+/*
+Copyright (c) 2013 Eugene Crosser
+
+This software is provided 'as-is', without any express or implied
+warranty. In no event will the authors be held liable for any damages
+arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+ 1. The origin of this software must not be misrepresented; you must
+ not claim that you wrote the original software. If you use this
+ software in a product, an acknowledgment in the product documentation
+ would be appreciated but is not required.
+
+ 2. Altered source versions must be plainly marked as such, and must
+ not be misrepresented as being the original software.
+
+ 3. This notice may not be removed or altered from any source
+ distribution.
+*/
+
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
}
struct _cfg {
+ int noaskpass;
int verbose;
+ int injectauth;
};
void parse_cfg(struct _cfg * const cfg, int argc, const char *argv[])
int i;
for (i = 0; i < argc; i++) {
+ if (cfg->verbose) syslog(LOG_DEBUG, "arg: \"%s\"", argv[i]);
if (strchr(argv[i],':') && strchr(argv[i],'='))
pcsc_option(argv[i]);
else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1;
+ else if (!strcmp(argv[i], "noaskpass")) cfg->noaskpass = 1;
+ else if (!strcmp(argv[i], "injectauth")) cfg->injectauth = 1;
+ else if (!strncmp(argv[i], "path=", 5))
+ authfile_template(argv[i]+5);
}
}
pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
- struct _cfg cfg;
+ struct _cfg cfg = {0};
const char *tokenid = NULL;
const char *user;
const char *password;
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s",
pam_strerror(pamh, pam_err));
- return (pam_err);
+ return pam_err;
}
if (strspn(user, "0123456789") == strlen(user)) {
tokenid = user;
user = NULL;
}
- if (flags & PAM_DISALLOW_NULL_AUTHTOK) {
- if ((pam_err = pam_get_item(pamh, PAM_AUTHTOK,
- (const void **)&password))) {
+ if (!cfg.noaskpass) {
+#ifdef _OPENPAM
+ pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
+ (const char **)&password, NULL);
+#else
+ struct pam_conv *conv;
+ struct pam_message msg;
+ const struct pam_message *msgp;
+ struct pam_response *resp;
+
+ if ((pam_err = pam_get_item(pamh, PAM_CONV,
+ (const void **)&conv))) {
if (cfg.verbose) syslog(LOG_ERR,
- "get_authtok failed: %s",
+ "get_item failed: %s",
pam_strerror(pamh, pam_err));
- return (pam_err);
+ return pam_err;
}
+ msg.msg_style = PAM_PROMPT_ECHO_OFF;
+ msg.msg = "Token password:";
+ msgp = &msg;
+ resp = NULL;
+ pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
+ if (resp != NULL) {
+ if (pam_err == PAM_SUCCESS) password = resp->resp;
+ else free(resp->resp);
+ free(resp);
+ }
+#endif
+ if (pam_err) return pam_err;
} else {
password = "";
}
} else {
if (!user)
pam_set_item(pamh, PAM_USER, ao.data);
- if (ao.payload && ao.payload[0])
+ if (cfg.injectauth && ao.payload && ao.payload[0])
pam_set_item(pamh, PAM_AUTHTOK, ao.payload);
return PAM_SUCCESS;
}
projects / pam_pcsc_cr.git / blobdiff