pam_systemd_home: export password as PAM_AUTHTOK

diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
index a5279453f31a8545b3372691477b9ad4ce58e746..a91df91447ee789fe2c9a2ca7d44a52e273ae2ed 100644 (file)
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@@ -625,6 +625,15 @@ static int acquire_home(
                 do_auth = true;
         }
 
+        /* Later PAM modules may need the auth token, but only during pam_authenticate. */
+        if (please_authenticate && !strv_isempty(secret->password)) {
+                r = pam_set_item(handle, PAM_AUTHTOK, *secret->password);
+                if (r < 0) {
+                        pam_syslog(handle, LOG_ERR, "Failed to set PAM auth token: %s", pam_strerror(handle, r));
+                        return r;
+                }
+        }
+
         r = pam_set_data(handle, fd_field, FD_TO_PTR(acquired_fd), cleanup_home_fd);
         if (r < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to set PAM bus data: %s", pam_strerror(handle, r));