diff options
| author | Ray Strode <rstrode@redhat.com> | 2016-08-15 14:11:01 -0400 |
|---|---|---|
| committer | Ray Strode <rstrode@redhat.com> | 2016-08-19 15:02:07 -0400 |
| commit | 31ed6f2b3f1ab45ae07aad41c13a51ba91fd159d (patch) | |
| tree | 7a3ada2efa60d90050f726943bb29160dbce7723 /pam_gdm | |
| parent | 714b6af29b916ac7da0cdab6f83460574ed49cf2 (diff) | |
| download | gdm-31ed6f2b3f1ab45ae07aad41c13a51ba91fd159d.tar.gz | |
pam: grab cached password from systemd and pass it on
If the user has an encrypted disk then systemd will cache the password
they type into the keyring. It makes sense to try to use this password
for automatic login purposes first, since on single user machines,
the sole user password is likely to match the disk password.
Of course if it doesn't work we'll fall back to the old way of doing
automatic login without a password (and then the user will have to
manualy enter if they need to for gnome-keyring or whatever)
https://bugzilla.gnome.org/show_bug.cgi?id=769950
Diffstat (limited to 'pam_gdm')
| -rw-r--r-- | pam_gdm/Makefile.am | 2 | ||||
| -rw-r--r-- | pam_gdm/pam_gdm.c | 29 |
2 files changed, 31 insertions, 0 deletions
diff --git a/pam_gdm/Makefile.am b/pam_gdm/Makefile.am index 5ea69d78..61d672b4 100644 --- a/pam_gdm/Makefile.am +++ b/pam_gdm/Makefile.am @@ -15,6 +15,7 @@ pam_gdm_la_SOURCES = \ $(END_OF_LIST) pam_gdm_la_CFLAGS = \ + $(KEYUTILS_CFLAGS) \ $(PAM_CFLAGS) \ $(END_OF_LIST) @@ -26,6 +27,7 @@ pam_gdm_la_LDFLAGS = \ $(END_OF_LIST) pam_gdm_la_LIBADD = \ + $(KEYUTILS_LIBS) \ $(PAM_LIBS) \ $(END_OF_LIST) diff --git a/pam_gdm/pam_gdm.c b/pam_gdm/pam_gdm.c index 90a05573..7beb04e7 100644 --- a/pam_gdm/pam_gdm.c +++ b/pam_gdm/pam_gdm.c @@ -17,18 +17,47 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ +#include <config.h> + +#include <unistd.h> + #include <security/_pam_macros.h> #include <security/pam_ext.h> #include <security/pam_misc.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> +#ifdef HAVE_KEYUTILS +#include <keyutils.h> +#endif + int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) { +#ifdef HAVE_KEYUTILS + int r; + void *cached_password = NULL; + key_serial_t serial; + + serial = find_key_by_type_and_desc ("user", "cryptsetup", 0); + if (serial == 0) + return PAM_AUTHINFO_UNAVAIL; + + r = keyctl_read_alloc (serial, &cached_password); + if (r < 0) + return PAM_AUTHINFO_UNAVAIL; + + r = pam_set_item (pamh, PAM_AUTHTOK, cached_password); + + free (cached_password); + + if (r < 0) + return PAM_AUTH_ERR; +#endif + return PAM_SUCCESS; } |