More robust error handling. Updated pam_sm_setcred.

Handle issues with getting data from PAM more robustly. Change
pam_sm_setcred to return PAM_SUCCESS for now.

1 files changed, 11 insertions, 4 deletions

diff --git a/pam/pam_mfa.c b/pam/pam_mfa.c
index 7e71856..e366510 100644
--- a/pam/pam_mfa.c
+++ b/pam/pam_mfa.c
@@ -6,6 +6,7 @@
 #include <stdio.h>
 #include <stdbool.h>
 #include <syslog.h>
+#include <sys/types.h>
 
 #include <security/pam_modutil.h>
 #include <security/pam_modules.h>
@@ -15,13 +16,19 @@
 
 int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** argv) {
         int retval;
-        const char *user = NULL;
+        const char *user;
         const char *service;
         FILE *fp;
 
         // Get user and service
-        pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
-        pam_get_user(pamh, &user, NULL);
+        if (pam_get_item(pamh, PAM_USER, (const void **) &user) != PAM_SUCCESS || user == NULL) {
+                        pam_syslog(pamh,LOG_ERR,"unable to get ruser");
+                        return PAM_AUTHINFO_UNAVAIL;
+        }
+        if (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) != PAM_SUCCESS || service == NULL)  {
+                        pam_syslog(pamh,LOG_ERR,"unable to get service");
+                        return PAM_AUTHINFO_UNAVAIL;
+        }
 
         // Build command line
         int cmdsize = 256;
@@ -56,5 +63,5 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** ar
 }
 
 int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char** argv) {
-        return PAM_IGNORE;
+        return PAM_SUCCESS;
 }