execute: make setup_pam() return -errno when possible

[elogind.git] / src / execute.c

diff --git a/src/execute.c b/src/execute.c
index 53e7e77fdec0536bee1188940f88f322f9f22237..2039861782f21c91ef95fc35800f9f58e2459395 100644 (file)
--- a/src/execute.c
+++ b/src/execute.c
@@ -716,6 +716,7 @@ static int setup_pam(
         pam_handle_t *handle = NULL;
         sigset_t ss, old_ss;
         int pam_code = PAM_SUCCESS;
+        int err;
         char **e = NULL;
         bool close_session = false;
         pid_t pam_pid = 0, parent_pid;
@@ -835,6 +836,11 @@ static int setup_pam(
         return 0;
 
 fail:
+        if (pam_code != PAM_SUCCESS)
+                err = -EPERM;  /* PAM errors do not map to errno */
+        else
+                err = -errno;
+
         if (handle) {
                 if (close_session)
                         pam_code = pam_close_session(handle, PAM_DATA_SILENT);
@@ -851,7 +857,7 @@ fail:
                 kill(pam_pid, SIGCONT);
         }
 
-        return EXIT_PAM;
+        return err;
 }
 #endif
 
@@ -895,12 +901,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) {
                 }
         }
 
-        for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
+        for (i = 0; i <= cap_last_cap(); i++)
                 if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
                         if (prctl(PR_CAPBSET_DROP, i) < 0) {
-                                if (errno == EINVAL)
-                                        break;
-
                                 r = -errno;
                                 goto finish;
                         }
@@ -1019,6 +1022,7 @@ int exec_spawn(ExecCommand *command,
                 /* Close sockets very early to make sure we don't
                  * block init reexecution because it cannot bind its
                  * sockets */
+                log_forget_fds();
                 if (close_all_fds(socket_fd >= 0 ? &socket_fd : fds,
                                   socket_fd >= 0 ? 1 : n_fds) < 0) {
                         r = EXIT_FDS;
@@ -1173,7 +1177,7 @@ int exec_spawn(ExecCommand *command,
                         }
 
                 if (context->utmp_id)
-                        utmp_put_init_process(0, context->utmp_id, getpid(), getsid(0), context->tty_path);
+                        utmp_put_init_process(context->utmp_id, getpid(), getsid(0), context->tty_path);
 
                 if (context->user) {
                         username = context->user;
@@ -1720,7 +1724,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
                 unsigned long l;
                 fprintf(f, "%sCapabilityBoundingSet:", prefix);
 
-                for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
+                for (l = 0; l <= cap_last_cap(); l++)
                         if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
                                 char *t;