Changeset 705 in openpam


Ignore:
Timestamp:
Aug 16, 2013, 12:32:26 PM (7 years ago)
Author:
Dag-Erling Smørgrav
Message:

Implement key saving, and change the outcome of failing to save the
key from a system error to a service error.

Note that currently, an error saving the key may destroy the original
keyfile. This needs to be adressed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/modules/pam_oath/pam_oath.c

    r700 r705  
    3434#endif
    3535
     36#include <fcntl.h>
    3637#include <limits.h>
    3738#include <pwd.h>
     
    4041#include <stdlib.h>
    4142#include <string.h>
     43#include <unistd.h>
    4244
    4345#define PAM_SM_AUTH
     
    117119pam_oath_save_key(const struct oath_key *key, const char *keyfile)
    118120{
    119 
    120         /* not implemented */
    121         (void)key;
    122         (void)keyfile;
    123         return (0);
     121        char *keyuri;
     122        int fd, len, pam_err;
     123
     124        keyuri = NULL;
     125        len = 0;
     126        fd = -1;
     127        pam_err = PAM_SYSTEM_ERR;
     128        if ((keyuri = oath_key_to_uri(key)) == NULL)
     129                goto done;
     130        len = strlen(keyuri);
     131        if ((fd = open(keyfile, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0 ||
     132            write(fd, keyuri, len) != len || write(fd, "\n", 1) != 1) {
     133                openpam_log(PAM_LOG_ERROR, "%s: %m", keyfile);
     134                goto done;
     135        }
     136        pam_err = PAM_SUCCESS;
     137done:
     138        if (fd >= 0)
     139                close(fd);
     140        if (keyfile != NULL) {
     141                memset(keyuri, 0, len);
     142                free(keyuri);
     143        }
     144        return (pam_err);
    124145}
    125146
     
    227248        /* write back (update counter for HOTP etc) */
    228249        if (pam_oath_save_key(key, keyfile) != 0) {
    229                 pam_err = PAM_SYSTEM_ERR;
     250                pam_err = PAM_SERVICE_ERR;
    230251                goto done;
    231252        }
Note: See TracChangeset for help on using the changeset viewer.