From b242762dbe2f3acc1d60a6c1f1363af4d471ad84 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Wed, 9 Aug 2006 19:04:59 +0000
Subject: [PATCH] Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2006-08-09  David Howells  <dhowells@redhat.com>

        * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
        to user's before revoking.
        (pam_sm_open_session): Remember the uid.
---
 ChangeLog                         |  8 +++++++-
 modules/pam_keyinit/pam_keyinit.c | 30 ++++++++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c404d3dd..b0e3783e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2006-08-09  David Howells  <dhowells@redhat.com>
+
+	* modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid
+	to user's before revoking.
+	(pam_sm_open_session): Remember the uid.
+
 2006-08-06  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* modules/pam_umask/pam_umask.c (setup_limits_from_gecos):
@@ -63,7 +69,7 @@
 	* libpam/Makefile.am: Bump patchlevel of libpam.
 	* libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die]
 	or [return=bad] is used, don't return PAM_IGNORE. Based on
-        patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
+	patch by Tomas Mraz <t8m@centrum.cz>, [BRC#196859].
 
 2006-07-28  Thorsten Kukuk  <kukuk@thkukuk.de>
 
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index 5a43c12a..452b0005 100644
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -33,6 +33,8 @@
 static int my_session_keyring;
 static int session_counter;
 static int do_revoke;
+static int revoke_as_uid;
+static int revoke_as_gid;
 static int xdebug = 0;
 
 static void debug(pam_handle_t *pamh, const char *fmt, ...)
@@ -124,14 +126,38 @@ static int init_keyrings(pam_handle_t *pamh, int force)
  */
 static void kill_keyrings(pam_handle_t *pamh)
 {
+	int old_uid, old_gid;
+
 	/* revoke the session keyring we created earlier */
 	if (my_session_keyring > 0) {
 		debug(pamh, "REVOKE %d", my_session_keyring);
 
+		old_uid = getuid();
+		old_gid = getgid();
+		debug(pamh, "UID:%d [%d]  GID:%d [%d]",
+		      revoke_as_uid, old_uid, revoke_as_gid, old_gid);
+
+		/* switch to the real UID and GID so that we have permission to
+		 * revoke the key */
+		if (revoke_as_uid != old_uid && setreuid(-1, revoke_as_uid) < 0)
+			error(pamh, "Unable to change UID to %d temporarily\n",
+			      revoke_as_uid);
+
+		if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0)
+			error(pamh, "Unable to change GID to %d temporarily\n",
+			      revoke_as_gid);
+
 		syscall(__NR_keyctl,
 			KEYCTL_REVOKE,
 			my_session_keyring);
 
+		/* return to the orignal UID and GID (probably root) */
+		if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0)
+			error(pamh, "Unable to change UID back to %d\n", old_uid);
+
+		if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0)
+			error(pamh, "Unable to change GID back to %d\n", old_gid);
+
 		my_session_keyring = 0;
 	}
 }
@@ -177,9 +203,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
 		return PAM_USER_UNKNOWN;
 	}
 
-	uid = pw->pw_uid;
+	revoke_as_uid = uid = pw->pw_uid;
 	old_uid = getuid();
-	gid = pw->pw_gid;
+	revoke_as_gid = gid = pw->pw_gid;
 	old_gid = getgid();
 	debug(pamh, "UID:%d [%d]  GID:%d [%d]", uid, old_uid, gid, old_gid);
 
-- 
2.40.0