diff options
| author | Andrea Azzarone <azzaronea@gmail.com> | 2016-06-17 14:05:17 +0200 |
|---|---|---|
| committer | Andrea Azzarone <azzaronea@gmail.com> | 2016-06-17 14:05:17 +0200 |
| commit | e1cd61e113d7f86597f6067ed4147a7e6d9e34ff (patch) | |
| tree | d19882053b9a9dc2abc0950114789da90ab6524a | |
| parent | fc82fb1744fcaf3c69879dbc710f3bed1eefacfd (diff) | |
Add an option to enable/disable pam account checking.
Fixes LP: #1460649 (bzr r4130.1.1)
| -rw-r--r-- | com.canonical.Unity.gschema.xml | 7 | ||||
| -rw-r--r-- | lockscreen/UserAuthenticatorPam.cpp | 17 | ||||
| -rw-r--r-- | unity-shared/UnitySettings.cpp | 7 | ||||
| -rw-r--r-- | unity-shared/UnitySettings.h | 1 |
4 files changed, 28 insertions, 4 deletions
diff --git a/com.canonical.Unity.gschema.xml b/com.canonical.Unity.gschema.xml index 01123274a..bfeeb7dad 100644 --- a/com.canonical.Unity.gschema.xml +++ b/com.canonical.Unity.gschema.xml @@ -93,6 +93,13 @@ <summary>List of keycodes that should be processed even if auto-repated.</summary> <description>These keycodes are processed even if they are auto-repeated.</description> </key> + <key type="b" name="pam-check-account-type"> + <default>false</default> + <summary>Enable/Disable PAM account checking</summary> + <description>Whether PAM should check the result of account modules + when authenticating. Only do this if you have account + configured properly on your system.</description> + </key> </schema> <schema path="/com/canonical/unity/interface/" id="com.canonical.Unity.Interface" gettext-domain="unity"> <key type="d" name="text-scale-factor"> diff --git a/lockscreen/UserAuthenticatorPam.cpp b/lockscreen/UserAuthenticatorPam.cpp index c62af7913..1f4da84c5 100644 --- a/lockscreen/UserAuthenticatorPam.cpp +++ b/lockscreen/UserAuthenticatorPam.cpp @@ -22,6 +22,7 @@ // let's just fallcback to lightdm. #include "UserAuthenticatorPam.h" +#include "unity-shared/UnitySettings.h" #include <cstring> #include <security/pam_appl.h> @@ -52,13 +53,21 @@ bool UserAuthenticatorPam::AuthenticateStart(std::string const& username, g_task_run_in_thread(task, [] (GTask* task, gpointer, gpointer data, GCancellable*) { auto self = static_cast<UserAuthenticatorPam*>(data); + self->status_ = pam_authenticate(self->pam_handle_, 0); + if (self->status_ == PAM_SUCCESS) - self->status_ = pam_acct_mgmt(self->pam_handle_, 0); - if (self->status_ == PAM_NEW_AUTHTOK_REQD) - self->status_ = pam_chauthtok(self->pam_handle_, PAM_CHANGE_EXPIRED_AUTHTOK); - if (self->status_ == PAM_SUCCESS) + { + int status2 = pam_acct_mgmt(self->pam_handle_, 0); + + if (status2 == PAM_NEW_AUTHTOK_REQD) + status2 = pam_chauthtok(self->pam_handle_, PAM_CHANGE_EXPIRED_AUTHTOK); + + if (unity::Settings::Instance().pam_check_account_type()) + self->status_ = status2; + pam_setcred (self->pam_handle_, PAM_REINITIALIZE_CRED); + } }); return true; diff --git a/unity-shared/UnitySettings.cpp b/unity-shared/UnitySettings.cpp index ec4d1374f..af03538e7 100644 --- a/unity-shared/UnitySettings.cpp +++ b/unity-shared/UnitySettings.cpp @@ -39,6 +39,7 @@ const std::string SETTINGS_NAME = "com.canonical.Unity"; const std::string FORM_FACTOR = "form-factor"; const std::string DOUBLE_CLICK_ACTIVATE = "double-click-activate"; const std::string DESKTOP_TYPE = "desktop-type"; +const std::string PAM_CHECK_ACCOUNT_TYPE = "pam-check-account-type"; const std::string LAUNCHER_SETTINGS = "com.canonical.Unity.Launcher"; const std::string LAUNCHER_POSITION = "launcher-position"; @@ -109,6 +110,7 @@ public: parent_->launcher_position.SetGetterFunction(sigc::mem_fun(this, &Impl::GetLauncherPosition)); parent_->launcher_position.SetSetterFunction(sigc::mem_fun(this, &Impl::SetLauncherPosition)); parent_->desktop_type.SetGetterFunction(sigc::mem_fun(this, &Impl::GetDesktopType)); + parent_->pam_check_account_type.SetGetterFunction(sigc::mem_fun(this, &Impl::GetPamCheckAccountType)); for (unsigned i = 0; i < monitors::MAX; ++i) em_converters_.emplace_back(std::make_shared<EMConverter>()); @@ -273,6 +275,11 @@ public: return static_cast<DesktopType>(g_settings_get_enum(usettings_, DESKTOP_TYPE.c_str())); } + bool GetPamCheckAccountType() const + { + return g_settings_get_boolean(usettings_, PAM_CHECK_ACCOUNT_TYPE.c_str()); + } + int GetFontSize() const { gint font_size; diff --git a/unity-shared/UnitySettings.h b/unity-shared/UnitySettings.h index 1081fef57..0a4dffea3 100644 --- a/unity-shared/UnitySettings.h +++ b/unity-shared/UnitySettings.h @@ -64,6 +64,7 @@ public: nux::RWProperty<FormFactor> form_factor; nux::Property<bool> is_standalone; nux::ROProperty<DesktopType> desktop_type; + nux::ROProperty<bool> pam_check_account_type; nux::ROProperty<bool> double_click_activate; nux::Property<unsigned> lim_movement_thresold; nux::Property<unsigned> lim_double_click_wait; |