mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-02-20 21:54:16 +01:00
authorize_user_token: Don't drop privs for system-wide file.
This commit is contained in:
parent
29f8a00713
commit
263012f725
43
pam_yubico.c
43
pam_yubico.c
@ -206,45 +206,50 @@ authorize_user_token (struct cfg *cfg,
|
||||
pam_handle_t *pamh)
|
||||
{
|
||||
int retval;
|
||||
struct passwd *p;
|
||||
|
||||
p = getpwnam (username);
|
||||
if (p == NULL) {
|
||||
DBG (("getpwnam: %s", strerror(errno)));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (drop_privileges(p, pamh) < 0) {
|
||||
D (("could not drop privileges"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (cfg->auth_file)
|
||||
{
|
||||
/* Administrator had configured the file and specified is name
|
||||
as an argument for this module.
|
||||
*/
|
||||
DBG (("Using system-wide auth_file %s", cfg->auth_file));
|
||||
retval = check_user_token (cfg, cfg->auth_file, username, otp_id);
|
||||
}
|
||||
else
|
||||
{
|
||||
char *userfile = NULL;
|
||||
struct passwd *p;
|
||||
|
||||
p = getpwnam (username);
|
||||
if (p == NULL) {
|
||||
DBG (("getpwnam: %s", strerror(errno)));
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Getting file from user home directory
|
||||
..... i.e. ~/.yubico/authorized_yubikeys
|
||||
*/
|
||||
if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", username, &userfile))
|
||||
if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", username, &userfile)) {
|
||||
D (("Failed figuring out per-user cfgfile"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
DBG (("Dropping privileges"));
|
||||
|
||||
if (drop_privileges(p, pamh) < 0) {
|
||||
D (("could not drop privileges"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
retval = check_user_token (cfg, userfile, username, otp_id);
|
||||
|
||||
free (userfile);
|
||||
}
|
||||
if (restore_privileges(pamh) < 0)
|
||||
{
|
||||
DBG (("could not restore privileges"));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (restore_privileges(pamh) < 0)
|
||||
{
|
||||
DBG (("could not restore privileges"));
|
||||
return 0;
|
||||
free (userfile);
|
||||
}
|
||||
|
||||
return retval;
|
||||
|
Loading…
x
Reference in New Issue
Block a user