X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=pam_pcsc_cr.c;h=7dffd4d3673ca9af0be532dc6e475072cd8078b4;hp=b1014486e1fa8689ff5cfb09866ddc0af5557926;hb=ee0824354abef3e422c32e931f52b4396263cab1;hpb=3bbb37e0ef1e77e9a93b7be7fb506bbbdd6a0400 diff --git a/pam_pcsc_cr.c b/pam_pcsc_cr.c index b101448..7dffd4d 100644 --- a/pam_pcsc_cr.c +++ b/pam_pcsc_cr.c @@ -1,3 +1,26 @@ +/* +Copyright (c) 2013 Eugene Crosser + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any damages +arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, +including commercial applications, and to alter it and redistribute it +freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must + not claim that you wrote the original software. If you use this + software in a product, an acknowledgment in the product documentation + would be appreciated but is not required. + + 2. Altered source versions must be plainly marked as such, and must + not be misrepresented as being the original software. + + 3. This notice may not be removed or altered from any source + distribution. +*/ + #ifdef HAVE_CONFIG_H # include "config.h" #endif @@ -55,7 +78,9 @@ static void update_nonce(char *nonce, const int nonsize) } struct _cfg { + int noaskpass; int verbose; + int injectauth; }; void parse_cfg(struct _cfg * const cfg, int argc, const char *argv[]) @@ -66,6 +91,10 @@ void parse_cfg(struct _cfg * const cfg, int argc, const char *argv[]) if (strchr(argv[i],':') && strchr(argv[i],'=')) pcsc_option(argv[i]); else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1; + else if (!strcmp(argv[i], "noaskpass")) cfg->noaskpass = 1; + else if (!strcmp(argv[i], "injectauth")) cfg->injectauth = 1; + else if (!strncmp(argv[i], "path=", 5)) + authfile_template(argv[i]+5); } } @@ -73,7 +102,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { - struct _cfg cfg; + struct _cfg cfg = {0}; const char *tokenid = NULL; const char *user; const char *password; @@ -85,21 +114,42 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s", pam_strerror(pamh, pam_err)); - return (pam_err); + return pam_err; } if (strspn(user, "0123456789") == strlen(user)) { tokenid = user; user = NULL; } - if (flags & PAM_DISALLOW_NULL_AUTHTOK) { - if ((pam_err = pam_get_item(pamh, PAM_AUTHTOK, - (const void **)&password))) { + if (!cfg.noaskpass) { +#ifdef _OPENPAM + pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, + (const char **)&password, NULL); +#else + struct pam_conv *conv; + struct pam_message msg; + const struct pam_message *msgp; + struct pam_response *resp; + + if ((pam_err = pam_get_item(pamh, PAM_CONV, + (const void **)&conv))) { if (cfg.verbose) syslog(LOG_ERR, - "get_authtok failed: %s", + "get_item failed: %s", pam_strerror(pamh, pam_err)); - return (pam_err); + return pam_err; } + msg.msg_style = PAM_PROMPT_ECHO_OFF; + msg.msg = "Token password:"; + msgp = &msg; + resp = NULL; + pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr); + if (resp != NULL) { + if (pam_err == PAM_SUCCESS) password = resp->resp; + else free(resp->resp); + free(resp); + } +#endif + if (pam_err) return pam_err; } else { password = ""; } @@ -112,7 +162,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, } else { if (!user) pam_set_item(pamh, PAM_USER, ao.data); - if (ao.payload && ao.payload[0]) + if (cfg.injectauth && ao.payload && ao.payload[0]) pam_set_item(pamh, PAM_AUTHTOK, ao.payload); return PAM_SUCCESS; }