[OATH-Toolkit-help] [sr #108042] try_first_pass/use_first_pass with password and otp problem

[anonymous]

URL:
  <http://savannah.nongnu.org/support/?108042>

                 Summary: try_first_pass/use_first_pass with password and otp
problem
                 Project: OATH Toolkit
            Submitted by: None
            Submitted on: Di 01 Mai 2012 19:19:24 UTC
                Category: None
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

Hello,

if one of the options try_first_pass and use_first_pass is used with two
factor authentication, the OTP becomes empty.


debug output:
...
get user returned: <user>
get password returned: <password><otp>
Password: <password>
OTP: <nothing!>
...

The reason seems to be, that the pam_set_item function gets the password by
ref.

This patch seems to work for me:


--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
@@ -272,15 +272,15 @@ pam_sm_authenticate (pam_handle_t * pamh,
 
       DBG (("Password: %s ", onlypasswd));
 
+      strncpy (otp, password + password_len - cfg.digits, cfg.digits);
+      otp[cfg.digits] = '\0';
+
       retval = pam_set_item (pamh, PAM_AUTHTOK, onlypasswd);
       if (retval != PAM_SUCCESS)
        {
          DBG (("set_item returned error: %s", pam_strerror (pamh, retval)));
          goto done;
        }
-
-      strncpy (otp, password + password_len - cfg.digits, cfg.digits);
-      otp[cfg.digits] = '\0';
     }
   else
     {


Best regards.




 




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/support/?108042>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.nongnu.org/