#endif
static struct _auth_chunk
-token_key(const unsigned char *challenge, const int challengesize)
+token_key(const unsigned char *challenge, const size_t challengesize)
{
struct _auth_chunk ho = {0};
long rc;
- int keysize = sizeof(ho.data);
+ size_t keysize = sizeof(ho.data);
if ((rc = pcsc_cr(challenge, challengesize, ho.data, &keysize))) {
ho.err = pcsc_errstr(rc);
return ho;
}
-static void update_nonce(char *nonce, const int nonsize)
+static void update_nonce(char *nonce, const size_t nonsize)
{
int n = 0;
int i;
for (i = 0; i < argc; i++) {
- if (cfg->verbose) syslog(LOG_DEBUG, "arg: \"%s\"", argv[i]);
- if (strchr(argv[i],':') && strchr(argv[i],'='))
- pcsc_option(argv[i]);
- else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1;
+ if (strchr(argv[i],':') && strchr(argv[i],'=')) {
+ if (pcsc_option(argv[i]))
+ syslog(LOG_ERR,
+ "unrecognized pcsc backedn option \"%s\"",
+ argv[i]);
+ } else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1;
else if (!strcmp(argv[i], "noaskpass")) cfg->noaskpass = 1;
else if (!strcmp(argv[i], "injectauth")) cfg->injectauth = 1;
else if (!strncmp(argv[i], "path=", 5))
authfile_template(argv[i]+5);
+ else syslog(LOG_ERR, "unrecognized arg: \"%s\"", argv[i]);
+
+ if (cfg->verbose) syslog(LOG_DEBUG, "arg: \"%s\"", argv[i]);
}
}
int argc, const char *argv[])
{
struct _cfg cfg = {0};
- const char *tokenid = NULL;
const char *user;
const char *password;
struct _auth_obj ao;
parse_cfg(&cfg, argc, argv);
(void)pam_set_data(pamh, "pcsc_cr_cfg_struct", &cfg, NULL);
+ if (cfg.verbose) syslog(LOG_INFO, "auth with %s", PACKAGE_STRING);
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s",
pam_strerror(pamh, pam_err));
return pam_err;
}
- if (strspn(user, "0123456789") == strlen(user)) {
- tokenid = user;
- user = NULL;
- }
+ if (cfg.verbose) syslog(LOG_DEBUG, "user=\"%s\"", user?user:"<none>");
if (!cfg.noaskpass) {
if ((pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
password = "";
}
- ao = authfile(tokenid, user, password, update_nonce,
- NULL, 0, NULL, 0, token_key);
+ ao = authfile(user, password, update_nonce,
+ NULL, (size_t)0, NULL, (size_t)0, token_key);
if (ao.err) {
if (cfg.verbose) syslog(LOG_INFO, "authfile: %s", ao.err);
return PAM_AUTH_ERR;
} else {
- if (!user)
- pam_set_item(pamh, PAM_USER, ao.data);
+ /* Just because we can. Probably not much use for that. */
+ /* Userid written in authfile may differ from the login one. */
+ pam_set_item(pamh, PAM_USER, ao.data);
if (cfg.injectauth && ao.payload && ao.payload[0])
pam_set_item(pamh, PAM_AUTHTOK, ao.payload);
+ if (cfg.verbose) syslog(LOG_DEBUG, "authenticated");
return PAM_SUCCESS;
}
}
projects / pam_pcsc_cr.git / blobdiff