aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Bal-Petre <olivier.bal-petre@ssi.gouv.fr>2025-02-24 10:09:21 +0100
committerOlivier Bal-Petre <olivier.bal-petre@ssi.gouv.fr>2025-02-24 14:52:48 +0100
commitdc6242a1bf47aadd1cb3ab8572167969f48621c0 (patch)
tree0612fded8debcaf2cf0c169c04b8ee615a6b848e
parent69cb916eca4968fb7c2aa4e328022f308dd2386c (diff)
downloadpam-dc6242a1bf47aadd1cb3ab8572167969f48621c0.tar.gz
pam-dc6242a1bf47aadd1cb3ab8572167969f48621c0.tar.bz2
pam-dc6242a1bf47aadd1cb3ab8572167969f48621c0.zip
pam_namespace: fix logic in return value handling
The case in which protect_dir() returns an error and the flag POLYDIR_CREATE (flag "create" in namespace.conf) is not set was not handled. Therefore, the program continued without a polydir and returned later on failed mount(2) or stat(2) calls. Signed-off-by: Olivier Bal-Petre <olivier.bal-petre@ssi.gouv.fr>
-rw-r--r--modules/pam_namespace/pam_namespace.c16
1 files changed, 7 insertions, 9 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index ba7910f6..4b62700d 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1654,16 +1654,14 @@ static int ns_setup(struct polydir_s *polyptr,
retval = protect_dir(polyptr->dir, 0, 0, idata);
- if (retval < 0 && errno != ENOENT) {
- pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m",
- polyptr->dir);
- return PAM_SESSION_ERR;
- }
-
if (retval < 0) {
- if ((polyptr->flags & POLYDIR_CREATE) &&
- create_polydir(polyptr, idata) != PAM_SUCCESS)
- return PAM_SESSION_ERR;
+ if (errno != ENOENT || !(polyptr->flags & POLYDIR_CREATE)) {
+ pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m",
+ polyptr->dir);
+ return PAM_SESSION_ERR;
+ }
+ if (create_polydir(polyptr, idata) != PAM_SUCCESS)
+ return PAM_SESSION_ERR;
} else {
close(retval);
}