diff options
| author | Joe Patterson <j.m.patterson@gmail.com> | 2011-03-21 18:02:59 -0400 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-03-25 09:38:48 +0100 |
| commit | 6cfada268122fe54ce6d211d96c744e91d41248c (patch) | |
| tree | da73d788fcc20bb7c59d6609e71d036a008f3f44 /plugin/auth-pam/auth-pam.c | |
| parent | Fixed typo in plugin.h (diff) | |
| download | openvpn-6cfada268122fe54ce6d211d96c744e91d41248c.tar.xz | |
common_name passing in auth_pam plugin
Added the ability to have "COMMONNAME" replaced with certificate common
name in pam conversation.
Signed-off-by: Joe Patterson <j.m.patterson@gmail.com>
Acked-By: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to '')
| -rw-r--r-- | plugin/auth-pam/auth-pam.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/plugin/auth-pam/auth-pam.c b/plugin/auth-pam/auth-pam.c index 5a8e269..a06a48e 100644 --- a/plugin/auth-pam/auth-pam.c +++ b/plugin/auth-pam/auth-pam.c @@ -81,6 +81,7 @@ struct auth_pam_context * * "USERNAME" -- substitute client-supplied username * "PASSWORD" -- substitute client-specified password + * "COMMONNAME" -- substitute client certificate common name */ #define N_NAME_VALUE 16 @@ -104,6 +105,7 @@ struct user_pass { char username[128]; char password[128]; + char common_name[128]; const struct name_value_list *name_value_list; }; @@ -470,12 +472,14 @@ openvpn_plugin_func_v1 (openvpn_plugin_handle_t handle, const int type, const ch /* get username/password from envp string array */ const char *username = get_env ("username", envp); const char *password = get_env ("password", envp); + const char *common_name = get_env ("common_name", envp) ? get_env ("common_name", envp) : ""; if (username && strlen (username) > 0 && password) { if (send_control (context->foreground_fd, COMMAND_VERIFY) == -1 || send_string (context->foreground_fd, username) == -1 - || send_string (context->foreground_fd, password) == -1) + || send_string (context->foreground_fd, password) == -1 + || send_string (context->foreground_fd, common_name) == -1) { fprintf (stderr, "AUTH-PAM: Error sending auth info to background process\n"); } @@ -592,6 +596,8 @@ my_conv (int n, const struct pam_message **msg_array, aresp[i].resp = searchandreplace(match_value, "USERNAME", up->username); else if (strstr(match_value, "PASSWORD")) aresp[i].resp = searchandreplace(match_value, "PASSWORD", up->password); + else if (strstr(match_value, "COMMONNAME")) + aresp[i].resp = searchandreplace(match_value, "COMMONNAME", up->common_name); else aresp[i].resp = strdup (match_value); @@ -737,7 +743,8 @@ pam_server (int fd, const char *service, int verb, const struct name_value_list { case COMMAND_VERIFY: if (recv_string (fd, up.username, sizeof (up.username)) == -1 - || recv_string (fd, up.password, sizeof (up.password)) == -1) + || recv_string (fd, up.password, sizeof (up.password)) == -1 + || recv_string (fd, up.common_name, sizeof (up.common_name)) == -1) { fprintf (stderr, "AUTH-PAM: BACKGROUND: read error on command channel: code=%d, exiting\n", command); |