From owner-freebsd-current  Mon Jan 21  9:17:34 2002
Delivered-To: freebsd-current@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP id E507937B405
	for <current@FreeBSD.ORG>; Mon, 21 Jan 2002 09:17:25 -0800 (PST)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id g0LHHK038560;
	Mon, 21 Jan 2002 20:17:20 +0300 (MSK)
	(envelope-from ache)
Date: Mon, 21 Jan 2002 20:17:19 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: mark@grondar.za, current@FreeBSD.ORG
Subject: Re: Step6, corresponding /etc/pam.d/* fixes for review
Message-ID: <20020121171719.GA38390@nagual.pp.ru>
References: <20020121142038.GA36519@nagual.pp.ru> <xzpsn8zwwey.fsf@flood.ping.uio.no> <20020121154244.GC37234@nagual.pp.ru> <xzpbsfnwvfz.fsf@flood.ping.uio.no> <20020121161534.GE37234@nagual.pp.ru> <xzpu1tfvfib.fsf@flood.ping.uio.no> <20020121162726.GH37234@nagual.pp.ru> <xzplmervds6.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzplmervds6.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.3.24i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, Jan 21, 2002 at 18:01:45 +0100, Dag-Erling Smorgrav wrote:

>  3) in pam_opie(8), return PAM_AUTH_ERR if no_fake_prompts was
>     specified and the user hasn't set up OPIE.


We can speed up pam_opie by saving one opielookup() call in this way:

	/*
 	 * Don't call the OPIE atexit() handler when our program exits,
 	 * since the module has been unloaded and we will SEGV.
 	 */
 	opiedisableaeh();
 
 	/*
	 * If the no_fake_prompts option was given, and the user
	 * doesn't have an OPIE key, just fail rather than present the
	 * user with a bogus OPIE challenge.
	 */
	/* XXX generates a const warning because of incorrect prototype */
	if (opiechallenge(&opie, (char *)user, challenge) != 0 &&
	    pam_test_option(&options, PAM_OPT_NO_FAKE_PROMPTS, NULL))
		PAM_RETURN(PAM_AUTH_ERR);

	/*
	 * It doesn't make sense to use a password that has already been
	 * typed in, since we haven't presented the challenge to the user
	 * yet, so clear the stored password.
	 */
	pam_set_item(pamh, PAM_AUTHTOK, NULL);

 	for (i = 0; i < 2; i++) {
 		snprintf(prompt, sizeof prompt, promptstr[i], challenge);



-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message