From 483a708fafaf49ba41eb0214eed2b79fe7e1f8c3 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Thu, 12 Jul 2007 19:37:48 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------

2007-07-12  Thorsten Kukuk  <kukuk@thkukuk.de>

        * libpam/pam_audit.c (_pam_audit_writelog): Don't return
        error if application runs as normal user. Fixes regression
        introduced with last change.
---
 libpam/pam_audit.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'libpam')

diff --git a/libpam/pam_audit.c b/libpam/pam_audit.c
index 18a98f1f..3233fc44 100644
--- a/libpam/pam_audit.c
+++ b/libpam/pam_audit.c
@@ -35,14 +35,24 @@ _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type,
        (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?",
 	-1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS );
 
-  if (rc == -1 && errno != old_errno)
+  /* libaudit sets errno to his own negative error code. This can be
+     an official errno number, but must not. It can also be a audit
+     internal error code. Which makes errno useless :-((. Try the
+     best to fix it. */
+  errno = -rc;
+
+  if (rc < 0 && errno != old_errno)
     {
       old_errno = errno;
       pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m");
     }
 
   pamh->audit_state |= PAMAUDIT_LOGGED;
-  return rc;
+
+  if (rc == -EPERM && getuid () != 0)
+    return 0;
+  else
+    return rc;
 }
 
 int
-- 
cgit v1.2.3