From d2e545f88ede11d8169524b10eba76660d606da4 Mon Sep 17 00:00:00 2001
From: Christoph Ruegge <mail@cxcs.de>
Date: Mon, 23 Nov 2020 18:06:36 +0100
Subject: [PATCH] pam_systemd_home: export password as PAM_AUTHTOK

---
 src/home/pam_systemd_home.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
index a5279453f31..a91df91447e 100644
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@@ -625,6 +625,15 @@ static int acquire_home(
                 do_auth = true;
         }
 
+        /* Later PAM modules may need the auth token, but only during pam_authenticate. */
+        if (please_authenticate && !strv_isempty(secret->password)) {
+                r = pam_set_item(handle, PAM_AUTHTOK, *secret->password);
+                if (r < 0) {
+                        pam_syslog(handle, LOG_ERR, "Failed to set PAM auth token: %s", pam_strerror(handle, r));
+                        return r;
+                }
+        }
+
         r = pam_set_data(handle, fd_field, FD_TO_PTR(acquired_fd), cleanup_home_fd);
         if (r < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to set PAM bus data: %s", pam_strerror(handle, r));
-- 
2.47.3