aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/pam_matrix.c27
-rw-r--r--tests/services/matrix_opt.in2
-rw-r--r--tests/test_pam_wrapper.c4
3 files changed, 23 insertions, 10 deletions
diff --git a/src/modules/pam_matrix.c b/src/modules/pam_matrix.c
index 86b2ce3..b302a92 100644
--- a/src/modules/pam_matrix.c
+++ b/src/modules/pam_matrix.c
@@ -23,8 +23,10 @@
#define PASSDB_KEY "passdb="
#define VERBOSE_KEY "verbose"
+#define ECHO_KEY "echo"
-#define PAM_MATRIX_FLG_VERBOSE (1 << 0)
+#define PAM_MATRIX_FLG_VERBOSE (1 << 0)
+#define PAM_MATRIX_FLG_ECHO (1 << 1)
#define MAX_AUTHTOK_SIZE 1024
@@ -311,6 +313,7 @@ static int pam_matrix_conv(pam_handle_t *pamh,
* authtok_item as well
*/
static int pam_matrix_read_password(pam_handle_t *pamh,
+ int flags,
int authtok_item,
const char *prompt1,
const char *prompt2,
@@ -320,14 +323,19 @@ static int pam_matrix_read_password(pam_handle_t *pamh,
char *authtok1 = NULL;
char *authtok2 = NULL;
const void *item;
+ int read_flg = PAM_PROMPT_ECHO_OFF;
- rv = pam_matrix_conv(pamh, PAM_PROMPT_ECHO_OFF, prompt1, &authtok1);
+ if (flags & PAM_MATRIX_FLG_ECHO) {
+ read_flg = PAM_PROMPT_ECHO_ON;
+ }
+
+ rv = pam_matrix_conv(pamh, read_flg, prompt1, &authtok1);
if (authtok1 == NULL) {
goto done;
}
if (rv == PAM_SUCCESS && prompt2 != NULL) {
- rv = pam_matrix_conv(pamh, PAM_PROMPT_ECHO_OFF,
+ rv = pam_matrix_conv(pamh, read_flg,
prompt2, &authtok2);
if (rv != PAM_SUCCESS) {
goto done;
@@ -417,6 +425,9 @@ static void eval_args(struct pam_matrix_ctx *pe_ctx,
} else if (strncmp(*argv, VERBOSE_KEY,
strlen(VERBOSE_KEY)) == 0) {
pe_ctx->flags |= PAM_MATRIX_FLG_VERBOSE;
+ } else if (strncmp(*argv, ECHO_KEY,
+ strlen(ECHO_KEY)) == 0) {
+ pe_ctx->flags |= PAM_MATRIX_FLG_ECHO;
}
}
}
@@ -518,8 +529,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
goto done;
}
- rv = pam_matrix_read_password(pamh, PAM_AUTHTOK, "Password: ", NULL,
- (const void **) &pctx.pli.password);
+ rv = pam_matrix_read_password(pamh, pctx.flags, PAM_AUTHTOK, "Password: ",
+ NULL, (const void **) &pctx.pli.password);
if (rv != PAM_SUCCESS) {
rv = PAM_AUTHINFO_UNAVAIL;
goto done;
@@ -696,7 +707,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (flags & PAM_PRELIM_CHECK) {
rv = pam_matrix_read_password(
- pamh, PAM_OLDAUTHTOK,
+ pamh, pctx.flags, PAM_OLDAUTHTOK,
"Old password: ", NULL,
(const void **) &pctx.pli.password);
if (rv != PAM_SUCCESS) {
@@ -737,7 +748,9 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
goto done;
}
- rv = pam_matrix_read_password(pamh, PAM_AUTHTOK,
+ rv = pam_matrix_read_password(pamh,
+ pctx.flags,
+ PAM_AUTHTOK,
"New Password :",
"Verify New Password :",
(const void **) &pctx.pli.password);
diff --git a/tests/services/matrix_opt.in b/tests/services/matrix_opt.in
index 08b58b3..f1213c1 100644
--- a/tests/services/matrix_opt.in
+++ b/tests/services/matrix_opt.in
@@ -1 +1 @@
-auth required @CMAKE_CURRENT_BINARY_DIR@/../src/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/passdb_ro verbose
+auth required @CMAKE_CURRENT_BINARY_DIR@/../src/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/passdb_ro verbose echo
diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c
index 62672be..83f3a0e 100644
--- a/tests/test_pam_wrapper.c
+++ b/tests/test_pam_wrapper.c
@@ -629,7 +629,7 @@ static void test_pam_authenticate_db_opt(void **state)
ZERO_STRUCT(conv_data);
- conv_data.in_echo_off = trinity_authtoks;
+ conv_data.in_echo_on = trinity_authtoks;
conv_data.out_info = info_arr;
perr = pamtest("matrix_opt", "trinity_ro", &conv_data, tests);
@@ -659,7 +659,7 @@ static void test_pam_authenticate_db_opt_err(void **state)
(void) state; /* unused */
ZERO_STRUCT(conv_data);
- conv_data.in_echo_off = trinity_authtoks;
+ conv_data.in_echo_on = trinity_authtoks;
conv_data.out_err = err_arr;
perr = pamtest("matrix_opt", "trinity_ro", &conv_data, tests);