X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=pam_pcsc_cr.c;h=f729fad4a89b15110665620bb0bc2a44e2c473fb;hp=5d17365b8ad2ea95f5a160566df3017a2f57d9b7;hb=HEAD;hpb=b4bd8dfd5d7780bc00f820c3dec7b2a06f47b514 diff --git a/pam_pcsc_cr.c b/pam_pcsc_cr.c index 5d17365..82f08ad 100644 --- a/pam_pcsc_cr.c +++ b/pam_pcsc_cr.c @@ -110,11 +110,11 @@ static int pam_get_authtok(pam_handle_t *pamh, int item, const char **authtok, #endif static struct _auth_chunk -token_key(const unsigned char *challenge, const int challengesize) +token_key(const unsigned char *challenge, const size_t challengesize) { struct _auth_chunk ho = {0}; long rc; - int keysize = sizeof(ho.data); + size_t keysize = sizeof(ho.data); if ((rc = pcsc_cr(challenge, challengesize, ho.data, &keysize))) { ho.err = pcsc_errstr(rc); @@ -122,7 +122,7 @@ token_key(const unsigned char *challenge, const int challengesize) return ho; } -static void update_nonce(char *nonce, const int nonsize) +static void update_nonce(char *nonce, const size_t nonsize) { int n = 0; @@ -156,7 +156,6 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { struct _cfg cfg = {0}; - const char *tokenid = NULL; const char *user; const char *password; struct _auth_obj ao; @@ -164,18 +163,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, parse_cfg(&cfg, argc, argv); (void)pam_set_data(pamh, "pcsc_cr_cfg_struct", &cfg, NULL); + if (cfg.verbose) syslog(LOG_INFO, "auth with %s", PACKAGE_STRING); if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s", pam_strerror(pamh, pam_err)); return pam_err; } - if (strspn(user, "0123456789") == strlen(user)) { - tokenid = user; - user = NULL; - } - if (cfg.verbose) syslog(LOG_DEBUG, "tokenid=\"%s\", user=\"%s\"", - tokenid?tokenid:"", user?user:""); + if (cfg.verbose) syslog(LOG_DEBUG, "user=\"%s\"", user?user:""); if (!cfg.noaskpass) { if ((pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, @@ -190,14 +185,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, password = ""; } - ao = authfile(tokenid, user, password, update_nonce, - NULL, 0, NULL, 0, token_key); + ao = authfile(user, password, update_nonce, + NULL, (size_t)0, NULL, (size_t)0, token_key); if (ao.err) { if (cfg.verbose) syslog(LOG_INFO, "authfile: %s", ao.err); return PAM_AUTH_ERR; } else { - if (!user) - pam_set_item(pamh, PAM_USER, ao.data); + /* Just because we can. Probably not much use for that. */ + /* Userid written in authfile may differ from the login one. */ + pam_set_item(pamh, PAM_USER, ao.data); if (cfg.injectauth && ao.payload && ao.payload[0]) pam_set_item(pamh, PAM_AUTHTOK, ao.payload); if (cfg.verbose) syslog(LOG_DEBUG, "authenticated");