (fd != 1) >+ goto err_close_pam; >+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >+ fd = open(ttyn, O_RDWR | O_NONBLOCK); >+ if (fd != 2) >+ goto err_close_pam; >+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); > >+ } > /* > * Step 5: Execute a new shell with the new context in `new_context'. > * >@@ -1158,14 +1166,6 @@ > if (optind < 1) > optind = 1; > >- /* This is ugly, but use newrole's argv for the exec'd shells argv */ >- if (asprintf(&shell_argv0, "-%s", pw.pw_shell) < 0) { >- fprintf(stderr, _("Error allocating shell's argv0.\n")); >- shell_argv0 = NULL; >- goto err_close_pam; >- } >- argv[optind - 1] = shell_argv0; >- > if (setexeccon(new_context)) { > fprintf(stderr, _("Could not set exec context to %s.\n"), > new_context); >@@ -1196,7 +1196,37 @@ > "aborting\n")); > goto err_close_pam_session; > } >- execv(pw.pw_shell, argv + optind - 1); >+ >+ /* >+ * Build up the command line to pass to exec >+ */ >+ asprintf(&shell_argv[0], "%s", pw.pw_shell); >+ >+ /* >+ * If there is a -c in the command line then build the new >+ * command line to the shell >+ */ >+ if (optind < argc) { >+ if (strcmp(argv[optind], "-c") == 0 && optind < (argc - 1)) { >+ asprintf(&shell_argv[1], "%s", argv[optind]); >+ >+ /* >+ * Grab each of the command line args and build ONE >+ * argument out of it. >+ * >+ */ >+ asprintf(&shell_argv[2], "%s", argv[optind + 1]); >+ int k; >+ for (k = optind + 2; k < argc; k++) { >+ asprintf(&shell_argv[2], "%s %s", >+ shell_argv[2], argv[k]); >+ } >+ shell_argv[3] = NULL; >+ } >+ } else >+ shell_argv[1] = NULL; >+ >+ execv(shell_argv[0], shell_argv); > > /* > * Error path cleanup >@@ -1226,6 +1256,5 @@ > free(pw.pw_name); > free(pw.pw_dir); > free(pw.pw_shell); >- free(shell_argv0); > return -1; > } /* main() */ >diff -Naur policycoreutils-1.34.11-orig/newrole/newrole.c~ policycoreutils-1.34.11/newrole/newrole.c~ >--- policycoreutils-1.34.11-orig/newrole/newrole.c~ 2007-02-22 11:08:19.000000000 -0500 >+++ policycoreutils-1.34.11/newrole/newrole.c~ 2007-12-31 10:32:22.000000000 -0500 >@@ -175,22 +175,24 @@ > * program. This is the only function in this program that makes PAM > * calls. > */ >-int authenticate_via_pam(const char *ttyn, pam_handle_t *pam_handle) >+int authenticate_via_pam(const char *ttyn, pam_handle_t * pam_handle) > { > > int result = 0; /* set to 0 (not authenticated) by default */ > int pam_rc; /* pam return code */ > const char *tty_name; > >- if (strncmp(ttyn, "/dev/", 5) == 0) >- tty_name = ttyn + 5; >- else >- tty_name = ttyn; >- >- pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name); >- if (pam_rc != PAM_SUCCESS) { >- fprintf(stderr, _("failed to set PAM_TTY\n")); >- goto out; >+ if (ttyn) { >+ if (strncmp(ttyn, "/dev/", 5) == 0) >+ tty_name = ttyn + 5; >+ else >+ tty_name = ttyn; >+ >+ pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name); >+ if (pam_rc != PAM_SUCCESS) { >+ fprintf(stderr, _("failed to set PAM_TTY\n")); >+ goto out; >+ } > } > > /* Ask PAM to authenticate the user running this program */ >@@ -245,7 +247,7 @@ > endspent(); > if (!(p_shadow_line)) { > fprintf(stderr, _("Cannot find your entry in the shadow " >- "passwd file.