diff options
| author | Alan T. DeKok <aland@freeradius.org> | 2015-07-09 10:10:57 -0400 |
|---|---|---|
| committer | Alan T. DeKok <aland@freeradius.org> | 2015-07-09 10:10:57 -0400 |
| commit | 86bb0ee4f938c85d74e64b01559a433554ad1ad6 (patch) | |
| tree | 0b9f084d9485be9803bf2e7edda378ae5ff3765b | |
| parent | 01173ec2426627dbb1e0d96c06c3ffa0b14d36d0 (diff) | |
| download | libpam-radius-auth-86bb0ee4f938c85d74e64b01559a433554ad1ad6.tar.gz libpam-radius-auth-86bb0ee4f938c85d74e64b01559a433554ad1ad6.zip | |
Send password to next layer on fail, too
| -rw-r--r-- | src/pam_radius_auth.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/src/pam_radius_auth.c b/src/pam_radius_auth.c index 396d1cf..4f165ed 100644 --- a/src/pam_radius_auth.c +++ b/src/pam_radius_auth.c @@ -1123,7 +1123,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST c /* now we've got a socket open, so we've got to clean it up on error */ #undef PAM_FAIL_CHECK -#define PAM_FAIL_CHECK if (retval != PAM_SUCCESS) {goto error; } +#define PAM_FAIL_CHECK if (retval != PAM_SUCCESS) {goto do_next; } /* build and initialize the RADIUS packet */ request->code = PW_AUTHENTICATION_REQUEST; @@ -1146,7 +1146,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST c if (!password) { if (ctrl & PAM_USE_FIRST_PASS) { retval = PAM_AUTH_ERR; /* use one pass only, stopping if it fails */ - goto error; + goto do_next; } /* check to see if we send a NULL password the first time around */ @@ -1198,7 +1198,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST c /* Actually, State isn't required. */ _pam_log(LOG_ERR, "RADIUS Access-Challenge received with State or Reply-Message missing"); retval = PAM_AUTHINFO_UNAVAIL; - goto error; + goto do_next; } /* @@ -1207,7 +1207,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST c if ((a_state->length <= 2) || (a_reply->length <= 2)) { _pam_log(LOG_ERR, "RADIUS Access-Challenge received with invalid State or Reply-Message"); retval = PAM_AUTHINFO_UNAVAIL; - goto error; + goto do_next; } memcpy(challenge, a_reply->data, a_reply->length - 2); @@ -1253,12 +1253,12 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,CONST c retval = PAM_SUCCESS; } else { retval = PAM_AUTH_ERR; /* authentication failure */ + } -error: - /* If there was a password pass it to the next layer */ - if (password && *password) { - pam_set_item(pamh, PAM_AUTHTOK, password); - } +do_next: + /* If there was a password pass it to the next layer */ + if (password && *password) { + pam_set_item(pamh, PAM_AUTHTOK, password); } DPRINT(LOG_DEBUG, "authentication %s", retval==PAM_SUCCESS ? "succeeded":"failed"); |