d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Since pam_get_authtok(3) doesn't know about our options structure, setting

Browse Source 
the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the
old pam_get_pass(3) code).  Instead, call pam_prompt(3) directly.  This
actually simplifies the code a bit.

MFC after:	3 days
This commit is contained in:
Dag-Erling Smørgrav 2002-07-30 08:32:03 +00:00
parent 541e4966fc
commit 68e6e4bd40
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/libpam/modules/pam_opie/pam_opie.c
View File

@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
#include <opie.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@ -72,10 +73,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
int retval, i;
const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "};
char challenge[OPIE_CHALLENGE_MAX];
char prompt[OPIE_CHALLENGE_MAX+22];
char resp[OPIE_SECRET_MAX];
char *user;
const char *response;
char *response;
int style;
pam_std_option(&options, other_options, argc, argv);
@ -118,9 +118,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
*/
pam_set_item(pamh, PAM_AUTHTOK, NULL);
style = PAM_PROMPT_ECHO_OFF;
for (i = 0; i < 2; i++) {
snprintf(prompt, sizeof prompt, promptstr[i], challenge);
retval = pam_get_authtok(pamh, PAM_AUTHTOK, &response, prompt);
retval = pam_prompt(pamh, style, &response,
promptstr[i], challenge);
if (retval != PAM_SUCCESS) {
opieunlock();
return (retval);
@ -132,11 +133,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
break;
/* Second time round, echo the password */
pam_set_option(&options, PAM_OPT_ECHO_PASS);
style = PAM_PROMPT_ECHO_ON;
}
/* We have to copy the response, because opieverify mucks with it. */
strlcpy(resp, response, sizeof (resp));
pam_set_item(pamh, PAM_AUTHTOK, response);
/*
* Opieverify is supposed to return -1 only if an error occurs.
@ -144,8 +144,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
* it expects. Thus we can't log an error and can only check for
* success or lack thereof.
*/
retval = opieverify(&opie, resp) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR;
return (retval);
retval = opieverify(&opie, response);
free(response);
return (retval == 0 ? PAM_SUCCESS : PAM_AUTH_ERR);
}
PAM_EXTERN int