rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-21 15:54:41 +01:00
Code Issues Projects Releases Wiki Activity

Drop privileges before writing new C-R file.

Browse Source
This commit is contained in:
Fredrik Thulin 2011-11-23 13:56:01 +01:00
parent 94885d2d48
commit f24f333867
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pam_yubico.c
View File

@ -573,6 +573,12 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
memcpy (state.response, buf, response_len);
state.response_len = response_len;
/* Drop privileges before creating new challenge file. */
if (drop_privileges(p, pamh) < 0) {
D (("could not drop privileges"));
goto out;
}
/* Write out the new file */
tmpfile = malloc(strlen(userfile) + 1 + 4);
if (! tmpfile)
@ -596,6 +602,11 @@ do_challenge_response(pam_handle_t *pamh, struct cfg *cfg, const char *username)
goto out;
}
if (restore_privileges(pamh) < 0) {
DBG (("could not restore privileges"));
goto out;
}
DBG(("Challenge-response success!"));
errstr = NULL;