Don't generate new challenge on bad response.

2024-11-29 00:24:11 +01:00 · 2011-03-14 12:44:57 +01:00 · 2011-03-14 12:44:57 +01:00 · ee2e8b42da
commit ee2e8b42da
parent 7360223a14
1 changed files with 7 additions and 2 deletions
--- a/pam_yubico.c
+++ b/pam_yubico.c
@ -503,10 +503,15 @@ do_challenge_response(struct cfg *cfg, const char *username)
 				  &response_len))
    goto out;
  yubikey_hex_encode(response_hex, (char *)response, response_len > 20 ? 20 : response_len);
-  if (strcmp(response_hex, expected_response) == 0)
+  if (strcmp(response_hex, expected_response) == 0) {
    ret = PAM_SUCCESS;
+  } else {
+    D(("Unexpected C/R response : %s", response_hex));
+    ret = PAM_AUTH_ERR;
+    goto out;
+  }

-  /* Ok, got a good validation.  Generate a new challenge */
+  D(("Got the expected response, generating new challenge."));

  if (generate_challenge(challenge_hex, 64) < 0)
    goto out;