On Mon, Jan 21, 2002 at 18:01:45 +0100, Dag-Erling Smorgrav wrote:
> 3) in pam_opie(8), return PAM_AUTH_ERR if no_fake_prompts was
> specified and the user hasn't set up OPIE.
We can speed up pam_opie by saving one opielookup() call in this way:
/*
* Don't call the OPIE atexit() handler when our program exits,
* since the module has been unloaded and we will SEGV.
*/
opiedisableaeh();
/*
* If the no_fake_prompts option was given, and the user
* doesn't have an OPIE key, just fail rather than present the
* user with a bogus OPIE challenge.
*/
/* XXX generates a const warning because of incorrect prototype */
if (opiechallenge(&opie, (char *)user, challenge) != 0 &&
pam_test_option(&options, PAM_OPT_NO_FAKE_PROMPTS, NULL))
PAM_RETURN(PAM_AUTH_ERR);
/*
* It doesn't make sense to use a password that has already been
* typed in, since we haven't presented the challenge to the user
* yet, so clear the stored password.
*/
pam_set_item(pamh, PAM_AUTHTOK, NULL);
for (i = 0; i < 2; i++) {
snprintf(prompt, sizeof prompt, promptstr[i], challenge);
--
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
