[Kimchi-devel] [PATCH] Bug fix: Properly raise authenticate error when login fails

Aline Manera alinefm at linux.vnet.ibm.com
Thu Feb 26 12:06:03 UTC 2015


Commit 3e25bdfc moved the PAM authentication to a sub process to avoid
file handler leak. But on any error it must be raised in the main
process, otherwise it will not reach the user.

Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
 src/kimchi/auth.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index dee4c37..1a52185 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -30,13 +30,11 @@ import termios
 import time
 import urllib2
 
-
 from kimchi import template
 from kimchi.config import config
 from kimchi.exception import InvalidOperation, OperationFailed
 from kimchi.utils import get_all_tabs, run_command
 
-
 USER_NAME = 'username'
 USER_GROUPS = 'groups'
 USER_ROLES = 'roles'
@@ -164,25 +162,26 @@ class PAMUser(User):
                         return None
                 return resp
 
-            result.value = False
             auth = PAM.pam()
             auth.start(service)
             auth.set_item(PAM.PAM_USER, username)
             auth.set_item(PAM.PAM_CONV, _pam_conv)
             try:
                 auth.authenticate()
+                result.value = 0
             except PAM.error, (resp, code):
-                msg_args = {'username': username, 'code': code}
-                raise OperationFailed("KCHAUTH0001E", msg_args)
-
-            result.value = True
+                result.value = code
 
         result = multiprocessing.Value('i', 0, lock=False)
         p = multiprocessing.Process(target=_auth, args=(result, ))
         p.start()
         p.join()
 
-        return result.value
+        if result.value != 0:
+            msg_args = {'username': username, 'code': result.value}
+            raise OperationFailed("KCHAUTH0001E", msg_args)
+
+        return True
 
 
 class LDAPUser(User):
-- 
2.1.0




More information about the Kimchi-devel mailing list