rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-20 12:54:16 +01:00
Code Issues Projects Releases Wiki Activity

do_chalendge needs drop privs twice at reading and writing

Browse Source
This commit is contained in:
madRat 2015-09-11 16:50:51 +03:00
parent 1036873b95
commit 3d22ed0c15
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
pam_yubico.c
View File

@ -588,9 +588,11 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
/* point to the fresh privs structure.. */ /* point to the fresh privs structure.. */
privs = privs2; privs = privs2;
/* Drop privileges before creating new challenge file. */ /* Drop privileges before creating new challenge file. */
if (pam_modutil_drop_priv(pamh, &privs, p)) { if (!cfg->chalresp_path) {
DBG (("could not drop privileges")); if (pam_modutil_drop_priv(pamh, &privs, p)) {
goto out; DBG (("could not drop privileges"));
goto out;
}
} }
/* Write out the new file */ /* Write out the new file */
@ -624,19 +626,15 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
goto restpriv_out; goto restpriv_out;
} }
if (pam_modutil_regain_priv(pamh, &privs)) {
DBG (("could not restore privileges"));
goto out;
}
DBG(("Challenge-response success!")); DBG(("Challenge-response success!"));
errstr = NULL; errstr = NULL;
errno = 0; errno = 0;
goto out;
restpriv_out: restpriv_out:
if (pam_modutil_regain_priv(pamh, &privs)) { if (!cfg->chalresp_path) {
DBG (("could not restore privileges")); if (pam_modutil_regain_priv(pamh, &privs)) {
DBG (("could not restore privileges"));
}
} }
out: out: