Re: [OATH-Toolkit-help] OATH_PRINTF_ERROR with more than one user in users.oath

Tue, 03 Apr 2012 06:14:53 -0700 

Fredrik Lindgren <[email protected]> writes:

> Not really sure what 'make' tool it is. It's the one included in
> FreeBSD 9.0.
>
> I removed the offending line from the Makefile and the compile
> succeded.

Great.

> However, I'm afraid that it didn't solve the printf problem:
>
>
> [pam_oath.c:parse_cfg(118)] called.
> [pam_oath.c:parse_cfg(119)] flags 0 argc 2
> [pam_oath.c:parse_cfg(121)] argv[0]=debug
> [pam_oath.c:parse_cfg(121)] argv[1]=usersfile=/etc/users.oath
> [pam_oath.c:parse_cfg(122)] debug=1
> [pam_oath.c:parse_cfg(123)] alwaysok=0
> [pam_oath.c:parse_cfg(124)] try_first_pass=0
> [pam_oath.c:parse_cfg(125)] use_first_pass=0
> [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath
> [pam_oath.c:parse_cfg(127)] digits=0
> [pam_oath.c:parse_cfg(128)] window=5
> [pam_oath.c:pam_sm_authenticate(157)] get user returned: root
> One-time password (OATH) for `root':
> [pam_oath.c:pam_sm_authenticate(232)] conv returned: 028852
> [pam_oath.c:pam_sm_authenticate(291)] OTP: 028852
> [pam_oath.c:pam_sm_authenticate(301)] authenticate rc -3 
> (OATH_PRINTF_ERROR: Error from system printf call) last otp Sun Mar 18
> 10:54:53 2012
>
> [pam_oath.c:pam_sm_authenticate(306)] One-time password not authorized
> to login as user 'root'
> [pam_oath.c:pam_sm_authenticate(322)] done. [authentication error]
> su: Sorry

Did the code pass 'make check' when run as root?

Debugging this, "authenticate rc -3" means that
oath_authenticate_usersfile returned OATH_PRINTF_ERROR.  That error is
only returned in one of five places in the library.

Could you try to modify each place in liboath/usersfile.c where
OATH_PRINTF_ERROR is returned so it returns a unique error code, and
then retry and show me the output again?  That is, make the following
changes:

224:      if (r <= 0)
225:        return OATH_PRINTF_ERROR;

modify line 225 into 'return 4711;'

240:  if (r <= 0)
241:    return OATH_PRINTF_ERROR;

modify line 241 into 'return 4712;'

274:    if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
275:      return OATH_PRINTF_ERROR;

modify line 275 into 'return 4713;'

313:    free (lockfile);
314:    return OATH_PRINTF_ERROR;

modify line 314 into 'return 4714;'

Also modify liboath/hotp.c like this:

127:    if (len <= 0 || ((unsigned) len) != digits)
128:      return OATH_PRINTF_ERROR;

modify line 128 into 'return 4715;'

Then rebuild and install the library, re-run the 'su' and tell me which
rc number you get.

Thanks,
/Simon

Reply via email to