From b5a95c2eb1e877f89475572cedcea58caa97819c Mon Sep 17 00:00:00 2001
From: Dan Tenenbaum <dtenenba@fhcrc.org>
Date: Wed, 9 Mar 2022 10:18:31 -0800
Subject: [PATCH] security fix

---
 src/backend/api/utils/pam.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/backend/api/utils/pam.py b/src/backend/api/utils/pam.py
index 9b243518..d87eb1ec 100644
--- a/src/backend/api/utils/pam.py
+++ b/src/backend/api/utils/pam.py
@@ -6,7 +6,7 @@
 # for security reasons.
 #
 # Audited by Andrei Cioara <andrei@cioara.me> on 2019-06-14
-# for integartion into Motuz.
+# for integration into Motuz.
 
 # (c) 2007 Chris AtLee <chris@atlee.ca>
 # Licensed under the MIT license:
@@ -106,6 +106,10 @@ class PamConv(Structure):
 pam_authenticate.restype  = c_int
 pam_authenticate.argtypes = [PamHandle, c_int]
 
+pam_acct_mgmt          = libpam.pam_acct_mgmt
+pam_acct_mgmt.restype  = c_int
+pam_acct_mgmt.argtypes = [PamHandle, c_int]
+
 class pam():
     code   = 0
     reason = None
@@ -184,6 +188,8 @@ def my_conv(n_messages, messages, p_response, app_data):
             return False
 
         retval = pam_authenticate(handle, 0)
+        if retval == 0:
+            retval = pam_acct_mgmt(handle, 0)
         auth_success = retval == 0
 
         if auth_success and resetcreds: