diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-12-31 00:59:37 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-12-31 00:59:37 +0100 |
| commit | dc1ecd78e9f046880d10ddb45cf9b06df1084b10 (patch) | |
| tree | 696491346a7fa69f8620a99cb7c0d2d87f2da7cf /src/pam-module.c | |
| parent | 69b1c67463de64fb32ba75f586f0c9d2716f3e02 (diff) | |
| parent | 74ef2d16ada74db3059d825ce8d24ea74946bf8f (diff) | |
Merge branch 'journal'
Diffstat (limited to 'src/pam-module.c')
| -rw-r--r-- | src/pam-module.c | 34 |
1 files changed, 8 insertions, 26 deletions
diff --git a/src/pam-module.c b/src/pam-module.c index 9002f4e06d..14e706b374 100644 --- a/src/pam-module.c +++ b/src/pam-module.c @@ -163,42 +163,24 @@ static int get_user_data( const char *username = NULL; struct passwd *pw = NULL; + uid_t uid; int r; - bool have_loginuid = false; - char *s; assert(handle); assert(ret_username); assert(ret_pw); - if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) { - /* Only use audit login uid if we are executed with - * sufficient capabilities so that pam_loginuid could - * do its job. If we are lacking the CAP_AUDIT_CONTROL - * capabality we most likely are being run in a - * container and /proc/self/loginuid is useless since - * it probably contains a uid of the host system. */ - - if (read_one_line_file("/proc/self/loginuid", &s) >= 0) { - uid_t uid; - - r = parse_uid(s, &uid); - free(s); - - if (r >= 0 && uid != (uint32_t) -1) { - have_loginuid = true; - pw = pam_modutil_getpwuid(handle, uid); - } - } - } - - if (!have_loginuid) { - if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) { + r = audit_loginuid_from_pid(0, &uid); + if (r >= 0) + pw = pam_modutil_getpwuid(handle, uid); + else { + r = pam_get_user(handle, &username, NULL); + if (r != PAM_SUCCESS) { pam_syslog(handle, LOG_ERR, "Failed to get user name."); return r; } - if (!username || !*username) { + if (isempty(username)) { pam_syslog(handle, LOG_ERR, "User name not valid."); return PAM_AUTH_ERR; } |