From 308c40306db937dda0ed99c7a426c7730c3d326c Mon Sep 17 00:00:00 2001
From: liuxinhao <liuxinhao@kylinsec.com.cn>
Date: Mon, 14 Nov 2022 16:50:36 +0800
Subject: [PATCH] fix(CVE): PAM authorization bypass due to incorrect usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 修复问题: 已经过期的账户持有凭证仍然能登录
---
 libexec/session-guard-checkpass/main.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libexec/session-guard-checkpass/main.cpp b/libexec/session-guard-checkpass/main.cpp
index e667bde..4606411 100644
--- a/libexec/session-guard-checkpass/main.cpp
+++ b/libexec/session-guard-checkpass/main.cpp
@@ -203,7 +203,6 @@ int main(int argc, char *argv[])
 
     int authRes = PAM_SUCCESS;
     authRes = pam_authenticate(pamh, 0);
-
     const char *newUserName;
     if (pam_get_item(pamh, PAM_USER, (const void **)&newUserName) != PAM_SUCCESS)
     {
@@ -211,6 +210,11 @@ int main(int argc, char *argv[])
         return EXIT_FAILURE;
     }
 
+    if( authRes == PAM_SUCCESS )
+    {
+        authRes = pam_acct_mgmt(pamh, 0);
+    }
+
     const char *authResultString = pam_strerror(pamh, authRes);
     CompleteEvent event(true, authRes == PAM_SUCCESS, QString(authResultString));
     kiran_pam_message_send_event(CHANNEL_WRITE, &event);
-- 
2.33.0