Relevant BUGIDs:

Purpose of commit: cleanup Commit summary: --------------- 2010-09-16 Dmitry V. Levin <ldv@altlinux.org> * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise.
author: Dmitry V. Levin <ldv@altlinux.org> 2010-09-20 20:16:30 +0000
committer: Dmitry V. Levin <ldv@altlinux.org> 2010-09-20 20:16:30 +0000
commit: e2f2489b397720eaf176aaa16c7188ee92050dd8 (patch)
tree: 9a2653355b4bde6676cf60a28c7fdc010d9ef25c
parent: 08e55be772e8dabf62dc21010751a80ed905f750 (diff)
4 files changed, 24 insertions, 21 deletions
diff --git a/ChangeLog b/ChangeLog
index 0a130d97..dd749dec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-09-16  Dmitry V. Levin  <ldv@altlinux.org>
+
+	* modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code.
+	* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
+	* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
+	pam_sm_close_session): Likewise.
+
 2010-08-31  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* release version 1.1.2
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 4e5f6eb3..3a9eebea 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -791,10 +791,9 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv)
 	  return PAM_BUF_ERR;
 	}
       if (stat(envpath, &statbuf) == 0) {
-	uid_t euid = geteuid();
-        setfsuid (user_entry->pw_uid);
+	uid_t fsuid = setfsuid(user_entry->pw_uid);
         retval = _parse_config_file(pamh, envpath);
-	setfsuid (euid);
+	setfsuid(fsuid);
         if (retval == PAM_IGNORE)
           retval = PAM_SUCCESS;
       }
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index 089c398c..c19cbbe3 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -444,11 +444,9 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc,
 
     if ((est && !(ctrl & PAM_NO_LOGIN))
 	|| (!est && (ctrl & PAM_LOGOUT_TOO))) {
-        uid_t euid = geteuid();
-
-        setfsuid (pwd->pw_uid);
+	uid_t fsuid = setfsuid(pwd->pw_uid);
 	type = get_mail_status(pamh, ctrl, folder);
-	setfsuid (euid);
+	setfsuid(fsuid);
 
 	if (type != 0) {
 	    retval = report_mail(pamh, ctrl, type, folder);
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 07ece647..05ed6ee9 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -234,7 +234,7 @@ check_acl(pam_handle_t *pamh,
 	struct passwd *pwd;
 	FILE *fp;
 	int i, save_errno;
-	uid_t euid;
+	uid_t fsuid;
 	/* Check this user's <sense> file. */
 	pwd = pam_modutil_getpwnam(pamh, this_user);
 	if (pwd == NULL) {
@@ -250,11 +250,10 @@ check_acl(pam_handle_t *pamh,
 			   "name of user's home directory is too long");
 		return PAM_SESSION_ERR;
 	}
-	euid = geteuid();
-	setfsuid(pwd->pw_uid);
+	fsuid = setfsuid(pwd->pw_uid);
 	fp = fopen(path, "r");
 	save_errno = errno;
-	setfsuid(euid);
+	setfsuid(fsuid);
 	if (fp != NULL) {
 		char buf[LINE_MAX], *tmp;
 		/* Scan the file for a list of specs of users to "trust". */
@@ -324,7 +323,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 	struct passwd *tpwd, *rpwd;
 	int fd, i, debug = 0;
 	int retval = PAM_SUCCESS;
-	uid_t systemuser = 499, targetuser = 0, euid;
+	uid_t systemuser = 499, targetuser = 0, fsuid;
 
 	/* Parse arguments.  We don't understand many, so no sense in breaking
 	 * this into a separate function. */
@@ -572,8 +571,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		}
 
 		/* Generate a new file to hold the data. */
-		euid = geteuid();
-		setfsuid(tpwd->pw_uid);
+		fsuid = setfsuid(tpwd->pw_uid);
 
 #ifdef WITH_SELINUX
 		if (is_selinux_enabled() > 0) {
@@ -603,7 +601,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		save_errno = errno;
 #endif
 
-		setfsuid(euid);
+		setfsuid(fsuid);
 		if (fd == -1) {
 			errno = save_errno;
 			pam_syslog(pamh, LOG_ERR,
@@ -617,7 +615,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		setfsuid(tpwd->pw_uid);
 		if (fchown(fd, tpwd->pw_uid, tpwd->pw_gid) < 0)
 		  pam_syslog (pamh, LOG_ERR, "fchown: %m");
-		setfsuid(euid);
+		setfsuid(fsuid);
 		close(fd);
 
 		/* Get a copy of the filename to save as a data item for
@@ -715,9 +713,8 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
 	void *cookiefile;
 	int i, debug = 0;
 	const char* user;
-	struct passwd *tpwd;
-	uid_t unlinkuid, euid;
-	unlinkuid = euid = geteuid ();
+	struct passwd *tpwd = NULL;
+	uid_t unlinkuid, fsuid;
 
 	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS)
 		pam_syslog(pamh, LOG_ERR, "error determining target user's name");
@@ -759,9 +756,11 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
 				       (char*)cookiefile);
 			}
 			/* NFS with root_squash requires non-root user */
-			setfsuid (unlinkuid);
+			if (tpwd)
+				fsuid = setfsuid(unlinkuid);
 			unlink((char*)cookiefile);
-			setfsuid (euid);
+			if (tpwd)
+				setfsuid(fsuid);
 			*((char*)cookiefile) = '\0';
 		}
 	}
author	Dmitry V. Levin <ldv@altlinux.org>	2010-09-20 20:16:30 +0000
committer	Dmitry V. Levin <ldv@altlinux.org>	2010-09-20 20:16:30 +0000
commit	e2f2489b397720eaf176aaa16c7188ee92050dd8 (patch)
tree	9a2653355b4bde6676cf60a28c7fdc010d9ef25c
parent	08e55be772e8dabf62dc21010751a80ed905f750 (diff)