Commit 3e25bdfc moved the PAM authentication to a sub process to avoid file handler leak. But on any error it must be raised in the main process, otherwise it will not reach the user. Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com&gt; --- src/kimchi/auth.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py index dee4c37..1a52185 100644 --- a/src/kimchi/auth.py +++ b/src/kimchi/auth.py @@ -30,13 +30,11 @@ import termios import time import urllib2 - from kimchi import template from kimchi.config import config from kimchi.exception import InvalidOperation, OperationFailed from kimchi.utils import get_all_tabs, run_command - USER_NAME = 'username' USER_GROUPS = 'groups' USER_ROLES = 'roles' @@ -164,25 +162,26 @@ class PAMUser(User): return None return resp - result.value = False auth = PAM.pam() auth.start(service) auth.set_item(PAM.PAM_USER, username) auth.set_item(PAM.PAM_CONV, _pam_conv) try: auth.authenticate() + result.value = 0 except PAM.error, (resp, code): - msg_args = {'username': username, 'code': code} - raise OperationFailed("KCHAUTH0001E", msg_args) - - result.value = True + result.value = code result = multiprocessing.Value('i', 0, lock=False) p = multiprocessing.Process(target=_auth, args=(result, )) p.start() p.join() - return result.value + if result.value != 0: + msg_args = {'username': username, 'code': result.value} + raise OperationFailed("KCHAUTH0001E", msg_args) + + return True class LDAPUser(User): -- 2.1.0