From 26523a7ce6ea18e8cad7aa3b40333f7f1f1da9ac Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Thu, 28 Jul 2005 01:14:14 +0000
Subject: [PATCH] Fix securid5 authentication, was not checking for ACM_OK. 
 Also add default cases for the two switch()es.  Problem noted by ccon at
 worldbank

---
 auth/securid5.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/auth/securid5.c b/auth/securid5.c
index a9a9bf76e..97d7b12ce 100644
--- a/auth/securid5.c
+++ b/auth/securid5.c
@@ -121,6 +121,10 @@ securid_setup(pw, promptp, auth)
     retval = SD_Lock(*sd, pw->pw_name);
 
     switch (retval) {
+	case ACM_OK:
+		warningx("User ID locked for SecurID Authentication");
+		return(AUTH_SUCCESS);
+
         case ACE_UNDEFINED_USERNAME:
 		warningx("invalid username length for SecurID");
 		return(AUTH_FATAL);
@@ -133,9 +137,9 @@ securid_setup(pw, promptp, auth)
 		warningx("SecurID communication failed");
 		return(AUTH_FATAL);
 
-	case ACM_OK:
-		warningx("User ID locked for SecurID Authentication");
-		return(AUTH_SUCCESS);
+	default:
+		warningx("unknown SecurID error");
+		return(AUTH_FATAL);
 	}
 }
 
@@ -165,6 +169,10 @@ securid_verify(pw, pass, auth)
 
     /* Have ACE verify password */
     switch (SD_Check(*sd, pass, pw->pw_name)) {
+	case ACM_OK:
+		rval = AUTH_SUCESS;
+		break;
+
 	case ACE_UNDEFINED_PASSCODE:
 		warningx("invalid passcode length for SecurID");
 		rval = AUTH_FATAL;
@@ -178,6 +186,7 @@ securid_verify(pw, pass, auth)
 	case ACE_ERR_INVALID_HANDLE:
 		warningx("invalid Authentication Handle for SecurID");
 		rval = AUTH_FATAL;
+		break;
 
 	case ACM_ACCESS_DENIED:
 		rval = AUTH_FAILURE;
@@ -212,6 +221,11 @@ then enter the new token code.\n", \
 		fprintf(stderr, "Please set up a PIN before you try to authenticate.\n");
 		rval = AUTH_FATAL;
 		break;
+
+	default:
+		warningx("unknown SecurID error");
+		rval = AUTH_FATAL;
+		break;
     }
 
     /* Free resources */
-- 
2.40.0