D27935: Make kwallet-pam work with pam_fscrypt

Harald Sitter noreply at phabricator.kde.org
Fri Mar 13 10:51:22 GMT 2020


sitter added inline comments.

INLINE COMMENTS

> pam_kwallet.c:313
>  
> -    char *key = malloc(KWALLET_PAM_KEYSIZE);
> -    if (!key || kwallet_hash(pamh, password, userInfo, key) != 0) {
> -        free(key);
> -        pam_syslog(pamh, LOG_ERR, "%s: Fail into creating the hash", logPrefix);
> -        return PAM_IGNORE;
> -    }
> -
> +    char *key = strdup(password);
>      result = pam_set_data(pamh, kwalletPamDataKey, key, cleanup_free);

This can ENOMEM. Does that maybe need handling? Or will pam_set_data just fail if you give it a nullptr?

> pam_kwallet.c:329
>  
> -    //if sm_open_session has already been called (but we did not have password), call it now
> -    const char *session_bit;

I wonder about this comment. Can the call sequence here be random? Can open be called before authenticate?

REPOSITORY
  R107 KWallet PAM Integration

REVISION DETAIL
  https://phabricator.kde.org/D27935

To: aacid
Cc: sitter, security-team, davidedmundson, plasma-devel, Orage, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, GB_2, ragreen, ZrenBot, ngraham, himcesjf, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, ahiemstra, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20200313/ddf58e4d/attachment.html>


More information about the Plasma-devel mailing list