rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-20 01:52:17 +01:00
Code Issues Projects Releases Wiki Activity

Indent.

Browse Source
This commit is contained in:
Simon Josefsson 2008-09-01 13:14:33 +00:00
parent af09b5499c
commit 02c8dce53f
1 changed files with 90 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
pam_yubico.c
View File

@ -90,43 +90,42 @@
*/ */
static int static int
check_user_token (const char *authfile, check_user_token (const char *authfile,
const char *username, const char *username, const char *usertoken)
const char *usertoken)
{ {
static char buf[1024]; static char buf[1024];
char *s_user, *s_token; char *s_user, *s_token;
int retval = 0; int retval = 0;
FILE *opwfile; FILE *opwfile;
opwfile = fopen(authfile, "r"); opwfile = fopen (authfile, "r");
if (opwfile == NULL) if (opwfile == NULL)
{
D ((" %s file does not exists.", authfile));
return retval;
}
while (fgets(buf, 1024, opwfile))
{
if (!strncmp(buf, username, strlen(username)))
{ {
buf[strlen(buf) - 1] = '\0'; D ((" %s file does not exists.", authfile));
D (("Got user record :: %s", buf)); return retval;
s_user = strtok(buf, ":");
s_token = strtok(NULL, ":");
while (s_token != NULL)
{
if (!strncmp(usertoken, s_token, strlen(usertoken)))
{
D (("Token Found :: %s", s_token));
retval = 1;
break;
}
s_token = strtok(NULL, ":");
}
break;
} }
}
fclose(opwfile); while (fgets (buf, 1024, opwfile))
{
if (!strncmp (buf, username, strlen (username)))
{
buf[strlen (buf) - 1] = '\0';
D (("Got user record :: %s", buf));
s_user = strtok (buf, ":");
s_token = strtok (NULL, ":");
while (s_token != NULL)
{
if (!strncmp (usertoken, s_token, strlen (usertoken)))
{
D (("Token Found :: %s", s_token));
retval = 1;
break;
}
s_token = strtok (NULL, ":");
}
break;
}
}
fclose (opwfile);
return retval; return retval;
} }
@ -136,62 +135,61 @@ check_user_token (const char *authfile,
* list or from user home directory * list or from user home directory
*/ */
static int static int
validate_user_token(const char *authfile, validate_user_token (const char *authfile,
const char *username, const char *username, const char *usertoken)
const char *usertoken)
{ {
int retval = 0; int retval = 0;
if (NULL != authfile) if (NULL != authfile)
{ {
/* Administrator had configured the file and specified is name /* Administrator had configured the file and specified is name
as an argument for this module. as an argument for this module.
*/ */
retval = check_user_token(authfile, username, usertoken); retval = check_user_token (authfile, username, usertoken);
} }
else else
{ {
/* Getting file from user home directory /* Getting file from user home directory
..... i.e. ~/.yubico/authorized_yubikeys ..... i.e. ~/.yubico/authorized_yubikeys
*/ */
struct passwd *p; struct passwd *p;
char *home_dir = NULL; char *home_dir = NULL;
p = getpwnam (username); p = getpwnam (username);
if (p != NULL) if (p != NULL)
{ {
home_dir = (char *) malloc(strlen(p->pw_dir) + 29) ; home_dir = (char *) malloc (strlen (p->pw_dir) + 29);
if(NULL != home_dir) if (NULL != home_dir)
{ {
strcpy(home_dir, p->pw_dir); strcpy (home_dir, p->pw_dir);
strcat(home_dir, "/.yubico/authorized_yubikeys"); strcat (home_dir, "/.yubico/authorized_yubikeys");
} }
} }
retval = check_user_token(home_dir, username, usertoken); retval = check_user_token (home_dir, username, usertoken);
if (NULL != home_dir) if (NULL != home_dir)
{ {
free(home_dir); free (home_dir);
} }
} }
return retval; return retval;
} }
PAM_EXTERN int PAM_EXTERN int
pam_sm_authenticate (pam_handle_t * pamh, pam_sm_authenticate (pam_handle_t * pamh,
int flags, int argc, const char** argv) int flags, int argc, const char **argv)
{ {
int retval, rc; int retval, rc;
const char *user = NULL; const char *user = NULL;
const char *password = NULL; const char *password = NULL;
char *auth_file = NULL; char *auth_file = NULL;
const char *token_otp[TOKEN_LEN+1] = {0}; const char *token_otp[TOKEN_LEN + 1] = { 0 };
