D27935: Make kwallet-pam work with pam_fscrypt

[Harald Sitter]

sitter added inline comments.

INLINE COMMENTS

> aacid wrote in pam_kwallet.c:329
> > How about leaving it in for 5.18 and drop it for master?
> >  Should there be an unexpected problem we'll at least have months of theoretical testing and a shorter window from 5.19.0 to .1 to hotfix a > potential regression.
> 
> Doesn't sound very convincing to me, if there's going to be a regression i'd prefer it to be this month when i still remember this code and i still use kwallet-pam and pam_fscrypt, if you delay it to 5.19.0 or something I will not totally remember this code and may not be using this any of those two either os my motivation to fix it may be pretty small.
> 
> I can try adding the code that makes pam_sm_open_session from here if you think it makes sense to have it

That is a fair point but I for one cannot +1 this diff as-is. So, I would prefer the pam_sm_open_session call making a return.

Or someone else gives a +1, I don't profoundly object to the diff, but it is in my mind not suitable for a stable release right now:
Currently in 5.18 one can call session before auth and it works. With this diff that'd be no longer the case and a behavioral change in a stable release update. I have no idea if that has real life implications but I can totally imagine one of our enterprise users pulling weird stuff like that.

REPOSITORY
  R107 KWallet PAM Integration

REVISION DETAIL
  https://phabricator.kde.org/D27935

To: aacid
Cc: sitter, security-team, davidedmundson, plasma-devel, Orage, LeGast00n, The-Feren-OS-Dev, cblack, jraleigh, zachus, fbampaloukas, GB_2, ragreen, ZrenBot, ngraham, himcesjf, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, ahiemstra, mart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20200318/a4c7e6d9/attachment-0001.html>