rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 16:52:17 +01:00
Code Issues Projects Releases Wiki Activity

a PAM_MODUTIL_DEV_PRIVS structure can't be reused

Browse Source 
so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
This commit is contained in:
Klas Lindfors 2013-09-23 08:31:17 +02:00
parent 1f0d46d745
commit 7fa8cbbd46
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pam_yubico.c
View File

@ -476,7 +476,9 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
struct passwd *p;
struct stat st;
/* we must declare two sepparate privs structures as they can't be reused */
PAM_MODUTIL_DEF_PRIVS(privs);
PAM_MODUTIL_DEF_PRIVS(privs2);
ret = PAM_AUTH_ERR;
@ -610,6 +612,8 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
memcpy (state.response, buf, response_len);
state.response_len = response_len;
/* point to the fresh privs structure.. */
privs = privs2;
/* Drop privileges before creating new challenge file. */
if (pam_modutil_drop_priv(pamh, &privs, p)) {
DBG (("could not drop privileges"));