[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Bug#807990: patch
|
From: |
Antoine Beaupré |
|
Subject: |
[OATH-Toolkit-help] Bug#807990: patch |
|
Date: |
Tue, 15 Dec 2015 00:19:53 -0500 |
|
User-agent: |
Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) |
Control: tags -1 +patch
Here's patch that, I think, may fix that problem.
--- pam_oath/pam_oath.c.orig 2015-12-15 00:15:32.070364666 -0500
+++ pam_oath/pam_oath.c 2015-12-15 00:15:33.462364695 -0500
@@ -72,6 +72,7 @@
char *usersfile;
unsigned digits;
unsigned window;
+ int missingok;
};
static void
@@ -86,6 +87,7 @@
cfg->usersfile = NULL;
cfg->digits = -1;
cfg->window = 5;
+ cfg->missingok = 0;
for (i = 0; i < argc; i++)
{
@@ -103,6 +105,8 @@
cfg->digits = atoi (argv[i] + 7);
if (strncmp (argv[i], "window=", 7) == 0)
cfg->window = atoi (argv[i] + 7);
+ if (strcmp (argv[i], "missingok") == 0)
+ cfg->missingok = 1;
}
if (cfg->digits != 6 && cfg->digits != 7 && cfg->digits != 8)
@@ -126,6 +130,7 @@
D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)"));
D (("digits=%d", cfg->digits));
D (("window=%d", cfg->window));
+ D (("missingok=%d", cfg->missingok));
}
}
@@ -312,7 +317,7 @@
oath_strerror (rc), ctime (&last_otp)));
}
- if (rc != OATH_OK)
+ if (rc != OATH_OK && !(cfg->missingok && rc == OATH_UNKNOWN_USER))
{
DBG (("One-time password not authorized to login as user '%s'", user));
retval = PAM_AUTH_ERR;
--- pam_oath/README.orig 2015-12-15 00:18:18.886368111 -0500
+++ pam_oath/README 2015-12-15 00:18:07.298367872 -0500
@@ -224,6 +224,9 @@
"window": Specify search depth, an integer typically from 5 to 50
but other values can be useful too.
+ "missingok": If specified, users missing from the "usersfile" will be
+ considered authentified.
+
SSH Configuration
-----------------
Feedback/testing welcome.
--
Thoughtcrime does not entail death: thoughtcrime IS death.
- Winston Smith, 1984