michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-03-20 08:40:24 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix to prevent logging when empty 2FA token is sent 511e70aa97

Browse Source
This commit is contained in:
Ilia Rostovtsev
2020-10-15 13:19:07 +03:00
parent 511e70aa97
commit b68a47fa0d
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
miniserv.pl
View File

@@ -1838,6 +1838,7 @@ if ($config{'userfile'}) {
$vu, 'twofactor',
$loghost, $localip);
$twofactor_msg = $err;
$nologf = 1 if (!$in{'twofactor'});
$vu = undef;
}
}
@@ -1845,7 +1846,7 @@ if ($config{'userfile'}) {
local $hrv = &handle_login(
$vu || $in{'user'}, $vu ? 1 : 0,
$expired, $nonexist, $in{'pass'},
$in{'notestingcookie'});
$in{'notestingcookie'}, $nologf);
return $hrv if (defined($hrv));
}
}
@@ -4101,11 +4102,11 @@ if (!$sid && !$force_urandom) {
return $sid;
}
# handle_login(username, ok, expired, not-exists, password, [no-test-cookie])
# handle_login(username, ok, expired, not-exists, password, [no-test-cookie], [no-log])
# Called from handle_session to either mark a user as logged in, or not
sub handle_login
{
local ($vu, $ok, $expired, $nonexist, $pass, $notest) = @_;
local ($vu, $ok, $expired, $nonexist, $pass, $notest, $nologf) = @_;
$authuser = $vu if ($ok);
# check if the test cookie is set
@@ -4222,7 +4223,7 @@ else {
($nonexist ? "Non-existent" :
$expired ? "Expired" : "Invalid").
" login as $vu from $loghost")
if ($use_syslog);
if ($use_syslog && !$nologf);
}
return undef;
}