X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=pam_pcsc_cr.c;h=f729fad4a89b15110665620bb0bc2a44e2c473fb;hp=c0493be75d8c132da34850b6e74e2594a95da7d9;hb=91db7a622b66e0219c6dbce650aaa74272493a08;hpb=18916016d0290d40dcdead0fbeffb8a8fb37f338

diff --git a/pam_pcsc_cr.c b/pam_pcsc_cr.c
index c0493be..f729fad 100644
--- a/pam_pcsc_cr.c
+++ b/pam_pcsc_cr.c
@@ -135,14 +135,19 @@ void parse_cfg(struct _cfg * const cfg, int argc, const char *argv[])
 	int i;
 
 	for (i = 0; i < argc; i++) {
-		if (cfg->verbose) syslog(LOG_DEBUG, "arg: \"%s\"", argv[i]);
-		if (strchr(argv[i],':') && strchr(argv[i],'='))
-			pcsc_option(argv[i]);
-		else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1;
+		if (strchr(argv[i],':') && strchr(argv[i],'=')) {
+			if (pcsc_option(argv[i]))
+				syslog(LOG_ERR,
+				"unrecognized pcsc backedn option \"%s\"",
+						argv[i]);
+		} else if (!strcmp(argv[i], "verbose")) cfg->verbose = 1;
 		else if (!strcmp(argv[i], "noaskpass")) cfg->noaskpass = 1;
 		else if (!strcmp(argv[i], "injectauth")) cfg->injectauth = 1;
 		else if (!strncmp(argv[i], "path=", 5))
 					authfile_template(argv[i]+5);
+		else syslog(LOG_ERR, "unrecognized arg: \"%s\"", argv[i]);
+
+		if (cfg->verbose) syslog(LOG_DEBUG, "arg: \"%s\"", argv[i]);
 	}
 }
 
@@ -151,7 +156,6 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	int argc, const char *argv[])
 {
 	struct _cfg cfg = {0};
-	const char *tokenid = NULL;
 	const char *user;
 	const char *password;
 	struct _auth_obj ao;
@@ -159,16 +163,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 
 	parse_cfg(&cfg, argc, argv);
 	(void)pam_set_data(pamh, "pcsc_cr_cfg_struct", &cfg, NULL);
+	if (cfg.verbose) syslog(LOG_INFO, "auth with %s", PACKAGE_STRING);
 
 	if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
 		if (cfg.verbose) syslog(LOG_ERR, "get_user failed: %s",
 					pam_strerror(pamh, pam_err));
 		return pam_err;
 	}
-	if (strspn(user, "0123456789") == strlen(user)) {
-		tokenid = user;
-		user = NULL;
-	}
+	if (cfg.verbose) syslog(LOG_DEBUG, "user=\"%s\"", user?user:"<none>");
 
 	if (!cfg.noaskpass) {
 		if ((pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
@@ -183,16 +185,18 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 		password = "";
 	}
 
-	ao = authfile(tokenid, user, password, update_nonce,
+	ao = authfile(user, password, update_nonce,
 			NULL, 0, NULL, 0, token_key);
 	if (ao.err) {
 		if (cfg.verbose) syslog(LOG_INFO, "authfile: %s", ao.err);
 		return PAM_AUTH_ERR;
 	} else {
-		if (!user)
-			pam_set_item(pamh, PAM_USER, ao.data);
+		/* Just because we can. Probably not much use for that.      */
+		/* Userid written in authfile may differ from the login one. */
+		pam_set_item(pamh, PAM_USER, ao.data);
 		if (cfg.injectauth && ao.payload && ao.payload[0])
 			pam_set_item(pamh, PAM_AUTHTOK, ao.payload);
+		if (cfg.verbose) syslog(LOG_DEBUG, "authenticated");
 		return PAM_SUCCESS;
 	}
 }
