patchsets/pam_skey/1.1.5/04_all_haskey_error.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

skey_haskey returns 0 if the user exists, 1 if the user doesn't exist,
and -1 on file error. Distinguish between these conditions.

--- pam_skey-1.1.5/pam_skey.c
+++ pam_skey/pam_skey.c
@@ -96,7 +96,11 @@
   }
 
   /* Check whether or not this user has an S/Key */
-  if (skey_haskey(username) != 0) {
+  status = skey_haskey(username);
+  if (status == -1) {
+    syslog(LOG_ERR, "error accessing S/Key database for user [%s]", username);
+    return PAM_AUTHINFO_UNAVAIL;
+  } else if (status != 0) {
     LOGDEBUG((LOG_DEBUG, "user [%s] has no S/Key entry", username));
     return PAM_IGNORE;
   }