From 0513b405aae55fc0fa74a587f4f6a6d4a9e8eec4 Mon Sep 17 00:00:00 2001 From: Luke Young Date: Wed, 18 Dec 2019 08:37:20 -0800 Subject: [PATCH 1/2] Fix issue #205 Adds support for a `prompt=` configuration flag with a custom prompt. If not specified, existing prompt/behavior is used. --- pam_yubico.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pam_yubico.c b/pam_yubico.c index cf277953..aa0b9199 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -120,6 +120,7 @@ struct cfg const char *capath; const char *cainfo; const char *proxy; + const char *prompt; const char *url; const char *urllist; const char *ldapserver; @@ -838,6 +839,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) cfg->cainfo = argv[i] + 7; if (strncmp (argv[i], "proxy=", 6) == 0) cfg->proxy = argv[i] + 6; + if (strncmp (argv[i], "prompt=", 7) == 0) + cfg->prompt = argv[i] + 7; if (strncmp (argv[i], "url=", 4) == 0) cfg->url = argv[i] + 4; if (strncmp (argv[i], "urllist=", 8) == 0) @@ -935,6 +938,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) DBG ("urllist=%s", cfg->urllist ? cfg->urllist : "(null)"); DBG ("capath=%s", cfg->capath ? cfg->capath : "(null)"); DBG ("cainfo=%s", cfg->cainfo ? cfg->cainfo : "(null)"); + DBG ("prompt=%s", cfg->prompt ? cfg->prompt : "(null)"); DBG ("proxy=%s", cfg->proxy ? cfg->proxy : "(null)"); DBG ("token_id_length=%u", cfg->token_id_length); DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" ); @@ -1140,7 +1144,12 @@ pam_sm_authenticate (pam_handle_t * pamh, pmsg[0] = &msg[0]; { #define QUERY_TEMPLATE "YubiKey for `%s': " - size_t len = strlen (QUERY_TEMPLATE) + strlen (user); + size_t len = strlen (user); + if (cfg->prompt != NULL) { + len += strlen (cfg->prompt); + } else { + len += strlen (QUERY_TEMPLATE); + } int wrote; msg[0].msg = malloc (len); @@ -1150,7 +1159,11 @@ pam_sm_authenticate (pam_handle_t * pamh, goto done; } - wrote = snprintf ((char *) msg[0].msg, len, QUERY_TEMPLATE, user); + if (cfg->prompt != NULL) { + wrote = snprintf ((char *) msg[0].msg, len, cfg->prompt, user); + } else { + wrote = snprintf ((char *) msg[0].msg, len, QUERY_TEMPLATE, user); + } if (wrote < 0 || wrote >= len) { retval = PAM_BUF_ERR; From 703e353140a8839b4f678d90c1f90d5271b35340 Mon Sep 17 00:00:00 2001 From: Luke Young Date: Wed, 18 Dec 2019 08:40:16 -0800 Subject: [PATCH 2/2] Add prompt config to README --- README | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README b/README index c8e1b518..7520ad79 100644 --- a/README +++ b/README @@ -218,6 +218,10 @@ respectively. cainfo:: Option to allow usage of a CA bundle instead of path. +prompt:: +Specifies the prompt that PAM should display when prompting for the +OTP token. If not specified "YubiKey for `%s': " is used. + proxy:: specify a proxy to connect to the validation server. Valid schemes are http://, https://, socks4://, socks4a://, socks5:// or socks5h://.