Dear Maintainer, I am contacting you directly because my bug report and subsequent follow-up post have not yet received a response. This email is with regards to the following bug report and patch:
bug - https://bugs.debian.org/934185 patch - https://phabricator.kde.org/D23849 I worked to produce the patch, and the change has been included upstream. The patch for the "libkscreenlocker5" Debian stable package is attached. I earnestly request that you apply the patch and upload the changes to the Debian repository. Adding this change will fix a fairly nasty bug with the conversation between Poldi and the screen locker. Thank you very much in advance for your help. -- Jason Franklin
Description: Only send a user-supplied password once. The current screen locker implementation fails to work when the PAM module sends multiple prompts for a password without sending a specific kind of error indicator. This patch ensures that a user authentication token is passed to kcheckpass only once after being entered. Author: Jason Franklin <jason.frank...@quoininc.com> Origin: upstream, https://phabricator.kde.org/D23849 Bug-Debian: https://bugs.debian.org/934185 Applied-Upstream: 5.17, https://phabricator.kde.org/R133:90add6922411c9e48d9c9da3ab232171aa858ade Last-Update: 2019-09-27 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ diff --git a/greeter/authenticator.cpp b/greeter/authenticator.cpp --- a/greeter/authenticator.cpp +++ b/greeter/authenticator.cpp @@ -247,10 +247,16 @@ { if (!GRecvArr( &arr )) break; - QByteArray utf8pass = m_password.toUtf8(); - GSendStr(utf8pass.constData()); - if (utf8pass.constData() != nullptr) + + if (m_password.isNull()) { + GSendStr(nullptr); + } else { + QByteArray utf8pass = m_password.toUtf8(); + GSendStr(utf8pass.constData()); GSendInt(IsPassword); + } + + m_password.clear(); if (arr) ::free( arr ); @@ -278,8 +284,6 @@ cantCheck(); return; case ConvPutAuthAbort: - // what to do here? - return; case ConvPutReadyForAuthentication: m_ready = true; if (m_mode == AuthenticationMode::Direct) { diff --git a/kcheckpass/checkpass_pam.c b/kcheckpass/checkpass_pam.c --- a/kcheckpass/checkpass_pam.c +++ b/kcheckpass/checkpass_pam.c @@ -121,7 +121,7 @@ #ifdef PAM_FAIL_DELAY static void -fail_delay(int retval ATTR_UNUSED, unsigned usec_delay ATTR_UNUSED, +fail_delay(int retval ATTR_UNUSED, unsigned usec_delay ATTR_UNUSED, void *appdata_ptr ATTR_UNUSED) {} #endif @@ -168,7 +168,8 @@ pam_error = pam_authenticate(pamh, 0); if (pam_error != PAM_SUCCESS) { if (PAM_data.abort) { - pam_end(pamh, PAM_SUCCESS); + PAM_data.abort = 0; + pam_end(pamh, pam_error); return AuthAbort; } pam_end(pamh, pam_error);
signature.asc
Description: OpenPGP digital signature
