[Openvpn-devel] Add common_name to the conv method. This allows the common_name to be accessible in PAM.
| Message ID | 1513450642-29687-1-git-send-email-Michael.Karvan@gmail.com |
|---|---|
| State | Changes Requested |
| Headers |
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director5.mail.ord1d.rsapps.net ([172.28.255.1]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id M/krCvpsNVoMdgAAgoeIoA for <patchwork@openvpn.net>; Sat, 16 Dec 2017 13:59:06 -0500 Received: from director6.mail.ord1c.rsapps.net ([172.28.255.1]) by director5.mail.ord1d.rsapps.net (Dovecot) with LMTP id dRo+APpsNVoJGgAAsdCWiw ; Sat, 16 Dec 2017 13:59:06 -0500 Received: from smtp24.gate.ord1a ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by director6.mail.ord1c.rsapps.net (Dovecot) with LMTP id KTZlAPpsNVqUYQAA5akwjA ; Sat, 16 Dec 2017 13:59:06 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp24.gate.ord1a.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Classification-ID: 3060c388-e293-11e7-933b-90e6ba3f2f8c-1-1 Received: from [216.34.181.88] ([216.34.181.88:36403] helo=lists.sourceforge.net) by smtp24.gate.ord1a.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 4B/5B-06249-9FC653A5; Sat, 16 Dec 2017 13:59:05 -0500 Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1eQHeS-00013u-On; Sat, 16 Dec 2017 18:57:36 +0000 Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <michael.karvan@gmail.com>) id 1eQHeR-00013o-MX for openvpn-devel@lists.sourceforge.net; Sat, 16 Dec 2017 18:57:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DlgRdkkr8xUf5NhvAt9wa5POOaxxda3Qohp9CNY4xLw=; b=W0L+EgJzQbPaN4zD2vFGE4YN77 uqhyXXjJSmdX4ALclyc0ws/EPpoVyNrz1clpnu3Mg97jX6k1KshlD4zzU6SBctXgI89qLy+8PAy2T AQXxV3+HSIgY4zekywrRnQZHSjQsuOalrlmnBtLW0yNinak3NUP5VFoJAi5+5IkpQNFY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=DlgRdkkr8xUf5NhvAt9wa5POOaxxda3Qohp9CNY4xLw=; b=Mx6CZtCoglGztp2HhcIOuoQMhK Ghx68LVhL6tf73O1T0BbsRJzWMFRGNO377JDl6BGXZysiFZUmUq5MzfyO0ySMQQcwOQBtb/mrFpYq AO26CpC63xFhC9aaA56/hfCSGmI5hqUjXSvC4WIjeGC7tavQ/nYHEZKPGjyscfZMX5SM=; Received: from mail-pl0-f41.google.com ([209.85.160.41]) by sfi-mx-2.v28.ch3.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) id 1eQHeQ-0003k5-Uf for openvpn-devel@lists.sourceforge.net; Sat, 16 Dec 2017 18:57:35 +0000 Received: by mail-pl0-f41.google.com with SMTP id b96so2385799pli.2 for <openvpn-devel@lists.sourceforge.net>; Sat, 16 Dec 2017 10:57:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=DlgRdkkr8xUf5NhvAt9wa5POOaxxda3Qohp9CNY4xLw=; b=l8XeWAqRFmCc/nO+PCx87zi3jXPPXKeEwtTlISUYOeQO/i7GS1FQ5ExaxlsJ3k/Zso bjhshD+tYIGWqcZmFwSf6czvbQVtBOwOCtU80OLbEtD4cE/BDAbo5Nt3QeGmoVTRAccZ 4KZzo4IAcKFNC4t95bQ/8KQrvNk+apyEl21nc57oxMaTVMMpF3quBAivKMJ3TRVMydJT 0Dh1H41eJ2ssNYN/noNMFFpmtqx6IgzlfijternvONz35mmCkIyReAqXo5S+DR6yCEr3 4Ad/ZsSfxbdrQ2qTg0JTA67RIJUOpHSzTtuEQJK1tm8dW5uHkpqu3YpQpQeD8Y8FiLaF yvPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=DlgRdkkr8xUf5NhvAt9wa5POOaxxda3Qohp9CNY4xLw=; b=CQiGLuBKwtnaO9A/X4c9IJ77ywgyq2z3UXfZEsE4HhQ7/kHKeT9v4Qx9EXA2i+p56r 2Bg6qYEpY6EPcGNszbWzenNtd9DOYTuwRlllBtJVQdJaFLqw1lB5akZ/BaYMO/OpGx5K zPYm7NlmQH39Td6FcYH7V4e3SHouZeS9WrWuJQZVEWe1QjmN/ArOY17VUiiYXP4h6Kna yc5QOAb8koAsIBgemwSf6J5A4BkHi7hOOAcjarjmLgTr/ZTTT0IoHA929IoOqEf2sRWZ dzSO3k1LUnTIHgaTMA1h6P/fPlTTw7DSZWOcQPBclrmsedz4o9fDADJLoQGUdKDPWvS1 9LCw== X-Gm-Message-State: AKGB3mJncnCIeMdMnU/frap1EGmwVJEJ2JCDbtz9yDoueXaN05Qz2iwp F+xtksKhOOzUv8cIorNUN3sl/Af1 X-Google-Smtp-Source: ACJfBos0DWqYk+ISk9lmMWLVGFW/Hv2DXvUK1D8XtZ0jFHtR1Zijd8w3QE5r05kEBTu15FFjFhui4Q== X-Received: by 10.84.129.47 with SMTP id 44mr1813925plb.248.1513450649119; Sat, 16 Dec 2017 10:57:29 -0800 (PST) Received: from Deb01.wavecable.com (c-24-143-76-204.customer.broadstripe.net. [24.143.76.204]) by smtp.gmail.com with ESMTPSA id o63sm19063053pfi.137.2017.12.16.10.57.