1
0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-21 22:52:17 +01:00

Changes for Two Factor Authentication using FreeRADIUS and Yubico YMS

This commit is contained in:
Network marvels 2009-05-02 18:14:10 +00:00
parent ae7359985e
commit 7607fc9416

View File

@ -198,6 +198,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
int nargs = 1; int nargs = 1;
int id = -1; int id = -1;
int debug = 0; int debug = 0;
int userauth = 0;
int alwaysok = 0; int alwaysok = 0;
yubikey_client_t ykc; yubikey_client_t ykc;
@ -213,6 +214,8 @@ pam_sm_authenticate (pam_handle_t * pamh,
auth_file = (char *) argv[i] + 9; auth_file = (char *) argv[i] + 9;
if (strncmp (argv[i], "url=", 4) == 0) if (strncmp (argv[i], "url=", 4) == 0)
url_template = (char *) argv[i] + 4; url_template = (char *) argv[i] + 4;
if (strncmp (argv[i], "userauth", 9) == 0)
userauth = 1;
} }
if (debug) if (debug)
@ -225,6 +228,7 @@ pam_sm_authenticate (pam_handle_t * pamh,
D (("debug=%d", debug)); D (("debug=%d", debug));
D (("alwaysok=%d", alwaysok)); D (("alwaysok=%d", alwaysok));
D (("authfile=%s", auth_file)); D (("authfile=%s", auth_file));
D (("userauth=%d", userauth));
} }
retval = pam_get_user (pamh, &user, NULL); retval = pam_get_user (pamh, &user, NULL);
@ -329,10 +333,21 @@ pam_sm_authenticate (pam_handle_t * pamh,
} }
/* validate the user with supplied token id */ /* validate the user with supplied token id */
if (!userauth)
{
valid_token = valid_token =
validate_user_token (auth_file, (const char *) user, validate_user_token (auth_file, (const char *) user,
(const char *) token_id); (const char *) token_id);
if (valid_token == 0)
{
if (debug)
D (("Invalid Token for user "));
retval = PAM_SERVICE_ERR;
goto done;
}
}
if (password != NULL) if (password != NULL)
{ {
retval = pam_set_item (pamh, PAM_AUTHTOK, password); retval = pam_set_item (pamh, PAM_AUTHTOK, password);
@ -344,15 +359,14 @@ pam_sm_authenticate (pam_handle_t * pamh,
} }
} }
if (valid_token == 0) if (!userauth) {
{ rc = yubikey_client_request (ykc, (const char *) token_otp, NULL, 0);
if (debug) }
D (("Invalid Token for user ")); else {
retval = PAM_SERVICE_ERR; rc = yubikey_client_request (ykc, (const char *) token_otp, (char *)user, 0);
goto done; if (rc == YUBIKEY_CLIENT_NO_USERKEY_MAP)
rc = yubikey_client_request (ykc, (const char *) token_otp, (char *)user, 1);
} }
rc = yubikey_client_request (ykc, (const char *) token_otp);
if (token_password != NULL) if (token_password != NULL)
free (token_password); free (token_password);