diff options
author | Fabiano FidĂȘncio <fidencio@redhat.com> | 2017-10-06 13:04:15 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-10-09 10:03:15 +0200 |
commit | 82464078c0d38421b788393838ebfa401aa1391e (patch) | |
tree | e9033cee8761f1ddb013d6438f96afa0d32166fc | |
parent | 381bc154ef06fd3cc0660ce0fd62504367f420f5 (diff) | |
download | sssd-82464078c0d38421b788393838ebfa401aa1391e.tar.gz sssd-82464078c0d38421b788393838ebfa401aa1391e.tar.xz sssd-82464078c0d38421b788393838ebfa401aa1391e.zip |
PAM: Avoid overwriting pam_status in _lookup_by_cert_done()
In case add_pam_cert_response() failed pam_status has to be set to
PAM_AUTHINFO_UNAVAIL. Although it's done properly in the code,
pam_status was overwritten just after the if block with PAM_SUCCESS.
The original faulty code was added as part of 32474fa2f0.
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 7081aacfd..51d818565 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1568,12 +1568,12 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) preq->module_name, preq->key_id, SSS_PAM_CERT_INFO_WITH_HINT); + preq->pd->pam_status = PAM_SUCCESS; if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "add_pam_cert_response failed.\n"); preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL; } ret = EOK; - preq->pd->pam_status = PAM_SUCCESS; pam_reply(preq); goto done; } |