\n")); >+ "passwd file.\n")); > return 0; > } > >@@ -272,7 +274,7 @@ > int found = 0; > const char *buf; > >- if (! (shell_name && shell_name[0])) >+ if (!(shell_name && shell_name[0])) > return found; > > while ((buf = getusershell()) != NULL) { >@@ -327,7 +329,7 @@ > pw->pw_dir = strdup(pw->pw_dir); > pw->pw_shell = strdup(pw->pw_shell); > >- if (! (pw->pw_name && pw->pw_dir && pw->pw_shell)) { >+ if (!(pw->pw_name && pw->pw_dir && pw->pw_shell)) { > fprintf(stderr, _("Out of memory!\n")); > goto out_free; > } >@@ -338,7 +340,7 @@ > } > return 0; > >-out_free: >+ out_free: > free(pw->pw_name); > free(pw->pw_dir); > free(pw->pw_shell); >@@ -361,8 +363,8 @@ > char const *term_env; > char const *display_env; > char const *xauthority_env; >- char *term = NULL; /* temporary container */ >- char *display = NULL; /* temporary container */ >+ char *term = NULL; /* temporary container */ >+ char *display = NULL; /* temporary container */ > char *xauthority = NULL; /* temporary container */ > int rc; > >@@ -383,7 +385,7 @@ > if (xauthority_env) > xauthority = strdup(xauthority_env); > if ((term_env && !term) || (display_env && !display) || >- (xauthority_env && !xauthority)) { >+ (xauthority_env && !xauthority)) { > rc = -1; > goto out; > } >@@ -406,7 +408,7 @@ > rc |= setenv("USER", pw->pw_name, 1); > rc |= setenv("LOGNAME", pw->pw_name, 1); > rc |= setenv("PATH", DEFAULT_PATH, 1); >-out: >+ out: > free(term); > free(display); > free(xauthority); >@@ -481,7 +483,7 @@ > _("Error dropping SETUID capability, aborting\n")); > goto out; > } >-out: >+ out: > if (cap_free(tmp_caps) || cap_free(new_caps)) > fprintf(stderr, _("Error freeing caps\n")); > return rc; >@@ -505,8 +507,9 @@ > int rc = 0; > cap_t new_caps; > cap_value_t cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, >- CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN, >- CAP_DAC_OVERRIDE }; >+ CAP_SYS_ADMIN, CAP_FOWNER, CAP_CHOWN, >+ CAP_DAC_OVERRIDE >+ }; > > if (!getuid()) > return 0; >@@ -535,7 +538,7 @@ > fprintf(stderr, _("Error dropping capabilities, aborting\n")); > goto out; > } >-out: >+ out: > if (cap_free(new_caps)) > fprintf(stderr, _("Error freeing caps\n")); > return rc; >@@ -626,21 +629,24 @@ > * in permissive mode. > */ > static int relabel_tty(const char *ttyn, security_context_t new_context, >- security_context_t *tty_context, >- security_context_t *new_tty_context) >+ security_context_t * tty_context, >+ security_context_t * new_tty_context) > { > int fd; > int enforcing = security_getenforce(); > security_context_t tty_con = NULL; > security_context_t new_tty_con = NULL; > >+ if (!ttyn) >+ return 0; >+ > if (enforcing < 0) { > fprintf(stderr, _("Could not determine enforcing mode.\n")); > return -1; > } > > /* Re-open TTY descriptor */ >- fd = open(ttyn, O_RDWR|O_NONBLOCK); >+ fd = open(ttyn, O_RDWR | O_NONBLOCK); > if (fd < 0) { > fprintf(stderr, _("Error! Could not open %s.\n"), ttyn); > return fd; >@@ -649,7 +655,7 @@ > > if (fgetfilecon(fd, &tty_con) < 0) { > fprintf(stderr, _("%s! Could not get current context " >- "for %s, not relabeling tty.\n"), >+ "for %s, not relabeling tty.