From 7fa8cbbd46c526051a8215df4e07640843303a5a Mon Sep 17 00:00:00 2001
From: Klas Lindfors <klas@yubico.com>
Date: Mon, 23 Sep 2013 08:31:17 +0200
Subject: [PATCH] a PAM_MODUTIL_DEV_PRIVS structure can't be reused

so we have to allocate a second one and point to
that for the second time we want to drop privs.
relates to #28
---
 pam_yubico.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pam_yubico.c b/pam_yubico.c
index 5fdc64c..314d886 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -476,7 +476,9 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   struct passwd *p;
   struct stat st;
 
+  /* we must declare two sepparate privs structures as they can't be reused */
   PAM_MODUTIL_DEF_PRIVS(privs);
+  PAM_MODUTIL_DEF_PRIVS(privs2);
 
   ret = PAM_AUTH_ERR;
 
@@ -610,6 +612,8 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
   memcpy (state.response, buf, response_len);
   state.response_len = response_len;
 
+  /* point to the fresh privs structure.. */
+  privs = privs2;
   /* Drop privileges before creating new challenge file. */
   if (pam_modutil_drop_priv(pamh, &privs, p)) {
       DBG (("could not drop privileges"));