Blob Blame History Raw
diff -up ecryptfs-utils-108/src/include/ecryptfs.h.nozombies ecryptfs-utils-108/src/include/ecryptfs.h
--- ecryptfs-utils-108/src/include/ecryptfs.h.nozombies	2015-03-11 16:07:01.000000000 +0100
+++ ecryptfs-utils-108/src/include/ecryptfs.h	2015-08-11 14:44:00.122820656 +0200
@@ -532,10 +532,6 @@ int ecryptfs_validate_keyring(void);
 #define ECRYPTFS_SHM_KEY 0x3c81b7f5
 #define ECRYPTFS_SEM_KEY 0x3c81b7f6
 #define ECRYPTFS_SHM_SIZE 4096
-#define ECRYPTFS_ZOMBIE_SLEEP_SECONDS 300
-int ecryptfs_set_zombie_session_placeholder(void);
-int ecryptfs_kill_and_clear_zombie_session_placeholder(void);
-int ecryptfs_list_zombie_session_placeholders(void);
 int ecryptfs_build_linear_subgraph_from_nvp(struct transition_node **trans_node,
 					    struct ecryptfs_key_mod *key_mod);
 int ecryptfs_build_linear_subgraph(struct transition_node **trans_node,
diff -up ecryptfs-utils-108/src/libecryptfs/main.c.nozombies ecryptfs-utils-108/src/libecryptfs/main.c
--- ecryptfs-utils-108/src/libecryptfs/main.c.nozombies	2015-03-26 14:28:59.000000000 +0100
+++ ecryptfs-utils-108/src/libecryptfs/main.c	2015-08-11 14:44:00.122820656 +0200
@@ -384,495 +384,6 @@ out:
 	return rc;
 }
 
-static int zombie_semaphore_get(void)
-{
-	int sem_id;
-	struct semid_ds semid_ds;
-	struct sembuf sb;
-	int i;
-	int rc;
-
-	sem_id = semget(ECRYPTFS_SEM_KEY, 1, (0666 | IPC_EXCL | IPC_CREAT));
-	if (sem_id >= 0) {
-		sb.sem_op = 1;
-		sb.sem_flg = 0;
-		sb.sem_num = 0;
-
-		rc = semop(sem_id, &sb, 1);
-		if (rc == -1) {
-			semctl(sem_id, 0, IPC_RMID);
-			syslog(LOG_ERR, "Error initializing semaphore\n");
-			rc = -1;
-			goto out;
-		}
-	} else if (errno == EEXIST) {
-		int initialized = 0;
-
-		sem_id = semget(ECRYPTFS_SEM_KEY, 1, 0);
-		if (sem_id < 0) {
-			syslog(LOG_ERR, "Error getting existing semaphore");
-			rc = -1;
-			goto out;
-		}
-#define RETRY_LIMIT 3
-		for (i = 0; i < RETRY_LIMIT; i++) {
-			semctl(sem_id, 0, IPC_STAT, &semid_ds);
-			if (semid_ds.sem_otime != 0) {
-				initialized = 1;
-				break;
-			} else
-				sleep(1);
-		}
-		if (!initialized) {
-			syslog(LOG_ERR, "Waited too long for initialized "
-			       "semaphore; something's wrong\n");
-			rc = -1;
-			goto out;
-		}
-	} else {
-		syslog(LOG_ERR, "Error attempting to get semaphore\n");
-		rc = -1;
-		goto out;
-	}
-	rc = sem_id;
-out:
-	return rc;
-}
-
-static void zombie_semaphore_lock(int sem_id)
-{
-	struct sembuf sb;
-	int i;
-	int rc;
-
-	sb.sem_num = 0;
-	sb.sem_op = -1;
-	sb.sem_flg = IPC_NOWAIT;
-	for (i = 0; i < RETRY_LIMIT; i++) {
-		rc = semop(sem_id, &sb, 1);
-		if (rc == -1 && errno == EAGAIN) {
-			sleep(1);
-		} else if (rc == -1) {
-			syslog(LOG_ERR, "Error locking semaphore; errno "
-			       "string = [%m]\n");
-			goto out;
-		} else
-			goto out;
-	}
-	syslog(LOG_ERR, "Error locking semaphore; hit max retries\n");
-out:
-	return;
-}
-
-static void zombie_semaphore_unlock(int sem_id)
-{
-	struct sembuf sb;
-	int rc;
-
-	sb.sem_num = 0;
-	sb.sem_op = 1;
-	sb.sem_flg = 0;
-	rc = semop(sem_id, &sb, 1);
-	if (rc == -1) {
-		syslog(LOG_ERR, "Error unlocking semaphore\n");
-		goto out;
-	}
-out:
-	return;
-}
-
-static int get_zombie_shared_mem_locked(int *shm_id, int *sem_id)
-{
-	int rc;
-	
-	(*sem_id) = zombie_semaphore_get();
-	if ((*sem_id) == -1) {
-		syslog(LOG_ERR, "Error attempting to get zombie semaphore\n");
-		rc = -EIO;
-		goto out;
-	}
