pam: do not attempt to close sd-bus after fork in pam_end()

When pam_end() is called after a fork, and it cleans up caches, it sets PAM_DATA_SILENT in error_status. FDs will be shared with the parent, so we do not want to attempt to close them from a child process, or we'll hit assertions. Complain loudly and skip.
2024-07-23 19:25:39 +00:00 · 2023-04-20 12:55:06 +01:00 · 2023-04-20 12:55:06 +01:00 · 4a75704b16
parent b4e5c103be
commit 4a75704b16
1 changed files with 11 additions and 0 deletions
--- a/src/shared/pam-util.c
+++ b/src/shared/pam-util.c
@ -50,6 +50,17 @@ int pam_syslog_pam_error(pam_handle_t *handle, int level, int error, const char
 }

 static void cleanup_system_bus(pam_handle_t *handle, void *data, int error_status) {
+        /* The PAM_DATA_SILENT flag is the way that pam_end() communicates to the module stack that this
+         * invocation of pam_end() is not the final one, but in the process that is going to directly exec
+         * the child. This means we are being called after a fork(), and we do not want to try and clean
+         * up the sd-bus object, as it would affect the parent too and we'll hit an assertion. */
+        if (error_status & PAM_DATA_SILENT)
+                return (void) pam_syslog_pam_error(
+                                handle,
+                                LOG_ERR,
+                                SYNTHETIC_ERRNO(EUCLEAN),
+                                "Attempted to close sd-bus after fork, this should not happen.");
+
        sd_bus_flush_close_unref(data);
 }