From 4712da70cac159d5ca9579c1e4fac0645b674043 Mon Sep 17 00:00:00 2001
From: Nanakos Chrysostomos <nanakos@wired-net.gr>
Date: Fri, 26 Aug 2011 14:32:03 +0300
Subject: [PATCH] Fix big security hole: Authentication succeeded when no
 password was given, unless use_first_pass was being used. This is fatal if
 pam_yubico is considered 'sufficient' in the PAM configuration.

Signed-off-by: Nanakos Chrysostomos <nanakos@wired-net.gr>
---
 pam_yubico.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pam_yubico.c b/pam_yubico.c
index 49f96cc..35abbb2 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -747,6 +747,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
       if (resp->resp == NULL)
 	{
 	  DBG (("conv returned NULL passwd?"));
+	  retval = PAM_AUTH_ERR;
 	  goto done;
 	}