X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=pam_pcsc_cr.c;h=13a92e048253ef6abf5f4bfccbd8a46df3acba41;hp=b1014486e1fa8689ff5cfb09866ddc0af5557926;hb=7b6aa201f4bd4aaf7f7a83677f7fd6f316dde07e;hpb=3bbb37e0ef1e77e9a93b7be7fb506bbbdd6a0400 diff --git a/pam_pcsc_cr.c b/pam_pcsc_cr.c index b101448..13a92e0 100644 --- a/pam_pcsc_cr.c +++ b/pam_pcsc_cr.c @@ -55,6 +55,7 @@ static void update_nonce(char *nonce, const int nonsize) } struct _cfg { + int noaskpass; int verbose; }; @@ -66,6 +67,7 @@ void parse_cfg(struct _cfg * const cfg, int argc, const char *argv[]) if (strchr(argv[i],':') && strchr(argv[i],'=')) pcsc_option(argv[i]); else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1; + else if (!strcmp(argv[i], "noaskpass")) cfg->noaskpass = 1; } } @@ -73,7 +75,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { - struct _cfg cfg; + struct _cfg cfg = {0}; const char *tokenid = NULL; const char *user; const char *password; @@ -92,14 +94,35 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, user = NULL; } - if (flags & PAM_DISALLOW_NULL_AUTHTOK) { - if ((pam_err = pam_get_item(pamh, PAM_AUTHTOK, - (const void **)&password))) { + if (!cfg.noaskpass) { +#ifdef _OPENPAM + pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, + (const char **)&password, NULL); +#else + struct pam_conv *conv; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *resp; + + if ((pam_err = pam_get_item(pamh, PAM_CONV, + (const void **)&conv))) { if (cfg.verbose) syslog(LOG_ERR, - "get_authtok failed: %s", + "get_item failed: %s", pam_strerror(pamh, pam_err)); - return (pam_err); + return pam_err; } + msg.msg_style = PAM_PROMPT_ECHO_OFF; + msg.msg = "Token password:"; + msgp = &msg; + resp = NULL; + pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr); + if (resp != NULL) { + if (pam_err == PAM_SUCCESS) password = resp->resp; + else free(resp->resp); + free(resp); + } +#endif + if (pam_err) return pam_err; } else { password = ""; }