#ifdef __GNUC__
__attribute__ ((unused))
#endif
+ int auth_rc,
+#ifdef __GNUC__
+__attribute__ ((unused))
+#endif
const char *log_prefix)
{
return 0;
const char *);
static int cryptocard_updatecsd(const otp_user_info_t *, otp_user_state_t *,
const char [OTP_MAX_CHALLENGE_LEN + 1],
- unsigned, time_t, const char *);
+ unsigned, time_t, int, const char *);
static int cryptocard_nexttwin(int);
static int cryptocard_maxtwin(const otp_user_info_t *,
const char [OTP_MAX_CSD_LEN + 1], time_t);
/* Set fc (failcondition). */
if (opt->hardfail && user_state.failcount >= (unsigned) opt->hardfail) {
+ /* NOTE: persistent softfail stops working */
fc = OTP_FC_FAIL_HARD;
+ } else if (opt->softfail && user_state.authtime == INT32_MAX) {
+ fc = OTP_FC_FAIL_SOFT;
} else if (opt->softfail &&
user_state.failcount >= (unsigned) opt->softfail) {
uint32_t when;
/* update csd on successful auth or rwindow candidate */
(void) strcpy(user_state.csd, csd);
if (user_info.cardops->updatecsd(&user_info, &user_state, challenge,
- t, now, log_prefix) != 0) {
+ t, now, rc, log_prefix) != 0) {
otp_log(OTP_LOG_ERR, "%s: unable to update csd for [%s]",
log_prefix, username);
rc = OTP_RC_SERVICE_ERR;
char [OTP_MAX_RESPONSE_LEN + 1], const char *);
int (*updatecsd)(const otp_user_info_t *, otp_user_state_t *,
const char [OTP_MAX_CHALLENGE_LEN + 1],
- unsigned, time_t, const char *);
+ unsigned, time_t, int, const char *);
int (*nexttwin)(int);
int (*maxtwin)(const otp_user_info_t *, const char [OTP_MAX_CSD_LEN + 1],
time_t);