\n"), > enforcing ? "Error" : "Warning", ttyn); > if (enforcing) > goto close_fd; >@@ -658,8 +664,8 @@ > if (tty_con && > (security_compute_relabel(new_context, tty_con, > SECCLASS_CHR_FILE, &new_tty_con) < 0)) { >- fprintf(stderr, _("%s! Could not get new context for %s, " >- "not relabeling tty.\n"), >+ fprintf(stderr, _("%s! Could not get new context for %s, " >+ "not relabeling tty.\n"), > enforcing ? "Error" : "Warning", ttyn); > if (enforcing) > goto close_fd; >@@ -680,7 +686,7 @@ > *new_tty_context = new_tty_con; > return fd; > >-close_fd: >+ close_fd: > freecon(tty_con); > close(fd); > return -1; >@@ -702,6 +708,9 @@ > int rc = 0; > security_context_t chk_tty_context = NULL; > >+ if (!ttyn) >+ goto skip_relabel; >+ > if (!new_tty_context) > goto skip_relabel; > >@@ -719,7 +728,7 @@ > if ((rc = fsetfilecon(fd, tty_context)) < 0) > fprintf(stderr, > _("Warning! Could not restore context for %s\n"), ttyn); >-skip_relabel: >+ skip_relabel: > freecon(chk_tty_context); > return rc; > } >@@ -735,7 +744,7 @@ > */ > static int parse_command_line_arguments(int argc, char **argv, char *ttyn, > security_context_t old_context, >- security_context_t *new_context, >+ security_context_t * new_context, > int *preserve_environment) > { > int flag_index; /* flag index in argv[] */ >@@ -747,7 +756,7 @@ > char *range_ptr = NULL; > security_context_t new_con = NULL; > security_context_t tty_con = NULL; >- context_t context = NULL; /* manipulatable form of new_context */ >+ context_t context = NULL; /* manipulatable form of new_context */ > const struct option long_options[] = { > {"role", 1, 0, 'r'}, > {"type", 1, 0, 't'}, >@@ -791,17 +800,24 @@ > case 'l': > if (!is_selinux_mls_enabled()) { > fprintf(stderr, _("Sorry, -l may be used with " >- "SELinux MLS support.\n")); >+ "SELinux MLS support.\n")); > return -1; > } > if (level_s) { > fprintf(stderr, _("Error: multiple levels " >- "specified\n")); >+ "specified\n")); > return -1; > } >- if (fgetfilecon(0,&tty_con) >= 0) { >- if (selinux_check_securetty_context(tty_con) < 0) { >- fprintf(stderr, _("Error: you are not allowed to change levels on a non secure terminal\n")); >+ if (ttyn) { >+ if (fgetfilecon(0, &tty_con) >= 0) { >+ if (selinux_check_securetty_context >+ (tty_con) < 0) { >+ fprintf(stderr, >+ _ >+ ("Error: you are not allowed to change levels on a non secure terminal \n")); >+ freecon(tty_con); >+ return -1; >+ } > freecon(tty_con); > return -1; > } >@@ -824,7 +840,7 @@ > > /* Fill in a default type if one hasn't been specified. */ > if (role_s && !type_s) { >- /* get_default_type() returns malloc'd memory */ >+ /* get_default_type() returns malloc'd memory */ > if (get_default_type(role_s, &type_ptr)) { > fprintf(stderr, _("Couldn't get default type.