From: Christoph Ruegge <mail@cxcs.de>
Date: Mon, 23 Nov 2020 17:06:36 +0000 (+0100)
Subject: pam_systemd_home: export password as PAM_AUTHTOK
X-Git-Tag: v247~22
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d2e545f88ede11d8169524b10eba76660d606da4;p=thirdparty%2Fsystemd.git

pam_systemd_home: export password as PAM_AUTHTOK
---

diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
index a5279453f31..a91df91447e 100644
--- a/src/home/pam_systemd_home.c
+++ b/src/home/pam_systemd_home.c
@@ -625,6 +625,15 @@ static int acquire_home(
                 do_auth = true;
         }
 
+        /* Later PAM modules may need the auth token, but only during pam_authenticate. */
+        if (please_authenticate && !strv_isempty(secret->password)) {
+                r = pam_set_item(handle, PAM_AUTHTOK, *secret->password);
+                if (r < 0) {
+                        pam_syslog(handle, LOG_ERR, "Failed to set PAM auth token: %s", pam_strerror(handle, r));
+                        return r;
+                }
+        }
+
         r = pam_set_data(handle, fd_field, FD_TO_PTR(acquired_fd), cleanup_home_fd);
         if (r < 0) {
                 pam_syslog(handle, LOG_ERR, "Failed to set PAM bus data: %s", pam_strerror(handle, r));