From 8445e39d8e154523b1c39ce701830dacef51d1e9 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 11 Oct 2012 20:18:18 +0200
Subject: PAM: fix handling the client fd in pam destructor

* Protect the fd with a mutex when closing
* Set it to a safe value after closing
---
 src/sss_client/common.c  | 17 ++++++++++++-----
 src/sss_client/pam_sss.c | 11 ++---------
 src/sss_client/sss_cli.h |  8 ++++----
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index a4d523cdf..7cfa3e0ef 100644
--- a/src/sss_client/common.c
+++ b/src/sss_client/common.c
@@ -795,11 +795,6 @@ errno_t check_server_cred(int sockfd)
     return 0;
 }
 
-int *sss_pam_get_socket(void)
-{
-    return &sss_cli_sd;
-}
-
 int sss_pam_make_request(enum sss_cli_command cmd,
                       struct sss_cli_req_data *rd,
                       uint8_t **repbuf, size_t *replen,
@@ -879,6 +874,18 @@ out:
     return ret;
 }
 
+void sss_pam_close_fd(void)
+{
+    sss_pam_lock();
+
+    if (sss_cli_sd != -1) {
+        close(sss_cli_sd);
+        sss_cli_sd = -1;
+    }
+
+    sss_pam_unlock();
+}
+
 int sss_sudo_make_request(enum sss_cli_command cmd,
                           struct sss_cli_req_data *rd,
                           uint8_t **repbuf, size_t *replen,
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 90d4c0a33..3734c8f08 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -125,20 +125,13 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
 
 static void close_fd(pam_handle_t *pamh, void *ptr, int err)
 {
-    int fd = *((int *) ptr);
-
     if (err & PAM_DATA_REPLACE) {
         /* Nothing to do */
         return;
     }
 
-    if (fd == -1) {
-        /* fd not yet initialized */
-        return;
-    }
-
     D(("Closing the fd"));
-    close(fd);
+    sss_pam_close_fd();
 }
 
 static size_t add_authtok_item(enum pam_item_type type,
@@ -1098,7 +1091,7 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
     errnop = 0;
     ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop);
 
-    sret = pam_set_data(pamh, FD_DESTRUCTOR, sss_pam_get_socket(), close_fd);
+    sret = pam_set_data(pamh, FD_DESTRUCTOR, NULL, close_fd);
     if (sret != PAM_SUCCESS) {
         D(("pam_set_data failed, client might leaks fds"));
     }
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
index f3cb44adb..372bcee59 100644
--- a/src/sss_client/sss_cli.h
+++ b/src/sss_client/sss_cli.h
@@ -478,10 +478,10 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
                                      int *errnop);
 
 int sss_pam_make_request(enum sss_cli_command cmd,
-                                     struct sss_cli_req_data *rd,
-                                     uint8_t **repbuf, size_t *replen,
-                                     int *errnop);
-int *sss_pam_get_socket(void);
+                         struct sss_cli_req_data *rd,
+                         uint8_t **repbuf, size_t *replen,
+                         int *errnop);
+void sss_pam_close_fd(void);
 
 int sss_pac_make_request(enum sss_cli_command cmd,
                          struct sss_cli_req_data *rd,
-- 
cgit