Re: [opensc-devel] Some small PAM prompt changes to pam_pkcs11 module

[Huie-Ying Lee]

Ludovic Rousseau wrote:

On Fri, Oct 10, 2008 at 8:38 PM, Huie-Ying Lee <[EMAIL PROTECTED]> wrote:

Robert Relyea wrote:

It still looks like you are unconditionally changing the prompt to be
'Enter your user name'. That still leaves the problem of telling the user
that 'smart card login' is enabled. We at least need something like 'Please
insert your token', etc. I wouldn't have a problem with reading that from a
config file either.

Agreed.   I have updated the source to include "Please insert your token" in
the "Enter your user name" prompts.   Attached is the updated patch.

We could even use: "Please insert your %s", configuration.token_type
The idea is to remove any  reference to "Smart card" and "token" and
use configuration.token_type instead

Can you update the patch with this change?

OK, the updated patch is attached.

Huie-Ying

Index: src/pam_pkcs11/pam_pkcs11.c
===================================================================
--- src/pam_pkcs11/pam_pkcs11.c (revision 340)
+++ src/pam_pkcs11/pam_pkcs11.c (working copy)
@@ -280,8 +280,10 @@
            DBG1("explicit username = [%s]", user);
        } 
   } else {
-        pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-                   _("Please insert your smart card or enter your username."));
+       sprintf(password_prompt,
+               _("Please insert your %s or enter your username."),
+               configuration->token_type);
+        pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
        /* get user name */
        rv = pam_get_user(pamh, &user, NULL);
 
@@ -369,8 +371,9 @@
     } else {
       /* we haven't prompted for the user yet, get the user and see if
        * the smart card has been inserted in the mean time */
-      pam_prompt(pamh, PAM_TEXT_INFO, NULL, 
-                 _("Please insert your smart card or enter your username."));
+      sprintf(password_prompt, _("Please insert your %s or enter your name."),
+             configuration->token_type);
+      pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
       rv = pam_get_user(pamh, &user, NULL);
 
       /* check one last time for the smart card before bouncing to the next
@@ -389,7 +392,8 @@
       }
     }
   } else {
-      pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Smart card inserted. "));
+      sprintf(password_prompt, _("Found the %s."), configuration->token_type);
+      pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
   }
   rv = open_pkcs11_session(ph, slot_num);
   if (rv != 0) {
@@ -402,14 +406,14 @@
   /* get password */
   sprintf(password_prompt, _("Welcome %.32s!"), get_slot_tokenlabel(ph));
   pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
+  sprintf(password_prompt, _("%s PIN: "), configuration->token_type);
   if (configuration->use_first_pass) {
     rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
   } else if (configuration->try_first_pass) {
-    rv = pam_get_pwd(pamh, &password, _("Smart card password: "), PAM_AUTHTOK,
+    rv = pam_get_pwd(pamh, &password, password_prompt, PAM_AUTHTOK,
       PAM_AUTHTOK);
   } else {
-    rv = pam_get_pwd(pamh, &password, _("Smart card password: "), 0,
-      PAM_AUTHTOK);
+    rv = pam_get_pwd(pamh, &password, password_prompt, 0, PAM_AUTHTOK);
   }
   if (rv != PAM_SUCCESS) {
     release_pkcs11_module(ph);
Index: src/pam_pkcs11/pam_config.c
===================================================================
--- src/pam_pkcs11/pam_config.c (revision 340)
+++ src/pam_pkcs11/pam_config.c (working copy)
@@ -58,6 +58,7 @@
                CONFDIR "/nssdb",
                OCSP_NONE
        },
+       "Smart card",                   /* token_type */
        NULL                            /* char *username */
 };
 
@@ -189,6 +190,11 @@
                }
                policy_list= policy_list->next;
            }
+
+           configuration.token_type = (char *)
+                       
scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type);
+
+           
        }
        screen_saver_list = scconf_find_list(root,"screen_savers");
        if (screen_saver_list) {
@@ -319,6 +325,12 @@
                }
                continue;
           }
+
+          if (strstr(argv[i],"token_type=") ) {
+               
res=sscanf(argv[i],"token_type=%255s",&configuration.token_type);
+               continue;
+          }
+
           if (strstr(argv[i],"config_file=") ) {
                /* already parsed, skip */
                continue;
Index: src/pam_pkcs11/pam_config.h
===================================================================
--- src/pam_pkcs11/pam_config.h (revision 340)
+++ src/pam_pkcs11/pam_config.h (working copy)
@@ -42,6 +42,7 @@
        int slot_num;
        int support_threads;
        cert_policy policy;
+       char *token_type;
        char *username; /* provided user name */
 };
 
Index: etc/pam_pkcs11.conf.example
===================================================================
--- etc/pam_pkcs11.conf.example (revision 340)
+++ etc/pam_pkcs11.conf.example (working copy)
@@ -82,6 +82,12 @@
     # You can use a combination of ca,crl, and signature flags, or just
     # use "none".
     cert_policy = ca,signature;
+
+    # What kind of tokens ?
+    # The value of the token_type parameter will be used in the user prompt
+    # messages.   The default value is "Smart card".
+    token_type = "Smart card";
+
   }
 
   # Aladdin eTokenPRO 32

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel