security: Change user keyring lookup algorithm

Now instead of spawning a seperate thread we alternate between changing the euid and ruid to both find the keyring and link it to the process keyring. Note that we also ensure that the user keyring is linked into the root keyring whenever possible.
author: Joseph Richey <joerichey94@gmail.com> 2017-09-01 00:53:07 -0700
committer: Joseph Richey <joerichey94@gmail.com> 2017-09-01 00:53:07 -0700
commit: 1ce72a7367967152948dbe332ea8d9834f194c27 (patch)
tree: c70ca05d44bddf899258f47f172d2ade68ca36ea /pam
parent: d5f64c1ecd8f13f01681d0a18b8f3174ff9bd225 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pam/pam.go b/pam/pam.go
index 998772c..a3642cc 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -131,8 +131,8 @@ func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) {
 // StartAsPamUser sets the effective privileges to that of the PAM user, and
 // configures the PAM user's keyrings to be properly linked.
 func (h *Handle) StartAsPamUser() error {
-	if err := security.KeyringsSetup(h.PamUser, h.OrigUser); err != nil {
-		return err
+	if _, err := security.UserKeyringID(h.PamUser); err != nil {
+		log.Printf("Setting up keyrings in PAM: %v", err)
 	}
 	return security.SetThreadPrivileges(h.PamUser)
 }
author	Joseph Richey <joerichey94@gmail.com>	2017-09-01 00:53:07 -0700
committer	Joseph Richey <joerichey94@gmail.com>	2017-09-01 00:53:07 -0700
commit	1ce72a7367967152948dbe332ea8d9834f194c27 (patch)
tree	c70ca05d44bddf899258f47f172d2ade68ca36ea /pam
parent	d5f64c1ecd8f13f01681d0a18b8f3174ff9bd225 (diff)