rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-20 12:54:16 +01:00
Code Issues Projects Releases Wiki Activity

check if user file exists before trying to open

Browse Source 
and return AUTH_NO_TOKENS if file doesn't exist. This fixes issues in
the nullok case where this user should just be skipped over, handle
other issues with user file as an AUTH_ERROR.

fixes #194
This commit is contained in:
Klas Lindfors 2019-06-24 14:12:52 +02:00
parent fcfcba6c2f
commit f300115a64
No known key found for this signature in database
GPG Key ID: BCA00FD4B2168C0A
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pam_yubico.c
View File

@ -181,6 +181,7 @@ authorize_user_token (struct cfg *cfg,
size_t buflen = sizeof(buf); size_t buflen = sizeof(buf);
int pwres; int pwres;
PAM_MODUTIL_DEF_PRIVS(privs); PAM_MODUTIL_DEF_PRIVS(privs);
struct stat st;
pwres = getpwnam_r (username, &pass, buf, buflen, &p); pwres = getpwnam_r (username, &pass, buf, buflen, &p);
if (p == NULL) { if (p == NULL) {
@ -206,7 +207,11 @@ authorize_user_token (struct cfg *cfg,
goto free_out; goto free_out;
} }
retval = check_user_token (userfile, username, otp_id, cfg->debug, cfg->debug_file); if (stat (userfile, &st) != 0 && errno == ENOENT) {
retval = AUTH_NO_TOKENS;
} else {
retval = check_user_token (userfile, username, otp_id, cfg->debug, cfg->debug_file);
}
if(pam_modutil_regain_priv(pamh, &privs)) { if(pam_modutil_regain_priv(pamh, &privs)) {
DBG ("could not restore privileges"); DBG ("could not restore privileges");