If user not exist in OPIE system, return failure immediately instead

of producing fake prompts with random numbers which can be detected by potential intruder in two tries and totally confuse non-OPIE users.
2002-01-19 10:09:05 +00:00 · 2002-01-19 10:09:05 +00:00 · 6874115893
commit 6874115893
parent 3195cd6712
1 changed files with 1 additions and 1 deletions
--- a/lib/libpam/modules/pam_opie/pam_opie.c
+++ b/lib/libpam/modules/pam_opie/pam_opie.c
@ -115,7 +115,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		       opieaccessfile((char *)rhost) &&
 		       opiealways(pwd->pw_dir);
 	} else
-		pwok = 1;
+		PAM_RETURN(PAM_AUTH_ERR);
 	for (i = 0; i < 2; i++) {
 		snprintf(prompt, sizeof prompt, promptstr[i], challenge);
 		retval = pam_get_pass(pamh, &response, prompt, &options);