[gnome-keyring/gnome-3-10] pam: Fix issue with changed password not unlocking keyring

[Stefan Walter <stefw src gnome org>]

commit 3e96f989b70a83b38bd572b0e44d287b6750c79b
Author: Stef Walter <stefw gnome org>
Date:   Fri Mar 14 11:08:02 2014 +0100

    pam: Fix issue with changed password not unlocking keyring
    
    This is a backport of fix on master with the same subject. There's
    a bit of strange code in the are of this fix, but lets keep it as
    minimal as possible.
    
    If a user (needs to) change their password while authenticating (via
    GDM for example), and pam_gnome_keyring is configured to start the
    daemon from the session PAM stage, then we were failing to pass the
    changed password to our session handler.
    
    Fix this issue so that this workflow works.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=726196

 pam/gkr-pam-module.c |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)
---
diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c
index 8ad814c..c3e0dbc 100644
--- a/pam/gkr-pam-module.c
+++ b/pam/gkr-pam-module.c
@@ -1064,9 +1064,19 @@ pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd, uint args)
 
        /* if not auto_start, kill the daemon if we started it: we don't want
         * it to stay */
-       if (started_daemon && !(args & ARG_AUTO_START))
+       if (started_daemon && !(args & ARG_AUTO_START)) {
                stop_daemon (ph, pwd);
 
+               /*
+                * Likely the daemon is being started later in the session if we weren't
+                * allowed to autostart it here. Store the password for our session handler
+                */
+               if (pam_set_data (ph, "gkr_system_authtok", strdup (password),
+                                 cleanup_free_password) != PAM_SUCCESS) {
+                       syslog (GKR_LOG_ERR, "gkr-pam: error storing authtok");
+               }
+       }
+
        if (ret != PAM_SUCCESS)
                return ret;