\n")); > send_audit_message(0, old_context, new_con, ttyn); >@@ -856,7 +872,8 @@ > } > > if (level_s) { >- range_ptr = build_new_range(level_s,context_range_get(context)); >+ range_ptr = >+ build_new_range(level_s, context_range_get(context)); > if (!range_ptr) { > fprintf(stderr, > _("failed to build new range with level %s\n"), >@@ -893,7 +910,7 @@ > context_free(context); > return 0; > >-err_free: >+ err_free: > free(type_ptr); > free(range_ptr); > /* Don't free new_con, context_free(context) handles this */ >@@ -936,7 +953,7 @@ > security_context_t new_context = NULL; /* target security context */ > security_context_t old_context = NULL; /* original securiy context */ > security_context_t tty_context = NULL; /* current context of tty */ >- security_context_t new_tty_context = NULL; /* new context of tty */ >+ security_context_t new_tty_context = NULL; /* new context of tty */ > > struct passwd pw; /* struct derived from passwd file line */ > char *ttyn = NULL; /* tty path */ >@@ -946,12 +963,12 @@ > > int fd; > pid_t childPid = 0; >- char *shell_argv0 = NULL; >+ char *shell_argv[4]; > > #ifdef USE_PAM > int rc; >- int pam_status; /* pam return code */ >- pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ >+ int pam_status; /* pam return code */ >+ pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ > > /* This is a jump table of functions for PAM to use when it wants to * > * communicate with the user. We'll be using misc_conv(), which is * >@@ -985,7 +1002,7 @@ > > if (!is_selinux_enabled()) { > fprintf(stderr, _("Sorry, newrole may be used only on " >- "a SELinux kernel.\n")); >+ "a SELinux kernel.\n")); > return -1; > } > >@@ -1005,13 +1022,14 @@ > return -1; > } > >- ttyn = ttyname(0); >- if (!ttyn || *ttyn == '\0') { >- fprintf(stderr, >- _("Error! Could not retrieve tty information.\n")); >- return -1; >- } >- >+ ttyn = ttyname(STDIN_FILENO); >+ /* >+ if (!ttyn || *ttyn == '\0') >+ { >+ fprintf(stderr, >+ _("Warning! Could not retrieve tty information.\n")); >+ } >+ */ > if (parse_command_line_arguments(argc, argv, ttyn, old_context, > &new_context, &preserve_environment)) > return -1; >@@ -1105,7 +1123,7 @@ > } > #ifdef USE_PAM > #ifdef NAMESPACE_PRIV >- pam_status = pam_close_session(pam_handle,0); >+ pam_status = pam_close_session(pam_handle, 0); > if (pam_status != PAM_SUCCESS) { > fprintf(stderr, "pam_close_session failed with %s\n", > pam_strerror(pam_handle, pam_status)); >@@ -1122,29 +1140,30 @@ > free(pw.pw_name); > free(pw.pw_dir); > free(pw.pw_shell); >- free(shell_argv0); > return exit_code; > } > > /* CHILD */ > /* Close the tty and reopen descriptors 0 through 2 */ >- if (close(fd) || close(0) || close(1) || close(2)) { >- fprintf(stderr, _("Could not close descriptors.\n")); >- goto err_close_pam; >- } >- fd = open(ttyn, O_RDONLY|O_NONBLOCK); >- if (fd != 0) >- goto err_close_pam; >- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >- fd = open(ttyn, O_RDWR|O_NONBLOCK); >- if (fd != 1) >- goto err_close_pam; >- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >- fd = open(ttyn, O_RDWR|O_NONBLOCK); >- if (fd != 2) >- goto err_close_pam; >- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >+ if (ttyn) { >+ if (close(fd) || close(0) || close(1) || close(2)) { >+ fprintf(stderr, _("Could not close descriptors.