modules/pam_unix: fix gcc compilation warnings

When setreuid() fails, there is no way to proceed any further: either the process credentials are unchanged but inappropriate, or they are in an inconsistent state and nothing good could be made out of it. This fixes the following compilation warnings: modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] * modules/pam_unix/passverify.c (get_account_info) [HELPER_COMPILE]: Always check setreuid return code and return PAM_CRED_INSUFFICIENT if setreuid failed.
author: Dmitry V. Levin <ldv@altlinux.org> 2020-03-19 18:40:16 +0000
committer: Dmitry V. Levin <ldv@altlinux.org> 2020-03-19 18:40:16 +0000
commit: e08bc8895045babcf4c41ed3147f44c1dcd77af0 (patch)
tree: a10c6a9a14ab0487a3b5c16ec5f05a6c331e1b26 /modules/pam_unix/passverify.c
parent: 15afe62e9b6eec7913ae7ac67c888084fb8c6fe0 (diff)
1 files changed, 19 insertions, 14 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 65307e11..234db341 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -205,25 +205,30 @@ PAMH_ARG_DECL(int get_account_info,
 
 			save_euid = geteuid();
 			save_uid = getuid();
-			if (save_uid == (*pwd)->pw_uid)
-				setreuid(save_euid, save_uid);
-			else  {
-				setreuid(0, -1);
-				if (setreuid(-1, (*pwd)->pw_uid) == -1) {
-					setreuid(-1, 0);
-					setreuid(0, -1);
-					if(setreuid(-1, (*pwd)->pw_uid) == -1)
+			if (save_uid == (*pwd)->pw_uid) {
+				if (setreuid(save_euid, save_uid))
+					return PAM_CRED_INSUFFICIENT;
+			} else  {
+				if (setreuid(0, -1))
+					return PAM_CRED_INSUFFICIENT;
+				if (setreuid(-1, (*pwd)->pw_uid)) {
+					if (setreuid(-1, 0)
+					    || setreuid(0, -1)
+					    || setreuid(-1, (*pwd)->pw_uid)) {
 						return PAM_CRED_INSUFFICIENT;
+					}
 				}
 			}
 
 			*spwdent = pam_modutil_getspnam(pamh, name);
-			if (save_uid == (*pwd)->pw_uid)
-				setreuid(save_uid, save_euid);
-			else {
-				setreuid(-1, 0);
-				setreuid(save_uid, -1);
-				setreuid(-1, save_euid);
+			if (save_uid == (*pwd)->pw_uid) {
+				if (setreuid(save_uid, save_euid))
+					return PAM_CRED_INSUFFICIENT;
+			} else {
+				if (setreuid(-1, 0)
+				    || setreuid(save_uid, -1)
+				    || setreuid(-1, save_euid))
+					return PAM_CRED_INSUFFICIENT;
 			}
 
 			if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
author	Dmitry V. Levin <ldv@altlinux.org>	2020-03-19 18:40:16 +0000
committer	Dmitry V. Levin <ldv@altlinux.org>	2020-03-19 18:40:16 +0000
commit	e08bc8895045babcf4c41ed3147f44c1dcd77af0 (patch)
tree	a10c6a9a14ab0487a3b5c16ec5f05a6c331e1b26 /modules/pam_unix/passverify.c
parent	15afe62e9b6eec7913ae7ac67c888084fb8c6fe0 (diff)