~ubuntu-branches/ubuntu/trusty/pam/trusty-proposed

« back to all changes in this revision

Viewing changes to debian/patches-applied/pam-loginuid-in-containers

  • Committer: Package Import Robot
  • Author(s): Stéphane Graber
  • Date: 2014-01-31 22:11:02 UTC
  • Revision ID: package-import@ubuntu.com-20140131221102-e9z6qb9n7awid7e3
Tags: 1.1.8-1ubuntu2
debian/patches-applied/pam-loginuid-in-containers: pam_loginuid:
Update patch with follow-up changes to loginuid.c

Show diffs side-by-side

added added

removed removed

Lines of Context:
29
29
    Signed-off-by: Steve Langasek <vorlon@debian.org>
30
30
    Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
31
31
 
32
 
Index: pam.deb/modules/pam_loginuid/pam_loginuid.c
 
32
Index: ubuntu/modules/pam_loginuid/pam_loginuid.c
33
33
===================================================================
34
 
--- pam.deb.orig/modules/pam_loginuid/pam_loginuid.c
35
 
+++ pam.deb/modules/pam_loginuid/pam_loginuid.c
36
 
@@ -46,25 +46,49 @@
 
34
--- ubuntu.orig/modules/pam_loginuid/pam_loginuid.c     2014-01-31 21:07:08.665185675 +0000
 
35
+++ ubuntu/modules/pam_loginuid/pam_loginuid.c  2014-01-31 21:05:05.000000000 +0000
 
36
@@ -47,25 +47,56 @@
37
37
 
38
38
 /*
39
39
  * This function writes the loginuid to the /proc system. It returns
50
50
+       char loginuid[24], buf[24];
51
51
+       static const char host_uid_map[] = "         0          0 4294967295\n";
52
52
+       char uid_map[sizeof(host_uid_map)];
 
53
+
 
54
+       /* loginuid in user namespaces currently isn't writable and in some
 
55
+          case, not even readable, so consider any failure as ignorable (but try
 
56
+          anyway, in case we hit a kernel which supports it). */
 
57
+       fd = open("/proc/self/uid_map", O_RDONLY);
 
58
+       if (fd >= 0) {
 
59
+               count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
 
60
+               if (strncmp(uid_map, host_uid_map, count) != 0)
 
61
+                       rc = PAM_IGNORE;
 
62
+               close(fd);
 
63
+       }
53
64
 
54
 
        count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
 
65
-       count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
55
66
-       fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
56
67
+       fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR);
57
68
        if (fd < 0) {
58
69
-               if (errno != ENOENT) {
59
70
-                       rc = 1;
 
71
-                       pam_syslog(pamh, LOG_ERR,
 
72
-                                  "Cannot open /proc/self/loginuid: %m");
60
73
+               if (errno == ENOENT) {
61
74
+                       rc = PAM_IGNORE;
62
 
+               } else if (errno == EACCES) {
63
 
+                       fd = open("/proc/self/uid_map", O_RDONLY);
64
 
+                       if (fd >= 0) {
65
 
+                               count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
66
 
+                               if (strncmp(uid_map, host_uid_map, count) != 0)
67
 
+                                       rc = PAM_IGNORE;
68
 
+                               close(fd);
69
 
+                       }
70
 
+                       if (rc != PAM_IGNORE)
71
 
+                               errno = EACCES;
72
75
+               }
73
76
+               if (rc != PAM_IGNORE) {
74
 
                        pam_syslog(pamh, LOG_ERR,
75
 
                                   "Cannot open /proc/self/loginuid: %m");
 
77
+                       pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m",
 
78
+                                  "/proc/self/loginuid");
76
79
                }
77
80
                return rc;
78
81
        }
79
82
-       if (pam_modutil_write(fd, loginuid, count) != count)
80
83
-               rc = 1;
81
84
+
 
85
+       count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
82
86
+       if (pam_modutil_read(fd, buf, sizeof(buf)) == count &&
83
87
+           memcmp(buf, loginuid, count) == 0) {
84
88
+               rc = PAM_SUCCESS;
85
89
+               goto done;      /* already correct */
86
90
+       }
87
91
+       if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 &&
88
 
+           pam_modutil_write(fd, loginuid, count) == count)
 
92
+           pam_modutil_write(fd, loginuid, count) == count) {
89
93
+               rc = PAM_SUCCESS;
 
94
+       } else {
 
95
+               if (rc != PAM_IGNORE) {
 
96
+                       pam_syslog(pamh, LOG_ERR, "Error writing %s: %m",
 
97
+                                  "/proc/self/loginuid");
 
98
+               }
 
99
+       }
90
100
+ done:
91
101
        close(fd);
92
102
        return rc;
93
103
 }
94
 
@@ -164,6 +188,7 @@
 
104
@@ -165,6 +196,7 @@
95
105
 {
96
106
         const char *user = NULL;
97
107
        struct passwd *pwd;
99
109
 #ifdef HAVE_LIBAUDIT
100
110
        int require_auditd = 0;
101
111
 #endif
102
 
@@ -182,9 +207,14 @@
 
112
@@ -183,9 +215,14 @@
103
113
                return PAM_SESSION_ERR;
104
114
        }
105
115
 
117
127
        }
118
128
 
119
129
 #ifdef HAVE_LIBAUDIT
120
 
@@ -194,11 +224,12 @@
 
130
@@ -195,11 +232,12 @@
121
131
                argv++;
122
132
        }
123
133