OpenPAM/OpenPAM
OpenPAM
/
OpenPAM
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

If PAM_OLDAUTHTOK is set, we're asked for PAM_AUTHTOK, and we have 

to prompt the user, prompt her twice and compare the responses.

Sponsored by:	DARPA, NAI Labs


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@105 185d5e19-27fe-0310-9dcf-9bff6b9f3609
This commit is contained in:
Dag-Erling Smørgrav 2002-04-06 21:23:26 +00:00
parent b2b11d5483
commit ff571b036c
1 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
lib/pam_get_authtok.c
View File

@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $P4: //depot/projects/openpam/lib/pam_get_authtok.c#14 $ * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#15 $
*/ */
#include <sys/param.h> #include <sys/param.h>
@ -45,6 +45,7 @@
const char authtok_prompt[] = "Password:"; const char authtok_prompt[] = "Password:";
const char oldauthtok_prompt[] = "Old Password:"; const char oldauthtok_prompt[] = "Old Password:";
const char newauthtok_prompt[] = "New Password:";
/* /*
* OpenPAM extension * OpenPAM extension
@ -58,22 +59,30 @@ pam_get_authtok(pam_handle_t *pamh,
const char **authtok, const char **authtok,
const char *prompt) const char *prompt)
{ {
const void *oldauthtok;
const char *default_prompt; const char *default_prompt;
char *resp; char *resp, *resp2;
int pitem, r, style; int pitem, r, style, twice;
if (pamh == NULL || authtok == NULL) if (pamh == NULL || authtok == NULL)
return (PAM_SYSTEM_ERR); return (PAM_SYSTEM_ERR);
*authtok = NULL; *authtok = NULL;
twice = 0;
switch (item) { switch (item) {
case PAM_AUTHTOK: case PAM_AUTHTOK:
pitem = PAM_AUTHTOK_PROMPT; pitem = PAM_AUTHTOK_PROMPT;
default_prompt = authtok_prompt; default_prompt = authtok_prompt;
r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok);
if (r == PAM_SUCCESS && oldauthtok != NULL) {
default_prompt = newauthtok_prompt;
twice = 1;
}
break; break;
case PAM_OLDAUTHTOK: case PAM_OLDAUTHTOK:
pitem = PAM_OLDAUTHTOK_PROMPT; pitem = PAM_OLDAUTHTOK_PROMPT;
default_prompt = oldauthtok_prompt; default_prompt = oldauthtok_prompt;
twice = 0;
break; break;
default: default:
return (PAM_SYMBOL_ERR); return (PAM_SYMBOL_ERR);
@ -97,6 +106,20 @@ pam_get_authtok(pam_handle_t *pamh,
r = pam_prompt(pamh, style, &resp, "%s", prompt); r = pam_prompt(pamh, style, &resp, "%s", prompt);
if (r != PAM_SUCCESS) if (r != PAM_SUCCESS)
return (r); return (r);
if (twice) {
r = pam_prompt(pamh, style, &resp2, "Retype %s", prompt);
if (r != PAM_SUCCESS) {
free(resp);
return (r);
}
if (strcmp(resp, resp2) != 0) {
free(resp);
resp = NULL;
}
free(resp2);
}
if (resp == NULL)
return (PAM_TRY_AGAIN);
r = pam_set_item(pamh, pitem, resp); r = pam_set_item(pamh, pitem, resp);
free(resp); free(resp);
if (r != PAM_SUCCESS) if (r != PAM_SUCCESS)
@ -111,6 +134,7 @@ pam_get_authtok(pam_handle_t *pamh,
* =pam_prompt * =pam_prompt
* =pam_set_item * =pam_set_item
* !PAM_SYMBOL_ERR * !PAM_SYMBOL_ERR
* PAM_TRY_AGAIN
*/ */
/** /**
@ -133,6 +157,11 @@ pam_get_authtok(pam_handle_t *pamh,
* as appropriate, will be used. If that item is also =NULL, a hardcoded * as appropriate, will be used. If that item is also =NULL, a hardcoded
* default prompt will be used. * default prompt will be used.
* *
* If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
* item, =pam_get_authtok will ask the user to confirm the new token by
* retyping it. If there is a mismatch, =pam_get_authtok will return
* =PAM_TRY_AGAIN.
*
* >pam_get_item * >pam_get_item
* >pam_get_user * >pam_get_user
*/ */