-	zombie_semaphore_lock((*sem_id));
-	rc = shmget(ECRYPTFS_SHM_KEY, ECRYPTFS_SHM_SIZE, (0666 | IPC_CREAT
-							  | IPC_EXCL));
-	if (rc == -1 && errno == EEXIST)
-		rc = shmget(ECRYPTFS_SHM_KEY, ECRYPTFS_SHM_SIZE, 0);
-	else {
-		char *shm_virt;
-
-		if (rc == -1) {
-			syslog(LOG_ERR, "Error allocating shared memory; "
-				"errno string = [%m]\n");
-			rc = -EIO;
-			zombie_semaphore_unlock((*sem_id));
-			goto out;
-		}
-
-		(*shm_id) = rc;
-		shm_virt = shmat((*shm_id), NULL, 0);
-		if (shm_virt == (void *)-1) {
-			syslog(LOG_ERR, "Error attaching to newly allocated "
-			       "shared memory; errno string = [%m]\n");
-			rc = -EIO;
-			zombie_semaphore_unlock((*sem_id));
-			goto out;
-		}
-		memset(shm_virt, 0, ECRYPTFS_SHM_SIZE);
-		if ((rc = shmdt(shm_virt))) {
-			rc = -EIO;
-			zombie_semaphore_unlock((*sem_id));
-			goto out;
-		}
-		rc = shmget(ECRYPTFS_SHM_KEY, ECRYPTFS_SHM_SIZE, 0);
-	}
-	if (rc == -1) {
-		syslog(LOG_ERR, "Error attempting to get identifier for "
-		       "shared memory with key [0x%.8x]\n", ECRYPTFS_SHM_KEY);
-		rc = -EIO;
-		zombie_semaphore_unlock((*sem_id));
-		goto out;
-	}
-	(*shm_id) = rc;
-	rc = 0;
-out:
-	return rc;
-}
-
-static int list_pid_sid_pairs(int shm_id)
-{
-	pid_t sid_tmp;
-	pid_t pid_tmp;
-	char *shm_virt;
-	int i;
-	int rc;
-
-	if (sizeof(pid_t) != sizeof(uint32_t)) {
-		syslog(LOG_ERR, "sizeof(pid_t) != sizeof(uint32_t); the code "
-		       "needs some tweaking to work on this architecture\n");
-		rc = -EINVAL;
-		goto out;
-	}
-	shm_virt = shmat(shm_id, NULL, 0);
-	if (shm_virt == (void *)-1) {
-		rc = -EIO;
-		goto out;
-	}
-	i = 0;
-	memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	sid_tmp = ntohl(sid_tmp); /* uint32_t */
-	memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	while (!(sid_tmp == 0 && pid_tmp == 0)) {
-		if ((i + (2 * sizeof(pid_t))) > ECRYPTFS_SHM_SIZE)
-			break;
-		memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		sid_tmp = ntohl(sid_tmp); /* uint32_t */
-		memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	}
-	if ((rc = shmdt(shm_virt)))
-		rc = -EIO;
-out:
-	return rc;
-}
-
-static int find_pid_for_this_sid(pid_t *pid, int shm_id)
-{
-	pid_t sid_tmp;
-	pid_t sid;
-	pid_t pid_tmp;
-	pid_t this_pid;
-	char *shm_virt;
-	int i;
-	int rc;
-
-	(*pid) = 0;
-	if (sizeof(pid_t) != sizeof(uint32_t)) {
-		syslog(LOG_ERR, "sizeof(pid_t) != sizeof(uint32_t); the code "
-		       "needs some tweaking to work on this architecture\n");
-		rc = -EINVAL;
-		goto out;
-	}
-	shm_virt = shmat(shm_id, NULL, 0);
-	if (shm_virt == (void *)-1) {
-		rc = -EIO;
-		goto out;
-	}
-	i = 0;
-	memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	sid_tmp = ntohl(sid_tmp); /* uint32_t */
-	memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	this_pid = getpid();
-	sid = getsid(this_pid);
-	while (!(sid_tmp == 0 && pid_tmp == 0)) {
-		if (sid_tmp == sid) {
-			(*pid) = pid_tmp;
-			goto end_search;
-		}
-		if ((i + (2 * sizeof(pid_t))) > ECRYPTFS_SHM_SIZE)
-			break;
-		memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		sid_tmp = ntohl(sid_tmp); /* uint32_t */
-		memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	}
-end_search:
-	if ((rc = shmdt(shm_virt))) {
-		rc = -EIO;
-		(*pid) = 0;
-	}
-out:
-	return rc;
-}
-
-static int remove_pid_for_this_sid(int shm_id)
-{
-	pid_t sid_tmp;
-	pid_t sid;
-	pid_t pid_tmp;
-	pid_t pid;