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 16 Dec 2017 10:57:28 -0800 (PST) From: Michael Karvan <michael.karvan@gmail.com> X-Google-Original-From: Michael Karvan <Michael.Karvan@gmail.com> To: openvpn-devel@lists.sourceforge.net Date: Sat, 16 Dec 2017 10:57:22 -0800 Message-Id: <1513450642-29687-1-git-send-email-Michael.Karvan@gmail.com> X-Mailer: git-send-email 2.1.4 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (michael.karvan[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.160.41 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1eQHeQ-0003k5-Uf Subject: [Openvpn-devel] [PATCH] Add common_name to the conv method. This allows the common_name to be accessible in PAM. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
| Series |
[Openvpn-devel] Add common_name to the conv method. This allows the common_name to be accessible in PAM.
|
|
Commit Message
Michael Karvan
Dec. 16, 2017, 7:57 a.m. UTC
--- src/plugins/auth-pam/auth-pam.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
Comments
Hi, On Sat, Dec 16, 2017 at 1:57 PM, Michael Karvan <michael.karvan@gmail.com> wrote: > --- > src/plugins/auth-pam/auth-pam.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c > index ae514d7..c64e14b 100644 > --- a/src/plugins/auth-pam/auth-pam.c > +++ b/src/plugins/auth-pam/auth-pam.c > @@ -637,9 +637,16 @@ my_conv(int n, const struct pam_message **msg_array, > ret = PAM_CONV_ERR; > } > break; > + > + case PAM_TEXT_INFO: > + aresp[i].resp = strdup(up->common_name); > + if (aresp[i].resp == NULL) > + { > + ret = PAM_CONV_ERR; > + } > + break; The purpose of PAM_TEXT_INFO is for the module to send an info message to the user. Using it to send the common name back to the module is hackish. Yes, it can work in a custom module but its not right to interpret every PAM_TEXT_INFO msg as a request for common name. Why not prompt for it just like username and have the plugin return it? Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Hi, On Sat, Dec 16, 2017 at 4:48 PM, Selva Nair <selva.nair@gmail.com> wrote: > Hi, > > On Sat, Dec 16, 2017 at 1:57 PM, Michael Karvan > <michael.karvan@gmail.com> wrote: >> --- >> src/plugins/auth-pam/auth-pam.c | 9 ++++++++- >> 1 file changed, 8 insertions(+), 1 deletion(-) >> >> diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c >> index ae514d7..c64e14b 100644 >> --- a/src/plugins/auth-pam/auth-pam.c >> +++ b/src/plugins/auth-pam/auth-pam.c >> @@ -637,9 +637,16 @@ my_conv(int n, const struct pam_message **msg_array, >> ret = PAM_CONV_ERR; >> } >> break; >> + >> + case PAM_TEXT_INFO: >> + aresp[i].resp = strdup(up->common_name); >> + if (aresp[i].resp == NULL) >> + { >> + ret = PAM_CONV_ERR; >> + } >> + break; > > The purpose of PAM_TEXT_INFO is for the module to send an info message > to the user. Using it to send the common name back to the module is > hackish. Yes, it can work in a custom module but its not right to > interpret every > PAM_TEXT_INFO msg as a request for common name. > > Why not prompt for it just like username and have the plugin return it? In case I was not clear enough. NAK on the current patch. A modified one could be considered. Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/plugins/auth-pam/auth-pam.c b/src/plugins/auth-pam/auth-pam.c index ae514d7..c64e14b 100644 --- a/src/plugins/auth-pam/auth-pam.c +++ b/src/plugins/auth-pam/auth-pam.c @@ -637,9 +637,16 @@ my_conv(int n, const struct pam_message **msg_array, ret = PAM_CONV_ERR; } break; + + case PAM_TEXT_INFO: + aresp[i].resp = strdup(up->common_name); + if (aresp[i].resp == NULL) + { + ret = PAM_CONV_ERR; + } + break; case PAM_ERROR_MSG: - case PAM_TEXT_INFO: break; default: