Группа :: Система/Основа
Пакет: pam_pkcs11
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: pam_pkcs11-0.6.9-ignore-no-card.patch
Скачать
Скачать
src/pam_pkcs11/pam_pkcs11.c | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/pam_pkcs11/pam_pkcs11.c b/src/pam_pkcs11/pam_pkcs11.c
index d6ca475..043e9fe 100644
--- a/src/pam_pkcs11/pam_pkcs11.c
+++ b/src/pam_pkcs11/pam_pkcs11.c
@@ -380,7 +380,18 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
login_token_name, &slot_num);
}
+ if (!configuration->card_only || !login_token_name) {
+ /* Allow to pass to the next module if the auth isn't
+ restricted to card only. */
+ pkcs11_pam_fail = PAM_IGNORE;
+ }
+
if (rv != 0) {
+ if (!configuration->card_only || !login_token_name) {
+ release_pkcs11_module(ph);
+ return pkcs11_pam_fail;
+ }
+
ERR("no suitable token available");
if (!configuration->quiet) {
pam_syslog(pamh, LOG_ERR, "no suitable token available");
@@ -388,14 +399,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
sleep(configuration->err_display_time);
}
- if (!configuration->card_only) {
- release_pkcs11_module(ph);
- return PAM_AUTHINFO_UNAVAIL;
- }
-
- /* we must have a smart card, either because we've configured it as such,
- * or because we used one to log in */
- if (login_token_name || configuration->wait_for_card) {
+ if (configuration->wait_for_card) {
if (login_token_name) {
pam_prompt(pamh, PAM_TEXT_INFO, NULL,
_("Please insert your smart card called \"%.32s\"."),
@@ -553,7 +557,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN"));
sleep(configuration->err_display_time);
}
- goto auth_failed_nopw;
+ goto auth_failed_wrongpw;
}
}
@@ -839,6 +843,12 @@ auth_failed_nopw:
close_pkcs11_session(ph);
release_pkcs11_module(ph);
return pkcs11_pam_fail;
+
+auth_failed_wrongpw:
+ unload_mappers();
+ close_pkcs11_session(ph);
+ release_pkcs11_module(ph);
+ return PAM_CRED_INSUFFICIENT;
}
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)