mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-03-14 06:29:21 +01:00
Avoid logging passwords when debug is enabled.
Problem reported in http://code.google.com/p/yubico-pam/issues/detail?id=28
This commit is contained in:
parent
60d9e6063b
commit
ac76947e8a
@ -555,15 +555,15 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
||||
goto done;
|
||||
}
|
||||
|
||||
DBG (("conv returned: %s", resp->resp));
|
||||
DBG (("conv returned %i bytes", strlen(resp->resp)));
|
||||
|
||||
password = resp->resp;
|
||||
}
|
||||
|
||||
password_len = strlen (password);
|
||||
if (password_len < TOKEN_OTP_LEN)
|
||||
if (password_len < (cfg.token_id_length + TOKEN_OTP_LEN))
|
||||
{
|
||||
DBG (("OTP too short: %s", password));
|
||||
DBG (("OTP too short: %i < %i", password_len, TOKEN_OTP_LEN));
|
||||
retval = PAM_AUTH_ERR;
|
||||
goto done;
|
||||
}
|
||||
@ -589,7 +589,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
||||
|
||||
onlypasswd[password_len - (TOKEN_OTP_LEN + cfg.token_id_length)] = '\0';
|
||||
|
||||
DBG (("Password: %s ", onlypasswd));
|
||||
DBG (("Extracted a probable system password entered before the OTP - "
|
||||
"setting item PAM_AUTHTOK"));
|
||||
|
||||
retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd);
|
||||
free (onlypasswd);
|
||||
|
Loading…
x
Reference in New Issue
Block a user