diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-02 00:09:48 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-05-06 14:00:06 +0000 |
| commit | 23055e912682326d52c2cbba253b73292e591b46 (patch) | |
| tree | 3527dae82ea878bb8a769d2af41964b7a7b18947 /libpam | |
| parent | c2c601f5340a59c5c62193d55b555d384380ea38 (diff) | |
pam_get_user: do not override valid values returned by the conversation function
When the conversation function returned a value different from
PAM_CONV_AGAIN and provided no response, pam_get_user used to replace
the return value with PAM_CONV_ERR. Fix this and replace the return
value only if it was PAM_SUCCESS.
* libpam/pam_item.c (pam_get_user): Do not override valid values
returned by the conversation function.
Diffstat (limited to 'libpam')
| -rw-r--r-- | libpam/pam_item.c | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/libpam/pam_item.c b/libpam/pam_item.c index 4cca6d9b..d6af710b 100644 --- a/libpam/pam_item.c +++ b/libpam/pam_item.c @@ -353,28 +353,32 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) retval = PAM_CONV_ERR; } - if (retval == PAM_CONV_AGAIN) { - /* conversation function is waiting for an event - save state */ - D(("conversation function is not ready yet")); - pamh->former.want_user = PAM_TRUE; - pamh->former.prompt = _pam_strdup(use_prompt); - } else if (resp == NULL || resp->resp == NULL) { - /* - * conversation should have given a response - */ - D(("pam_get_user: no response provided")); - retval = PAM_CONV_ERR; - pamh->former.fail_user = retval; - } else if (retval == PAM_SUCCESS) { /* copy the username */ - /* - * now we set the PAM_USER item -- this was missing from pre.53 - * releases. However, reading the Sun manual, it is part of - * the standard API. - */ - retval = pam_set_item(pamh, PAM_USER, resp->resp); - *user = pamh->user; - } else - pamh->former.fail_user = retval; + switch (retval) { + case PAM_CONV_AGAIN: + /* conversation function is waiting for an event - save state */ + D(("conversation function is not ready yet")); + pamh->former.want_user = PAM_TRUE; + pamh->former.prompt = _pam_strdup(use_prompt); + break; + case PAM_SUCCESS: + if (resp != NULL && resp->resp != NULL) { + /* + * now we set the PAM_USER item -- this was missing from pre.53 + * releases. However, reading the Sun manual, it is part of + * the standard API. + */ + retval = pam_set_item(pamh, PAM_USER, resp->resp); + *user = pamh->user; + break; + } else { + /* conversation should have given a response */ + D(("pam_get_user: no response provided")); + retval = PAM_CONV_ERR; + } + /* fallthrough */ + default: + pamh->former.fail_user = retval; + } if (resp) { if (retval != PAM_SUCCESS) |