pam_handle_t *handle = NULL;
sigset_t ss, old_ss;
int pam_code = PAM_SUCCESS;
+ int err;
char **e = NULL;
bool close_session = false;
pid_t pam_pid = 0, parent_pid;
return 0;
fail:
+ if (pam_code != PAM_SUCCESS)
+ err = -EPERM; /* PAM errors do not map to errno */
+ else
+ err = -errno;
+
if (handle) {
if (close_session)
pam_code = pam_close_session(handle, PAM_DATA_SILENT);
kill(pam_pid, SIGCONT);
}
- return EXIT_PAM;
+ return err;
}
#endif
}
}
- for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
+ for (i = 0; i <= cap_last_cap(); i++)
if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
if (prctl(PR_CAPBSET_DROP, i) < 0) {
- if (errno == EINVAL)
- break;
-
r = -errno;
goto finish;
}
/* Close sockets very early to make sure we don't
* block init reexecution because it cannot bind its
* sockets */
+ log_forget_fds();
if (close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
socket_fd >= 0 ? 1 : n_fds) < 0) {
r = EXIT_FDS;
}
if (context->utmp_id)
- utmp_put_init_process(0, context->utmp_id, getpid(), getsid(0), context->tty_path);
+ utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
if (context->user) {
username = context->user;
unsigned long l;
fprintf(f, "%sCapabilityBoundingSet:", prefix);
- for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
+ for (l = 0; l <= cap_last_cap(); l++)
if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
char *t;