Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2006-08-09  David Howells  <dhowells@redhat.com>

        * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
        to user's before revoking.
        (pam_sm_open_session): Remember the uid.

diff --git a/ChangeLog b/ChangeLog
index c404d3dd2b1ff3539ff0e229c6a45a65d363c157..b0e3783e8c5831d2018e1dd62be85f188361612f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-08-09  David Howells  <dhowells@redhat.com>
+
+       * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
+       to user's before revoking.
+       (pam_sm_open_session): Remember the uid.
+
 2006-08-06  Thorsten Kukuk  <kukuk@thkukuk.de>
 
        * modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
@@ -63,7 +69,7 @@
        * libpam/Makefile.am: Bump patchlevel of libpam.
        * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
        or [return=bad] is used, don't return PAM_IGNORE. Based on
-        patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
+       patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
 
 2006-07-28  Thorsten Kukuk  <kukuk@thkukuk.de>
 

diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index 5a43c12a872bfa949b5369bafd93f5e9ca731e57..452b0005aea996a13213f2c6cbc03002b1bf4948 100644 (file)
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -33,6 +33,8 @@
 static int my_session_keyring;
 static int session_counter;
 static int do_revoke;
+static int revoke_as_uid;
+static int revoke_as_gid;
 static int xdebug = 0;
 
 static void debug(pam_handle_t *pamh, const char *fmt, ...)
@@ -124,14 +126,38 @@ static int init_keyrings(pam_handle_t *pamh, int force)
  */
 static void kill_keyrings(pam_handle_t *pamh)
 {
+       int old_uid, old_gid;
+
        /* revoke the session keyring we created earlier */
        if (my_session_keyring > 0) {
                debug(pamh, "REVOKE %d", my_session_keyring);
 
+               old_uid = getuid();
+               old_gid = getgid();
+               debug(pamh, "UID:%d [%d]  GID:%d [%d]",
+                     revoke_as_uid, old_uid, revoke_as_gid, old_gid);
+
+               /* switch to the real UID and GID so that we have permission to
+                * revoke the key */
+               if (revoke_as_uid != old_uid && setreuid(-1, revoke_as_uid) < 0)
+                       error(pamh, "Unable to change UID to %d temporarily\n",
+                             revoke_as_uid);
+
+               if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0)
+                       error(pamh, "Unable to change GID to %d temporarily\n",
+                             revoke_as_gid);
+
                syscall(__NR_keyctl,
                        KEYCTL_REVOKE,
                        my_session_keyring);
 
+               /* return to the orignal UID and GID (probably root) */
+               if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0)
+                       error(pamh, "Unable to change UID back to %d\n", old_uid);
+
+               if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0)
+                       error(pamh, "Unable to change GID back to %d\n", old_gid);
+
                my_session_keyring = 0;
        }
 }
@@ -177,9 +203,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
                return PAM_USER_UNKNOWN;
        }
 
-       uid = pw->pw_uid;
+       revoke_as_uid = uid = pw->pw_uid;
        old_uid = getuid();
-       gid = pw->pw_gid;
+       revoke_as_gid = gid = pw->pw_gid;
        old_gid = getgid();
        debug(pamh, "UID:%d [%d]  GID:%d [%d]", uid, old_uid, gid, old_gid);