summaryrefslogtreecommitdiff
path: root/modules/pam_unix
diff options
context:
space:
mode:
authorDmitry V. Levin <ldv@altlinux.org>2020-03-19 18:40:16 +0000
committerDmitry V. Levin <ldv@altlinux.org>2020-03-19 18:40:16 +0000
commite08bc8895045babcf4c41ed3147f44c1dcd77af0 (patch)
treea10c6a9a14ab0487a3b5c16ec5f05a6c331e1b26 /modules/pam_unix
parent15afe62e9b6eec7913ae7ac67c888084fb8c6fe0 (diff)
modules/pam_unix: fix gcc compilation warnings
When setreuid() fails, there is no way to proceed any further: either the process credentials are unchanged but inappropriate, or they are in an inconsistent state and nothing good could be made out of it. This fixes the following compilation warnings: modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:209:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:211:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:213:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:214:6: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:222:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:224:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:225:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] modules/pam_unix/passverify.c:226:5: warning: ignoring return value of 'setreuid', declared with attribute warn_unused_result [-Wunused-result] * modules/pam_unix/passverify.c (get_account_info) [HELPER_COMPILE]: Always check setreuid return code and return PAM_CRED_INSUFFICIENT if setreuid failed.
Diffstat (limited to 'modules/pam_unix')
-rw-r--r--modules/pam_unix/passverify.c33
1 files changed, 19 insertions, 14 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 65307e11..234db341 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -205,25 +205,30 @@ PAMH_ARG_DECL(int get_account_info,
save_euid = geteuid();
save_uid = getuid();
- if (save_uid == (*pwd)->pw_uid)
- setreuid(save_euid, save_uid);
- else {
- setreuid(0, -1);
- if (setreuid(-1, (*pwd)->pw_uid) == -1) {
- setreuid(-1, 0);
- setreuid(0, -1);
- if(setreuid(-1, (*pwd)->pw_uid) == -1)
+ if (save_uid == (*pwd)->pw_uid) {
+ if (setreuid(save_euid, save_uid))
+ return PAM_CRED_INSUFFICIENT;
+ } else {
+ if (setreuid(0, -1))
+ return PAM_CRED_INSUFFICIENT;
+ if (setreuid(-1, (*pwd)->pw_uid)) {
+ if (setreuid(-1, 0)
+ || setreuid(0, -1)
+ || setreuid(-1, (*pwd)->pw_uid)) {
return PAM_CRED_INSUFFICIENT;
+ }
}
}
*spwdent = pam_modutil_getspnam(pamh, name);
- if (save_uid == (*pwd)->pw_uid)
- setreuid(save_uid, save_euid);
- else {
- setreuid(-1, 0);
- setreuid(save_uid, -1);
- setreuid(-1, save_euid);
+ if (save_uid == (*pwd)->pw_uid) {
+ if (setreuid(save_uid, save_euid))
+ return PAM_CRED_INSUFFICIENT;
+ } else {
+ if (setreuid(-1, 0)
+ || setreuid(save_uid, -1)
+ || setreuid(-1, save_euid))
+ return PAM_CRED_INSUFFICIENT;
}
if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)