- pam_opensc rewrite checkpoint commit
- rename some functions git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1707 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
ec52d80408
commit
759ed8df49
|
@ -95,7 +95,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ctrl = _set_ctrl(pamh, flags, argc, (const char **) argv);
|
ctrl = opensc_pam_set_ctrl(pamh, flags, argc, (const char **) argv);
|
||||||
memset(&sctx, 0, sizeof(scam_context));
|
memset(&sctx, 0, sizeof(scam_context));
|
||||||
scam_parse_parameters(&sctx, argc, (const char **) argv);
|
scam_parse_parameters(&sctx, argc, (const char **) argv);
|
||||||
sctx.printmsg = printmsg;
|
sctx.printmsg = printmsg;
|
||||||
|
@ -155,7 +155,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, con
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
/* get this user's authentication token */
|
/* get this user's authentication token */
|
||||||
rv = _read_password(pamh, ctrl, NULL, (PAM_CONST char *) (pinentry ? pinentry : DEFAULT_PINENTRY), NULL, _PAM_AUTHTOK, &password);
|
rv = opensc_pam_read_password(pamh, ctrl, NULL, (PAM_CONST char *) (pinentry ? pinentry : DEFAULT_PINENTRY), NULL, _PAM_AUTHTOK, &password);
|
||||||
if (rv != PAM_SUCCESS) {
|
if (rv != PAM_SUCCESS) {
|
||||||
if (rv != PAM_CONV_AGAIN) {
|
if (rv != PAM_CONV_AGAIN) {
|
||||||
opensc_pam_log(LOG_CRIT, pamh, "auth could not identify password for [%s]\n", user);
|
opensc_pam_log(LOG_CRIT, pamh, "auth could not identify password for [%s]\n", user);
|
||||||
|
@ -235,7 +235,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
scam_msg_data msg = {pamh, &ctrl};
|
scam_msg_data msg = {pamh, &ctrl};
|
||||||
|
|
||||||
ctrl = _set_ctrl(pamh, flags, argc, argv);
|
ctrl = opensc_pam_set_ctrl(pamh, flags, argc, argv);
|
||||||
memset(&sctx, 0, sizeof(scam_context));
|
memset(&sctx, 0, sizeof(scam_context));
|
||||||
scam_parse_parameters(&sctx, argc, (const char **) argv);
|
scam_parse_parameters(&sctx, argc, (const char **) argv);
|
||||||
sctx.printmsg = printmsg;
|
sctx.printmsg = printmsg;
|
||||||
|
@ -266,7 +266,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
|
||||||
opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n");
|
opensc_pam_log(LOG_CRIT, pamh, "open_session - scam_open_session failed\n");
|
||||||
return PAM_SESSION_ERR;
|
return PAM_SESSION_ERR;
|
||||||
}
|
}
|
||||||
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, _get_login() == NULL ? "" : _get_login(), getuid());
|
opensc_pam_log(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)\n", user, opensc_pam_get_login() == NULL ? "" : opensc_pam_get_login(), getuid());
|
||||||
return PAM_SUCCESS;
|
return PAM_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -278,7 +278,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc,
|
||||||
int rv = 0;
|
int rv = 0;
|
||||||
scam_msg_data msg = {pamh, &ctrl};
|
scam_msg_data msg = {pamh, &ctrl};
|
||||||
|
|
||||||
ctrl = _set_ctrl(pamh, flags, argc, argv);
|
ctrl = opensc_pam_set_ctrl(pamh, flags, argc, argv);
|
||||||
memset(&sctx, 0, sizeof(scam_context));
|
memset(&sctx, 0, sizeof(scam_context));
|
||||||
scam_parse_parameters(&sctx, argc, (const char **) argv);
|
scam_parse_parameters(&sctx, argc, (const char **) argv);
|
||||||
sctx.printmsg = printmsg;
|
sctx.printmsg = printmsg;
|
||||||
|
|
|
@ -70,7 +70,7 @@ void opensc_pam_log(int err, pam_handle_t * pamh, const char *format,...)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* this is a front-end for module-application conversations */
