diff options
| author | William Hubbs <williamh@gentoo.org> | 2012-02-23 16:47:52 -0600 |
|---|---|---|
| committer | William Hubbs <williamh@gentoo.org> | 2012-02-24 09:06:51 -0600 |
| commit | f1a19aed78f716bd083c6c7401934cc4734c073b (patch) | |
| tree | 315c9de9c402adf053411ed2e9ef7f039dff6d2a | |
| parent | 3247184d860aea7ccc2c58d399f62c088978e973 (diff) | |
| download | openrc-f1a19aed78f716bd083c6c7401934cc4734c073b.tar.gz openrc-f1a19aed78f716bd083c6c7401934cc4734c073b.tar.bz2 openrc-f1a19aed78f716bd083c6c7401934cc4734c073b.tar.xz | |
Skip pam if running as root
Reported-by: Piotr Karbowski <piotr.karbowski@gmail.com>
X-Gentoo-Bug: 386623
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=386623
| -rw-r--r-- | src/rc/start-stop-daemon.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/src/rc/start-stop-daemon.c b/src/rc/start-stop-daemon.c index a8a7bd3..965b331 100644 --- a/src/rc/start-stop-daemon.c +++ b/src/rc/start-stop-daemon.c @@ -1178,20 +1178,18 @@ start_stop_daemon(int argc, char **argv) } #ifdef HAVE_PAM - if (changeuser != NULL) + if (changeuser != NULL) { pamr = pam_start("start-stop-daemon", changeuser, &conv, &pamh); - else - pamr = pam_start("start-stop-daemon", - "nobody", &conv, &pamh); - - if (pamr == PAM_SUCCESS) - pamr = pam_acct_mgmt(pamh, PAM_SILENT); - if (pamr == PAM_SUCCESS) - pamr = pam_open_session(pamh, PAM_SILENT); - if (pamr != PAM_SUCCESS) - eerrorx("%s: pam error: %s", - applet, pam_strerror(pamh, pamr)); + + if (pamr == PAM_SUCCESS) + pamr = pam_acct_mgmt(pamh, PAM_SILENT); + if (pamr == PAM_SUCCESS) + pamr = pam_open_session(pamh, PAM_SILENT); + if (pamr != PAM_SUCCESS) + eerrorx("%s: pam error: %s", + applet, pam_strerror(pamh, pamr)); + } #endif if (gid && setgid(gid)) @@ -1219,15 +1217,17 @@ start_stop_daemon(int argc, char **argv) rc_stringlist_add(env_list, environ[i++]); #ifdef HAVE_PAM - pamenv = (const char *const *)pam_getenvlist(pamh); - if (pamenv) { - while (*pamenv) { - /* Don't add strings unless they set a var */ - if (strchr(*pamenv, '=')) - putenv(xstrdup(*pamenv)); - else - unsetenv(*pamenv); - pamenv++; + if (changeuser != NULL) { + pamenv = (const char *const *)pam_getenvlist(pamh); + if (pamenv) { + while (*pamenv) { + /* Don't add strings unless they set a var */ + if (strchr(*pamenv, '=')) + putenv(xstrdup(*pamenv)); + else + unsetenv(*pamenv); + pamenv++; + } } } #endif @@ -1304,7 +1304,7 @@ start_stop_daemon(int argc, char **argv) setsid(); execvp(exec, argv); #ifdef HAVE_PAM - if (pamr == PAM_SUCCESS) + if (changeuser != NULL && pamr == PAM_SUCCESS) pam_close_session(pamh, PAM_SILENT); #endif eerrorx("%s: failed to exec `%s': %s", |