const char *token_id[TOKEN_ID_LEN+1] = {0}; const char *token_id[TOKEN_ID_LEN + 1] = { 0 };
char *token_otp_with_password = NULL; char *token_otp_with_password = NULL;
char *token_password = NULL; char *token_password = NULL;
int password_len = 0 ; int password_len = 0;
int valid_token = 0 ; int valid_token = 0;
int i; int i;
struct pam_conv *conv; struct pam_conv *conv;
struct pam_message *pmsg[1], msg[1]; struct pam_message *pmsg[1], msg[1];
@ -211,7 +209,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
if (strcmp (argv[i], "alwaysok") == 0) if (strcmp (argv[i], "alwaysok") == 0)
alwaysok = 1; alwaysok = 1;
if (strncmp (argv[i], "authfile=", 9) == 0) if (strncmp (argv[i], "authfile=", 9) == 0)
auth_file = (char *)argv[i] + 9; auth_file = (char *) argv[i] + 9;
} }
if (debug) if (debug)
@ -278,7 +276,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
password = resp->resp; password = resp->resp;
retval = pam_set_item(pamh, PAM_AUTHTOK, password); retval = pam_set_item (pamh, PAM_AUTHTOK, password);
if (retval != PAM_SUCCESS) if (retval != PAM_SUCCESS)
{ {
if (debug) if (debug)
@ -300,54 +298,58 @@ pam_sm_authenticate (pam_handle_t * pamh,
/* user will enter there system paasword followed by generated OTP */ /* user will enter there system paasword followed by generated OTP */
token_otp_with_password = (char *) password; token_otp_with_password = (char *) password;
password_len = strlen(token_otp_with_password); password_len = strlen (token_otp_with_password);
/* Getting Token value and SSH password */ /* Getting Token value and SSH password */
strncpy((char *)token_otp, token_otp_with_password + ( password_len - TOKEN_LEN ), TOKEN_LEN); strncpy ((char *) token_otp,
token_password = malloc((password_len - TOKEN_LEN) + 1); // need to free this memory token_otp_with_password + (password_len - TOKEN_LEN), TOKEN_LEN);
token_password = malloc ((password_len - TOKEN_LEN) + 1);
if(token_password != NULL) if (token_password != NULL)
{ {
strncpy(token_password, token_otp_with_password, (password_len - TOKEN_LEN)); strncpy (token_password, token_otp_with_password,
token_password[(password_len - TOKEN_LEN)] = 0; (password_len - TOKEN_LEN));
password = token_password; token_password[(password_len - TOKEN_LEN)] = 0;
} password = token_password;
strncpy((char *)token_id, token_otp_with_password + ( password_len - TOKEN_LEN ), TOKEN_ID_LEN); }
strncpy ((char *) token_id,
token_otp_with_password + (password_len - TOKEN_LEN),
TOKEN_ID_LEN);
if (debug) if (debug)
{ {
D ((" Token is : %s and password is %s ",token_otp, password)); D ((" Token is : %s and password is %s ", token_otp, password));
D ((" Token ID is: %s ",token_id)); D ((" Token ID is: %s ", token_id));
} }
/* validate the user with supplied token id */ /* validate the user with supplied token id */
valid_token = validate_user_token(auth_file, (const char *)user, (const char *)token_id); valid_token =
validate_user_token (auth_file, (const char *) user,
(const char *) token_id);
if(password != NULL) if (password != NULL)
{ {
retval = pam_set_item(pamh, PAM_AUTHTOK, password); retval = pam_set_item (pamh, PAM_AUTHTOK, password);
if (retval != PAM_SUCCESS) if (retval != PAM_SUCCESS)
{ {
if (debug) if (debug)
D (("set_item returned error: %s", pam_strerror (pamh, retval))); D (("set_item returned error: %s", pam_strerror (pamh, retval)));
goto done; goto done;
} }
} }
if (valid_token == 0) if (valid_token == 0)
{ {
if (debug) if (debug)
D (("Invalid Token for user ")); D (("Invalid Token for user "));
retval = PAM_SERVICE_ERR; retval = PAM_SERVICE_ERR;
goto done; goto done;
} }
rc = yubikey_client_request (ykc, (const char *)token_otp); rc = yubikey_client_request (ykc, (const char *) token_otp);
if(token_password != NULL) if (token_password != NULL)
{ free (token_password);
free(token_password);
}
if (debug) if (debug)
D (("libyubikey-client return value (%d): %s", rc, D (("libyubikey-client return value (%d): %s", rc,