From 1ce72a7367967152948dbe332ea8d9834f194c27 Mon Sep 17 00:00:00 2001
From: Joseph Richey <joerichey94@gmail.com>
Date: Fri, 1 Sep 2017 00:53:07 -0700
Subject: security: Change user keyring lookup algorithm

Now instead of spawning a seperate thread we alternate between changing
the euid and ruid to both find the keyring and link it to the process
keyring. Note that we also ensure that the user keyring is linked into
the root keyring whenever possible.
---
 pam/pam.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pam/pam.go')

diff --git a/pam/pam.go b/pam/pam.go
index 998772c..a3642cc 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -131,8 +131,8 @@ func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) {
 // StartAsPamUser sets the effective privileges to that of the PAM user, and
 // configures the PAM user's keyrings to be properly linked.
 func (h *Handle) StartAsPamUser() error {
-	if err := security.KeyringsSetup(h.PamUser, h.OrigUser); err != nil {
-		return err
+	if _, err := security.UserKeyringID(h.PamUser); err != nil {
+		log.Printf("Setting up keyrings in PAM: %v", err)
 	}
 	return security.SetThreadPrivileges(h.PamUser)
 }
-- 
cgit v1.2.3