[PATCH] PLEASE ADD BUGFIX - #934185

["Franklin, Jason" <jason.franklin@quoininc.com>]

Dear Maintainer,

I am contacting you directly because my bug report and subsequent
follow-up post have not yet received a response.  This email is with
regards to the following bug report and patch:

bug   - https://bugs.debian.org/934185
patch - https://phabricator.kde.org/D23849

I worked to produce the patch, and the change has been included
upstream. The patch for the "libkscreenlocker5" Debian stable package is
attached.

I earnestly request that you apply the patch and upload the changes to
the Debian repository.

Adding this change will fix a fairly nasty bug with the conversation
between Poldi and the screen locker.

Thank you very much in advance for your help.

-- 
Jason Franklin

Description: Only send a user-supplied password once.
 The current screen locker implementation fails to work when the PAM module
 sends multiple prompts for a password without sending a specific kind of
 error indicator.  This patch ensures that a user authentication token is
 passed to kcheckpass only once after being entered.
Author: Jason Franklin <jason.franklin@quoininc.com>
Origin: upstream, https://phabricator.kde.org/D23849
Bug-Debian: https://bugs.debian.org/934185
Applied-Upstream: 5.17, https://phabricator.kde.org/R133:90add6922411c9e48d9c9da3ab232171aa858ade
Last-Update: 2019-09-27
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
diff --git a/greeter/authenticator.cpp b/greeter/authenticator.cpp
--- a/greeter/authenticator.cpp
+++ b/greeter/authenticator.cpp
@@ -247,10 +247,16 @@
         {
             if (!GRecvArr( &arr ))
                 break;
-            QByteArray utf8pass = m_password.toUtf8();
-            GSendStr(utf8pass.constData());
-            if (utf8pass.constData() != nullptr)
+
+            if (m_password.isNull()) {
+                GSendStr(nullptr);
+            } else {
+                QByteArray utf8pass = m_password.toUtf8();
+                GSendStr(utf8pass.constData());
                 GSendInt(IsPassword);
+            }
+
+            m_password.clear();
 
             if (arr)
                 ::free( arr );
@@ -278,8 +284,6 @@
             cantCheck();
             return;
         case ConvPutAuthAbort:
-            // what to do here?
-            return;
         case ConvPutReadyForAuthentication:
             m_ready = true;
             if (m_mode == AuthenticationMode::Direct) {
diff --git a/kcheckpass/checkpass_pam.c b/kcheckpass/checkpass_pam.c
--- a/kcheckpass/checkpass_pam.c
+++ b/kcheckpass/checkpass_pam.c
@@ -121,7 +121,7 @@
 
 #ifdef PAM_FAIL_DELAY
 static void
-fail_delay(int retval ATTR_UNUSED, unsigned usec_delay ATTR_UNUSED, 
+fail_delay(int retval ATTR_UNUSED, unsigned usec_delay ATTR_UNUSED,
 	   void *appdata_ptr ATTR_UNUSED)
 {}
 #endif
@@ -168,7 +168,8 @@
   pam_error = pam_authenticate(pamh, 0);
   if (pam_error != PAM_SUCCESS) {
     if (PAM_data.abort) {
-      pam_end(pamh, PAM_SUCCESS);
+      PAM_data.abort = 0;
+      pam_end(pamh, pam_error);
       return AuthAbort;
     }
     pam_end(pamh, pam_error);

Attachment: signature.asc
Description: OpenPGP digital signature