Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fixed pam auth skipping authorization
  • Loading branch information
ysf committed Mar 17, 2022
1 parent d3363a8 commit fb86000
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Expand Up @@ -13,11 +13,14 @@
- Booth ticket name validation ([rhbz#2053177])
- Adding booth ticket doesn't report 'mode' as an uknown option anymore
([rhbz#2058243])
- Pcs daemon was allowing expired accounts, and accounts with expired
passwords to login when using PAM auth. ([huntr#220307])

[rhbz#2024522]: https://bugzilla.redhat.com/show_bug.cgi?id=2024522
[rhbz#2053177]: https://bugzilla.redhat.com/show_bug.cgi?id=2053177
[rhbz#2054671]: https://bugzilla.redhat.com/show_bug.cgi?id=2054671
[rhbz#2058243]: https://bugzilla.redhat.com/show_bug.cgi?id=2058243
[huntr#220307]: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/


## [0.11.2] - 2022-02-01
Expand Down
3 changes: 3 additions & 0 deletions pcs/daemon/auth.py
Expand Up @@ -64,6 +64,7 @@ def prep_fn(fn, restype, argtypes):
strdup = prep_fn(libc.strdup, POINTER(c_char), [c_char_p])
calloc = prep_fn(libc.calloc, c_void_p, [c_uint, c_uint])
pam_authenticate = prep_fn(libpam.pam_authenticate, c_int, [pam_handle, c_int])
pam_acct_mgmt = prep_fn(libpam.pam_acct_mgmt, c_int, [pam_handle, c_int])
pam_end = prep_fn(libpam.pam_end, c_int, [pam_handle, c_int])
pam_start = prep_fn(
libpam.pam_start,
Expand Down Expand Up @@ -102,6 +103,8 @@ def conv(
)
if returncode == PAM_SUCCESS:
returncode = pam_authenticate(pamh, 0)
if returncode == PAM_SUCCESS:
returncode = pam_acct_mgmt(pamh, 0)
pam_end(pamh, returncode)
return returncode == PAM_SUCCESS

Expand Down

0 comments on commit fb86000

Please sign in to comment.