Attachment 645623 Details for Bug 876976 – Would like to get this into RHEL7 and F18 when we are confident it does not break anything

[patch] Would like to get this into RHEL7 and F18 when we are confident it does not break anything

pam_remove_manual_context.patch (text/plain), 2.84 KB, created by Daniel Walsh on 2012-11-15 12:49:40 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Walsh

Created: 2012-11-15 12:49:40 UTC

Size: 2.84 KB

patch

obsolete

>diff -up Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c.selinux Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c
>--- Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c.selinux	2012-11-14 16:53:04.840755400 -0500
>+++ Linux-PAM-1.1.6/modules/pam_selinux/pam_selinux.c	2012-11-15 07:28:23.841813021 -0500
>@@ -161,81 +161,6 @@ query_response (pam_handle_t *pamh, cons
>   return rc;
> }
> 
>-static security_context_t
>-manual_context (pam_handle_t *pamh, const char *user, int debug)
>-{
>-  security_context_t newcon=NULL;
>-  context_t new_context;
>-  int mls_enabled = is_selinux_mls_enabled();
>-  char *type=NULL;
>-  char *response=NULL;
>-
>-  while (1) {
>-    if (query_response(pamh,
>-		   _("Would you like to enter a security context? [N] "), NULL,
>-		   &response, debug) != PAM_SUCCESS)
>-	return NULL;
>-
>-    if ((response[0] == 'y') || (response[0] == 'Y'))
>-      {
>-	if (mls_enabled)
>-	  new_context = context_new ("user:role:type:level");
>-	else
>-	  new_context = context_new ("user:role:type");
>-
>-	if (!new_context)
>-              goto fail_set;
>-
>-	if (context_user_set (new_context, user))
>-              goto fail_set;
>-
>-	_pam_drop(response);
>-	/* Allow the user to enter each field of the context individually */
>-	if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS &&
>-	    response[0] != '\0') {
>-	   if (context_role_set (new_context, response))
>-              goto fail_set;
>-	   if (get_default_type(response, &type))
>-              goto fail_set;
>-	   if (context_type_set (new_context, type))
>-              goto fail_set;
>-	   _pam_drop(type);
>-	}
>-	_pam_drop(response);
>-
>-	if (mls_enabled)
>-	  {
>-	    if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS &&
>-		response[0] != '\0') {
>-	      if (context_range_set (new_context, response))
>-		goto fail_set;
>-	    }
>-	    _pam_drop(response);
>-	  }
>-
>-	/* Get the string value of the context and see if it is valid. */
>-	if (!security_check_context(context_str(new_context))) {
>-	  newcon = strdup(context_str(new_context));
>-	  context_free (new_context);
>-	  return newcon;
>-	}
>-	else
>-	  send_text(pamh,_("Not a valid security context"),debug);
>-
>-        context_free (new_context);
>-      }
>-    else {
>-      _pam_drop(response);
>-      return NULL;
>-    }
>-  } /* end while */
>- fail_set:
>-  free(type);
>-  _pam_drop(response);
>-  context_free (new_context);
>-  return NULL;
>-}
>-
> static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug)
> {
>   struct av_decision avd;
>@@ -606,11 +531,6 @@ compute_exec_context(pam_handle_t *pamh,
>       data->exec_context = context_from_env(pamh, data->default_user_context,
> 					    env_params, use_current_range,
> 					    debug);
>-  } else {
>-    if (seuser) {
>-      data->exec_context = manual_context(pamh, seuser, debug);
>-      free(seuser);
>-    }
>   }
> 
>   if (!data->exec_context) {

Actions: View | Diff

Attachments on bug 876976: 645623