From 0c4d5add5f3339f582cf51093a83728121558773 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Fri, 16 Aug 2013 12:32:26 +0000 Subject: [PATCH] Implement key saving, and change the outcome of failing to save the key from a system error to a service error. Note that currently, an error saving the key may destroy the original keyfile. This needs to be adressed. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@705 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- modules/pam_oath/pam_oath.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/modules/pam_oath/pam_oath.c b/modules/pam_oath/pam_oath.c index 3badd92..c10b952 100644 --- a/modules/pam_oath/pam_oath.c +++ b/modules/pam_oath/pam_oath.c @@ -33,12 +33,14 @@ # include "config.h" #endif +#include #include #include #include #include #include #include +#include #define PAM_SM_AUTH #define PAM_SM_ACCOUNT @@ -116,11 +118,30 @@ pam_oath_load_key(const char *keyfile) static int pam_oath_save_key(const struct oath_key *key, const char *keyfile) { + char *keyuri; + int fd, len, pam_err; - /* not implemented */ - (void)key; - (void)keyfile; - return (0); + keyuri = NULL; + len = 0; + fd = -1; + pam_err = PAM_SYSTEM_ERR; + if ((keyuri = oath_key_to_uri(key)) == NULL) + goto done; + len = strlen(keyuri); + if ((fd = open(keyfile, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0 || + write(fd, keyuri, len) != len || write(fd, "\n", 1) != 1) { + openpam_log(PAM_LOG_ERROR, "%s: %m", keyfile); + goto done; + } + pam_err = PAM_SUCCESS; +done: + if (fd >= 0) + close(fd); + if (keyfile != NULL) { + memset(keyuri, 0, len); + free(keyuri); + } + return (pam_err); } PAM_EXTERN int @@ -226,7 +247,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, /* write back (update counter for HOTP etc) */ if (pam_oath_save_key(key, keyfile) != 0) { - pam_err = PAM_SYSTEM_ERR; + pam_err = PAM_SERVICE_ERR; goto done; }