|
/* this is a front-end for module-application conversations */
|
||||||
int converse(pam_handle_t * pamh, int ctrl, int nargs
|
static int converse(pam_handle_t * pamh, int ctrl, int nargs
|
||||||
,struct pam_message **message
|
,struct pam_message **message
|
||||||
,struct pam_response **response)
|
,struct pam_response **response)
|
||||||
{
|
{
|
||||||
|
@ -78,11 +78,13 @@ int converse(pam_handle_t * pamh, int ctrl, int nargs
|
||||||
struct pam_conv *conv;
|
struct pam_conv *conv;
|
||||||
|
|
||||||
retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv);
|
retval = pam_get_item(pamh, PAM_CONV, (PAM_CONST void **) &conv);
|
||||||
|
if (!conv && retval == PAM_SUCCESS) {
|
||||||
|
/* XXX: I have no idea why this happens in some cases */
|
||||||
|
retval = PAM_SYSTEM_ERR;
|
||||||
|
}
|
||||||
if (retval == PAM_SUCCESS) {
|
if (retval == PAM_SUCCESS) {
|
||||||
|
|
||||||
retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message
|
retval = conv->conv(nargs, (PAM_CONST struct pam_message **) message
|
||||||
,response, conv->appdata_ptr);
|
,response, conv->appdata_ptr);
|
||||||
|
|
||||||
if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) {
|
if (retval != PAM_SUCCESS && on(OPENSC_DEBUG, ctrl)) {
|
||||||
opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]"
|
opensc_pam_log(LOG_DEBUG, pamh, "conversation failure [%s]"
|
||||||
,pam_strerror(pamh, retval));
|
,pam_strerror(pamh, retval));
|
||||||
|
@ -129,7 +131,6 @@ int opensc_pam_msg(pam_handle_t * pamh, unsigned int ctrl
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0
|
|
||||||
static void print_ctrl(unsigned int ctrl)
|
static void print_ctrl(unsigned int ctrl)
|
||||||
{
|
{
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
@ -142,12 +143,11 @@ static void print_ctrl(unsigned int ctrl)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* set the control flags for the OPENSC module.
|
* set the control flags for the OPENSC module.
|
||||||
*/
|
*/
|
||||||
int _set_ctrl(pam_handle_t * pamh, int flags, int argc, const char **argv)
|
int opensc_pam_set_ctrl(pam_handle_t * pamh, int flags, int argc, const char **argv)
|
||||||
{
|
{
|
||||||
unsigned int ctrl;
|
unsigned int ctrl;
|
||||||
|
|
||||||
|
@ -196,10 +196,10 @@ int _set_ctrl(pam_handle_t * pamh, int flags, int argc, const char **argv)
|
||||||
if (on(OPENSC_AUDIT, ctrl)) {
|
if (on(OPENSC_AUDIT, ctrl)) {
|
||||||
set(OPENSC_DEBUG, ctrl);
|
set(OPENSC_DEBUG, ctrl);
|
||||||
}
|
}
|
||||||
|
if (on(OPENSC_DEBUG, ctrl)) {
|
||||||
|
print_ctrl(ctrl);
|
||||||
|
}
|
||||||
/* return the set of flags */
|
/* return the set of flags */
|
||||||
#if 0
|
|
||||||
print_ctrl(ctrl);
|
|
||||||
#endif
|
|
||||||
return ctrl;
|
return ctrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -215,7 +215,7 @@ static void _cleanup(pam_handle_t * pamh, void *x, int error_status)
|
||||||
/*
|
/*
|
||||||
* obtain a password from the user
|
* obtain a password from the user
|
||||||
*/
|
*/
|
||||||
int _read_password(pam_handle_t * pamh
|
int opensc_pam_read_password(pam_handle_t * pamh
|
||||||
,unsigned int ctrl
|
,unsigned int ctrl
|
||||||
,PAM_CONST char *comment
|
,PAM_CONST char *comment
|
||||||
,PAM_CONST char *prompt1
|
,PAM_CONST char *prompt1
|
||||||
|
@ -361,7 +361,7 @@ int _read_password(pam_handle_t * pamh
|
||||||
* Because getlogin() is braindead and sometimes it just
|
* Because getlogin() is braindead and sometimes it just
|
||||||
* doesn't work, we reimplement it here.
