diff options
author | Sumit Bose <sbose@redhat.com> | 2016-09-27 16:03:22 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-23 10:15:13 +0100 |
commit | 52f45837ded98564968da42229b37db6a36ad627 (patch) | |
tree | 03a4b020678ef93c26f219e05bde7a35d0773fc4 /src/sss_client | |
parent | ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3 (diff) | |
download | sssd-52f45837ded98564968da42229b37db6a36ad627.tar.gz sssd-52f45837ded98564968da42229b37db6a36ad627.tar.xz sssd-52f45837ded98564968da42229b37db6a36ad627.zip |
pam: enhance Smartcard authentication token
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/sss_client')
-rw-r--r-- | src/sss_client/pam_sss.c | 45 |
1 files changed, 38 insertions, 7 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index fa30889e7..a3d7a8a23 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1476,6 +1476,7 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi) char *answer = NULL; char *prompt; size_t size; + size_t needed_size; if (pi->token_name == NULL || *pi->token_name == '\0' || pi->cert_user == NULL || *pi->cert_user == '\0') { @@ -1509,18 +1510,48 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi) pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; pi->pam_authtok_size=0; } else { - pi->pam_authtok = strdup(answer); - _pam_overwrite((void *)answer); - free(answer); - answer=NULL; + + ret = sss_auth_pack_sc_blob(answer, 0, pi->token_name, 0, + pi->module_name, 0, + pi->key_id, 0, + NULL, 0, &needed_size); + if (ret != EAGAIN) { + D(("sss_auth_pack_sc_blob failed.")); + ret = PAM_BUF_ERR; + goto done; + } + + pi->pam_authtok = malloc(needed_size); if (pi->pam_authtok == NULL) { - return PAM_BUF_ERR; + D(("malloc failed.")); + ret = PAM_BUF_ERR; + goto done; } + + ret = sss_auth_pack_sc_blob(answer, 0, pi->token_name, 0, + pi->module_name, 0, + pi->key_id, 0, + (uint8_t *) pi->pam_authtok, needed_size, + &needed_size); + if (ret != EOK) { + D(("sss_auth_pack_sc_blob failed.")); + free((void *)pi->pam_authtok); + ret = PAM_BUF_ERR; + goto done; + } + pi->pam_authtok_type = SSS_AUTHTOK_TYPE_SC_PIN; - pi->pam_authtok_size=strlen(pi->pam_authtok); + pi->pam_authtok_size = needed_size; } - return PAM_SUCCESS; + ret = PAM_SUCCESS; + +done: + _pam_overwrite((void *)answer); + free(answer); + answer=NULL; + + return ret; } static int prompt_new_password(pam_handle_t *pamh, struct pam_items *pi) |