When a PAM-aware application calls pam_end(), our module would call its close_fd "destructor" and close the pipe from its end.
https://fedorahosted.org/sssd/ticket/1569
>From 98c8a6b92db2872083473b4ce0761bffc919e847 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Thu, 4 Oct 2012 19:08:08 +0200 Subject: [PATCH] PAM: close socket fd with pam_set_data https://fedorahosted.org/sssd/ticket/1569 --- src/sss_client/common.c | 6 ++++++ src/sss_client/pam_sss.c | 26 ++++++++++++++++++++++++++ src/sss_client/sss_cli.h | 2 ++ 3 files changed, 34 insertions(+) diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 1ef3ba15e5a86952a05de29c9db212fc829111bc..a4d523cdf45665c2e1b4984cc9b6db14c3d05340 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -794,6 +794,12 @@ errno_t check_server_cred(int sockfd) #endif return 0; } + +int *sss_pam_get_socket(void) +{ + return &sss_cli_sd; +} + int sss_pam_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index efbc48b6ef0458bb79dad53f81c584611f2be22d..92c90742e1931cf063a769a13befa8ec3567969a 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -54,6 +54,7 @@ #define FLAGS_USE_AUTHTOK (1 << 2) #define PWEXP_FLAG "pam_sss:password_expired_flag" +#define FD_DESTRUCTOR "pam_sss:fd_destructor" #define PW_RESET_MSG_FILENAME_TEMPLATE SSSD_CONF_DIR"/customize/%s/pam_sss_pw_reset_message.%s" #define PW_RESET_MSG_MAX_SIZE 4096 @@ -122,6 +123,24 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) ptr = NULL; } +static void close_fd(pam_handle_t *pamh, void *ptr, int err) +{ + int fd = *((int *) ptr); + + if (err & PAM_DATA_REPLACE) { + /* Nothing to do */ + return; + } + + if (fd == -1) { + /* fd not yet initialized */ + return; + } + + D(("Closing the fd")); + close(fd); +} + static size_t add_authtok_item(enum pam_item_type type, enum sss_authtok_type authtok_type, const char *tok, const size_t size, @@ -1101,6 +1120,13 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, goto done; } + ret = pam_set_data(pamh, FD_DESTRUCTOR, sss_pam_get_socket(), close_fd); + if (ret != PAM_SUCCESS) { + D(("pam_set_data failed.")); + pam_status = ret; + goto done; + } + switch (task) { case SSS_PAM_AUTHENTICATE: logger(pamh, (pam_status == PAM_SUCCESS ? LOG_INFO : LOG_NOTICE), diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index f60bd99121dd45f7811699da64eec8b106b20bf3..f3cb44adbcefb31c60c88c71e9251b351dc3a6c7 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -481,6 +481,8 @@ int sss_pam_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop); +int *sss_pam_get_socket(void); + int sss_pac_make_request(enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, -- 1.7.11.4
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
