rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-03-15 18:29:16 +01:00
Code Issues Projects Releases Wiki Activity

Avoid logging passwords when debug is enabled.

Browse Source 
Problem reported in
http://code.google.com/p/yubico-pam/issues/detail?id=28
This commit is contained in:
Fredrik Thulin 2011-03-03 14:51:25 +01:00
parent 60d9e6063b
commit ac76947e8a
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pam_yubico.c
View File

@ -555,15 +555,15 @@ pam_sm_authenticate (pam_handle_t * pamh,
goto done; goto done;
} }
DBG (("conv returned: %s", resp->resp)); DBG (("conv returned %i bytes", strlen(resp->resp)));
password = resp->resp; password = resp->resp;
} }
password_len = strlen (password); password_len = strlen (password);
if (password_len < TOKEN_OTP_LEN) if (password_len < (cfg.token_id_length + TOKEN_OTP_LEN))
{ {
DBG (("OTP too short: %s", password)); DBG (("OTP too short: %i < %i", password_len, TOKEN_OTP_LEN));
retval = PAM_AUTH_ERR; retval = PAM_AUTH_ERR;
goto done; goto done;
} }
@ -589,7 +589,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
onlypasswd[password_len - (TOKEN_OTP_LEN + cfg.token_id_length)] = '\0'; onlypasswd[password_len - (TOKEN_OTP_LEN + cfg.token_id_length)] = '\0';
DBG (("Password: %s ", onlypasswd)); DBG (("Extracted a probable system password entered before the OTP - "
"setting item PAM_AUTHTOK"));
retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd); retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd);
free (onlypasswd); free (onlypasswd);