diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2010-04-29 12:45:38 -0400 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2010-04-29 12:45:38 -0400 |
| commit | 2b58d08567e1375440fa0a0619920b34ebd68e5a (patch) | |
| tree | 35e50ab001509a8c0e8db7ef2281de3478000923 | |
| parent | f9a487043828bf79a20dd2747809c3f5761ca04a (diff) | |
| download | pam_rps-2b58d08567e1375440fa0a0619920b34ebd68e5a.tar.gz pam_rps-2b58d08567e1375440fa0a0619920b34ebd68e5a.tar.xz pam_rps-2b58d08567e1375440fa0a0619920b34ebd68e5a.zip | |
- bring back "throw="
| -rw-r--r-- | src/pam_rps.8.in | 4 | ||||
| -rw-r--r-- | src/pam_rps.c | 23 |
2 files changed, 21 insertions, 6 deletions
diff --git a/src/pam_rps.8.in b/src/pam_rps.8.in index 111236e..2bb96c0 100644 --- a/src/pam_rps.8.in +++ b/src/pam_rps.8.in @@ -19,6 +19,10 @@ local system or a trusted server. Using pam_rps removes this limitation. Enable module debugging. The module will log its progress to syslog with "debug" priority. +.IP throw=\fInumber\fP +The user will be issued the \fInumber\fPth challenge in the module's list +of challenges that it can throw. + .IP best_of=\fInumber\fP The user will be issued multiple challenges, and must "win" against more than one half of them. If the supplied number is not odd, it will be incremented. diff --git a/src/pam_rps.c b/src/pam_rps.c index bb23d7f..4e08c1d 100644 --- a/src/pam_rps.c +++ b/src/pam_rps.c @@ -108,11 +108,13 @@ get_random_byte(void) /* Select the challenge. */ static void -fill(struct pam_message *msg, int style, int n_rules) +fill(struct pam_message *msg, int style, int n_rules, int throw) { + int which; + which = (throw != -1) ? throw : get_random_byte(); memset(msg, 0, sizeof(*msg)); msg->msg_style = style; - msg->msg = rules[get_random_byte() % n_rules].challenge; + msg->msg = rules[which % n_rules].challenge; } static void @@ -140,7 +142,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) struct pam_message **msgs, *msg_array, *prompt; const struct pam_message **cmsgs; const char *service; - int debug = 0, loglevel, i, j, k, score, best_of, prompt_style; + int debug = 0, loglevel, i, j, k, score, best_of, prompt_style, throw; int abi_sun, abi_linux, n_rules, n_winners; #ifdef LOG_AUTHPRIV @@ -189,6 +191,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) abi_linux = 1; n_rules = 3; n_winners = 2; + throw = -1; for (i = 0; i < argc; i++) { /* Force Linux-PAM-style semantics. */ if (strcmp(argv[i], "linux") == 0) { @@ -227,6 +230,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) "requiring best of %d matches", best_of); } } + /* Use non-random throw(s). */ + if (strncmp(argv[i], "throw=", 6) == 0) { + throw = atol(argv[i] + 6); + if (debug) { + syslog(debug, "always throwing %d", throw); + } + } } /* Set up the PAM message structure. We want to be able to exercise @@ -255,14 +265,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) * array. */ for (i = 0; i < best_of; i++) { msgs[i] = &msg_array[i]; - fill(&msg_array[i], prompt_style, n_rules); + fill(&msg_array[i], prompt_style, n_rules, throw); } } else { if (abi_linux) { /* Set the pointer to the array, and fill the array. */ msgs = &msg_array; for (i = 0; i < best_of; i++) { - fill(&msg_array[i], prompt_style, n_rules); + fill(&msg_array[i], prompt_style, n_rules, + throw); } } if (abi_sun) { @@ -274,7 +285,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_BUF_ERR; } memset(msgs[i], 0, sizeof(struct pam_message)); - fill(msgs[i], prompt_style, n_rules); + fill(msgs[i], prompt_style, n_rules, throw); } } } |