Changeset View
Changeset View
Standalone View
Standalone View
pam_kwallet.c
Show First 20 Lines • Show All 266 Lines • ▼ Show 20 Line(s) | 264 | return (pam_xdisplay && strlen(pam_xdisplay) != 0) | |||
---|---|---|---|---|---|
267 | || (xdg_session_type && strcmp(xdg_session_type, "wayland") == 0); | 267 | || (xdg_session_type && strcmp(xdg_session_type, "wayland") == 0); | ||
268 | } | 268 | } | ||
269 | 269 | | |||
270 | PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) | 270 | PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) | ||
271 | { | 271 | { | ||
272 | pam_syslog(pamh, LOG_INFO, "%s: pam_sm_authenticate\n", logPrefix); | 272 | pam_syslog(pamh, LOG_INFO, "%s: pam_sm_authenticate\n", logPrefix); | ||
273 | if (get_env(pamh, envVar) != NULL) { | 273 | if (get_env(pamh, envVar) != NULL) { | ||
274 | pam_syslog(pamh, LOG_INFO, "%s: we were already executed", logPrefix); | 274 | pam_syslog(pamh, LOG_INFO, "%s: we were already executed", logPrefix); | ||
275 | return PAM_SUCCESS; | 275 | return PAM_IGNORE; | ||
276 | } | 276 | } | ||
277 | 277 | | |||
278 | parseArguments(argc, argv); | 278 | parseArguments(argc, argv); | ||
279 | 279 | | |||
280 | int result; | 280 | int result; | ||
281 | 281 | | |||
282 | //Fetch the user, needed to get user information | 282 | //Fetch the user, needed to get user information | ||
283 | const char *username; | 283 | const char *username; | ||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Line(s) | |||||
344 | const char *session_bit; | 344 | const char *session_bit; | ||
345 | result = pam_get_data(pamh, "sm_open_session", (const void **)&session_bit); | 345 | result = pam_get_data(pamh, "sm_open_session", (const void **)&session_bit); | ||
346 | if (result == PAM_SUCCESS) { | 346 | if (result == PAM_SUCCESS) { | ||
347 | pam_syslog(pamh, LOG_ERR, "%s: open_session was called before us, calling it now", logPrefix); | 347 | pam_syslog(pamh, LOG_ERR, "%s: open_session was called before us, calling it now", logPrefix); | ||
348 | return pam_sm_open_session(pamh, flags, argc, argv); | 348 | return pam_sm_open_session(pamh, flags, argc, argv); | ||
349 | } | 349 | } | ||
350 | 350 | | |||
351 | //TODO unlock kwallet that is already executed | 351 | //TODO unlock kwallet that is already executed | ||
352 | return PAM_SUCCESS; | 352 | return PAM_IGNORE; | ||
353 | } | 353 | } | ||
354 | 354 | | |||
355 | static int drop_privileges(struct passwd *userInfo) | 355 | static int drop_privileges(struct passwd *userInfo) | ||
356 | { | 356 | { | ||
357 | /* When dropping privileges from root, the `setgroups` call will | 357 | /* When dropping privileges from root, the `setgroups` call will | ||
358 | * remove any extraneous groups. If we don't call this, then | 358 | * remove any extraneous groups. If we don't call this, then | ||
359 | * even though our uid has dropped, we may still have groups | 359 | * even though our uid has dropped, we may still have groups | ||
360 | * that enable us to do super-user things. This will fail if we | 360 | * that enable us to do super-user things. This will fail if we | ||
▲ Show 20 Lines • Show All 406 Lines • Show Last 20 Lines |