From a2dd39b4cb19f4ed4599422e635cc019dcae6ada Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sun, 16 Apr 2023 14:55:09 +0100
Subject: pam: cache sd-bus separately per module

sd-bus connection is cached by the two pam modules globally, but this
can lead to issues due to hashmaps (used by sd-bus) using a global
static variable for the shared hash key, which is different per module
as both modules are loaded in the same process.

This happens because the sd-bus object is create in one module, but
used in the other, so global state does not match.

Use a different pam cache identifier for the sd-bus pointer, so that
each module uses a different sd-bus connection as a workaround.

Fixes https://github.com/systemd/systemd/issues/27216
Fixes https://github.com/systemd/systemd/issues/17266
---
 src/login/pam_systemd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/login')

diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 65d09886be..3a009d8e37 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -948,7 +948,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
 
         /* Talk to logind over the message bus */
 
-        r = pam_acquire_bus_connection(handle, &bus);
+        r = pam_acquire_bus_connection(handle, "pam-systemd", &bus);
         if (r != PAM_SUCCESS)
                 return r;
 
@@ -1115,7 +1115,7 @@ success:
         /* Let's release the D-Bus connection, after all the session might live quite a long time, and we are
          * not going to use the bus connection in that time, so let's better close before the daemon kicks us
          * off because we are not processing anything. */
-        (void) pam_release_bus_connection(handle);
+        (void) pam_release_bus_connection(handle, "pam-systemd");
         return PAM_SUCCESS;
 }
 
@@ -1159,7 +1159,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
                 /* Before we go and close the FIFO we need to tell logind that this is a clean session
                  * shutdown, so that it doesn't just go and slaughter us immediately after closing the fd */
 
-                r = pam_acquire_bus_connection(handle, &bus);
+                r = pam_acquire_bus_connection(handle, "pam-systemd", &bus);
                 if (r != PAM_SUCCESS)
                         return r;
 
-- 
cgit v1.2.1