URL: https://github.com/SSSD/sssd/pull/870 Author: sumit-bose Title: #870: pam: do not accept empty PIN Action: opened
PR body: """ The current check for an empty PIN was incomplete and if no PIN was given pam_sss should not send a request to SSSD's pam responder. This would match the behavior if a user name hint should be requested as well. Related to: https://pagure.io/SSSD/sssd/issue/4068 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/870/head:pr870 git checkout pr870
From 096ec67face02ccaf1cf5d648bfbb1360512a33a Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Tue, 20 Aug 2019 12:11:30 +0200 Subject: [PATCH] pam: do not accept empty PIN The current check for an empty PIN was incomplete and if no PIN was given pam_sss should not send a request to SSSD's pam responder. This would match the behavior if a user name hint should be requested as well. Related to: https://pagure.io/SSSD/sssd/issue/4068 --- src/sss_client/pam_sss.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index cfd3e3731d..435f72edc7 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1905,10 +1905,10 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi) } } - if (answer == NULL) { - pi->pam_authtok = NULL; - pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; - pi->pam_authtok_size=0; + if (answer == NULL || *answer == '\0') { + D(("Missing PIN.")); + ret = PAM_CRED_INSUFFICIENT; + goto done; } else { ret = sss_auth_pack_sc_blob(answer, 0, cai->token_name, 0,
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org