Date: Wed, 22 May 2019 07:38:14 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 238041] [PATCH] pam_exec prompt for password for every pam function when enabled expose_authtok Message-ID: <bug-238041-227-9ZE65NVs1R@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-238041-227@https.bugs.freebsd.org/bugzilla/> References: <bug-238041-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238041 Qiantan Hong <qhong@mit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Affects Only Me |Affects Many People --- Comment #1 from Qiantan Hong <qhong@mit.edu> --- Steps to reproduce: put this to /etc/pam.d/system: auth optional pam_exec.so expose_authtok /etc/pam.d/test put this to /etc/pam.d/test: #!/bin/sh read token exit 0 Expected result: Prompt for password on each authentication Actual result: Prompt for password on every pam function, e.g. twice on su (pam_sm_authenticate and pam_sm_setcred, the second one has no effect) Patch: Index: pam_exec.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- pam_exec.c (revision 348097) +++ pam_exec.c (working copy) @@ -4,6 +4,7 @@ * Copyright (c) 2001,2003 Networks Associates Technology, Inc. * Copyright (c) 2017 Dag-Erling Sm=C3=B8rgrav * Copyright (c) 2018 Thomas Munro + * Copyright (c) 2019 Qiantan Hong * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -495,7 +496,7 @@ ret =3D parse_options(__func__, &argc, &argv, &options); if (ret !=3D 0) return (PAM_SERVICE_ERR); - + options.expose_authtok =3D 0; ret =3D _pam_exec(pamh, __func__, flags, argc, argv, &options); /* @@ -535,7 +536,7 @@ ret =3D parse_options(__func__, &argc, &argv, &options); if (ret !=3D 0) return (PAM_SERVICE_ERR); - + options.expose_authtok =3D 0; ret =3D _pam_exec(pamh, __func__, flags, argc, argv, &options); /* @@ -575,7 +576,7 @@ ret =3D parse_options(__func__, &argc, &argv, &options); if (ret !=3D 0) return (PAM_SERVICE_ERR); - + options.expose_authtok =3D 0; ret =3D _pam_exec(pamh, __func__, flags, argc, argv, &options); /* @@ -612,7 +613,7 @@ ret =3D parse_options(__func__, &argc, &argv, &options); if (ret !=3D 0) return (PAM_SERVICE_ERR); - + options.expose_authtok =3D 0;=20=20=20=20=20 ret =3D _pam_exec(pamh, __func__, flags, argc, argv, &options); /* @@ -649,7 +650,7 @@ ret =3D parse_options(__func__, &argc, &argv, &options); if (ret !=3D 0) return (PAM_SERVICE_ERR); - + options.expose_authtok =3D 0; ret =3D _pam_exec(pamh, __func__, flags, argc, argv, &options); /* Index: pam_exec.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- pam_exec.8 (revision 348097) +++ pam_exec.8 (working copy) @@ -1,6 +1,7 @@ .\" Copyright (c) 2001,2003 Networks Associates Technology, Inc. .\" Copyright (c) 2017 Dag-Erling Sm=C3=B8rgrav .\" Copyright (c) 2018 Thomas Munro +.\" Copyright (c) 2019 Qiantan Hong .\" All rights reserved. .\" .\" Portions of this software were developed for the FreeBSD Project by --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-238041-227-9ZE65NVs1R>