|
Lines 10-15
Link Here
|
| 10 |
|
10 |
|
| 11 |
#include "phosh-config.h" |
11 |
#include "phosh-config.h" |
| 12 |
#include "auth.h" |
12 |
#include "auth.h" |
|
|
13 |
#include "grp.h" |
| 13 |
|
14 |
|
| 14 |
#include <security/pam_appl.h> |
15 |
#include <security/pam_appl.h> |
| 15 |
|
16 |
|
|
Lines 69-74
authenticate (PhoshAuth *self, const char *authtok)
Link Here
|
| 69 |
{ |
70 |
{ |
| 70 |
int ret; |
71 |
int ret; |
| 71 |
gboolean authenticated = FALSE; |
72 |
gboolean authenticated = FALSE; |
|
|
73 |
struct group *eff_group; |
| 74 |
int real_gid, init_eff_gid, re; |
| 72 |
const char *username; |
75 |
const char *username; |
| 73 |
const struct pam_conv conv = { |
76 |
const struct pam_conv conv = { |
| 74 |
.conv = pam_conversation_cb, |
77 |
.conv = pam_conversation_cb, |
|
Lines 84-90
authenticate (PhoshAuth *self, const char *authtok)
Link Here
|
| 84 |
} |
87 |
} |
| 85 |
} |
88 |
} |
| 86 |
|
89 |
|
|
|
90 |
/* setegid with group chkpwd to check passwords by pam_tcb */ |
| 91 |
real_gid = getgid (); |
| 92 |
eff_group = getgrnam ("chkpwd"); |
| 93 |
if (eff_group != NULL) { |
| 94 |
init_eff_gid = eff_group->gr_gid; |
| 95 |
re = setegid (init_eff_gid); |
| 96 |
if (re == -1) |
| 97 |
g_warning("pam_authenticate setegid(%d) failed", init_eff_gid); |
| 98 |
} |
| 87 |
ret = pam_authenticate (self->pamh, 0); |
99 |
ret = pam_authenticate (self->pamh, 0); |
|
|
100 |
setegid (real_gid); |
| 88 |
if (ret != PAM_SUCCESS) { |
101 |
if (ret != PAM_SUCCESS) { |
| 89 |
if (ret != PAM_AUTH_ERR) |
102 |
if (ret != PAM_AUTH_ERR) |
| 90 |
g_warning ("pam_authenticate error %s", pam_strerror (self->pamh, ret)); |
103 |
g_warning ("pam_authenticate error %s", pam_strerror (self->pamh, ret)); |
