File pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch of Package slurm.13564
From d630acbf5709dcf03f9e8cd1739a77cfe6c1e4b8 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 15:08:53 +0100
Subject: [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is
logging on
In some systems there can be multiple user accounts for uid 0, therefore
the check for literal user name "root" might be insufficient.
Signed-off-by: Christian Goll <cgoll@suse.de>
---
contribs/pam_slurm_adopt/pam_slurm_adopt.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/contribs/pam_slurm_adopt/pam_slurm_adopt.c b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
index dccad90185..f1d062885e 100644
--- a/contribs/pam_slurm_adopt/pam_slurm_adopt.c
+++ b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
@@ -708,17 +708,6 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
opts.ignore_root = 1;
}
- /* Ignoring root is probably best but the admin can allow it */
- if (!strcmp(user_name, "root")) {
- if (opts.ignore_root) {
- info("Ignoring root user");
- return PAM_IGNORE;
- } else {
- /* This administrator is crazy */
- info("Danger!!! This is a connection attempt by root and ignore_root=0 is set! Hope for the best!");
- }
- }
-
/* Calculate buffer size for getpwnam_r */
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1)
@@ -740,6 +729,16 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
if (_load_cgroup_config() != SLURM_SUCCESS)
return rc;
+ /* Ignoring root is probably best but the admin can allow it */
+ if (pwd.pw_uid == 0) {
+ if (opts.ignore_root) {
+ info("Ignoring root user");
+ return PAM_IGNORE;
+ } else {
+ /* This administrator is crazy */
+ info("Danger!!! This is a connection attempt by root (user id 0) and ignore_root=0 is set! Hope for the best!");
+ }
+ }
/*
* Check if there are any steps on the node from any user. A failure here
--
2.16.4