Closed GoogleCodeExporter closed 8 years ago
I am aware of a number of ways to get no output at all. I guess we should try
and ensure that if something unexpected happens, it does return BAD_OTP rather
than nothing.
Original comment by n...@linuxsolutions.co.nz
on 28 Jan 2013 at 8:31
Well, the main problem I find in having no output is that the application
relying on the validation server (typically, our pam-yubico) will assume
yubiserve is down which may (depending on how strict you are) trigger a
fallback policy (what we are doing in this case is allowing the login to bypass
the 2-step auth, with a broadcasted warning). Therefore, this technique is an
efficient way of bypassing the entire OTP system.
Original comment by Eltrai
on 29 Jan 2013 at 1:02
I agree we need to fix it. I had not look into the behavior of pam-yubico when
a blank response is received.
From my testing, I am getting the error with urllib.unquote_plus, where it does
not throw an exception, but seems to exit, if it is passed an empty string.
http://code.google.com/p/yubico-yubiserve/source/browse/trunk/yubiserve.py#219
In my test, I added:
if len(keyVal[0]) == 0:
print "error"
return dict
at line 218.
Original comment by glen.ogilvie@gmail.com
on 29 Jan 2013 at 2:50
I've made some changes, committed in r57 to check the input a little more and
output an error.
Please feel free to test it and find other issues, or let me know if I've
missing something.
Original comment by glen.ogilvie@gmail.com
on 29 Jan 2013 at 5:24
The patch fixes the problem for me. Thanks a lot !
Original comment by Eltrai
on 4 Feb 2013 at 2:48
patch resolves issue.
Possible redundant try / catch, line 119.
Original comment by glen.ogilvie@gmail.com
on 4 Feb 2013 at 10:33
Original issue reported on code.google.com by
Eltrai
on 28 Jan 2013 at 8:12