diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2010-09-20 20:16:30 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2010-09-20 20:16:30 +0000 |
| commit | e2f2489b397720eaf176aaa16c7188ee92050dd8 (patch) | |
| tree | 9a2653355b4bde6676cf60a28c7fdc010d9ef25c /modules/pam_xauth/pam_xauth.c | |
| parent | 08e55be772e8dabf62dc21010751a80ed905f750 (diff) | |
| download | pam-e2f2489b397720eaf176aaa16c7188ee92050dd8.tar.gz pam-e2f2489b397720eaf176aaa16c7188ee92050dd8.tar.bz2 pam-e2f2489b397720eaf176aaa16c7188ee92050dd8.zip | |
Relevant BUGIDs:
Purpose of commit: cleanup
Commit summary:
---------------
2010-09-16 Dmitry V. Levin <ldv@altlinux.org>
* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
pam_sm_close_session): Likewise.
Diffstat (limited to 'modules/pam_xauth/pam_xauth.c')
| -rw-r--r-- | modules/pam_xauth/pam_xauth.c | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 07ece647..05ed6ee9 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -234,7 +234,7 @@ check_acl(pam_handle_t *pamh, struct passwd *pwd; FILE *fp; int i, save_errno; - uid_t euid; + uid_t fsuid; /* Check this user's <sense> file. */ pwd = pam_modutil_getpwnam(pamh, this_user); if (pwd == NULL) { @@ -250,11 +250,10 @@ check_acl(pam_handle_t *pamh, "name of user's home directory is too long"); return PAM_SESSION_ERR; } - euid = geteuid(); - setfsuid(pwd->pw_uid); + fsuid = setfsuid(pwd->pw_uid); fp = fopen(path, "r"); save_errno = errno; - setfsuid(euid); + setfsuid(fsuid); if (fp != NULL) { char buf[LINE_MAX], *tmp; /* Scan the file for a list of specs of users to "trust". */ @@ -324,7 +323,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, struct passwd *tpwd, *rpwd; int fd, i, debug = 0; int retval = PAM_SUCCESS; - uid_t systemuser = 499, targetuser = 0, euid; + uid_t systemuser = 499, targetuser = 0, fsuid; /* Parse arguments. We don't understand many, so no sense in breaking * this into a separate function. */ @@ -572,8 +571,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, } /* Generate a new file to hold the data. */ - euid = geteuid(); - setfsuid(tpwd->pw_uid); + fsuid = setfsuid(tpwd->pw_uid); #ifdef WITH_SELINUX if (is_selinux_enabled() > 0) { @@ -603,7 +601,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, save_errno = errno; #endif - setfsuid(euid); + setfsuid(fsuid); if (fd == -1) { errno = save_errno; pam_syslog(pamh, LOG_ERR, @@ -617,7 +615,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, setfsuid(tpwd->pw_uid); if (fchown(fd, tpwd->pw_uid, tpwd->pw_gid) < 0) pam_syslog (pamh, LOG_ERR, "fchown: %m"); - setfsuid(euid); + setfsuid(fsuid); close(fd); /* Get a copy of the filename to save as a data item for @@ -715,9 +713,8 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, void *cookiefile; int i, debug = 0; const char* user; - struct passwd *tpwd; - uid_t unlinkuid, euid; - unlinkuid = euid = geteuid (); + struct passwd *tpwd = NULL; + uid_t unlinkuid, fsuid; if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) pam_syslog(pamh, LOG_ERR, "error determining target user's name"); @@ -759,9 +756,11 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, (char*)cookiefile); } /* NFS with root_squash requires non-root user */ - setfsuid (unlinkuid); + if (tpwd) + fsuid = setfsuid(unlinkuid); unlink((char*)cookiefile); - setfsuid (euid); + if (tpwd) + setfsuid(fsuid); *((char*)cookiefile) = '\0'; } } |