diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-11 20:18:18 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-12 10:11:16 +0200 |
commit | 8445e39d8e154523b1c39ce701830dacef51d1e9 (patch) | |
tree | 941d4a090e7bcfdf31e810225e27f098d8f9bd9f | |
parent | e7a24374d97e1d1c32d3e18561a20e8c5e6319ec (diff) | |
download | sssd-8445e39d8e154523b1c39ce701830dacef51d1e9.tar.gz sssd-8445e39d8e154523b1c39ce701830dacef51d1e9.tar.bz2 sssd-8445e39d8e154523b1c39ce701830dacef51d1e9.zip |
PAM: fix handling the client fd in pam destructor
* Protect the fd with a mutex when closing
* Set it to a safe value after closing
-rw-r--r-- | src/sss_client/common.c | 17 | ||||
-rw-r--r-- | src/sss_client/pam_sss.c | 11 | ||||
-rw-r--r-- | src/sss_client/sss_cli.h | 8 |
3 files changed, 18 insertions, 18 deletions
diff --git a/src/sss_client/common.c b/src/sss_client/common.c index a4d523cd..7cfa3e0e 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -795,11 +795,6 @@ errno_t check_server_cred(int sockfd) return 0; } -int *sss_pam_get_socket(void) -{ - return &sss_cli_sd; -} - int sss_pam_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, @@ -879,6 +874,18 @@ out: return ret; } +void sss_pam_close_fd(void) +{ + sss_pam_lock(); + + if (sss_cli_sd != -1) { + close(sss_cli_sd); + sss_cli_sd = -1; + } + + sss_pam_unlock(); +} + int sss_sudo_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 90d4c0a3..3734c8f0 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -125,20 +125,13 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) static void close_fd(pam_handle_t *pamh, void *ptr, int err) { - int fd = *((int *) ptr); - if (err & PAM_DATA_REPLACE) { /* Nothing to do */ return; } - if (fd == -1) { - /* fd not yet initialized */ - return; - } - D(("Closing the fd")); - close(fd); + sss_pam_close_fd(); } static size_t add_authtok_item(enum pam_item_type type, @@ -1098,7 +1091,7 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, errnop = 0; ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop); - sret = pam_set_data(pamh, FD_DESTRUCTOR, sss_pam_get_socket(), close_fd); + sret = pam_set_data(pamh, FD_DESTRUCTOR, NULL, close_fd); if (sret != PAM_SUCCESS) { D(("pam_set_data failed, client might leaks fds")); } diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index f3cb44ad..372bcee5 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -478,10 +478,10 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, int *errnop); int sss_pam_make_request(enum sss_cli_command cmd, - struct sss_cli_req_data *rd, - uint8_t **repbuf, size_t *replen, - int *errnop); -int *sss_pam_get_socket(void); + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop); +void sss_pam_close_fd(void); int sss_pac_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, |