aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-09-04 15:15:06 +0000
committerTarmac <>2012-09-04 15:15:06 +0000
commit89f7087033bcad60b4ca8dfd251833130ecf5bdd (patch)
tree5907056eb87afa7c68320a3d7e3193219e61a6d8
parentc5207337b01bc9f0836ee0a82d611549b963245c (diff)
parent1337c11c623acf4a3a967985e29f03f0c66c2812 (diff)
downloadlibpam-x2go-89f7087033bcad60b4ca8dfd251833130ecf5bdd.tar.gz
libpam-x2go-89f7087033bcad60b4ca8dfd251833130ecf5bdd.tar.bz2
libpam-x2go-89f7087033bcad60b4ca8dfd251833130ecf5bdd.zip
Making the open_session kill also unpriv. Approved by Albert Astals Cid, jenkins.
-rw-r--r--src/pam-freerdp.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index b271834..fde3202 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -37,6 +37,8 @@
#define PAM_TYPE_DOMAIN 1234
#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n"
+static int unpriveleged_kill (struct passwd * pwdent);
+
static char * global_domain = NULL;
/* FIXME? This is a work around to the fact that PAM seems to be clearing
the auth token between authorize and open_session. Which then requires
@@ -439,11 +441,6 @@ pid_t session_pid = 0;
PAM_EXTERN int
pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv)
{
- if (session_pid != 0) {
- kill(session_pid, SIGKILL);
- session_pid = 0;
- }
-
char * username = NULL;
char * password = NULL;
char * ruser = NULL;
@@ -465,6 +462,10 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
goto done;
}
+ if (session_pid != 0) {
+ unpriveleged_kill(pwdent);
+ }
+
int sessionready[2];
if (pipe(sessionready) != 0) {
retval = PAM_SYSTEM_ERR;
@@ -523,6 +524,20 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
goto done;
}
+ retval = unpriveleged_kill(pwdent);
+
+done:
+ return retval;
+}
+
+/* Drop privs and try to kill the process with the PID of session_pid.
+ This ensures that we don't kill something important if there is PID wrap
+ around. */
+static int
+unpriveleged_kill (struct passwd * pwdent)
+{
+ int retval = PAM_SUCCESS;
+
pid_t pid = fork();
if (pid == 0) {
/* Setting groups, but allowing EPERM as if we're not 100% root
@@ -566,7 +581,6 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv
want to try again. We'll just return the error for this time. */
session_pid = 0;
-done:
return retval;
}