[crux-commits] ports/contrib (refs/remotes/origin/3.6): pam_shrundir: fix lockfile race

crux at crux.nu crux at crux.nu
Sat Apr 10 19:05:58 UTC 2021


commit 1274a8e2fd0c9a945702b395e933151937307161
Author: Steffen Nurpmeso <steffen at sdaoden.eu>
Date:   Fri Jan 29 14:52:04 2021 +0100

    pam_shrundir: fix lockfile race

diff --git a/pam_shrundir/.signature b/pam_shrundir/.signature
index 6d5390a29..c37517a3f 100644
--- a/pam_shrundir/.signature
+++ b/pam_shrundir/.signature
@@ -1,6 +1,6 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF38kSJKzvrIA0Wc7tUQXmMhDLsrXKOEN/GkroPLzha+HmocIsc9pefNs2crmgT5dx2T18OfbnfDxoN1F+NmmM4g4=
-SHA256 (Pkgfile) = 0c7700d5a03721c3679d46beb13ebdb4c3101f8be9666d55f5c48f9e51ce636f
+RWSagIOpLGJF37j5m3ENnI/CdZ9/UxM5HJfqz+tGHFzKhN+PrYJZNqRpA1mHWbZNDSOoDoQ1AQ0OA85InS1nMYGm+pqz5s5E1wo=
+SHA256 (Pkgfile) = e4d9c3d188a386f827acd0fbfc2403f9f60a7f1778138a818244236c78b8e230
 SHA256 (.footprint) = 477b045ddf332d5c081e4dfc5104f8c829e0c28058855b72b5832489b1406645
-SHA256 (pam_shrundir) = 0c544a9352bd68a6a743363caa8b44a8fe5d03f4b98fc3bcab859e11b2b9350e
+SHA256 (pam_shrundir) = 5c7a86ca0962fa2a0a67b8e2f1687ba9d58d73f72c76a590a09d128de88eb365
 SHA256 (pam_shrundir.8) = 3c757d3dd6d4573c8ee3dbddc7754a28cab2f423dc5fbcf3b682e3e46e78c9cb
diff --git a/pam_shrundir/Pkgfile b/pam_shrundir/Pkgfile
index 7224a133f..6f2694136 100644
--- a/pam_shrundir/Pkgfile
+++ b/pam_shrundir/Pkgfile
@@ -3,14 +3,14 @@
 # Maintainer:  Steffen Nurpmeso, steffen at sdaoden dot eu
 
 name=pam_shrundir
-version=20210126
+version=20210129
 release=1
 source=($name $name.8)
 
 build () {
    install -d $PKG/sbin $PKG/usr/share/man/man8
-   install -m 755 $name $PKG/sbin
-   install -m 644 $name.8 $PKG/usr/share/man/man8/
+   install -m 0755 $name $PKG/sbin
+   install -m 0644 $name.8 $PKG/usr/share/man/man8/
 }
 
 # s-sh-mode
diff --git a/pam_shrundir/pam_shrundir b/pam_shrundir/pam_shrundir
index b66f876ee..582e366d3 100755
--- a/pam_shrundir/pam_shrundir
+++ b/pam_shrundir/pam_shrundir
@@ -2,71 +2,78 @@
 #@ Create /run/user/`id -u` when the first session is opened, and remove it
 #@ again once the last is closed.
 #@ Place this 0755 in /sbin/pam_shrundir (or wherever you want), then put
-#@ 	session required pam_exec.so quiet /sbin/pam_shrundir
+#@    session required pam_exec.so quiet /sbin/pam_shrundir
 #@ (or "optional" not "required") in /etc/pam.d/common-session, or wherever.
+#
+# 2021 Steffen Nurpmeso <steffen at sdaoden.eu>.
+# Public Domain.
 
 lckfile=.pam_shrundir.lck
 datfile=.pam_shrundir.dat
 
 cd /run || {
-	logger -t pam_rundir 'ERROR: /run must exist'
-	exit 1
+   logger -t pam_rundir 'ERROR: /run must exist'
+   exit 1
 }
 
 command -v flock >/dev/null 2>&1 || {
-	logger -t pam_rundir 'ERROR: i need flock(1) from util-linux'
-	exit 2
+   logger -t pam_rundir 'ERROR: i need flock(1) from util-linux'
+   exit 2
 }
 
 [ -d user ] || mkdir -m 0755 user || [ -d user ] || {
-	logger -t pam_rundir 'ERROR: cannot create /run/user'
-	exit 3
+   logger -t pam_rundir 'ERROR: cannot create /run/user'
+   exit 3
 }
 
 cd user || {
-	logger -t pam_rundir 'ERROR: cannot cd to /run/user'
-	exit 4
-
+   logger -t pam_rundir 'ERROR: cannot cd to /run/user'
+   exit 4
 }
 
 user=`id -u ${PAM_USER}`
 group=`id -g ${PAM_USER}`
 umask 0077
 
-touch "${lckfile}"
-flock "${lckfile}" -c '
-	ex=0
-	if [ "'"${PAM_TYPE}"'" = open_session ]; then
-		if [ -d '"${user}"' ]; then :; else
-			mkdir -m 0700 '"${user}"' || exit 5
-			chown '"${user}"':'"${group}"' '"${user}"' || exit 6
-			echo 0 > '"${user}"'/'"${datfile}"'
-			chmod 0600 '"${user}"'/'"${datfile}"'
-		fi
-		op=+
-	else
-		op=-
-	fi
+(
+   flock 8 || exit 10
+   ex=0
+   if [ "${PAM_TYPE}" = open_session ]; then
+      if [ -d "${user}" ]; then :; else
+         mkdir -m 0700 "${user}" || exit 5
+         chown "${user}":"${group}" "${user}" || exit 6
+         echo 0 > "${user}"/"${datfile}"
+         chmod 0600 "${user}"/"${datfile}"
+      fi
+      op=+
+   else
+      op=-
+   fi
 
-	read cnt < '"${user}"'/'"${datfile}"'
-	[ -z "${cnt}" ] && cnt=0
-	cnt=`expr ${cnt} ${op} 1`
-	if [ ${cnt} -le 0 ]; then
-		rm -rf '"${user}"' || ex=7
-	else
-		echo ${cnt} > '"${user}"'/'"${datfile}"'
-	fi
+   read cnt < "${user}"/"${datfile}"
+   [ -z "${cnt}" ] && cnt=0
+   cnt=`expr ${cnt} ${op} 1`
+   if [ ${cnt} -le 0 ]; then
+      rm -rf "${user}" || ex=7
+   else
+      echo ${cnt} > "${user}"/"${datfile}"
+   fi
 
-	exit ${ex}
-'
+   exit ${ex}
+) 8>"${lckfile}"
 e=${?}
 rm -f "${lckfile}"
 
+em=
 case ${e} in
-*) ;;
-5) logger -t pam_rundir 'ERROR: cannot create /run/user/'${user};;
-6) logger -t pam_rundir 'ERROR: cannot impersonate /run/user/'${user};;
-7) logger -t pam_rundir 'ERROR: cannot remove /run/user/'${user};;
+0) ;;
+5) em='cannot create /run/user/'${user};;
+6) em='cannot impersonate /run/user/'${user};;
+7) em='cannot remove /run/user/'${user};;
+10) em='cannot flock(1) '${lckfile};;
+*) em='unsorted flock(1) error';;
 esac
+[ -n "${em}" ] && logger -t pam_rundir 'ERROR: '"${em}"
 
 exit ${e}
+# s-sh-mode


More information about the crux-commits mailing list