From 996a845863c39e61e5d7f7fc5c7ffd17cd5d3d6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 7 Dec 2011 01:28:05 +0000 Subject: [PATCH] Report an error if one of the modules in the chain does not implement the requested primitive. This is a significant change, but it should only affect poorly-written PAM modules, and the alternative is a potential fail-open situation. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@501 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- lib/openpam_dispatch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/openpam_dispatch.c b/lib/openpam_dispatch.c index 4dca173..d95ed1e 100644 --- a/lib/openpam_dispatch.c +++ b/lib/openpam_dispatch.c @@ -105,7 +105,7 @@ openpam_dispatch(pam_handle_t *pamh, if (chain->module->func[primitive] == NULL) { openpam_log(PAM_LOG_ERROR, "%s: no %s()", chain->module->path, pam_sm_func_name[primitive]); - continue; + r = PAM_SYSTEM_ERR; } else { pamh->primitive = primitive; pamh->current = chain;