diff options
| author | Tomas Mraz <tm@t8m.info> | 2006-08-03 12:51:30 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2006-08-03 12:51:30 +0000 |
| commit | 455fa431f054f3ef537335bb43a0f88f717e912d (patch) | |
| tree | 35ed51969e8c3ecce3db924c383cf832b9828ae3 | |
| parent | 7d62660a513243560c73311bc0514b0dd5f46434 (diff) | |
Relevant BUGIDs: rh bugzilla 201048
Purpose of commit: bugfix
Commit summary:
---------------
* modules/pam_keyinit/pam_keyinit.c: Debug should be off by default.
(init_keyrings): Properly handle multiple invocations of the module.
(kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | modules/pam_keyinit/pam_keyinit.c | 26 |
2 files changed, 27 insertions, 5 deletions
@@ -1,3 +1,9 @@ +2006-08-03 David Howells <dhowells@redhat.com> + + * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default. + (init_keyrings): Properly handle multiple invocations of the module. + (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise. + 2006-08-03 Tomas Mraz <t8m@centrum.cz> * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index 47b2c0f5..5a43c12a 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -31,8 +31,9 @@ #define KEYCTL_LINK 8 /* link a key into a keyring */ static int my_session_keyring; +static int session_counter; static int do_revoke; -static int xdebug = 1; +static int xdebug = 0; static void debug(pam_handle_t *pamh, const char *fmt, ...) __attribute__((format(printf, 2, 3))); @@ -95,10 +96,8 @@ static int init_keyrings(pam_handle_t *pamh, int force) /* if the user session keyring is our keyring, then we don't * need to do anything if we're not forcing */ - if (session != usession) { - do_revoke = 0; + if (session != usession) return PAM_SUCCESS; - } } /* create a session keyring, discarding the old one */ @@ -132,6 +131,8 @@ static void kill_keyrings(pam_handle_t *pamh) syscall(__NR_keyctl, KEYCTL_REVOKE, my_session_keyring); + + my_session_keyring = 0; } } @@ -155,6 +156,16 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, do_revoke = 1; } + /* don't do anything if already created a keyring (will be called + * multiple times if mentioned more than once in a pam script) + */ + session_counter++; + + debug(pamh, "OPEN %d", session_counter); + + if (my_session_keyring > 0) + return PAM_SUCCESS; + /* look up the target UID */ ret = pam_get_user(pamh, &username, "key user"); if (ret != PAM_SUCCESS) @@ -202,7 +213,12 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { - if (do_revoke) + debug(pamh, "CLOSE %d,%d,%d", + session_counter, my_session_keyring, do_revoke); + + session_counter--; + + if (session_counter == 0 && my_session_keyring > 0 && do_revoke) kill_keyrings(pamh); return PAM_SUCCESS; |