pam_nologin: explicitly fail when nologin path is a directory

On some systems (e.g. GNU/Hurd), read() succeeds on the fd of a directory; since the module assumes that read() fails (and thus pam_modutil_read() as well), manually fail in case the open fd refers to a directory.
author: Pino Toscano <toscano.pino@tiscali.it> 2023-05-08 09:02:43 +0200
committer: Dmitry V. Levin <ldv@strace.io> 2023-05-11 05:16:06 +0000
commit: b030a05e149c9c1a0855475ff690d849f720637f (patch)
tree: 9daa0d5f4b0feac313978b189aa2cb7d3928c699
parent: cbe0839c89116e9c33f35b3fe185c63493ec34b2 (diff)
download: linux-pam-git-b030a05e149c9c1a0855475ff690d849f720637f.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index d7f83e0c..90ae6d04 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -98,6 +98,16 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
 	    goto clean_up_fd;
 	}
 
+	/*
+	 * on some OSes (e.g. Hurd) reading a directory succeeds,
+	 * instead of failing with EISDIR; hence, work as if
+	 * pam_modutil_read later on would fail
+	 */
+	if (S_ISDIR(st.st_mode)) {
+	    retval = PAM_SYSTEM_ERR;
+	    goto clean_up_fd;
+	}
+
 	/* Don't print anything if the message is empty, will only
 	   disturb the output with empty lines */
 	if (st.st_size > 0) {
author	Pino Toscano <toscano.pino@tiscali.it>	2023-05-08 09:02:43 +0200
committer	Dmitry V. Levin <ldv@strace.io>	2023-05-11 05:16:06 +0000
commit	b030a05e149c9c1a0855475ff690d849f720637f (patch)
tree	9daa0d5f4b0feac313978b189aa2cb7d3928c699
parent	cbe0839c89116e9c33f35b3fe185c63493ec34b2 (diff)
download	linux-pam-git-b030a05e149c9c1a0855475ff690d849f720637f.tar.gz