On Sat, Sep 17, 2022 at 10:09 AM Antonio Quartulli <a...@unstable.cc> wrote:
> From: Michael Karvan <michael.kar...@gmail.com>
>
> Signed-off-by: Michael Karvan <michael.kar...@gmail.com>
> ---
> src/plugins/auth-pam/auth-pam.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/src/plugins/auth-pam/auth-pam.c
> b/src/plugins/auth-pam/auth-pam.c
> index 70339445..9f37c8c0 100644
> --- a/src/plugins/auth-pam/auth-pam.c
> +++ b/src/plugins/auth-pam/auth-pam.c
> @@ -746,8 +746,15 @@ my_conv(int n, const struct pam_message **msg_array,
> }
> break;
>
> - case PAM_ERROR_MSG:
> case PAM_TEXT_INFO:
> + aresp[i].resp = strdup(up->common_name);
> + if (aresp[i].resp == NULL)
> + {
> + ret = PAM_CONV_ERR;
> + }
> + break;
> +
> + case PAM_ERROR_MSG:
> break;
>
>
To add to what Gert's comment, we already support COMMONNAME in addition to
USERNAME, PASSWORD and
OTP via text replacements for pam prompts specified in the config file.
Like:
plugin openvpn-auth-pam.so "openvpn user USERNAME password PASSWORD cn
COMMONNAME"
and have the PAM module prompt for "user', "password" and "cn", for example.
So why do we need this non-standard stuff ?
In fact, IMO, we should be getting rid of this whole "else {}" clause
starting line 728 that tries to guess the prompts based on echo-off ( to
mean password) echo-on (to mean username) etc. Instead, require that the
plugin line in the config file must specify expected prompts and
replacement strings as above.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
