From owner-freebsd-bugs Sat Sep 1 7: 0:10 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 300FB37B40D for ; Sat, 1 Sep 2001 07:00:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f81E01R36565; Sat, 1 Sep 2001 07:00:01 -0700 (PDT) (envelope-from gnats) Received: from cm.dnsalias.com (c213.89.80.24.cm-upc.chello.se [213.89.80.24]) by hub.freebsd.org (Postfix) with ESMTP id 5981337B408 for ; Sat, 1 Sep 2001 06:51:06 -0700 (PDT) Received: from odin.localnet (odin.localnet [192.168.1.1]) by garm.localnet (8.10.1/8.10.1) with ESMTP id f7UGFMq08261 for ; Thu, 30 Aug 2001 18:15:23 +0200 (CEST) Received: (from gunnark@localhost) by odin.localnet (8.11.6/8.11.5) id f7UGFOm11335; Thu, 30 Aug 2001 18:15:24 +0200 (CEST) (envelope-from gunnark) Message-Id: <200108301615.f7UGFOm11335@odin.localnet> Date: Thu, 30 Aug 2001 18:15:24 +0200 (CEST) From: Gunnar Kreitz Reply-To: Gunnar Kreitz To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: misc/30250: [PATCH] pam_opie makes authorization fail, despite correct OTP Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 30250 >Category: misc >Synopsis: [PATCH] pam_opie makes authorization fail, despite correct OTP >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 01 07:00:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Gunnar Kreitz >Release: FreeBSD 5.0-CURRENT i386 >Organization: N/A >Environment: System: FreeBSD odin.localnet 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Wed Aug 29 21:25:54 CEST 2001 gunnark@odin.localnet:/usr/obj/usr/src/sys/ODIN i386 >Description: pam_opie makes authentication fail, despite correct OTP. When debug option is added in /etc/pam.conf it logs returning PAM_SUCCESS from pam_sm_authenticate but behaves as if PAM_AUTH_ERR was returned. I belive this comes from the fact that the argument to the macro PAM_RETURN is evaulated twice and the check fails the second time around because, as the comment it above states: "[...] because opieverify mucks with it [its arguments]". >How-To-Repeat: Enable pam_opie.so for authentication in /etc/pam.conf. Type in correct OTP. 8) >Fix: Apply this diff. It also makes the calls to pam_std_option in ..._authenticate and ..._setcred symmetric, which I belive they should be. That part of the patch is not relevant to the problem but should probably be included in the cvs tree anyway. --- pam_opie.diff begins here --- Index: pam_opie.c =================================================================== RCS file: /home/ncvs/src/lib/libpam/modules/pam_opie/pam_opie.c,v retrieving revision 1.4 diff -u -r1.4 pam_opie.c --- pam_opie.c 2001/08/10 19:12:58 1.4 +++ pam_opie.c 2001/08/30 15:47:15 @@ -118,7 +118,8 @@ * it expects. Thus we can't log an error and can only check for * success or lack thereof. */ - PAM_RETURN(opieverify(&opie, resp) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR); + retval = (opieverify(&opie, resp) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR); + PAM_RETURN(retval); } PAM_EXTERN int @@ -126,7 +127,7 @@ { struct options options; - pam_std_option(&options, NULL, argc, argv); + pam_std_option(&options, other_options, argc, argv); PAM_LOG("Options processed"); --- pam_opie.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message