diff options
| author | des <des@FreeBSD.org> | 2002-07-30 08:32:03 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2002-07-30 08:32:03 +0000 |
| commit | 98c860bfbd3664d89d7f61e58e2d6e950ac19627 (patch) | |
| tree | a8f401a9daf82edc5aea9b7553412de8799ef405 | |
| parent | ae9417246cb22d94d827128eebedb91f50dd36be (diff) | |
| download | FreeBSD-src-98c860bfbd3664d89d7f61e58e2d6e950ac19627.zip FreeBSD-src-98c860bfbd3664d89d7f61e58e2d6e950ac19627.tar.gz | |
Since pam_get_authtok(3) doesn't know about our options structure, setting
the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the
old pam_get_pass(3) code). Instead, call pam_prompt(3) directly. This
actually simplifies the code a bit.
MFC after: 3 days
| -rw-r--r-- | lib/libpam/modules/pam_opie/pam_opie.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/lib/libpam/modules/pam_opie/pam_opie.c b/lib/libpam/modules/pam_opie/pam_opie.c index e5c1488..c66adf4 100644 --- a/lib/libpam/modules/pam_opie/pam_opie.c +++ b/lib/libpam/modules/pam_opie/pam_opie.c @@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$"); #include <opie.h> #include <pwd.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <unistd.h> @@ -72,10 +73,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int retval, i; const char *(promptstr[]) = { "%s\nPassword: ", "%s\nPassword [echo on]: "}; char challenge[OPIE_CHALLENGE_MAX]; - char prompt[OPIE_CHALLENGE_MAX+22]; - char resp[OPIE_SECRET_MAX]; char *user; - const char *response; + char *response; + int style; pam_std_option(&options, other_options, argc, argv); @@ -118,9 +118,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, */ pam_set_item(pamh, PAM_AUTHTOK, NULL); + style = PAM_PROMPT_ECHO_OFF; for (i = 0; i < 2; i++) { - snprintf(prompt, sizeof prompt, promptstr[i], challenge); - retval = pam_get_authtok(pamh, PAM_AUTHTOK, &response, prompt); + retval = pam_prompt(pamh, style, &response, + promptstr[i], challenge); if (retval != PAM_SUCCESS) { opieunlock(); return (retval); @@ -132,11 +133,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, break; /* Second time round, echo the password */ - pam_set_option(&options, PAM_OPT_ECHO_PASS); + style = PAM_PROMPT_ECHO_ON; } - /* We have to copy the response, because opieverify mucks with it. */ - strlcpy(resp, response, sizeof (resp)); + pam_set_item(pamh, PAM_AUTHTOK, response); /* * Opieverify is supposed to return -1 only if an error occurs. @@ -144,8 +144,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, * it expects. Thus we can't log an error and can only check for * success or lack thereof. */ - retval = opieverify(&opie, resp) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR; - return (retval); + retval = opieverify(&opie, response); + free(response); + return (retval == 0 ? PAM_SUCCESS : PAM_AUTH_ERR); } PAM_EXTERN int |
