[Engine-patches] Change in ovirt-guest-agent[master]: pam: Unset the username before asking for the Token

Thu, 10 Oct 2013 03:25:48 -0700 

Vinzenz Feenstra has uploaded a new change for review.

Change subject: pam: Unset the username before asking for the Token
......................................................................

pam: Unset the username before asking for the Token

In order to add the support for unlocking desktops
we need to apply this change.
In case of unlocking the GDM backend pre sets the username
value in PAM before any questions can be asked by our PAM
module.
When the value is set we cannot get our questions sent
through to the frontend, where the token request needs to
be answered from. This is because PAM sees that the username
is already present, so the `pam_get_user` function will return
the already stored value.
Now that we set the value to `NULL` PAM will pass the user
question through.

Change-Id: I4455ea61ffb27e854fe93bdc51068e12617955a2
Signed-off-by: Vinzenz Feenstra <vfeen...@redhat.com>
---
M pam-ovirt-cred/pam_ovirt_cred.c
1 file changed, 15 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-guest-agent 
refs/changes/73/20073/1

diff --git a/pam-ovirt-cred/pam_ovirt_cred.c b/pam-ovirt-cred/pam_ovirt_cred.c
index 6cdb5fa..82f07d3 100644
--- a/pam-ovirt-cred/pam_ovirt_cred.c
+++ b/pam-ovirt-cred/pam_ovirt_cred.c
@@ -25,6 +25,14 @@
 
     D(("called."));
 
+    /* We're setting PAM_USER to NULL before we're asking for the token
+     * otherwise we'll be getting in some cases not the answer we're expecting.
+     * Especially: If the user name has been set before we're asking the
+     * question, pam will respond the cached value instead of querying again.
+     * This is solving this problem for us.
+     */
+    pam_set_item(pamh, PAM_USER, NULL);
+
     /* I'm not too familiar with PAM conversation, so I use the pam_get_user
        function in order to get the ticket that will be send when acquiring
        the user's credentials. */
@@ -33,7 +41,7 @@
         D(("get user returned error: %s", pam_strerror(pamh, retval)));
         goto cleanup;
     }
-    
+
     if (acquire_user_credentials(ticket, &username, &password) != 0) {
         D(("failed to acquire user's credentials"));
         retval = PAM_USER_UNKNOWN;
@@ -41,19 +49,19 @@
     }
 
     retval = pam_set_item(pamh, PAM_USER, (const void *) username);
-       if (retval != PAM_SUCCESS) {
+    if (retval != PAM_SUCCESS) {
         D(("username not set: %s", pam_strerror(pamh, retval)));
-           retval = PAM_USER_UNKNOWN;
+        retval = PAM_USER_UNKNOWN;
         goto cleanup;
     }
 
     retval = pam_set_item(pamh, PAM_AUTHTOK, (const void *) password);
-       if (retval != PAM_SUCCESS) {
+    if (retval != PAM_SUCCESS) {
         D(("password not set: %s", pam_strerror(pamh, retval)));
-           retval = PAM_USER_UNKNOWN;
+        retval = PAM_USER_UNKNOWN;
         goto cleanup;
     }
-    
+
     retval = PAM_SUCCESS;
 
 cleanup:
@@ -84,4 +92,4 @@
     NULL,
 };
 
-#endif /* PAM_STATIC */ 
+#endif /* PAM_STATIC */


-- 
To view, visit http://gerrit.ovirt.org/20073
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4455ea61ffb27e854fe93bdc51068e12617955a2
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-guest-agent
Gerrit-Branch: master
Gerrit-Owner: Vinzenz Feenstra <vfeen...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to