Changeset 455 in openpam for trunk/lib/pam_get_user.c


Ignore:
Timestamp:
Oct 29, 2011, 6:31:11 PM (8 years ago)
Author:
Dag-Erling Smørgrav
Message:

Add a new API function, openpam_subst(3), which replaces substitution
codes in a string with the values of selected PAM items. Use it for
prompts.

Furthermore, modify pam_get_user(3) and pam_get_authtok(3) to look for
module options named {user,authtok,oldauthtok}_prompt, as appropriate.
If found, these options take precedence over both the caller's prompt
and the PAM_{USER,AUTHTOK,OLDAUTHTOK}_PROMPT items. The usefulness of
these options is somewhat limited by the fact that the policy file
parser does not support quoted strings; that's next on the todo list.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lib/pam_get_user.c

    r437 r455  
    6363        const char *prompt)
    6464{
     65        char prompt_buf[1024];
     66        size_t prompt_size;
    6567        const void *promptp;
    6668        char *resp;
     
    7375        if (r == PAM_SUCCESS && *user != NULL)
    7476                RETURNC(PAM_SUCCESS);
    75         if (prompt == NULL) {
    76                 r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp);
    77                 if (r != PAM_SUCCESS || promptp == NULL)
    78                         prompt = user_prompt;
    79                 else
     77        /* pam policy overrides the module's choice */
     78        if ((promptp = openpam_get_option(pamh, "user_prompt")) != NULL)
     79                prompt = promptp;
     80        /* no prompt provided, see if there is one tucked away somewhere */
     81        if (prompt == NULL)
     82                if (pam_get_item(pamh, PAM_USER_PROMPT, &promptp) &&
     83                    promptp != NULL)
    8084                        prompt = promptp;
    81         }
     85        /* fall back to hardcoded default */
     86        if (prompt == NULL)
     87                prompt = user_prompt;
     88        /* expand */
     89        prompt_size = sizeof prompt_buf;
     90        r = openpam_subst(pamh, prompt_buf, &prompt_size, prompt);
     91        if (r == PAM_SUCCESS && prompt_size <= sizeof prompt_buf)
     92                prompt = prompt_buf;
    8293        r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt);
    8394        if (r != PAM_SUCCESS)
     
    110121 * The =prompt argument specifies a prompt to use if no user name is
    111122 * cached.
    112  * If it is =NULL, the =PAM_USER_PROMPT will be used.
     123 * If it is =NULL, the =PAM_USER_PROMPT item will be used.
    113124 * If that item is also =NULL, a hardcoded default prompt will be used.
     125 * Either way, the prompt is expanded using =openpam_subst before it is
     126 * passed to the conversation function.
     127 *
     128 * If =pam_get_user is called from a module and the ;user_prompt option is
     129 * set in the policy file, the value of that option takes precedence over
     130 * both the =prompt argument and the =PAM_USER_PROMPT item.
    114131 *
    115132 * >pam_get_item
    116133 * >pam_get_authtok
     134 * >openpam_subst
    117135 */
Note: See TracChangeset for help on using the changeset viewer.