From 8da969b15a354a4a77c1712be9b4e73ed286c373 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 12 Nov 2023 17:48:15 +0100
Subject: pam_mkhomedir: treat existing files as success

The mkhomedir_helper treats an already existing home directory as
success. Keep this logic within create_homedir to reduce the
negative impact of concurrently running instances.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_mkhomedir/mkhomedir_helper.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

(limited to 'modules/pam_mkhomedir/mkhomedir_helper.c')

diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index fd7708bb..c6e10288 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -40,8 +40,10 @@ create_homedir(const struct passwd *pwd, mode_t dir_mode,
    int retval = PAM_SESSION_ERR;
 
    /* Create the new directory */
-   if (mkdir(dest, 0700) && errno != EEXIST)
+   if (mkdir(dest, 0700))
    {
+      if (errno == EEXIST)
+	 return PAM_SUCCESS;
       pam_syslog(NULL, LOG_ERR, "unable to create directory %s: %m", dest);
       return PAM_PERM_DENIED;
    }
@@ -153,15 +155,17 @@ create_homedir(const struct passwd *pwd, mode_t dir_mode,
 	 if (pointedlen >= 0) {
             if(symlink(pointed, newdest) != 0)
             {
-               pam_syslog(NULL, LOG_DEBUG,
-			  "unable to create link %s: %m", newdest);
+               retval = errno == EEXIST ? PAM_SUCCESS : PAM_PERM_DENIED;
+
+               if (retval != PAM_SUCCESS)
+                  pam_syslog(NULL, LOG_DEBUG,
+			     "unable to create link %s: %m", newdest);
                closedir(d);
 #ifndef PATH_MAX
                free(pointed);
 #endif
                free(newsource);
                free(newdest);
-               retval = PAM_PERM_DENIED;
                goto go_out;
             }
 
@@ -213,16 +217,17 @@ create_homedir(const struct passwd *pwd, mode_t dir_mode,
       }
 
       /* Open the dest file */
-      if ((destfd = open(newdest, O_WRONLY | O_TRUNC | O_CREAT, 0600)) < 0)
+      if ((destfd = open(newdest, O_WRONLY | O_CREAT | O_EXCL, 0600)) < 0)
       {
-         pam_syslog(NULL, LOG_DEBUG,
-		    "unable to open dest file %s: %m", newdest);
+	 retval = errno == EEXIST ? PAM_SUCCESS : PAM_PERM_DENIED;
+	 if (retval != PAM_SUCCESS)
+	    pam_syslog(NULL, LOG_DEBUG,
+		       "unable to open dest file %s: %m", newdest);
 	 close(srcfd);
 	 closedir(d);
 
 	 free(newsource);
 	 free(newdest);
-	 retval = PAM_PERM_DENIED;
 	 goto go_out;
       }
 
-- 
cgit v1.2.3