Update pam_p11.c - key_login always succeed

key_login always succeed even if PIN input was incorrect. r = PAM_SUCCESS prior to key_login and didn't get changed to a failure if key_login failed.
OpenSC · Oct 25, 2023 · eadb0a2 · eadb0a2
1 parent ba24317
commit eadb0a2
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/pam_p11.c b/src/pam_p11.c
@@ -699,8 +699,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
 		goto err;
 	}
 
-	if (1 != key_login(pamh, flags, authslot, pin_regex))
+	if (1 != key_login(pamh, flags, authslot, pin_regex)) {
+		r = PAM_AUTH_ERR;
 		goto err;
+	}
 
 	if (authkey == NULL && authcert) {
 		if (NULL == (authkey = PKCS11_find_key(authcert))) {