Skip to content
Browse files

pam_duo: add a push option to force using push as factor.

This only changes the prompt to force the use of a given factor for
pam_duo, allowing to use this in conjunction with pam_unix for actual
dual-factor authentication of users on services such as ftpd.
  • Loading branch information...
1 parent bf180a9 commit c9800d51cf6509eab5c7edb3766910c3afe29ebc @Flameeyes committed Mar 27, 2012
Showing with 9 additions and 4 deletions.
  1. +8 −4 pam_duo/pam_duo.c
  2. +1 −0 pam_duo/pam_duo_options.h
View
12 pam_duo/pam_duo.c
@@ -177,12 +177,14 @@ __duo_prompt(void *arg, const char *prompt, char *buf, size_t bufsz)
const char *p;
int rc;
- if ((rc = pam_get_pass(pamh, PAM_AUTHTOK, &p, prompt, options)) == PAM_SUCCESS) {
+ if (options & PAM_OPT_PUSH)
+ strlcpy(buf, "push", bufsz);
+ else if ((rc = pam_get_pass(pamh, PAM_AUTHTOK, &p, prompt, options)) == PAM_SUCCESS)
strlcpy(buf, p, bufsz);
- return (buf);
- }
+ else
+ return (NULL);
- return (NULL);
+ return (buf);
}
static void
@@ -236,6 +238,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int pam_flags,
options |= PAM_OPT_USE_FIRST_PASS|PAM_OPT_TRY_FIRST_PASS;
} else if (strcmp("use_uid", argv[i]) == 0) {
options |= PAM_OPT_USE_UID;
+ } else if (strcmp("push", argv[i]) == 0) {
+ options |= PAM_OPT_PUSH;
} else {
_syslog(LOG_ERR, "Invalid pam_duo option: '%s'",
argv[i]);
View
1 pam_duo/pam_duo_options.h
@@ -13,6 +13,7 @@
#define PAM_OPT_USE_FIRST_PASS 0x04
#define PAM_OPT_ECHO_PASS 0x08
#define PAM_OPT_USE_UID 0x10
+#define PAM_OPT_PUSH 0x20
int pam_get_pass(pam_handle_t *, int, const char **, const char *, int);

0 comments on commit c9800d5

Please sign in to comment.
Something went wrong with that request. Please try again.