mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-01-21 22:52:17 +01:00
Changes for Two Factor Authentication using FreeRADIUS and Yubico YMS
This commit is contained in:
parent
ae7359985e
commit
7607fc9416
30
pam_yubico.c
30
pam_yubico.c
@ -198,6 +198,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
int nargs = 1;
|
int nargs = 1;
|
||||||
int id = -1;
|
int id = -1;
|
||||||
int debug = 0;
|
int debug = 0;
|
||||||
|
int userauth = 0;
|
||||||
int alwaysok = 0;
|
int alwaysok = 0;
|
||||||
yubikey_client_t ykc;
|
yubikey_client_t ykc;
|
||||||
|
|
||||||
@ -213,6 +214,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
auth_file = (char *) argv[i] + 9;
|
auth_file = (char *) argv[i] + 9;
|
||||||
if (strncmp (argv[i], "url=", 4) == 0)
|
if (strncmp (argv[i], "url=", 4) == 0)
|
||||||
url_template = (char *) argv[i] + 4;
|
url_template = (char *) argv[i] + 4;
|
||||||
|
if (strncmp (argv[i], "userauth", 9) == 0)
|
||||||
|
userauth = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (debug)
|
if (debug)
|
||||||
@ -225,6 +228,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
D (("debug=%d", debug));
|
D (("debug=%d", debug));
|
||||||
D (("alwaysok=%d", alwaysok));
|
D (("alwaysok=%d", alwaysok));
|
||||||
D (("authfile=%s", auth_file));
|
D (("authfile=%s", auth_file));
|
||||||
|
D (("userauth=%d", userauth));
|
||||||
}
|
}
|
||||||
|
|
||||||
retval = pam_get_user (pamh, &user, NULL);
|
retval = pam_get_user (pamh, &user, NULL);
|
||||||
@ -329,10 +333,21 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* validate the user with supplied token id */
|
/* validate the user with supplied token id */
|
||||||
|
if (!userauth)
|
||||||
|
{
|
||||||
valid_token =
|
valid_token =
|
||||||
validate_user_token (auth_file, (const char *) user,
|
validate_user_token (auth_file, (const char *) user,
|
||||||
(const char *) token_id);
|
(const char *) token_id);
|
||||||
|
|
||||||
|
if (valid_token == 0)
|
||||||
|
{
|
||||||
|
if (debug)
|
||||||
|
D (("Invalid Token for user "));
|
||||||
|
retval = PAM_SERVICE_ERR;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (password != NULL)
|
if (password != NULL)
|
||||||
{
|
{
|
||||||
retval = pam_set_item (pamh, PAM_AUTHTOK, password);
|
retval = pam_set_item (pamh, PAM_AUTHTOK, password);
|
||||||
@ -344,15 +359,14 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (valid_token == 0)
|
if (!userauth) {
|
||||||
{
|
rc = yubikey_client_request (ykc, (const char *) token_otp, NULL, 0);
|
||||||
if (debug)
|
}
|
||||||
D (("Invalid Token for user "));
|
else {
|
||||||
retval = PAM_SERVICE_ERR;
|
rc = yubikey_client_request (ykc, (const char *) token_otp, (char *)user, 0);
|
||||||
goto done;
|
if (rc == YUBIKEY_CLIENT_NO_USERKEY_MAP)
|
||||||
|
rc = yubikey_client_request (ykc, (const char *) token_otp, (char *)user, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = yubikey_client_request (ykc, (const char *) token_otp);
|
|
||||||
|
|
||||||
if (token_password != NULL)
|
if (token_password != NULL)
|
||||||
free (token_password);
|
free (token_password);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user