[gnome-keyring/wip/empty] gkr-pam-module: Don't use password to determine whether this is a login

From: Jasper St. Pierre <jstpierre src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-keyring/wip/empty] gkr-pam-module: Don't use password to determine whether this is a login
Date: Fri, 5 Sep 2014 00:12:22 +0000 (UTC)

commit febfe504f96f12c7a0e8c6a7484ee28fb6c84b9f
Author: Jasper St. Pierre <jstpierre mecheye net>
Date:   Thu Sep 4 17:00:59 2014 -0700

    gkr-pam-module: Don't use password to determine whether this is a login
    
    NULL or empty passwords are also valid passwords, so add a separate flag
    to determine whether to pass --login.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=736085

 pam/gkr-pam-module.c |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)
---
diff --git a/pam/gkr-pam-module.c b/pam/gkr-pam-module.c
index a124c2b..686a948 100644
--- a/pam/gkr-pam-module.c
+++ b/pam/gkr-pam-module.c
@@ -45,6 +45,7 @@
 #include <fcntl.h>
 #include <pwd.h>
 #include <signal.h>
+#include <stdbool.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -471,6 +472,7 @@ setup_environment (char *line, void *arg)
 static int
 start_daemon (pam_handle_t *ph,
               struct passwd *pwd,
+              bool is_user_login,
               const char *password)
 {
        struct sigaction defsact, oldsact, ignpipe, oldpipe;
@@ -521,7 +523,7 @@ start_daemon (pam_handle_t *ph,
        /* This is the child */
        case 0:
                setup_child (inp, outp, errp, ph, pwd,
-                            password ? "--login" : NULL);
+                            is_user_login ? "--login" : NULL);
                /* Should never be reached */
                break;
                
@@ -836,7 +838,7 @@ pam_sm_authenticate (pam_handle_t *ph, int unused, int argc, const char **argv)
        if (ret != PAM_SUCCESS && need_daemon) {
                /* If we started the daemon, its already unlocked, since we passed the password */
                if (args & ARG_AUTO_START)
-                       ret = start_daemon (ph, pwd, password);
+                       ret = start_daemon (ph, pwd, true, password);
 
                /* Otherwise start later in open session, store password */
                else
@@ -889,7 +891,7 @@ pam_sm_open_session (pam_handle_t *ph, int flags, int argc, const char **argv)
        if (args & ARG_AUTO_START || password) {
                ret = unlock_keyring (ph, pwd, password, &need_daemon);
                if (ret != PAM_SUCCESS && need_daemon && (args & ARG_AUTO_START))
-                       ret = start_daemon (ph, pwd, password);
+                       ret = start_daemon (ph, pwd, true, password);
        }
 
        return PAM_SUCCESS;
@@ -977,7 +979,7 @@ pam_chauthtok_update (pam_handle_t *ph, struct passwd *pwd, uint args)
                 *
                 * Note that we don't pass in an unlock password, that happens below.
                 */
-               ret = start_daemon (ph, pwd, NULL);
+               ret = start_daemon (ph, pwd, false, NULL);
                if (ret == PAM_SUCCESS) {
                        ret = change_keyring_password (ph, pwd, password, original, NULL);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]