D27935: Make kwallet-pam work with pam_fscrypt
Harald Sitter
noreply at phabricator.kde.org
Fri Mar 13 10:51:22 GMT 2020
sitter added inline comments.
INLINE COMMENTS
> pam_kwallet.c:313
>
> - char *key = malloc(KWALLET_PAM_KEYSIZE);
> - if (!key || kwallet_hash(pamh, password, userInfo, key) != 0) {
> - free(key);
> - pam_syslog(pamh, LOG_ERR, "%s: Fail into creating the hash", logPrefix);
> - return PAM_IGNORE;
> - }
> -
> + char *key = strdup(password);
> result = pam_set_data(pamh, kwalletPamDataKey, key, cleanup_free);
This can ENOMEM. Does that maybe need handling? Or will pam_set_data just fail if you give it a nullptr?
> pam_kwallet.c:329
>
> - //if sm_open_session has already been called (but we did not have password), call it now
> - const char *session_bit;
I wonder about this comment. Can the call sequence here be random? Can open be called before authenticate?
REPOSITORY
R107 KWallet PAM Integration
REVISION DETAIL
https://phabricator.kde.org/D27935
To: aacid
Cc: sitter, security-team, davidedmundson, plasma-devel, Orage, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, GB_2, ragreen, ZrenBot, ngraham, himcesjf, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, ahiemstra, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20200313/ddf58e4d/attachment.html>
More information about the Plasma-devel
mailing list