Revert "Revert "Add a pam module to set smack label (PTREL-549)""

This reverts commit 142edb7e2cedd356549de84d1bbbe088bf118b5b.

Change-Id: I2a083a1843f2ca792b470d604a601be5a5f6a6b7

diff --git a/configure.in b/configure.in
index ae762a2..2749f0c 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -498,6 +498,9 @@ if test ! -z "$LIBSELINUX" ; then
     LIBS=$BACKUP_LIBS
 fi
 
+dnl hacks for pam_smack
+PKG_CHECK_MODULES([LIBSMACK], [libsmack])
+
 dnl Checks for header files.
 AC_HEADER_DIRENT
 AC_HEADER_STDC
@@ -625,6 +628,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile
        modules/pam_unix/Makefile modules/pam_userdb/Makefile \
        modules/pam_warn/Makefile modules/pam_wheel/Makefile \
        modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
+       modules/pam_smack/Makefile \
        doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
        doc/mwg/Makefile examples/Makefile tests/Makefile \
        xtests/Makefile])

diff --git a/modules/Makefile.am b/modules/Makefile.am
index 0c80cea..885a4ad 100644 (file)
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -11,7 +11,7 @@ SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
        pam_selinux pam_sepermit pam_shells pam_stress \
        pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
        pam_tty_audit pam_umask \
-       pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+       pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_smack
 
 CLEANFILES = *~
 

diff --git a/modules/pam_smack/Makefile.am b/modules/pam_smack/Makefile.am
new file mode 100644 (file)
index 0000000..4a415d9
--- /dev/null
+++ b/modules/pam_smack/Makefile.am
@@ -0,0 +1,11 @@
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include @LIBSMACK_CFLAGS@
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+securelib_LTLIBRARIES = pam_smack.la
+pam_smack_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSMACK_LIBS@
+pam_smack_la_SOURCES = pam_smack.c

diff --git a/modules/pam_smack/pam_smack.c b/modules/pam_smack/pam_smack.c
new file mode 100644 (file)
index 0000000..4fde36e
--- /dev/null
+++ b/modules/pam_smack/pam_smack.c
@@ -0,0 +1,31 @@
+#define _GNU_SOURCE
+#include <syslog.h>
+#include <sys/smack.h>
+
+#define PAM_SM_SESSION
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+
+
+PAM_EXTERN int 
+pam_sm_open_session (pam_handle_t *pamh,
+                    int flags,
+                    int argc,
+                    const char **argv)
+{
+  if (smack_smackfs_path ()) {
+    int rc = smack_set_label_for_self ("User");
+    if (rc) {
+      pam_syslog (pamh, LOG_WARNING, "couldn't set label");
+    }
+  }
+
+  return PAM_SUCCESS;
+}
+
+PAM_EXTERN int
+pam_sm_close_session (pam_handle_t *pamh, int flags,
+                      int argc, const char **argv)
+{
+  return PAM_IGNORE;
+}

diff --git a/packaging/pam.spec b/packaging/pam.spec
index b4048dc..210b3d7 100644 (file)
--- a/packaging/pam.spec
+++ b/packaging/pam.spec
@@ -29,6 +29,7 @@ BuildRequires:  libtool
 BuildRequires:  net-tools
 BuildRequires:  zlib-devel
 BuildRequires:  gettext-tools
+BuildRequires:  smack-devel
 BuildRequires:  pkgconfig
 Requires(post): /sbin/ldconfig
 Requires(post): /usr/bin/install
@@ -194,6 +195,7 @@ fi
 %{_moduledir}/pam_unix_passwd.so
 %{_moduledir}/pam_unix_session.so
 %{_moduledir}/pam_warn.so
+%{_moduledir}/pam_smack.so
 
 %files devel
 %manifest %{name}.manifest