Changeset 455 in openpam for trunk/lib

Timestamp:

Oct 29, 2011, 6:31:11 PM (9 years ago)

Author:

Dag-Erling Smørgrav

Message:

Add a new API function, openpam_subst(3), which replaces substitution
codes in a string with the values of selected PAM items. Use it for
prompts.

Furthermore, modify pam_get_user(3) and pam_get_authtok(3) to look for
module options named {user,authtok,oldauthtok}_prompt, as appropriate.
If found, these options take precedence over both the caller's prompt
and the PAM_{USER,AUTHTOK,OLDAUTHTOK}_PROMPT items. The usefulness of
these options is somewhat limited by the fact that the policy file
parser does not support quoted strings; that's next on the todo list.

Location:

trunk/lib

Files:

• Makefile.am (modified) (1 diff)
• openpam_subst.c (added)
• pam_get_authtok.c (modified) (6 diffs)
• pam_get_user.c (modified) (3 diffs)

trunk/lib/Makefile.am

@@ -25 +25 @@
         openpam_set_option.c \
         openpam_static.c \
+        openpam_subst.c \
         openpam_ttyconv.c \
         pam_acct_mgmt.c \

trunk/lib/pam_get_authtok.c

@@ -66 +66 @@
         const char *prompt)
 {
+        char prompt_buf[1024];
+        size_t prompt_size;
         const void *oldauthtok, *prevauthtok, *promptp;
-        const char *default_prompt;
+        const char *prompt_option, *default_prompt;
         char *resp, *resp2;
         int pitem, r, style, twice;
@@ -79 +81 @@
         case PAM_AUTHTOK:
                 pitem = PAM_AUTHTOK_PROMPT;
+                prompt_option = "authtok_prompt";
                 default_prompt = authtok_prompt;
                 r = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldauthtok);
@@ -88 +91 @@
         case PAM_OLDAUTHTOK:
                 pitem = PAM_OLDAUTHTOK_PROMPT;
+                prompt_option = "oldauthtok_prompt";
                 default_prompt = oldauthtok_prompt;
                 twice = 0;
@@ -104 +108 @@
                         RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r);
         }
-        if (prompt == NULL) {
-                r = pam_get_item(pamh, pitem, &promptp);
-                if (r != PAM_SUCCESS || promptp == NULL)
-                        prompt = default_prompt;
-                else
+        /* pam policy overrides the module's choice */
+        if ((promptp = openpam_get_option(pamh, prompt_option)) != NULL)
+                prompt = promptp;
+        /* no prompt provided, see if there is one tucked away somewhere */
+        if (prompt == NULL)
+                if (pam_get_item(pamh, pitem, &promptp) && promptp != NULL)
                         prompt = promptp;
-        }
+        /* fall back to hardcoded default */
+        if (prompt == NULL)
+                prompt = default_prompt;
+        /* expand */
+        prompt_size = sizeof prompt_buf;
+        r = openpam_subst(pamh, prompt_buf, &prompt_size, prompt);
+        if (r == PAM_SUCCESS && prompt_size <= sizeof prompt_buf)
+                prompt = prompt_buf;
         style = openpam_get_option(pamh, "echo_pass") ?
             PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
@@ -165 +177 @@
  * as appropriate, will be used.
  * If that item is also =NULL, a hardcoded default prompt will be used.
+ * Either way, the prompt is expanded using =openpam_subst before it is
+ * passed to the conversation function.
+ *
+ * If =pam_get_authtok is called from a module and the ;authtok_prompt /
+ * ;oldauthtok_prompt option is set in the policy file, the value of that
+ * option takes precedence over both the =prompt argument and the
+ * =PAM_AUTHTOK_PROMPT / =PAM_OLDAUTHTOK_PROMPT item.
  *
  * If =item is set to =PAM_AUTHTOK and there is a non-null =PAM_OLDAUTHTOK
@@ -173 +192 @@
  * >pam_get_item
  * >pam_get_user
+ * >openpam_subst
  */

trunk/lib/pam_get_user.c

@@ -63 +63 @@
         const char *prompt)
 {
+        char prompt_buf[1024];
+        size_t prompt_size;
         const void *promptp;
         char *resp;
@@ -73 +75 @@
         if (r == PAM_SUCCESS && *user != NULL)
                 RETURNC(PAM_SUCCESS);
-        if (prompt == NULL) {
-                r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp);
-                if (r != PAM_SUCCESS || promptp == NULL)
-                        prompt = user_prompt;
-                else
+        /* pam policy overrides the module's choice */
+        if ((promptp = openpam_get_option(pamh, "user_prompt")) != NULL)
+                prompt = promptp;
+        /* no prompt provided, see if there is one tucked away somewhere */
+        if (prompt == NULL)
+                if (pam_get_item(pamh, PAM_USER_PROMPT, &promptp) &&
+                    promptp != NULL)
                         prompt = promptp;
-        }
+        /* fall back to hardcoded default */
+        if (prompt == NULL)
+                prompt = user_prompt;
+        /* expand */
+        prompt_size = sizeof prompt_buf;
+        r = openpam_subst(pamh, prompt_buf, &prompt_size, prompt);
+        if (r == PAM_SUCCESS && prompt_size <= sizeof prompt_buf)
+                prompt = prompt_buf;
         r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt);
         if (r != PAM_SUCCESS)
@@ -110 +121 @@
  * The =prompt argument specifies a prompt to use if no user name is
  * cached.
- * If it is =NULL, the =PAM_USER_PROMPT will be used.
+ * If it is =NULL, the =PAM_USER_PROMPT item will be used.
  * If that item is also =NULL, a hardcoded default prompt will be used.
+ * Either way, the prompt is expanded using =openpam_subst before it is
+ * passed to the conversation function.
+ *
+ * If =pam_get_user is called from a module and the ;user_prompt option is
+ * set in the policy file, the value of that option takes precedence over
+ * both the =prompt argument and the =PAM_USER_PROMPT item.
  *
  * >pam_get_item
  * >pam_get_authtok
+ * >openpam_subst
  */