[Kimchi-devel] [PATCH] Bug fix: Properly raise authenticate error when login fails
Aline Manera
alinefm at linux.vnet.ibm.com
Thu Feb 26 12:06:03 UTC 2015
Commit 3e25bdfc moved the PAM authentication to a sub process to avoid
file handler leak. But on any error it must be raised in the main
process, otherwise it will not reach the user.
Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
src/kimchi/auth.py | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index dee4c37..1a52185 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -30,13 +30,11 @@ import termios
import time
import urllib2
-
from kimchi import template
from kimchi.config import config
from kimchi.exception import InvalidOperation, OperationFailed
from kimchi.utils import get_all_tabs, run_command
-
USER_NAME = 'username'
USER_GROUPS = 'groups'
USER_ROLES = 'roles'
@@ -164,25 +162,26 @@ class PAMUser(User):
return None
return resp
- result.value = False
auth = PAM.pam()
auth.start(service)
auth.set_item(PAM.PAM_USER, username)
auth.set_item(PAM.PAM_CONV, _pam_conv)
try:
auth.authenticate()
+ result.value = 0
except PAM.error, (resp, code):
- msg_args = {'username': username, 'code': code}
- raise OperationFailed("KCHAUTH0001E", msg_args)
-
- result.value = True
+ result.value = code
result = multiprocessing.Value('i', 0, lock=False)
p = multiprocessing.Process(target=_auth, args=(result, ))
p.start()
p.join()
- return result.value
+ if result.value != 0:
+ msg_args = {'username': username, 'code': result.value}
+ raise OperationFailed("KCHAUTH0001E", msg_args)
+
+ return True
class LDAPUser(User):
--
2.1.0
More information about the Kimchi-devel
mailing list