Commit aa33d543 authored by Albert Astals Cid's avatar Albert Astals Cid
Browse files

Return PAM_IGNORE from pam_sm_authenticate

Summary:
PAM_SUCCESS signals to the PAM stack that the
authentication succeeded. That is actually not the case, because
pam_kwallet doesn't authenticate anything. If a user would badly configure
his PAM stack by classifying pam_kwallet as sufficient then login would
always be possible.

Reviewers: davidedmundson

Reviewed By: davidedmundson

Subscribers: mgerstner, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D12910
parent af15f067
......@@ -272,7 +272,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
pam_syslog(pamh, LOG_INFO, "%s: pam_sm_authenticate\n", logPrefix);
if (get_env(pamh, envVar) != NULL) {
pam_syslog(pamh, LOG_INFO, "%s: we were already executed", logPrefix);
return PAM_SUCCESS;
return PAM_IGNORE;
}
parseArguments(argc, argv);
......@@ -349,7 +349,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
}
//TODO unlock kwallet that is already executed
return PAM_SUCCESS;
return PAM_IGNORE;
}
static int drop_privileges(struct passwd *userInfo)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment