]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ea086f0)
homectl: don't use password cache if we operate on other user
authorLennart Poettering <lennart@poettering.net>
Fri, 23 Apr 2021 14:14:57 +0000 (16:14 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 23 Apr 2021 21:22:37 +0000 (23:22 +0200)
src/basic/user-util.c patch | blob | blame | history
src/basic/user-util.h patch | blob | blame | history
src/home/homectl.c patch | blob | blame | history

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index 0ea4e409fac5991e8b5f37ced3e04fde43a66808..3756e80c30d799742b8d8cf20e55cdfefa8c2768 100644 (file)
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -1072,3 +1072,16 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg) {
         return !!s;
 }
 #endif
+
+int is_this_me(const char *username) {
+        uid_t uid;
+        int r;
+
+        /* Checks if the specified username is our current one. Passed string might be a UID or a user name. */
+
+        r = get_user_creds(&username, &uid, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING);
+        if (r < 0)
+                return r;
+
+        return uid == getuid();
+}
diff --git a/src/basic/user-util.h b/src/basic/user-util.h
index 20ff415e2e9befc896ebe1f837d66ed066d5db21..636c3928709a7402bb0a9d6194bb91f1a7650122 100644 (file)
--- a/src/basic/user-util.h
+++ b/src/basic/user-util.h
@@ -109,3 +109,5 @@ int putsgent_sane(const struct sgrp *sg, FILE *stream);
 #endif
 
 bool is_nologin_shell(const char *shell);
+
+int is_this_me(const char *username);
diff --git a/src/home/homectl.c b/src/home/homectl.c
index 34363c4f703b51e98790284508f6a80d648d83fa..3e2de319bfcd5b889a7900c560e890d6bd92e9b5 100644 (file)
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@@ -220,6 +220,10 @@ static int acquire_existing_password(
                 return 1;
         }
 
+        /* If this is not our own user, then don't use the password cache */
+        if (is_this_me(user_name) <= 0)
+                SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, false);
+
         if (asprintf(&question, emphasize_current ?
                      "Please enter current password for user %s:" :
                      "Please enter password for user %s:",
@@ -269,6 +273,10 @@ static int acquire_token_pin(
                 return 1;
         }
 
+        /* If this is not our own user, then don't use the password cache */
+        if (is_this_me(user_name) <= 0)
+                SET_FLAG(flags, ASK_PASSWORD_ACCEPT_CACHED|ASK_PASSWORD_PUSH_CACHE, false);
+
         if (asprintf(&question, "Please enter security token PIN for user %s:", user_name) < 0)
                 return log_oom();
 
Unnamed repository; edit this file 'description' to name the repository.