Changeset 802 in openpam
- Timestamp:
- Sep 9, 2014, 8:08:13 AM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/libpam/openpam_dispatch.c
r649 r802 64 64 { 65 65 pam_chain_t *chain; 66 int err, fail, r;66 int err, fail, nsuccess, r; 67 67 int debug; 68 68 … … 102 102 103 103 /* execute */ 104 for (err = fail = 0; chain != NULL; chain = chain->next) { 104 err = PAM_SUCCESS; 105 fail = nsuccess = 0; 106 for (; chain != NULL; chain = chain->next) { 105 107 if (chain->module->func[primitive] == NULL) { 106 108 openpam_log(PAM_LOG_ERROR, "%s: no %s()", … … 127 129 if (r == PAM_IGNORE) 128 130 continue; 129 if (r == PAM_SUCCESS) { 131 if (r == PAM_SUCCESS) { 132 ++nsuccess; 130 133 /* 131 134 * For pam_setcred() and pam_chauthtok() with the … … 149 152 * return code from the first required module to fail. 150 153 */ 151 if (err == 0)154 if (err == PAM_SUCCESS) 152 155 err = r; 153 156 if ((chain->flag == PAM_REQUIRED || … … 171 174 if (!fail && err != PAM_NEW_AUTHTOK_REQD) 172 175 err = PAM_SUCCESS; 176 177 /* 178 * Require the chain to be non-empty, and at least one module 179 * in the chain to be successful, so that we don't fail open. 180 */ 181 if (err == PAM_SUCCESS && nsuccess < 1) { 182 openpam_log(PAM_LOG_ERROR, 183 "all modules were unsuccessful for %s()", 184 pam_sm_func_name[primitive]); 185 err = PAM_SYSTEM_ERR; 186 } 187 173 188 RETURNC(err); 174 189 }
Note: See TracChangeset
for help on using the changeset viewer.