help-shishi
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#442095: doesn't provide password to subsiquent PAM modules

From: Simon Josefsson
Subject: Bug#442095: doesn't provide password to subsiquent PAM modules
Date: Thu, 13 Sep 2007 17:21:20 +0200
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) 
Jack Bates <address@hidden> writes:

> For testing, I made my Kerberos password match my local shadow password.
>
> By applying the try_first_pass / use_first_pass option to subsequent
> PAM modules, I should be able to login if the first module fails but I
> enter the correct password for a subsequent module.
>
> Instead, if pam_shishi fails, I'm prompted for and enter the same
> password twice, whereon pam_unix logs me in.
>
> I expect what should happen if pam_shishi fails, is pam_unix should use
> the password I already entered to login and not prompt me to re-enter my
> password.

Thanks for the report.  I believe the patch below will fix the problem,
but I have not tested it.

Thanks,
Simon

commit 13a60fe005922b53c6e2d17267b35d4987ba36b9
Author: Simon Josefsson <address@hidden>
Date:   Thu Sep 13 17:19:50 2007 +0200

    Add.

diff --git a/NEWS b/NEWS
index ab2f635..7a9acb4 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ See the end for copying conditions.
 ** libpam_shishi: Don't echo password when reading it from console.
 Reported by Jack Bates <address@hidden>.
 
+** libpam_shishi: Save read password in PAM library for other modules.
+Reported by Jack Bates <address@hidden>.
+
 ** Update translations.
 
 * Version 0.0.32 (released 2007-06-29)

commit 128cac805aa670af409b59bfef80e777ac9f976a
Author: Simon Josefsson <address@hidden>
Date:   Thu Sep 13 17:19:03 2007 +0200

    Store password for subsequent PAM modules that use try_first_pass.
    Reported by Jack Bates <address@hidden>.

diff --git a/extra/pam_shishi/pam_shishi.c b/extra/pam_shishi/pam_shishi.c
index cd92bad..1b9b39e 100644
--- a/extra/pam_shishi/pam_shishi.c
+++ b/extra/pam_shishi/pam_shishi.c
@@ -143,6 +143,13 @@ pam_sm_authenticate (pam_handle_t * pamh,
       D (("conv returned: %s", resp->resp));
 
       password = resp->resp;
+
+      retval = pam_set_item(pamh, PAM_AUTHTOK, password);
+      if (retval != PAM_SUCCESS)
+       {
+         D (("set_item returned error: %s", pam_strerror (pamh, retval)));
+         goto done;
+       }
     }
 
   tkt = shishi_tkts_get_for_localservicepasswd (shishi_tkts_default (h),
reply via email to
[Prev in Thread] Current Thread [Next in Thread]