Commit c78e8ade authored by Fabian Vogt's avatar Fabian Vogt
Browse files

Move remaining salt file operations into unprivileged processes

Summary:
Otherwise the salt is always recreated on with ~ on NFS with root_squash
as root does not have access.

Test Plan: Reporter confirmed that it works and fixes the issue for him.

Reviewers: #plasma, aacid

Reviewed By: aacid

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D13776
parent 260d9170
......@@ -676,6 +676,14 @@ static void createNewSalt(pam_handle_t *pamh, const char *path, struct passwd *u
exit(-1);
}
// Don't re-create it if it already exists
struct stat info;
if (stat(path, &info) == 0 &&
info.st_size != 0 &&
S_ISREG(info.st_mode)) {
exit(0);
}
unlink(path);//in case the file already exists
char *dir = strdup(path);
......@@ -730,6 +738,14 @@ static int readSaltFile(pam_handle_t *pamh, char *path, struct passwd *userInfo,
exit(-1);
}
struct stat info;
if (stat(path, &info) != 0 || info.st_size == 0 || !S_ISREG(info.st_mode)) {
syslog(LOG_ERR, "%s: Failed to ensure %s looks like a salt file", logPrefix, path);
free(path);
close(readSaltPipe[1]);
exit(-1);
}
FILE *fd = fopen(path, "r");
if (fd == NULL) {
syslog(LOG_ERR, "%s: Couldn't open file: %s because: %d-%s", logPrefix, path, errno, strerror(errno));
......@@ -801,15 +817,7 @@ int kwallet_hash(pam_handle_t *pamh, const char *passphrase, struct passwd *user
char *path = (char*) malloc(pathSize);
sprintf(path, "%s/%s/%s", userInfo->pw_dir, kdehome, fixpath);
if (stat(path, &info) != 0 || info.st_size == 0 || !S_ISREG(info.st_mode)) {
createNewSalt(pamh, path, userInfo);
}
if (stat(path, &info) != 0 || info.st_size == 0 || !S_ISREG(info.st_mode)) {
syslog(LOG_ERR, "%s: Failed to ensure %s looks like a salt file", logPrefix, path);
free(path);
return 1;
}
createNewSalt(pamh, path, userInfo);
char salt[KWALLET_PAM_SALTSIZE] = {};
const int readSaltSuccess = readSaltFile(pamh, path, userInfo, salt);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment