Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37040264
en ru br
Репозитории ALT
S:0.6.12.1-alt1
5.1: 0.6.1-alt5
www.altlinux.org/Changes

Группа :: Система/Основа
Пакет: pam_pkcs11

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: pam_pkcs11-0.6.9-ignore-no-card.patch
Скачать


 src/pam_pkcs11/pam_pkcs11.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/pam_pkcs11/pam_pkcs11.c b/src/pam_pkcs11/pam_pkcs11.c
index d6ca475..043e9fe 100644
--- a/src/pam_pkcs11/pam_pkcs11.c
+++ b/src/pam_pkcs11/pam_pkcs11.c
@@ -380,7 +380,18 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
                                      login_token_name, &slot_num);
   }
 
+  if (!configuration->card_only || !login_token_name) {
+	  /* Allow to pass to the next module if the auth isn't
+         restricted to card only. */
+      pkcs11_pam_fail = PAM_IGNORE;
+  }
+
   if (rv != 0) {
+    if (!configuration->card_only || !login_token_name) {
+      release_pkcs11_module(ph);
+      return pkcs11_pam_fail;
+    }
+
     ERR("no suitable token available");
     if (!configuration->quiet) {
 		pam_syslog(pamh, LOG_ERR, "no suitable token available");
@@ -388,14 +399,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
 		sleep(configuration->err_display_time);
 	}
 
-    if (!configuration->card_only) {
-      release_pkcs11_module(ph);
-      return PAM_AUTHINFO_UNAVAIL;
-    }
-
-    /* we must have a smart card, either because we've configured it as such,
-     * or because we used one to log in */
-    if (login_token_name || configuration->wait_for_card) {
+    if (configuration->wait_for_card) {
       if (login_token_name) {
         pam_prompt(pamh, PAM_TEXT_INFO, NULL,
 			_("Please insert your smart card called \"%.32s\"."),
@@ -553,7 +557,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
 			pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN"));
 			sleep(configuration->err_display_time);
 		}
-      goto auth_failed_nopw;
+      goto auth_failed_wrongpw;
     }
   }
 
@@ -839,6 +843,12 @@ auth_failed_nopw:
     close_pkcs11_session(ph);
     release_pkcs11_module(ph);
     return pkcs11_pam_fail;
+
+auth_failed_wrongpw:
+    unload_mappers();
+    close_pkcs11_session(ph);
+    release_pkcs11_module(ph);
+    return PAM_CRED_INSUFFICIENT;
 }
 
 PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin