Check if the SELinux login directory exists

https://fedorahosted.org/sssd/ticket/1492

3 files changed, 13 insertions, 3 deletions

diff --git a/configure.ac b/configure.ac
index 5cd8c723f..aabf375ce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -214,6 +214,7 @@ fi
 
 if test x$HAVE_SELINUX != x; then
     AM_CHECK_SELINUX
+    AM_CHECK_SELINUX_LOGIN_DIR
 fi
 
 if test x$HAVE_SEMANAGE != x -a x$HAVE_SELINUX != x; then
diff --git a/src/external/selinux.m4 b/src/external/selinux.m4
index d1b961a49..1f41b3128 100644
--- a/src/external/selinux.m4
+++ b/src/external/selinux.m4
@@ -23,3 +23,12 @@ AC_DEFUN([AM_CHECK_SEMANAGE],
                      [AC_MSG_ERROR([libsemanage is missing])])
     AC_SUBST(SEMANAGE_LIBS)
 ])
+
+dnl Check if the SELinux login directory exists
+AC_DEFUN([AM_CHECK_SELINUX_LOGIN_DIR],
+[
+  AC_CHECK_FILE(/etc/selinux/targeted/logins/,
+                [AC_DEFINE([HAVE_SELINUX_LOGIN_DIR], [1],
+                           [The directory to store SELinux user login is available])],
+                [AC_MSG_WARN([SELinux login directory is not available])])
+])
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 238b4fa7f..4c0356832 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -33,7 +33,7 @@
 #include "responder/pam/pam_helpers.h"
 #include "db/sysdb.h"
 #include "db/sysdb_selinux.h"
-#ifdef HAVE_SELINUX
+#ifdef HAVE_SELINUX_LOGIN_DIR
 #include <selinux/selinux.h>
 #endif
 
@@ -356,7 +356,7 @@ fail:
     return ret;
 }
 
-#ifdef HAVE_SELINUX
+#ifdef HAVE_SELINUX_LOGIN_DIR
 
 #define ALL_SERVICES "*"
 #define selogin_path(mem_ctx, username) \
@@ -829,7 +829,7 @@ static void pam_reply(struct pam_auth_req *preq)
         return;
     }
 
-#ifdef HAVE_SELINUX
+#ifdef HAVE_SELINUX_LOGIN_DIR
     if (pd->cmd == SSS_PAM_ACCT_MGMT &&
         pd->pam_status == PAM_SUCCESS) {
         /* Try to fetch data from sysdb