Browse code

Accept empty password and/or response in auth-pam plugin

In the auth-pam plugin correctly parse the static challenge string
even when password or challenge response is empty.

Whether an empty user input is an error is determined by the PAM
conversation function depending on whether the PAM module queries
for it or not.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1533696271-21799-2-git-send-email-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17382.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Selva Nair authored on 2018/08/08 11:44:31
Showing 1 changed files
... ...
@@ -310,11 +310,11 @@ split_scrv1_password(struct user_pass *up)
310 310
     *resp++ = '\0';
311 311
 
312 312
     int n = plugin_base64_decode(pass, up->password, sizeof(up->password)-1);
313
-    if (n > 0)
313
+    if (n >= 0)
314 314
     {
315 315
         up->password[n] = '\0';
316 316
         n = plugin_base64_decode(resp, up->response, sizeof(up->response)-1);
317
-        if (n > 0)
317
+        if (n >= 0)
318 318
         {
319 319
             up->response[n] = '\0';
320 320
             if (DEBUG(up->verb))