fix: ignore compare error if password is typed

boltgolt · Jun 19, 2023 · 24a9027 · 24a9027
1 parent 30728a6
commit 24a9027
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/howdy/src/pam/main.cc b/howdy/src/pam/main.cc
@@ -310,9 +310,11 @@ auto identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
     return std::tuple<int, char *>(pam_res, auth_tok_ptr);
   });
 
+  auto ask_pass = auth_tok && workaround != Workaround::Off;
+
   // We ask for the password if the function requires it and if a workaround is
   // set
-  if (auth_tok && workaround != Workaround::Off) {
+  if (ask_pass) {
     pass_task.activate();
   }
 
@@ -350,23 +352,23 @@ auto identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
   int status = child_task.get();
 
   // If python process ran into a timeout
-  // Do not send enter presses or terminate the PAM function, as the user might still be typing their password
-  if (WEXITSTATUS(status) == CompareError::TIMEOUT_REACHED && WIFEXITED(status)) {
+  // Do not send enter presses or terminate the PAM function, as the user might
+  // still be typing their password
+  if (WIFEXITED(status) && WEXITSTATUS(status) != EXIT_SUCCESS && ask_pass) {
     // Wait for the password to be typed
     pass_task.stop(false);
 
     char *password = nullptr;
     std::tie(pam_res, password) = pass_task.get();
 
     if (pam_res != PAM_SUCCESS) {
-      return pam_res;
+      return howdy_status(username, status, config, conv_function);
     }
 
     // The password has been entered, we are passing it to PAM stack
     return PAM_IGNORE;
   }
 
-
   // We want to stop the password prompt, either by canceling the thread when
   // workaround is set to "native", or by emulating "Enter" input with
   // "input"