rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 16:52:17 +01:00
Code Issues Projects Releases Wiki Activity

print information only if debug is specified

Browse Source 
The pam module is very informative. I do not want it to print any
information unless debug is specified. An attacker should not get any
information.
This commit is contained in:
Christian Hesse 2013-05-13 15:47:59 +02:00
parent e5c7725fc1
commit 7dc5c6a155
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pam_yubico.c
View File

@ -475,18 +475,18 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
flags |= YK_FLAG_MAYBLOCK; flags |= YK_FLAG_MAYBLOCK;
if (! init_yubikey(&yk)) { if (! init_yubikey(&yk)) {
D(("Failed initializing YubiKey")); DBG(("Failed initializing YubiKey"));
goto out; goto out;
} }
if (! check_firmware_version(yk, false, true)) { if (! check_firmware_version(yk, false, true)) {
D(("YubiKey does not support Challenge-Response (version 2.2 required)")); DBG(("YubiKey does not support Challenge-Response (version 2.2 required)"));
goto out; goto out;
} }
if (! get_user_challenge_file (yk, cfg->chalresp_path, username, &userfile)) { if (! get_user_challenge_file (yk, cfg->chalresp_path, username, &userfile)) {
D(("Failed getting user challenge file for user %s", username)); DBG(("Failed getting user challenge file for user %s", username));
goto out; goto out;
} }
@ -546,7 +546,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len, if (! challenge_response(yk, state.slot, state.challenge, state.challenge_len,
true, flags, false, true, flags, false,
buf, sizeof(buf), &response_len)) { buf, sizeof(buf), &response_len)) {
D(("Challenge-response FAILED")); DBG(("Challenge-response FAILED"));
goto out; goto out;
} }
@ -559,7 +559,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (memcmp(buf, state.response, response_len) == 0) { if (memcmp(buf, state.response, response_len) == 0) {
ret = PAM_SUCCESS; ret = PAM_SUCCESS;
} else { } else {
D(("Unexpected C/R response : %s", response_hex)); DBG(("Unexpected C/R response : %s", response_hex));
goto out; goto out;
} }
@ -567,7 +567,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
errstr = "Error generating new challenge, please check syslog or contact your system administrator"; errstr = "Error generating new challenge, please check syslog or contact your system administrator";
if (generate_random(state.challenge, sizeof(state.challenge))) { if (generate_random(state.challenge, sizeof(state.challenge))) {
D(("Failed generating new challenge!")); DBG(("Failed generating new challenge!"));
goto out; goto out;
} }
@ -575,7 +575,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE, if (! challenge_response(yk, state.slot, state.challenge, CR_CHALLENGE_SIZE,
true, flags, false, true, flags, false,
buf, sizeof(buf), &response_len)) { buf, sizeof(buf), &response_len)) {
D(("Second challenge-response FAILED")); DBG(("Second challenge-response FAILED"));
goto out; goto out;
} }
@ -593,7 +593,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
* Write the challenge and response we will expect the next time to the state file. * Write the challenge and response we will expect the next time to the state file.
*/ */
if (response_len > sizeof(state.response)) { if (response_len > sizeof(state.response)) {
D(("Got too long response ??? (%u/%lu)", response_len, (unsigned long) sizeof(state.response))); DBG(("Got too long response ??? (%u/%lu)", response_len, (unsigned long) sizeof(state.response)));
goto out; goto out;
} }
memcpy (state.response, buf, response_len); memcpy (state.response, buf, response_len);
@ -649,10 +649,10 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (yk_errno) { if (yk_errno) {
if (yk_errno == YK_EUSBERR) { if (yk_errno == YK_EUSBERR) {
syslog(LOG_ERR, "USB error: %s", yk_usb_strerror()); syslog(LOG_ERR, "USB error: %s", yk_usb_strerror());
D(("USB error: %s", yk_usb_strerror())); DBG(("USB error: %s", yk_usb_strerror()));
} else { } else {
syslog(LOG_ERR, "Yubikey core error: %s", yk_strerror(yk_errno)); syslog(LOG_ERR, "Yubikey core error: %s", yk_strerror(yk_errno));
D(("Yubikey core error: %s", yk_strerror(yk_errno))); DBG(("Yubikey core error: %s", yk_strerror(yk_errno)));
} }
} }
@ -661,7 +661,7 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
if (errno) { if (errno) {
syslog(LOG_ERR, "Challenge response failed: %s", strerror(errno)); syslog(LOG_ERR, "Challenge response failed: %s", strerror(errno));
D(("Challenge response failed: %s", strerror(errno))); DBG(("Challenge response failed: %s", strerror(errno)));
} }
if (yk) if (yk)