diff options
author | Denys Vlasenko | 2016-01-03 22:43:40 +0100 |
---|---|---|
committer | Denys Vlasenko | 2016-01-03 22:43:40 +0100 |
commit | bae8f986336383f688f0cf913e6315d430217095 (patch) | |
tree | 5f4431aa5905f765312e0ab257e4983ded34ad04 | |
parent | 76915bf738c4532c7ca57fc673b5a0ebd4b91af8 (diff) | |
download | busybox-bae8f986336383f688f0cf913e6315d430217095.zip busybox-bae8f986336383f688f0cf913e6315d430217095.tar.gz |
login: add commented-out PAM double password avoidance from BZ 4003
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | loginutils/login.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/loginutils/login.c b/loginutils/login.c index 67fe82e..4ebc185 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -78,6 +78,49 @@ * Apparently they like to confuse people. */ # include <security/pam_appl.h> # include <security/pam_misc.h> + +# if 0 +/* This supposedly can be used to avoid double password prompt, + * if used instead of standard misc_conv(): + * + * "When we want to authenticate first with local method and then with tacacs for example, + * the password is asked for local method and if not good is asked a second time for tacacs. + * So if we want to authenticate a user with tacacs, and the user exists localy, the password is + * asked two times before authentication is accepted." + * + * However, code looks shaky. For example, why misc_conv() return value is ignored? + * Are msg[i] and resp[i] indexes handled correctly? + */ +static char *passwd = NULL; +static int my_conv(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *data) +{ + int i; + for (i = 0; i < num_msg; i++) { + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_OFF: + if (passwd == NULL) { + misc_conv(num_msg, msg, resp, data); + passwd = xstrdup(resp[i]->resp); + return PAM_SUCCESS; + } + + resp[0] = xzalloc(sizeof(struct pam_response)); + resp[0]->resp = passwd; + passwd = NULL; + resp[0]->resp_retcode = PAM_SUCCESS; + resp[1] = NULL; + return PAM_SUCCESS; + + default: + break; + } + } + + return PAM_SUCCESS; +} +# endif + static const struct pam_conv conv = { misc_conv, NULL |