rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-31 16:52:19 +01:00
Code Issues Projects Releases Wiki Activity

only process results of OTP check after user is found

Browse Source 
relates #97
This commit is contained in:
Klas Lindfors 2016-06-13 09:04:22 +02:00
parent 33e7013916
commit a21a20cb65
1 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pam_yubico.c
View File

@ -1040,21 +1040,6 @@ pam_sm_authenticate (pam_handle_t * pamh,
ykclient_strerror (rc)));
DBG (("ykclient url used: %s", ykclient_get_last_url(ykc)));
switch (rc)
{
case YKCLIENT_OK:
break;
case YKCLIENT_BAD_OTP:
case YKCLIENT_REPLAYED_OTP:
retval = PAM_AUTH_ERR;
goto done;
default:
retval = PAM_AUTHINFO_UNAVAIL;
goto done;
}
/* authorize the user with supplied token id */
if (cfg->ldapserver != NULL || cfg->ldap_uri != NULL)
valid_token = authorize_user_token_ldap (cfg, user, otp_id);
@ -1064,7 +1049,21 @@ pam_sm_authenticate (pam_handle_t * pamh,
switch(valid_token)
{
case 1:
retval = PAM_SUCCESS;
switch (rc)
{
case YKCLIENT_OK:
retval = PAM_SUCCESS;
break;
case YKCLIENT_BAD_OTP:
case YKCLIENT_REPLAYED_OTP:
retval = PAM_AUTH_ERR;
break;
default:
retval = PAM_AUTHINFO_UNAVAIL;
break;
}
break;
case 0:
DBG (("Internal error while validating user"));