summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--pam_network_manager_helper.c39
1 files changed, 35 insertions, 4 deletions
diff --git a/pam_network_manager_helper.c b/pam_network_manager_helper.c
index c90fa8c..8447211 100644
--- a/pam_network_manager_helper.c
+++ b/pam_network_manager_helper.c
@@ -201,7 +201,6 @@ static void add_cb(UNUSED NMRemoteSettings *settings, NMRemoteConnection *con, G
static void delete_cb(UNUSED NMRemoteConnection *connection, UNUSED GError *error, gpointer user_data) {
cb_arg *arg = user_data;
-
g_main_loop_quit(arg->loop);
}
@@ -210,7 +209,36 @@ static void read_cb(UNUSED NMRemoteSettings *settings, gpointer user_data) {
g_main_loop_quit(arg->loop);
}
-static gboolean handle_old_connection(NMRemoteSettings *settings, cb_arg *arg) {
+static gboolean match_connection_user(NMConnection *connection, const char *user) {
+ NMSetting8021x *setting = nm_connection_get_setting_802_1x(connection);
+ if (!setting)
+ return FALSE;
+
+ const char *identity = nm_setting_802_1x_get_identity(setting);
+ if (!identity)
+ return FALSE;
+
+ return (strcmp(identity, user) == 0);
+}
+
+static gboolean is_connection_active(NMConnection *connection, cb_arg *arg) {
+ NMDevice *device = find_device(arg->client);
+ if (!device)
+ return FALSE;
+
+ NMActiveConnection *active_connection = nm_device_get_active_connection(device);
+ if (!active_connection)
+ return FALSE;
+
+ if (strcmp(nm_connection_get_path(connection), nm_active_connection_get_connection(active_connection)) != 0)
+ return FALSE;
+
+ NMActiveConnectionState state = nm_active_connection_get_state(active_connection);
+
+ return (state == NM_ACTIVE_CONNECTION_STATE_ACTIVATED);
+}
+
+static gboolean handle_old_connection(NMRemoteSettings *settings, const char *user, cb_arg *arg) {
NMRemoteConnection *con = NULL;
g_signal_connect(settings, NM_REMOTE_SETTINGS_CONNECTIONS_READ,
@@ -222,6 +250,9 @@ static gboolean handle_old_connection(NMRemoteSettings *settings, cb_arg *arg) {
if (!con)
goto end;
+ if (match_connection_user(NM_CONNECTION(con), user) && is_connection_active(NM_CONNECTION(con), arg))
+ return TRUE;
+
nm_remote_connection_delete(con, delete_cb, arg);
g_main_loop_run(arg->loop);
@@ -250,8 +281,8 @@ static int authenticate(const char *user, const char *pass) {
if (!settings)
goto end;
- if (handle_old_connection(settings, &arg)) {
- arg.ret = PAM_SUCCESS;
+ if (handle_old_connection(settings, user, &arg)) {
+ arg.ret = PAM_IGNORE;
goto end;
}