\n")); >+ goto err_close_pam; >+ } >+ fd = open(ttyn, O_RDONLY | O_NONBLOCK); >+ if (fd != 0) >+ goto err_close_pam; >+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >+ fd = open(ttyn, O_RDWR | O_NONBLOCK); >+ if (fd != 1) >+ goto err_close_pam; >+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); >+ fd = open(ttyn, O_RDWR | O_NONBLOCK); >+ if (fd != 2) >+ goto err_close_pam; >+ fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); > >+ } > /* > * Step 5: Execute a new shell with the new context in `new_context'. > * >@@ -1153,23 +1172,14 @@ > if (optind < 1) > optind = 1; > >- /* This is ugly, but use newrole's argv for the exec'd shells argv */ >- if (asprintf(&shell_argv0, "-%s", pw.pw_shell) < 0) { >- fprintf(stderr, _("Error allocating shell's argv0.\n")); >- shell_argv0 = NULL; >- goto err_close_pam; >- } >- argv[optind-1] = shell_argv0; >- > if (setexeccon(new_context)) { > fprintf(stderr, _("Could not set exec context to %s.\n"), > new_context); > goto err_close_pam; > } >- > #ifdef NAMESPACE_PRIV > /* Ask PAM to setup session for user running this program */ >- pam_status = pam_open_session(pam_handle,0); >+ pam_status = pam_open_session(pam_handle, 0); > if (pam_status != PAM_SUCCESS) { > fprintf(stderr, "pam_open_session failed with %s\n", > pam_strerror(pam_handle, pam_status)); >@@ -1189,32 +1199,65 @@ > /* Handle environment changes */ > if (restore_environment(preserve_environment, old_environ, &pw)) { > fprintf(stderr, _("Unable to restore the environment, " >- "aborting\n")); >+ "aborting\n")); > goto err_close_pam_session; > } >- execv(pw.pw_shell, argv + optind - 1); > >+ /* >+ * Build up the command line to pass to exec >+ */ >+ asprintf(&shell_argv[0], "%s", pw.pw_shell); >+ >+ /* >+ * If there is a -c in the command line then build the new >+ * command line to the shell >+ */ >+ if (optind < argc) { >+ if (strcmp(argv[optind], "-c") == 0 && optind < (argc - 1)) { >+ asprintf(&shell_argv[1], "%s", argv[optind]); >+ >+ /* >+ * Grab each of the command line args and build ONE >+ * argument out of it. >+ * >+ */ >+ asprintf(&shell_argv[2], "%s", argv[optind + 1]); >+ fprintf(stderr, "argv(%s}\n", shell_argv[2]); >+ int k; >+ for (k = optind + 2; k < argc; k++) { >+ asprintf(&shell_argv[2], "%s %s", shell_argv[2], >+ argv[k]); >+ fprintf(stderr, "argv(%s}\n", shell_argv[2]); >+ } >+ shell_argv[3] = NULL; >+ } >+ } else >+ shell_argv[1] = NULL; >+ >+ execv(shell_argv[0], shell_argv); >+ >+ fprintf(stderr, "Shell Exited"); > /* > * Error path cleanup > * > * If we reach here, then we failed to exec the new shell. > */ > perror(_("failed to exec shell\n")); >-err_close_pam_session: >+ err_close_pam_session: > #ifdef NAMESPACE_PRIV >- pam_status = pam_close_session(pam_handle,0); >- if(pam_status != PAM_SUCCESS) >+ pam_status = pam_close_session(pam_handle, 0); >+ if (pam_status != PAM_SUCCESS) > fprintf(stderr, "pam_close_session failed with %s\n", > pam_strerror(pam_handle, pam_status)); > #endif >-err_close_pam: >+ err_close_pam: > #ifdef USE_PAM > rc = pam_end(pam_handle, pam_status); > if (rc != PAM_SUCCESS) > fprintf(stderr, "pam_end failed with %s\n", > pam_strerror(pam_handle, rc)); > #endif >-err_free: >+ err_free: > freecon(tty_context); > freecon(new_tty_context); > freecon(old_context); >@@ -1222,6 +1265,5 @@ > free(pw.pw_name); > free(pw.pw_dir); > free(pw.pw_shell); >- free(shell_argv0); > return -1; > } /* main() */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 427098
: 290579