diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2016-01-03 22:43:40 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2016-01-03 22:43:40 +0100 |
| commit | bae8f986336383f688f0cf913e6315d430217095 (patch) | |
| tree | 5f4431aa5905f765312e0ab257e4983ded34ad04 | |
| parent | 76915bf738c4532c7ca57fc673b5a0ebd4b91af8 (diff) | |
| download | busybox-w32-bae8f986336383f688f0cf913e6315d430217095.tar.gz busybox-w32-bae8f986336383f688f0cf913e6315d430217095.tar.bz2 busybox-w32-bae8f986336383f688f0cf913e6315d430217095.zip | |
login: add commented-out PAM double password avoidance from BZ 4003
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | loginutils/login.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/loginutils/login.c b/loginutils/login.c index 67fe82e86..4ebc18502 100644 --- a/loginutils/login.c +++ b/loginutils/login.c | |||
| @@ -78,6 +78,49 @@ | |||
| 78 | * Apparently they like to confuse people. */ | 78 | * Apparently they like to confuse people. */ |
| 79 | # include <security/pam_appl.h> | 79 | # include <security/pam_appl.h> |
| 80 | # include <security/pam_misc.h> | 80 | # include <security/pam_misc.h> |
| 81 | |||
| 82 | # if 0 | ||
| 83 | /* This supposedly can be used to avoid double password prompt, | ||
| 84 | * if used instead of standard misc_conv(): | ||
| 85 | * | ||
| 86 | * "When we want to authenticate first with local method and then with tacacs for example, | ||
| 87 | * the password is asked for local method and if not good is asked a second time for tacacs. | ||
| 88 | * So if we want to authenticate a user with tacacs, and the user exists localy, the password is | ||
| 89 | * asked two times before authentication is accepted." | ||
| 90 | * | ||
| 91 | * However, code looks shaky. For example, why misc_conv() return value is ignored? | ||
| 92 | * Are msg[i] and resp[i] indexes handled correctly? | ||
| 93 | */ | ||
| 94 | static char *passwd = NULL; | ||
| 95 | static int my_conv(int num_msg, const struct pam_message **msg, | ||
| 96 | struct pam_response **resp, void *data) | ||
| 97 | { | ||
| 98 | int i; | ||
| 99 | for (i = 0; i < num_msg; i++) { | ||
| 100 | switch (msg[i]->msg_style) { | ||
| 101 | case PAM_PROMPT_ECHO_OFF: | ||
| 102 | if (passwd == NULL) { | ||
| 103 | misc_conv(num_msg, msg, resp, data); | ||
| 104 | passwd = xstrdup(resp[i]->resp); | ||
| 105 | return PAM_SUCCESS; | ||
| 106 | } | ||
| 107 | |||
| 108 | resp[0] = xzalloc(sizeof(struct pam_response)); | ||
| 109 | resp[0]->resp = passwd; | ||
| 110 | passwd = NULL; | ||
| 111 | resp[0]->resp_retcode = PAM_SUCCESS; | ||
| 112 | resp[1] = NULL; | ||
| 113 | return PAM_SUCCESS; | ||
| 114 | |||
| 115 | default: | ||
| 116 | break; | ||
| 117 | } | ||
| 118 | } | ||
| 119 | |||
| 120 | return PAM_SUCCESS; | ||
| 121 | } | ||
| 122 | # endif | ||
| 123 | |||
| 81 | static const struct pam_conv conv = { | 124 | static const struct pam_conv conv = { |
| 82 | misc_conv, | 125 | misc_conv, |
| 83 | NULL | 126 | NULL |