Delkeys2 #8

merged 10 commits into from Dec 23, 2011

2 participants


The same as delkeys branch except rebased on master (including commit b8ba825)

DragonSA added some commits Oct 27, 2011
@DragonSA DragonSA Enable building of pam_pefs without being in the $SRCDIR tree.
This will allow pam_pefs to be built as a port.
@DragonSA DragonSA Add support for removing keys at the end of a session.
These changes track the number of concurrent sessions and at the end of the
last session removes all active keys.  The code currently assumes that only one
key is used for login but supports additional keys that are added after login.
It does not support the user directory being remounted after login.
@DragonSA DragonSA Only check for a valid fsroot once and do it before prompting for pas…

This will skip over a password request if there is now way for pefs to validate
the password.
@DragonSA DragonSA Add option to control auto-deleting of keys (opt-in).
The option `delkeys' will remove all active keys once all the user's sessions
have expired.  This assumes only one valid key is used for logins.

That assumption is used to handle corrupted session tracking files.  A better
method would be to compare the tracking file with either the system boot time
or the mount time (later is probably better).
@DragonSA DragonSA Correct stale session file detection and add more debug information.
Add a message that describes the session file state and changes made to the
state and add error description when failing to open session tracking file.
@DragonSA DragonSA Properly handle retrying opening of session tracking file.
Retry exponential back-off open for EWOULDBLOCK and EAGAIN, also correctly
return from the function (only with a valid file descriptor or non repeating
@DragonSA DragonSA Rename pefs_count -> pefs_session_count_incr and fix some bugs / impr…

Bugs fixed:
 - Start try from 1, otherwise an infinite loop
 - Check for failure from mkdir(2)

 - Change pefs_session_count_incr API, make incr and first_mount boolean
 - Eliminate need for dirname(3)
 - Move "delkeys" to a defined value

Requested By:	Gleb Kurtsou
@DragonSA DragonSA Eliminate the use of stdio IO functions.
 * fopen(3) -> flopen(3)  (eliminates some of the complexity if the session
                           count file does not exist)
 * rewind(3) -> lseek(2)
 * fscanf(3) -> read(2) + strtol(3)
 * fprintf(3) -> snprintf(3) + write(2)

For better security, use lstat(2) (and not lstat(2)).
@DragonSA DragonSA Determine stale session counter files based on system boot time.
Previously, a stale session counter file was based on whether the passphrase
had been used previously.  This, however, assumes that only one passphrase is
used, which in the case of pefs, is incorrect.

The most common case causing a corrupt session file is for a reboot that leaves
the session counter file with a value above 0.  To handle this case the
modification time of the session counter file is compared against the boot time.
If it was modified before the last boot, it is forced to have a value of 0.
@DragonSA DragonSA If user's home directory is a valid pefs mount then always count the …

This change allows the pam_pefs session functionality to be used independently
of the pam_pefs authentication functionality.  One particular use case is with
an ssh login, where the user adds keys.  In this case the keys will be cleared
as expected if pam_pefs is included in the ssh session.
@glk glk merged commit 02b3bb2 into glk:master Dec 23, 2011
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment