Merge pull request #56 from google/panicsv0.2.1 0.2.1

Fixed failures in PAM module
author: Joseph Richey <joerichey@google.com> 2017-09-01 02:23:53 -0700
committer: GitHub <noreply@github.com> 2017-09-01 02:23:53 -0700
commit: 0879b8ffcbbac29c282084eea2888194371113fa (patch)
tree: 8ff0b3562affc308939788c5e54708e284a014da /pam
parent: b04d7ef31dc2e21f055b1b656efb9511e72db6c6 (diff)
parent: 0dfbbf62fae3d4051dd5f0686835ac393f8a0247 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/pam/pam.go b/pam/pam.go
index 657e9fb..a3642cc 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -131,17 +131,17 @@ func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) {
 // StartAsPamUser sets the effective privileges to that of the PAM user, and
 // configures the PAM user's keyrings to be properly linked.
 func (h *Handle) StartAsPamUser() error {
-	if err := security.KeyringsSetup(h.PamUser, h.OrigUser); err != nil {
-		return err
+	if _, err := security.UserKeyringID(h.PamUser); err != nil {
+		log.Printf("Setting up keyrings in PAM: %v", err)
 	}
-	return security.SetThreadPrivileges(h.PamUser, false)
+	return security.SetThreadPrivileges(h.PamUser)
 }
 
 // StopAsPamUser restores the original privileges that were running the
 // PAM module (this is usually root). As this error is often ignored in a defer
 // statement, any error is also logged.
 func (h *Handle) StopAsPamUser() error {
-	err := security.SetThreadPrivileges(h.OrigUser, false)
+	err := security.SetThreadPrivileges(h.OrigUser)
 	if err != nil {
 		log.Print(err)
 	}
author	Joseph Richey <joerichey@google.com>	2017-09-01 02:23:53 -0700
committer	GitHub <noreply@github.com>	2017-09-01 02:23:53 -0700
commit	0879b8ffcbbac29c282084eea2888194371113fa (patch)
tree	8ff0b3562affc308939788c5e54708e284a014da /pam
parent	b04d7ef31dc2e21f055b1b656efb9511e72db6c6 (diff)
parent	0dfbbf62fae3d4051dd5f0686835ac393f8a0247 (diff)