If PAM_OLDAUTHTOK is set, we're asked for PAM_AUTHTOK, and we have
to prompt the user, prompt her twice and compare the responses. Sponsored by: DARPA, NAI Labs git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@105 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
parent
b2b11d5483
commit
ff571b036c
|
@ -31,7 +31,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $P4: //depot/projects/openpam/lib/pam_get_authtok.c#14 $
|
* $P4: //depot/projects/openpam/lib/pam_get_authtok.c#15 $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
|
@ -45,6 +45,7 @@
|
||||||
|
|
||||||
const char authtok_prompt[] = "Password:";
|
const char authtok_prompt[] = "Password:";
|
||||||
const char oldauthtok_prompt[] = "Old Password:";
|
const char oldauthtok_prompt[] = "Old Password:";
|
||||||
|
const char newauthtok_prompt[] = "New Password:";
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* OpenPAM extension
|
* OpenPAM extension
|
||||||
|
@ -58,22 +59,30 @@ pam_get_authtok(pam_handle_t *pamh,
|
||||||
const char **authtok,
|
const char **authtok,
|
||||||
const char *prompt)
|
const char *prompt)
|
||||||
{
|
{
|
||||||
|
const void *oldauthtok;
|
||||||
const char *default_prompt;
|
const char *default_prompt;
|
||||||
char *resp;
|
char *resp, *resp2;
|
||||||
int pitem, r, style;
|
int pitem, r, style, twice;
|
||||||
|
|
||||||
if (pamh == NULL || authtok == NULL)
|
if (pamh == NULL || authtok == NULL)
|
||||||
return (PAM_SYSTEM_ERR);
|
return (PAM_SYSTEM_ERR);
|
||||||
|
|
||||||
*authtok = NULL;
|
*authtok = NULL;
|
||||||
|
twice = 0;
|
||||||
switch (item) {
|
switch (item) {
|
||||||
case PAM_AUTHTOK:
|
case PAM_AUTHTOK:
|
||||||
pitem = PAM_AUTHTOK_PROMPT;
|
pitem = PAM_AUTHTOK_PROMPT;
|
||||||
default_prompt = authtok_prompt;
|
default_prompt = authtok_prompt;
|
||||||
|
r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok);
|
||||||
|
if (r == PAM_SUCCESS && oldauthtok != NULL) {
|
||||||
|
default_prompt = newauthtok_prompt;
|
||||||
|
twice = 1;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case PAM_OLDAUTHTOK:
|
case PAM_OLDAUTHTOK:
|
||||||
pitem = PAM_OLDAUTHTOK_PROMPT;
|
pitem = PAM_OLDAUTHTOK_PROMPT;
|
||||||
default_prompt = oldauthtok_prompt;
|
default_prompt = oldauthtok_prompt;
|
||||||
|
twice = 0;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return (PAM_SYMBOL_ERR);
|
return (PAM_SYMBOL_ERR);
|
||||||
|
@ -97,6 +106,20 @@ pam_get_authtok(pam_handle_t *pamh,
|
||||||
r = pam_prompt(pamh, style, &resp, "%s", prompt);
|
r = pam_prompt(pamh, style, &resp, "%s", prompt);
|
||||||
if (r != PAM_SUCCESS)
|
if (r != PAM_SUCCESS)
|
||||||
return (r);
|
return (r);
|
||||||
|
if (twice) {
|
||||||
|
r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
|
||||||
|
if (r != PAM_SUCCESS) {
|
||||||
|
free(resp);
|
||||||
|
return (r);
|
||||||
|
}
|
||||||
|
if (strcmp(resp, resp2) != 0) {
|
||||||
|
free(resp);
|
||||||
|
resp = NULL;
|
||||||
|
}
|
||||||
|
free(resp2);
|
||||||
|
}
|
||||||
|
if (resp == NULL)
|
||||||
|
return (PAM_TRY_AGAIN);
|
||||||
r = pam_set_item(pamh, pitem, resp);
|
r = pam_set_item(pamh, pitem, resp);
|
||||||
free(resp);
|
free(resp);
|
||||||
if (r != PAM_SUCCESS)
|
if (r != PAM_SUCCESS)
|
||||||
|
@ -111,6 +134,7 @@ pam_get_authtok(pam_handle_t *pamh,
|
||||||
* =pam_prompt
|
* =pam_prompt
|
||||||
* =pam_set_item
|
* =pam_set_item
|
||||||
* !PAM_SYMBOL_ERR
|
* !PAM_SYMBOL_ERR
|
||||||
|
* PAM_TRY_AGAIN
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -133,6 +157,11 @@ pam_get_authtok(pam_handle_t *pamh,
|
||||||
* as appropriate, will be used. If that item is also =NULL, a hardcoded
|
* as appropriate, will be used. If that item is also =NULL, a hardcoded
|
||||||
* default prompt will be used.
|
* default prompt will be used.
|
||||||
*
|
*
|
||||||
|
* If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
|
||||||
|
* item, =pam_get_authtok will ask the user to confirm the new token by
|
||||||
|
* retyping it. If there is a mismatch, =pam_get_authtok will return
|
||||||
|
* =PAM_TRY_AGAIN.
|
||||||
|
*
|
||||||
* >pam_get_item
|
* >pam_get_item
|
||||||
* >pam_get_user
|
* >pam_get_user
|
||||||
*/
|
*/
|
||||||
|
|
Loading…
Reference in New Issue