[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] Bug#807990: third patch, fails more gracefully
From: |
Antoine Beaupré |
Subject: |
[OATH-Toolkit-help] Bug#807990: third patch, fails more gracefully |
Date: |
Mon, 01 Aug 2016 12:40:20 -0400 |
User-agent: |
Notmuch/0.21 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) |
the following patch makes use of the PAM_USER_UNKNONWN flag in a more
graceful way, and checks before prompting the password. it could be
using more direct parsing functions, but that turned out to be harder
because the parse_usersfile function has a more complicated signature
than the actual authentication function.
diff --git a/pam_oath/README b/pam_oath/README
index bef4265..a6cbe56 100644
--- a/pam_oath/README
+++ b/pam_oath/README
@@ -23,7 +23,7 @@ window open before making any changes!
---------
# head -1 /etc/pam.d/su
-auth requisite pam_oath.so debug usersfile=/etc/users.oath window=20
+auth requisite pam_oath.so debug usersfile=/etc/users.oath window=20
[user_unknown=ignore]
#
---------
diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
index 2820318..25a3452 100644
--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
@@ -162,6 +162,23 @@ pam_sm_authenticate (pam_handle_t * pamh,
}
DBG (("get user returned: %s", user));
+ // quick check to skip unconfigured users before prompting for password
+ {
+ time_t last_otp;
+ otp[0] = '\0';
+ rc = oath_authenticate_usersfile (cfg.usersfile,
+ user,
+ otp, cfg.window, onlypasswd, &last_otp);
+
+ DBG (("authenticate first pass rc %d (%s: %s) last otp %s", rc,
+ oath_strerror_name (rc) ? oath_strerror_name (rc) : "UNKNOWN",
+ oath_strerror (rc), ctime (&last_otp)));
+ if (rc == OATH_UNKNOWN_USER)
+ {
+ return PAM_USER_UNKNOWN;
+ }
+ }
+
if (cfg.try_first_pass || cfg.use_first_pass)
{
retval = pam_get_item (pamh, PAM_AUTHTOK, (const void **) &password);
it still parses the file twice, but i'm not sure how to fix that short
of loading the whole file in memory, which isn't the way the library
works now.
a.
--
We have no friends but the mountains.
- Kurdish saying
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [OATH-Toolkit-help] Bug#807990: third patch, fails more gracefully,
Antoine Beaupré <=