2 files changed, 31 insertions, 0 deletions

diff --git a/pam_gdm/Makefile.am b/pam_gdm/Makefile.am
index 5ea69d78..61d672b4 100644
--- a/pam_gdm/Makefile.am
+++ b/pam_gdm/Makefile.am
@@ -15,6 +15,7 @@ pam_gdm_la_SOURCES = \
 	$(END_OF_LIST)
 
 pam_gdm_la_CFLAGS = \
+	$(KEYUTILS_CFLAGS) \
 	$(PAM_CFLAGS) \
 	$(END_OF_LIST)
 
@@ -26,6 +27,7 @@ pam_gdm_la_LDFLAGS = \
 	$(END_OF_LIST)
 
 pam_gdm_la_LIBADD = \
+	$(KEYUTILS_LIBS) \
 	$(PAM_LIBS) \
 	$(END_OF_LIST)
 
diff --git a/pam_gdm/pam_gdm.c b/pam_gdm/pam_gdm.c
index 90a05573..7beb04e7 100644
--- a/pam_gdm/pam_gdm.c
+++ b/pam_gdm/pam_gdm.c
@@ -17,18 +17,47 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  *
  */
+#include <config.h>
+
+#include <unistd.h>
+
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
 #include <security/pam_misc.h>
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 
+#ifdef HAVE_KEYUTILS
+#include <keyutils.h>
+#endif
+
 int
 pam_sm_authenticate (pam_handle_t  *pamh,
                      int            flags,
                      int            argc,
                      const char   **argv)
 {
+#ifdef HAVE_KEYUTILS
+        int r;
+        void *cached_password = NULL;
+        key_serial_t serial;
+
+        serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
+        if (serial == 0)
+                return PAM_AUTHINFO_UNAVAIL;
+
+        r = keyctl_read_alloc (serial, &cached_password);
+        if (r < 0)
+                return PAM_AUTHINFO_UNAVAIL;
+
+        r = pam_set_item (pamh, PAM_AUTHTOK, cached_password);
+
+        free (cached_password);
+
+        if (r < 0)
+                return PAM_AUTH_ERR;
+#endif
+
         return PAM_SUCCESS;
 }