diff options
Diffstat (limited to 'src/sss_client')
-rw-r--r-- | src/sss_client/pam_message.h | 2 | ||||
-rw-r--r-- | src/sss_client/pam_sss.c | 14 | ||||
-rw-r--r-- | src/sss_client/sss_cli.h | 5 |
3 files changed, 19 insertions, 2 deletions
diff --git a/src/sss_client/pam_message.h b/src/sss_client/pam_message.h index f0a7a076c..34889e074 100644 --- a/src/sss_client/pam_message.h +++ b/src/sss_client/pam_message.h @@ -25,6 +25,7 @@ #include <unistd.h> #include <stdint.h> +#include <stdbool.h> #include "sss_client/sss_cli.h" @@ -56,6 +57,7 @@ struct pam_items { char *otp_token_id; char *otp_challenge; char *first_factor; + bool password_prompting; char *cert_user; char *token_name; diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 1ba02ad0e..fdb9c9076 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1014,6 +1014,10 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, D(("cert user: [%s] token name: [%s]", pi->cert_user, pi->token_name)); break; + case SSS_PASSWORD_PROMPTING: + D(("Password prompting available.")); + pi->password_prompting = true; + break; default: D(("Unknown response type [%d]", type)); } @@ -1102,6 +1106,7 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t flags, pi->otp_vendor = NULL; pi->otp_token_id = NULL; pi->otp_challenge = NULL; + pi->password_prompting = false; pi->cert_user = NULL; pi->token_name = NULL; @@ -1571,8 +1576,13 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, if (flags & FLAGS_USE_2FA || (pi->otp_vendor != NULL && pi->otp_token_id != NULL && pi->otp_challenge != NULL)) { - ret = prompt_2fa(pamh, pi, _("First Factor: "), - _("Second Factor: ")); + if (pi->password_prompting) { + ret = prompt_2fa(pamh, pi, _("First Factor: "), + _("Second Factor (optional): ")); + } else { + ret = prompt_2fa(pamh, pi, _("First Factor: "), + _("Second Factor: ")); + } } else if (pi->cert_user != NULL) { ret = prompt_sc_pin(pamh, pi); } else { diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index 17d8e4503..b6610bc6d 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -426,6 +426,11 @@ enum response_type { SSS_OTP, /**< Indicates that the autotok was a OTP, so don't * cache it. There is no message. * @param None. */ + SSS_PASSWORD_PROMPTING, /**< Indicates that password prompting is possible. + * This might be used together with + * SSS_PAM_OTP_INFO to determine the type of + * prompting. There is no message. + * @param None. */ }; /** |