Mercurial > dovecot > original-hg > dovecot-1.2
changeset 6215:a9c934833374 HEAD
Added failure_show_msg=yes parameter to PAM. If set, the first line of PAM
password query is shown to user if authentication fails. This is useful with
pam_otp.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 07 Aug 2007 13:19:08 +0300 |
parents | 974066ba68a3 |
children | 91f9f6fb8276 |
files | dovecot-example.conf src/auth/passdb-pam.c |
diffstat | 2 files changed, 20 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Tue Aug 07 13:17:50 2007 +0300 +++ b/dovecot-example.conf Tue Aug 07 13:19:08 2007 +0300 @@ -799,7 +799,7 @@ # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM # authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt> passdb pam { - # [blocking=yes] [session=yes] [setcred=yes] + # [blocking=yes] [session=yes] [setcred=yes] [failure_show_msg=yes] # [cache_key=<key>] [<service name>] # # By default a new process is forked from dovecot-auth for each PAM lookup.
--- a/src/auth/passdb-pam.c Tue Aug 07 13:17:50 2007 +0300 +++ b/src/auth/passdb-pam.c Tue Aug 07 13:19:08 2007 +0300 @@ -48,8 +48,11 @@ struct pam_passdb_module { struct passdb_module module; - bool pam_setcred, pam_session; const char *service_name, *pam_cache_key; + + unsigned int pam_setcred:1; + unsigned int pam_session:1; + unsigned int failure_show_msg:1; }; struct pam_auth_request { @@ -67,6 +70,7 @@ struct pam_conv_context { struct auth_request *request; const char *pass; + const char *failure_msg; }; static struct hash_table *pam_requests; @@ -78,6 +82,8 @@ { /* @UNSAFE */ struct pam_conv_context *ctx = appdata_ptr; + struct passdb_module *_passdb = ctx->request->passdb->passdb; + struct pam_passdb_module *passdb = (struct pam_passdb_module *)_passdb; struct pam_response *resp; char *string; int i; @@ -102,6 +108,8 @@ break; case PAM_PROMPT_ECHO_OFF: /* Assume we're asking for password */ + if (passdb->failure_show_msg) + ctx->failure_msg = t_strdup(msg[i]->msg); string = strdup(ctx->pass); if (string == NULL) i_fatal_status(FATAL_OUTOFMEM, "Out of memory"); @@ -208,6 +216,7 @@ conv.conv = pam_userpass_conv; conv.appdata_ptr = &ctx; + memset(&ctx, 0, sizeof(ctx)); ctx.request = request; ctx.pass = password; @@ -249,6 +258,10 @@ str = t_strdup_printf("pam_end() failed: %s", pam_strerror(pamh, status2)); } + if (result != PASSDB_RESULT_OK && ctx.failure_msg != NULL) { + auth_request_set_field(request, "reason", + ctx.failure_msg, NULL); + } } if (worker) { @@ -447,7 +460,7 @@ module->service_name = "dovecot"; t_push(); - t_args = t_strsplit(args, " "); + t_args = t_strsplit_spaces(args, " "); for(i = 0; t_args[i] != NULL; i++) { /* -session for backwards compatibility */ if (strcmp(t_args[i], "-session") == 0 || @@ -461,15 +474,14 @@ t_args[i] + 10); } else if (strcmp(t_args[i], "blocking=yes") == 0) { module->module.blocking = TRUE; + } else if (strcmp(t_args[i], "failure_show_msg=yes") == 0) { + module->failure_show_msg = TRUE; } else if (strcmp(t_args[i], "*") == 0) { /* for backwards compatibility */ module->service_name = "%Ls"; } else if (t_args[i+1] == NULL) { - if (*t_args[i] != '\0') { - module->service_name = - p_strdup(auth_passdb->auth->pool, - t_args[i]); - } + module->service_name = + p_strdup(auth_passdb->auth->pool, t_args[i]); } else { i_fatal("Unexpected PAM parameter: %s", t_args[i]); }