diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-07-17 12:14:13 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-07-17 12:14:13 -0400 |
commit | acb490bd01235511294ecb6b23750e648e48f7dc (patch) | |
tree | e6f9d2435e0f881132c621add6396119d0ba97dc /src/plugins | |
parent | ea29df4d93b1b7b384c15f39a4ee20be3e0991ac (diff) | |
download | krb5-acb490bd01235511294ecb6b23750e648e48f7dc.tar.gz krb5-acb490bd01235511294ecb6b23750e648e48f7dc.tar.xz krb5-acb490bd01235511294ecb6b23750e648e48f7dc.zip |
Fix OTP KDC module get_string error handling
If cb->get_string returns 0 with no result in otp_edata, make sure we
set retval to avoid sending an empty OTP hint. If cb->get_string
returns an error code in otp_verify, avoid masking that code.
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/preauth/otp/main.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c index 2f7470e114..bf9c6a89f6 100644 --- a/src/plugins/preauth/otp/main.c +++ b/src/plugins/preauth/otp/main.c @@ -204,7 +204,9 @@ otp_edata(krb5_context context, krb5_kdc_req *request, /* Determine if otp is enabled for the user. */ retval = cb->get_string(context, rock, "otp", &config); - if (retval != 0 || config == NULL) + if (retval == 0 && config == NULL) + retval = ENOENT; + if (retval != 0) goto out; cb->free_string(context, rock, config); @@ -305,7 +307,7 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request, /* Get the principal's OTP configuration string. */ retval = cb->get_string(context, rock, "otp", &config); - if (config == NULL) + if (retval == 0 && config == NULL) retval = KRB5_PREAUTH_FAILED; if (retval != 0) { free(rs); |