[pkg-vlock-commit] r54 - in trunk: . debian

Alexander Wirt formorer at costa.debian.org
Wed Jul 19 20:15:58 CEST 2006 

Author: formorer
Date: 2006-07-19 18:15:54 +0000 (Wed, 19 Jul 2006)
New Revision: 54

Modified:
   trunk/debian/changelog
   trunk/input.c
Log:
Add a fix for #318507. You know have to press enter before you can enter
the password.



Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2006-07-19 18:03:50 UTC (rev 53)
+++ trunk/debian/changelog	2006-07-19 18:15:54 UTC (rev 54)
@@ -1,9 +1,12 @@
 vlock (1.3-10) unstable; urgency=low
 
   * Add a patch from Guido Guenther that adds better checking for the return
-    code of correct_password() (Closes: #364081) 
+    code of correct_password() (Closes: #364081)
+  * Add a patch Daniel Kahn Gillmor thats stats the PAM Session only after
+    pressing enter. That prevents some problems with some exclusive-access PAM
+    odules like opensc (Closes: #318507)
 
- -- Alexander Wirt <formorer at debian.org>  Wed, 19 Jul 2006 19:53:24 +0200
+ -- Alexander Wirt <formorer at debian.org>  Wed, 19 Jul 2006 20:13:16 +0200
 
 vlock (1.3-9) unstable; urgency=low
 

Modified: trunk/input.c
===================================================================
--- trunk/input.c	2006-07-19 18:03:50 UTC (rev 53)
+++ trunk/input.c	2006-07-19 18:15:54 UTC (rev 54)
@@ -68,7 +68,7 @@
     NULL
 };
 
-pam_handle_t *pamh;
+pam_handle_t *pamh = NULL;
 int pam_error;
 
 #endif /* USE_PAM */
@@ -98,14 +98,29 @@
      printf("SOMETHING IS VERY SERIOUSLY WRONG! '%s' BAILING!\n", \
 	 pam_strerror(pamh, pam_error)); fflush(stdout); \
      pam_end(pamh, PAM_SUCCESS); \
+     pamh = NULL; \
      return -1; \
      }
   #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+     pam_end(pamh, PAM_SUCCESS); \
+     pamh = NULL; \
      /* fix signals that may have been disordered by pam */ \
      set_signal_mask(0); \
      return 0; \
      }
-  printf("%s's ", username); fflush(stdout);
+
+  /* we should start the pam conversation now. */
+  if (NULL == pamh) {
+    pam_error = pam_start("vlock", username, &PAM_conversation, &pamh);
+    if (pam_error != PAM_SUCCESS) {
+      pam_end(pamh, 0);
+      /* fix signals that may have been disordered by pam */
+      set_signal_mask(0);
+      printf("Error! Could not init PAM: %s\n",
+	     pam_strerror(pamh, pam_error));
+      exit(0);
+    }
+  }
   pam_error = pam_set_item(pamh, PAM_USER_PROMPT, strdup(prompt));
   PAM_BAIL_PRE;
   pam_error = pam_set_item(pamh, PAM_USER, username);
@@ -118,7 +133,7 @@
 #else
   if (pam_error != PAM_SUCCESS) {
     /* Try as root; bail if no success there either */
-    printf("root's "); fflush(stdout);
+    printf("Try to authenticate as root instead: \n"); fflush(stdout);
     pam_error = pam_set_item(pamh, PAM_USER_PROMPT, strdup(prompt));
     PAM_BAIL_PRE;
     pam_error = pam_set_item(pamh, PAM_USER, "root");
@@ -131,6 +146,7 @@
   set_signal_mask(0);
   /* If this point is reached, the user has been authenticated. */
   pam_end(pamh, PAM_SUCCESS);
+  pamh = NULL; 
   return 1;
 
 
@@ -169,6 +185,7 @@
 get_password(void)
 {
   int val;
+  char inbuf[8];
 
   set_terminal(0);
   do {
@@ -176,18 +193,22 @@
       if (o_lock_all) {
 	/* To do: allow logging the user out safely without shutting down
 	   the whole machine...  */
-	printf("The entire console display is now completely locked.\n"
-	 "You will not be able to switch to another virtual console.\n");
+	printf("The entire console display is now completely locked by %s.\n"
+	 "You will not be able to switch to another virtual console.\n", username);
 
       } else {
-	printf("This TTY is now locked.\n");
+	printf("This TTY is now locked by %s.\n", username);
 	if (is_vt)
 	  printf("Use Alt-function keys to switch to other virtual consoles.\n");
       }
-      printf("Please enter the password to unlock.\n");
+      printf("Please press Enter to unlock.\n");
       fflush(stdout);
     }
 
+    /* wait for the user to press enter */
+    fgets(inbuf, sizeof(inbuf), stdin);
+    fflush(stdin);
+
     /* correct_password() sets the terminal status as necessary */
     if (correct_password() > 0) {
       restore_signals();
@@ -214,7 +235,7 @@
     /* This is policy; when we use PAM, we should let it determine policy */
     sleep(++times);
 #endif
-    printf(" *** That password is incorrect; please try again. *** \n");
+    printf(" *** Unlock failed; please try again. *** \n");
 #ifndef USE_PAM
     if (times >= 15) {
       printf("Slow down and try again in a while.\n");
@@ -301,16 +322,6 @@
   setgid(getgid());
 
   snprintf(sizeof(prompt), prompt, "%s's password: ", username);
-#else /* !USE_PAM */
-  pam_error = pam_start("vlock", username, &PAM_conversation, &pamh);
-  if (pam_error != PAM_SUCCESS) {
-     pam_end(pamh, 0);
-     /* fix signals that may have been disordered by pam */
-     set_signal_mask(0);
-     printf("Error! Could not init PAM: %s\n",
-	 pam_strerror(pamh, pam_error));
-     exit(0);
-  }
 #endif /* USE_PAM */
 }

More information about the pkg-vlock-commit mailing list