From c553506a3af32e15391de30fa32ac332ef8250a6 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sat, 2 Jul 2022 16:01:52 -0400 Subject: More robust error handling. Updated pam_sm_setcred. Handle issues with getting data from PAM more robustly. Change pam_sm_setcred to return PAM_SUCCESS for now. --- pam/pam_mfa.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/pam/pam_mfa.c b/pam/pam_mfa.c index 7e71856..e366510 100644 --- a/pam/pam_mfa.c +++ b/pam/pam_mfa.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include @@ -15,13 +16,19 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** argv) { int retval; - const char *user = NULL; + const char *user; const char *service; FILE *fp; // Get user and service - pam_get_item(pamh, PAM_SERVICE, (const void **) &service); - pam_get_user(pamh, &user, NULL); + if (pam_get_item(pamh, PAM_USER, (const void **) &user) != PAM_SUCCESS || user == NULL) { + pam_syslog(pamh,LOG_ERR,"unable to get ruser"); + return PAM_AUTHINFO_UNAVAIL; + } + if (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) != PAM_SUCCESS || service == NULL) { + pam_syslog(pamh,LOG_ERR,"unable to get service"); + return PAM_AUTHINFO_UNAVAIL; + } // Build command line int cmdsize = 256; @@ -56,5 +63,5 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** ar } int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char** argv) { - return PAM_IGNORE; + return PAM_SUCCESS; } -- cgit v1.2.3