Hi,
On 18/09/2022 20:30, Selva Nair wrote:
On Sat, Sep 17, 2022 at 10:09 AM Antonio Quartulli <[email protected]
<mailto:[email protected]>> wrote:
From: Michael Karvan <[email protected]
<mailto:[email protected]>>
Signed-off-by: Michael Karvan <[email protected]
<mailto:[email protected]>>
---
src/plugins/auth-pam/auth-pam.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/plugins/auth-pam/auth-pam.c
b/src/plugins/auth-pam/auth-pam.c
index 70339445..9f37c8c0 100644
--- a/src/plugins/auth-pam/auth-pam.c
+++ b/src/plugins/auth-pam/auth-pam.c
@@ -746,8 +746,15 @@ my_conv(int n, const struct pam_message
**msg_array,
}
break;
- case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
+ aresp[i].resp = strdup(up->common_name);
+ if (aresp[i].resp == NULL)
+ {
+ ret = PAM_CONV_ERR;
+ }
+ break;
+
+ case PAM_ERROR_MSG:
break;
To add to what Gert's comment, we already support COMMONNAME in addition
to USERNAME, PASSWORD and
OTP via text replacements for pam prompts specified in the config file.
Like:
plugin openvpn-auth-pam.so "openvpn user USERNAME password PASSWORD cn
COMMONNAME"
and have the PAM module prompt for "user', "password" and "cn", for example.
So why do we need this non-standard stuff ?
Right. This means that this patch is *obsolete*, as we already have a
way to convey the common name.
In fact, IMO, we should be getting rid of this whole "else {}" clause
starting line 728 that tries to guess the prompts based on echo-off ( to
mean password) echo-on (to mean username) etc. Instead, require that the
plugin line in the config file must specify expected prompts and
replacement strings as above.
Agreed. If we have a "clean" way to gather those details, we should get
rid of the hack.
Cheers,
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
