summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2016-01-03 22:43:40 +0100
committerDenys Vlasenko2016-01-03 22:43:40 +0100
commitbae8f986336383f688f0cf913e6315d430217095 (patch)
tree5f4431aa5905f765312e0ab257e4983ded34ad04
parent76915bf738c4532c7ca57fc673b5a0ebd4b91af8 (diff)
downloadbusybox-bae8f986336383f688f0cf913e6315d430217095.zip
busybox-bae8f986336383f688f0cf913e6315d430217095.tar.gz
login: add commented-out PAM double password avoidance from BZ 4003
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--loginutils/login.c43
1 files changed, 43 insertions, 0 deletions
diff --git a/loginutils/login.c b/loginutils/login.c
index 67fe82e..4ebc185 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -78,6 +78,49 @@
* Apparently they like to confuse people. */
# include <security/pam_appl.h>
# include <security/pam_misc.h>
+
+# if 0
+/* This supposedly can be used to avoid double password prompt,
+ * if used instead of standard misc_conv():
+ *
+ * "When we want to authenticate first with local method and then with tacacs for example,
+ * the password is asked for local method and if not good is asked a second time for tacacs.
+ * So if we want to authenticate a user with tacacs, and the user exists localy, the password is
+ * asked two times before authentication is accepted."
+ *
+ * However, code looks shaky. For example, why misc_conv() return value is ignored?
+ * Are msg[i] and resp[i] indexes handled correctly?
+ */
+static char *passwd = NULL;
+static int my_conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ int i;
+ for (i = 0; i < num_msg; i++) {
+ switch (msg[i]->msg_style) {
+ case PAM_PROMPT_ECHO_OFF:
+ if (passwd == NULL) {
+ misc_conv(num_msg, msg, resp, data);
+ passwd = xstrdup(resp[i]->resp);
+ return PAM_SUCCESS;
+ }
+
+ resp[0] = xzalloc(sizeof(struct pam_response));
+ resp[0]->resp = passwd;
+ passwd = NULL;
+ resp[0]->resp_retcode = PAM_SUCCESS;
+ resp[1] = NULL;
+ return PAM_SUCCESS;
+
+ default:
+ break;
+ }
+ }
+
+ return PAM_SUCCESS;
+}
+# endif
+
static const struct pam_conv conv = {
misc_conv,
NULL