diff options
| author | Tomas Mraz <tm@t8m.info> | 2006-12-18 21:07:42 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2006-12-18 21:07:42 +0000 |
| commit | 5446d7c0392279696b941b65f21b383e7c01511c (patch) | |
| tree | fdedc60ea507ae76571f27f301676f42500fcb64 /modules/pam_keyinit | |
| parent | 40b7dda604037555600efb122ea4bc1117b6f7af (diff) | |
Relevant BUGIDs:
Purpose of commit: bugfix
Commit summary:
---------------
2006-12-18 Tomas Mraz <t8m@centrum.cz>
* modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new
egid first, euid next. Revert euid/egid to old euid/egid and not
ruid/rgid.
(pam_sm_open_session): Switch to new rgid first, ruid next.
Diffstat (limited to 'modules/pam_keyinit')
| -rw-r--r-- | modules/pam_keyinit/pam_keyinit.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c index 452b0005..378a7723 100644 --- a/modules/pam_keyinit/pam_keyinit.c +++ b/modules/pam_keyinit/pam_keyinit.c @@ -132,21 +132,21 @@ static void kill_keyrings(pam_handle_t *pamh) if (my_session_keyring > 0) { debug(pamh, "REVOKE %d", my_session_keyring); - old_uid = getuid(); - old_gid = getgid(); + old_uid = geteuid(); + old_gid = getegid(); debug(pamh, "UID:%d [%d] GID:%d [%d]", revoke_as_uid, old_uid, revoke_as_gid, old_gid); /* switch to the real UID and GID so that we have permission to * revoke the key */ - if (revoke_as_uid != old_uid && setreuid(-1, revoke_as_uid) < 0) - error(pamh, "Unable to change UID to %d temporarily\n", - revoke_as_uid); - if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0) error(pamh, "Unable to change GID to %d temporarily\n", revoke_as_gid); + if (revoke_as_uid != old_uid && setreuid(-1, revoke_as_uid) < 0) + error(pamh, "Unable to change UID to %d temporarily\n", + revoke_as_uid); + syscall(__NR_keyctl, KEYCTL_REVOKE, my_session_keyring); @@ -211,12 +211,14 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, /* switch to the real UID and GID so that the keyring ends up owned by * the right user */ - if (uid != old_uid && setreuid(uid, -1) < 0) - return error(pamh, "Unable to change UID to %d temporarily\n", uid); - if (gid != old_gid && setregid(gid, -1) < 0) { error(pamh, "Unable to change GID to %d temporarily\n", gid); - setreuid(old_uid, -1); + return PAM_SESSION_ERR; + } + + if (uid != old_uid && setreuid(uid, -1) < 0) { + error(pamh, "Unable to change UID to %d temporarily\n", uid); + setregid(old_gid, -1); return PAM_SESSION_ERR; } |