29
29
Signed-off-by: Steve Langasek <vorlon@debian.org>
30
30
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
32
Index: pam.deb/modules/pam_loginuid/pam_loginuid.c
32
Index: ubuntu/modules/pam_loginuid/pam_loginuid.c
33
33
===================================================================
34
--- pam.deb.orig/modules/pam_loginuid/pam_loginuid.c
35
+++ pam.deb/modules/pam_loginuid/pam_loginuid.c
34
--- ubuntu.orig/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:07:08.665185675 +0000
35
+++ ubuntu/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:05:05.000000000 +0000
39
39
* This function writes the loginuid to the /proc system. It returns
50
50
+ char loginuid[24], buf[24];
51
51
+ static const char host_uid_map[] = " 0 0 4294967295\n";
52
52
+ char uid_map[sizeof(host_uid_map)];
54
+ /* loginuid in user namespaces currently isn't writable and in some
55
+ case, not even readable, so consider any failure as ignorable (but try
56
+ anyway, in case we hit a kernel which supports it). */
57
+ fd = open("/proc/self/uid_map", O_RDONLY);
59
+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
60
+ if (strncmp(uid_map, host_uid_map, count) != 0)
54
count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
65
- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
55
66
- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC);
56
67
+ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR);
58
69
- if (errno != ENOENT) {
71
- pam_syslog(pamh, LOG_ERR,
72
- "Cannot open /proc/self/loginuid: %m");
60
73
+ if (errno == ENOENT) {
62
+ } else if (errno == EACCES) {
63
+ fd = open("/proc/self/uid_map", O_RDONLY);
65
+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
66
+ if (strncmp(uid_map, host_uid_map, count) != 0)
70
+ if (rc != PAM_IGNORE)
73
76
+ if (rc != PAM_IGNORE) {
74
pam_syslog(pamh, LOG_ERR,
75
"Cannot open /proc/self/loginuid: %m");
77
+ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m",
78
+ "/proc/self/loginuid");
79
82
- if (pam_modutil_write(fd, loginuid, count) != count)
85
+ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid);
82
86
+ if (pam_modutil_read(fd, buf, sizeof(buf)) == count &&
83
87
+ memcmp(buf, loginuid, count) == 0) {
84
88
+ rc = PAM_SUCCESS;
85
89
+ goto done; /* already correct */
87
91
+ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 &&
88
+ pam_modutil_write(fd, loginuid, count) == count)
92
+ pam_modutil_write(fd, loginuid, count) == count) {
89
93
+ rc = PAM_SUCCESS;
95
+ if (rc != PAM_IGNORE) {
96
+ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m",
97
+ "/proc/self/loginuid");
96
106
const char *user = NULL;
97
107
struct passwd *pwd;