|
* doesn't work, we reimplement it here.
|
||||||
*/
|
*/
|
||||||
char *_get_login(void)
|
char *opensc_pam_get_login(void)
|
||||||
{
|
{
|
||||||
char *user = NULL;
|
char *user = NULL;
|
||||||
#ifdef HAVE_SETUTENT
|
#ifdef HAVE_SETUTENT
|
||||||
|
|
|
@ -5,6 +5,8 @@
|
||||||
* Antti Tapaninen <aet@cc.hut.fi>
|
* Antti Tapaninen <aet@cc.hut.fi>
|
||||||
* Anna Erika Suortti <asuortti@cc.hut.fi>
|
* Anna Erika Suortti <asuortti@cc.hut.fi>
|
||||||
*
|
*
|
||||||
|
* Taken and modified from the pam_unix source
|
||||||
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify
|
* This program is free software; you can redistribute it and/or modify
|
||||||
* it under the terms of the GNU General Public License as published by
|
* it under the terms of the GNU General Public License as published by
|
||||||
* the Free Software Foundation; either version 2 of the License, or
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
@ -90,11 +92,6 @@ do { \
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Taken and modified from pam_unix */
|
|
||||||
|
|
||||||
extern void opensc_pam_log(int err, pam_handle_t * pamh, const char *format,...);
|
|
||||||
extern int converse(pam_handle_t * pamh, int ctrl, int nargs, struct pam_message **message, struct pam_response **response);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* here is the string to inform the user that the new passwords they
|
* here is the string to inform the user that the new passwords they
|
||||||
* typed were not the same.
|
* typed were not the same.
|
||||||
|
@ -192,16 +189,17 @@ static const OPENSC_Ctrls opensc_args[OPENSC_CTRLS_] =
|
||||||
_pam_drop(xx); \
|
_pam_drop(xx); \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
extern void opensc_pam_log(int err, pam_handle_t * pamh, const char *format,...);
|
||||||
extern int opensc_pam_msg(pam_handle_t * pamh, unsigned int ctrl, int type, PAM_CONST char *text);
|
extern int opensc_pam_msg(pam_handle_t * pamh, unsigned int ctrl, int type, PAM_CONST char *text);
|
||||||
extern int _set_ctrl(pam_handle_t * pamh, int flags, int argc, const char **argv);
|
extern int opensc_pam_set_ctrl(pam_handle_t * pamh, int flags, int argc, const char **argv);
|
||||||
extern int _read_password(pam_handle_t * pamh
|
extern int opensc_pam_read_password(pam_handle_t * pamh
|
||||||
,unsigned int ctrl
|
,unsigned int ctrl
|
||||||
,PAM_CONST char *comment
|
,PAM_CONST char *comment
|
||||||
,PAM_CONST char *prompt1
|
,PAM_CONST char *prompt1
|
||||||
,PAM_CONST char *prompt2
|
,PAM_CONST char *prompt2
|
||||||
,PAM_CONST char *data_name
|
,PAM_CONST char *data_name
|
||||||
,PAM_CONST char **pass);
|
,PAM_CONST char **pass);
|
||||||
extern char *_get_login(void);
|
extern char *opensc_pam_get_login(void);
|
||||||
|
|
||||||
#define _PAM_AUTHTOK "-OPENSC-PASS"
|
#define _PAM_AUTHTOK "-OPENSC-PASS"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue