diff options
| -rw-r--r-- | modules/pam_loginuid/pam_loginuid.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c index 96f8ffa5..54ae6f07 100644 --- a/modules/pam_loginuid/pam_loginuid.c +++ b/modules/pam_loginuid/pam_loginuid.c @@ -55,13 +55,26 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) { int fd, count, rc = PAM_SESSION_ERR; char loginuid[24], buf[24]; + static const char host_uid_map[] = " 0 0 4294967295\n"; + char uid_map[sizeof(host_uid_map)]; count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); if (fd < 0) { if (errno == ENOENT) { rc = PAM_IGNORE; - } else { + } else if (errno == EACCES) { + fd = open("/proc/self/uid_map", O_RDONLY); + if (fd >= 0) { + count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); + if (strncmp(uid_map, host_uid_map, count) != 0) + rc = PAM_IGNORE; + close(fd); + } + if (rc != PAM_IGNORE) + errno = EACCES; + } + if (rc != PAM_IGNORE) { pam_syslog(pamh, LOG_ERR, "Cannot open /proc/self/loginuid: %m"); } |