projects
/
pam_pcsc_cr.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bump version
[pam_pcsc_cr.git]
/
pam_pcsc_cr.c
diff --git
a/pam_pcsc_cr.c
b/pam_pcsc_cr.c
index 5d17365b8ad2ea95f5a160566df3017a2f57d9b7..f729fad4a89b15110665620bb0bc2a44e2c473fb 100644
(file)
--- a/
pam_pcsc_cr.c
+++ b/
pam_pcsc_cr.c
@@
-156,7
+156,6
@@
pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
struct _cfg cfg = {0};
int argc, const char *argv[])
{
struct _cfg cfg = {0};
- const char *tokenid = NULL;
const char *user;
const char *password;
struct _auth_obj ao;
const char *user;
const char *password;
struct _auth_obj ao;
@@
-164,18
+163,14
@@
pam_sm_authenticate(pam_handle_t *pamh, int flags,
parse_cfg(&cfg, argc, argv);
(void)pam_set_data(pamh, "pcsc_cr_cfg_struct", &cfg, NULL);
parse_cfg(&cfg, argc, argv);
(void)pam_set_data(pamh, "pcsc_cr_cfg_struct", &cfg, NULL);
+ if (cfg.verbose) syslog(LOG_INFO, "auth with %s", PACKAGE_STRING);
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s",
pam_strerror(pamh, pam_err));
return pam_err;
}
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s",
pam_strerror(pamh, pam_err));
return pam_err;
}
- if (strspn(user, "0123456789") == strlen(user)) {
- tokenid = user;
- user = NULL;
- }
- if (cfg.verbose) syslog(LOG_DEBUG, "tokenid=\"%s\", user=\"%s\"",
- tokenid?tokenid:"<none>", user?user:"<none>");
+ if (cfg.verbose) syslog(LOG_DEBUG, "user=\"%s\"", user?user:"<none>");
if (!cfg.noaskpass) {
if ((pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
if (!cfg.noaskpass) {
if ((pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
@@
-190,14
+185,15
@@
pam_sm_authenticate(pam_handle_t *pamh, int flags,
password = "";
}
password = "";
}
- ao = authfile(
tokenid,
user, password, update_nonce,
+ ao = authfile(user, password, update_nonce,
NULL, 0, NULL, 0, token_key);
if (ao.err) {
if (cfg.verbose) syslog(LOG_INFO, "authfile: %s", ao.err);
return PAM_AUTH_ERR;
} else {
NULL, 0, NULL, 0, token_key);
if (ao.err) {
if (cfg.verbose) syslog(LOG_INFO, "authfile: %s", ao.err);
return PAM_AUTH_ERR;
} else {
- if (!user)
- pam_set_item(pamh, PAM_USER, ao.data);
+ /* Just because we can. Probably not much use for that. */
+ /* Userid written in authfile may differ from the login one. */
+ pam_set_item(pamh, PAM_USER, ao.data);
if (cfg.injectauth && ao.payload && ao.payload[0])
pam_set_item(pamh, PAM_AUTHTOK, ao.payload);
if (cfg.verbose) syslog(LOG_DEBUG, "authenticated");
if (cfg.injectauth && ao.payload && ao.payload[0])
pam_set_item(pamh, PAM_AUTHTOK, ao.payload);
if (cfg.verbose) syslog(LOG_DEBUG, "authenticated");