These changes track the number of concurrent sessions and at the end of the
last session removes all active keys. The code currently assumes that only one
key is used for login but supports additional keys that are added after login.
It does not support the user directory being remounted after login.
The option `delkeys' will remove all active keys once all the user's sessions
have expired. This assumes only one valid key is used for logins.
That assumption is used to handle corrupted session tracking files. A better
method would be to compare the tracking file with either the system boot time
or the mount time (later is probably better).
- Start try from 1, otherwise an infinite loop
- Check for failure from mkdir(2)
- Change pefs_session_count_incr API, make incr and first_mount boolean
- Eliminate need for dirname(3)
- Move "delkeys" to a defined value
Requested By: Gleb Kurtsou
* fopen(3) -> flopen(3) (eliminates some of the complexity if the session
count file does not exist)
* rewind(3) -> lseek(2)
* fscanf(3) -> read(2) + strtol(3)
* fprintf(3) -> snprintf(3) + write(2)
For better security, use lstat(2) (and not lstat(2)).
Previously, a stale session counter file was based on whether the passphrase
had been used previously. This, however, assumes that only one passphrase is
used, which in the case of pefs, is incorrect.
The most common case causing a corrupt session file is for a reboot that leaves
the session counter file with a value above 0. To handle this case the
modification time of the session counter file is compared against the boot time.
If it was modified before the last boot, it is forced to have a value of 0.
This change allows the pam_pefs session functionality to be used independently
of the pam_pefs authentication functionality. One particular use case is with
an ssh login, where the user adds keys. In this case the keys will be cleared
as expected if pam_pefs is included in the ssh session.