-	pid_t this_pid;
-	char *shm_virt;
-	int i;
-	int rc;
-
-	pid = 0;
-	if (sizeof(pid_t) != sizeof(uint32_t)) {
-		syslog(LOG_ERR, "sizeof(pid_t) != sizeof(uint32_t); the code "
-		       "needs some tweaking to work on this architecture\n");
-		rc = -EINVAL;
-		goto out;
-	}
-	shm_virt = shmat(shm_id, NULL, 0);
-	if (shm_virt == (void *)-1) {
-		rc = -EIO;
-		goto out;
-	}
-	i = 0;
-	memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	sid_tmp = ntohl(sid_tmp); /* uint32_t */
-	memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	this_pid = getpid();
-	sid = getsid(this_pid);
-	while (!(sid_tmp == 0 && pid_tmp == 0)) {
-		if (sid_tmp == sid) {
-			pid = pid_tmp;
-			break;
-		}
-		if ((i + (2 * sizeof(pid_t))) > ECRYPTFS_SHM_SIZE)
-			break;
-		memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		sid_tmp = ntohl(sid_tmp); /* uint32_t */
-		memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	}
-	if (pid != 0) {
-		char *tmp;
-		int remainder = (ECRYPTFS_SHM_SIZE - i);
-
-		if (remainder != 0) {
-			if ((tmp = malloc(remainder)) == NULL) {
-				rc = -ENOMEM;
-				shmdt(shm_virt);
-				goto out;
-			}
-			memcpy(tmp, &shm_virt[i], remainder);
-			i -= (2 * sizeof(pid_t));
-			memcpy(&shm_virt[i], tmp, remainder);
-			i += remainder;
-		} else
-			i -= (2 * sizeof(pid_t));
-		memset(&shm_virt[i], 0, (2 * sizeof(pid_t)));
-		if (remainder != 0)
-			free(tmp);
-	}
-	if ((rc = shmdt(shm_virt)))
-		rc = -EIO;
-out:
-	return rc;
-}
-
-static int add_sid_pid_pair_to_shm(int shm_id)
-{
-	pid_t sid_tmp;
-	pid_t sid;
-	pid_t pid_tmp;
-	pid_t pid;
-	char *shm_virt;
-	int i;
-	int rc;
-
-	if (sizeof(pid_t) != sizeof(uint32_t)) {
-		syslog(LOG_ERR, "sizeof(pid_t) != sizeof(uint32_t); the code "
-		       "needs some tweaking to work on this architecture\n");
-		rc = -EINVAL;
-		goto out;
-	}
-	shm_virt = shmat(shm_id, NULL, 0);
-	if (shm_virt == (void *)-1) {
-		syslog(LOG_ERR, "Error attaching to shared memory; error "
-		       "string = [%m]\n");
-		shm_virt = shmat(shm_id, NULL, 0);
-		if (shm_virt == (void *)-1) {
-			syslog(LOG_ERR, "Error attaching to shared memory; error "
-			       "string = [%m]\n");
-			rc = -EIO;
-			goto out;
-		}
-		rc = -EIO;
-		goto out;
-	}
-	i = 0;
-	memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	sid_tmp = ntohl(sid_tmp); /* uint32_t */
-	memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-	i += sizeof(pid_t);
-	pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	while (!(sid_tmp == 0 && pid_tmp == 0)) {
-		if ((i + (2 * sizeof(pid_t))) > ECRYPTFS_SHM_SIZE) {
-			syslog(LOG_ERR,
-			       "No space left in shared memory region\n");
-			rc = -ENOMEM;
-			shmdt(shm_virt);
-			goto out;
-		}
-		memcpy(&sid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		sid_tmp = ntohl(sid_tmp); /* uint32_t */
-		memcpy(&pid_tmp, &shm_virt[i], sizeof(pid_t));
-		i += sizeof(pid_t);
-		pid_tmp = ntohl(pid_tmp); /* uint32_t */
-	}
-	pid = getpid();
-	sid = getsid(pid);
-	sid = htonl(sid);
-	pid = htonl(pid);
-	i -= (2 * sizeof(pid_t));
-	memcpy(&shm_virt[i], &sid, sizeof(pid_t));
-	i += sizeof(pid_t);
-	memcpy(&shm_virt[i], &pid, sizeof(pid_t));
-	i += sizeof(pid_t);
-	if ((i + (2 * sizeof(pid_t))) <= ECRYPTFS_SHM_SIZE)
-		memset(&shm_virt[i], 0, (i + (2 * sizeof(pid_t))));
-	if ((rc = shmdt(shm_virt))) {
-		syslog(LOG_ERR, "Error detaching from shared memory\n");
-		rc = -EIO;
-	}
-out:
-	return rc;
-}
-
-int ecryptfs_set_zombie_session_placeholder(void)
-{
-	int shm_id;
-	int sem_id;
-	int rc = 0;
-
-	if ((rc = get_zombie_shared_mem_locked(&shm_id, &sem_id))) {
-		syslog(LOG_ERR,
-		       "Error getting shared memory segment\n");
-		goto out;
-	}
-	if ((rc = add_sid_pid_pair_to_shm(shm_id))) {
-		syslog(LOG_ERR, "Error adding sid/pid pair to shared memory "
-		       "segment; rc = [%d]\n", rc);
-		zombie_semaphore_unlock(sem_id);
-		goto out;
-	}
-	zombie_semaphore_unlock(sem_id);
-	sleep(ECRYPTFS_ZOMBIE_SLEEP_SECONDS);
-	if ((rc = get_zombie_shared_mem_locked(&shm_id, &sem_id))) {
-		syslog(LOG_ERR,
-		       "Error getting shared memory segment\n");
-		goto out;
-	}
-	if ((rc = remove_pid_for_this_sid(shm_id))) {
-		syslog(LOG_ERR, "Error attempting to remove pid/sid "
-		       "pair from shared memory segment; rc = [%d]\n",
-		       rc);
-		zombie_semaphore_unlock(sem_id);
-		goto out;
-	}
-	zombie_semaphore_unlock(sem_id);
-	exit(1);
-out:
-	return rc;
-}
-
-int ecryptfs_kill_and_clear_zombie_session_placeholder(void)
-{
-	int shm_id;
-	int sem_id;
-	int pid;
-	int rc = 0;
-
-	if ((rc = get_zombie_shared_mem_locked(&shm_id, &sem_id))) {
-		syslog(LOG_ERR, "Error getting shared memory segment\n");
-		goto out;
-	}
-	if ((rc = find_pid_for_this_sid(&pid, shm_id))) {
-		syslog(LOG_ERR, "Error finding pid for sid in shared memory "
-		       "segment; rc = [%d]\n", rc);
-		zombie_semaphore_unlock(sem_id);
-		goto out;
-	}
-	if (pid == 0) {
-		syslog(LOG_WARNING, "No valid pid found for this sid\n");
-	} else {
-		if ((rc = kill(pid, SIGKILL))) {
-			syslog(LOG_ERR, "Error attempting to kill process "
-			       "[%d]; rc = [%d]; errno string = [%m]\n", pid,
-			       rc);
-		}
-		if ((rc = remove_pid_for_this_sid(shm_id))) {
-			syslog(LOG_ERR, "Error attempting to remove pid/sid "
-			       "pair from shared memory segment; rc = [%d]\n",
-			       rc);
-			zombie_semaphore_unlock(sem_id);
-			goto out;
-		}
-	}
-	zombie_semaphore_unlock(sem_id);
-out:
-	return rc;
-}
-
-int ecryptfs_list_zombie_session_placeholders(void)
-{
-	int shm_id;
-	int sem_id;
-	int rc = 0;
-
-	if ((rc = get_zombie_shared_mem_locked(&shm_id, &sem_id))) {
-		syslog(LOG_ERR,
-		       "Error getting shared memory segment\n");
-		goto out;
-	}
-	if ((rc = list_pid_sid_pairs(shm_id))) {
-		syslog(LOG_ERR, "Error listing sid/pid pairs in shared memory "
-		       "segment; rc = [%d]\n", rc);
-		zombie_semaphore_unlock(sem_id);
-		goto out;
-	}
-	zombie_semaphore_unlock(sem_id);
-out:
-	return rc;
-}
-
 static struct ecryptfs_ctx_ops ctx_ops;
 
 struct ecryptfs_ctx_ops *cryptfs_get_ctx_opts (void)
diff -up ecryptfs-utils-108/src/pam_ecryptfs/pam_ecryptfs.c.nozombies ecryptfs-utils-108/src/pam_ecryptfs/pam_ecryptfs.c
--- ecryptfs-utils-108/src/pam_ecryptfs/pam_ecryptfs.c.nozombies	2015-08-11 14:44:00.120820661 +0200
+++ ecryptfs-utils-108/src/pam_ecryptfs/pam_ecryptfs.c	2015-08-11 14:44:00.122820656 +0200
@@ -246,11 +246,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 			syslog(LOG_ERR, "pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [%ld]\n", rc);
 			goto out_child;
 		}
-		if (fork() == 0) {
-			if ((rc = ecryptfs_set_zombie_session_placeholder())) {
-				syslog(LOG_ERR, "pam_ecryptfs: Error attempting to create and register zombie process; rc = [%ld]\n", rc);
-			}
-		}
 out_child:
 		free(auth_tok_sig);
 		_exit(0);