Date: Mon, 21 Jan 2002 20:17:19 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Dag-Erling Smorgrav <des@ofug.org> Cc: mark@grondar.za, current@FreeBSD.ORG Subject: Re: Step6, corresponding /etc/pam.d/* fixes for review Message-ID: <20020121171719.GA38390@nagual.pp.ru> In-Reply-To: <xzplmervds6.fsf@flood.ping.uio.no> References: <20020121142038.GA36519@nagual.pp.ru> <xzpsn8zwwey.fsf@flood.ping.uio.no> <20020121154244.GC37234@nagual.pp.ru> <xzpbsfnwvfz.fsf@flood.ping.uio.no> <20020121161534.GE37234@nagual.pp.ru> <xzpu1tfvfib.fsf@flood.ping.uio.no> <20020121162726.GH37234@nagual.pp.ru> <xzplmervds6.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 21, 2002 at 18:01:45 +0100, Dag-Erling Smorgrav wrote:
> 3) in pam_opie(8), return PAM_AUTH_ERR if no_fake_prompts was
> specified and the user hasn't set up OPIE.
We can speed up pam_opie by saving one opielookup() call in this way:
/*
* Don't call the OPIE atexit() handler when our program exits,
* since the module has been unloaded and we will SEGV.
*/
opiedisableaeh();
/*
* If the no_fake_prompts option was given, and the user
* doesn't have an OPIE key, just fail rather than present the
* user with a bogus OPIE challenge.
*/
/* XXX generates a const warning because of incorrect prototype */
if (opiechallenge(&opie, (char *)user, challenge) != 0 &&
pam_test_option(&options, PAM_OPT_NO_FAKE_PROMPTS, NULL))
PAM_RETURN(PAM_AUTH_ERR);
/*
* It doesn't make sense to use a password that has already been
* typed in, since we haven't presented the challenge to the user
* yet, so clear the stored password.
*/
pam_set_item(pamh, PAM_AUTHTOK, NULL);
for (i = 0; i < 2; i++) {
snprintf(prompt, sizeof prompt, promptstr[i], challenge);
--
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020121171719.GA38390>