Date: Mon, 20 Aug 2001 07:38:14 -0400 (EDT) From: "Ilmar S. Habibulin" <ilmar@watson.org> To: freebsd-gnats-submit@freebsd.org Subject: bin/29897: pam_unix patch, which uses loginclass passwd_prompt Message-ID: <Pine.BSF.3.96.1010820073512.39718A-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
>Number: 29897 >Category: bin >Synopsis: pam_unix patch, which uses loginclass passwd_prompt >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Aug 20 04:40:02 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Ilmar >Release: FreeBSD 5.0-CURRENT i386 >Organization: home user >Environment: System: FreeBSD somehost. 5.0-CURRENT FreeBSD 5.0-CURRENT #3: Fri Aug 17 11:33:40 MSD 2001 root@somehost.:/usr/src/sys/i386/compile/WS_ILMAR i386 >Description: We have "prompt"(login_prompt in login.conf(5) - error!) and "passwd_prompt" loginclass capabilities, which should be read and presented by login(1). But only "prompt" works in PAM environment, because authentification module pam_unix(8) doesn't know about such capabilities. So i made a patch, that make pam_unix know about them (about only one - passwd_prompt of cause). >How-To-Repeat: Nothing to repeat. ;-) >Fix: Just simple patch below or on http://www.watson.org/~ilmar/download/pam_unix.patch diff -ruiN pam_unix/CVS/Root pam_unix.new/CVS/Root --- pam_unix/CVS/Root Mon Aug 20 14:44:29 2001 +++ pam_unix.new/CVS/Root Mon Aug 13 13:23:14 2001 @@ -1 +1 @@ -/mnt/cvs/FreeBSD +/mnt/cvs diff -ruiN pam_unix/pam_unix.c pam_unix.new/pam_unix.c --- pam_unix/pam_unix.c Mon Jul 9 22:20:50 2001 +++ pam_unix.new/pam_unix.c Mon Aug 20 14:45:30 2001 @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.7 2001/07/09 18:20:50 markm Exp $ + * $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.7 2001/07/09 18:20:50 markm Exp $ - this version */ #include <sys/types.h> @@ -41,7 +41,7 @@ #include "pam_mod_misc.h" -#define PASSWORD_PROMPT "Password:" +#define DEFAULT_PASSWORD_PROMPT "Password:" #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ enum { PAM_OPT_AUTH_AS_SELF=PAM_OPT_STD_MAX, PAM_OPT_NULLOK }; @@ -52,6 +52,8 @@ { NULL, 0 } }; + + /* * authentication management */ @@ -64,6 +66,8 @@ int retval; const char *password, *user; char *encrypted; + login_cap_t *lc; + char *passwd_prompt=DEFAULT_PASSWORD_PROMPT; pam_std_option(&options, other_options, argc, argv); @@ -84,6 +88,21 @@ PAM_LOG("Doing real authentication"); + lc = login_getclass(NULL); +/***************************************** + * + * I don't understand why prompts should be default for all login classes + * I think that lc = login_getpwclass(pwd) is more flexiable solution + * + * lc = login_getclass(NULL); + * lc = login_getpwclass(pwd); + */ + passwd_prompt = login_getcapstr(lc, "passwd_prompt", + DEFAULT_PASSWORD_PROMPT, + DEFAULT_PASSWORD_PROMPT); + login_close(lc); + lc = NULL; + if (pwd->pw_passwd[0] == '\0' && pam_test_option(&options, PAM_OPT_NULLOK, NULL)) { /* @@ -94,7 +113,7 @@ PAM_RETURN(PAM_SUCCESS); } else { - retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT, + retval = pam_get_pass(pamh, &password, passwd_prompt, &options); if (retval != PAM_SUCCESS) PAM_RETURN(retval); @@ -118,7 +137,7 @@ * User unknown. * Encrypt a dummy password so as to not give away too much. */ - retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT, + retval = pam_get_pass(pamh, &password, passwd_prompt, &options); if (retval != PAM_SUCCESS) PAM_RETURN(retval); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010820073512.39718A-100000>