pam_radius feature request: configurable password prompt (with patch)

David Richardson david.richardson at utah.edu
Wed Aug 15 10:49:55 CEST 2012 

Hi,

In my environment, I need to change the password prompt pam_radius gives 
(I have two different pam modules using "Password: " as their prompt; it's 
rather confusing).

I would like to make a feature request to allow configuration of the 
password prompt via a config file.

I have attached a patch providing this feature (via the parameter 
"password_prompt" in the pam config).

This patch is against pam_radius 1.3.17. It compiles and works on CentOS 6 
x86_64.

Thanks,
DR

-- 
David Richardson <david.richardson at utah.edu>
Center for High Performance Computing at the University of Utah
-------------- next part --------------
diff -rupN pam_radius-1.3.17/pam_radius_auth.c pam_radius-1.3.17.password_prompt/pam_radius_auth.c
--- pam_radius-1.3.17/pam_radius_auth.c	2007-03-26 03:36:13.000000000 -0600
+++ pam_radius-1.3.17.password_prompt/pam_radius_auth.c	2012-08-15 02:29:43.000000000 -0600
@@ -69,6 +69,7 @@
 /* internal data */
 static CONST char *pam_module_name = "pam_radius_auth";
 static char conf_file[BUFFER_SIZE]; /* configuration file */
+static char password_prompt[BUFFER_SIZE]; /* password prompt */
 
 /* we need to save these from open_session to close_session, since
  * when close_session will be called we won't be root anymore and
@@ -98,6 +99,7 @@ static int _pam_parse(int argc, CONST ch
   memset(conf, 0, sizeof(radius_conf_t)); /* ensure it's initialized */
 
   strcpy(conf_file, CONF_FILE);
+  strcpy(password_prompt, PASSWORD_PROMPT);
   
   /*
    *  If either is not there, then we can't parse anything.
@@ -125,6 +127,52 @@ static int _pam_parse(int argc, CONST ch
     } else if (!strncmp(*argv, "retry=", 6)) {
       conf->retries = atoi(*argv+6);
 
+    } else if (!strncmp(*argv, "password_prompt=", 16)) {
+
+      /* There's three possibilities for the format of password_quote.
+         1: Naked string. Save it for later display.
+         2: Quoted single-word string. Trim quotes and save it.
+         3: Quoted multi-word string. Trim opening quote. Append
+            spaces and additional arguments until we find closing quote.
+      */
+
+      if (strncmp(*argv+16,"\"",1)) {
+        /* No quotes found. We're done. */
+        strcpy(password_prompt,*argv+16);
+      } else {
+          /* Found an opening quote. Skip it. */
+          strcpy(password_prompt,*argv+17);
+
+          if (strchr(password_prompt, (int) '\"')) {
+            /* We found the closing quote. Remove it and go on. */
+            password_prompt[strlen(password_prompt)-1] = '\0';
+
+          } else {
+            /* If the current arg doesn't end with closing quote, we need to keep
+               appending argv to password_prompt until we find a closing quote.
+               Once we find it, strip it and go on.
+            */
+            int found=0;
+            while (!found) {
+              strcat(password_prompt, " ");
+              argc--; argv++;
+              strcat(password_prompt, *argv);
+
+              /* If entire arg is a close quote, the user wanted a trailing space */
+              if (!strcmp(*argv, "\"")) {
+                 strcat(password_prompt, " ");
+              }
+
+              /* Trim trailing quotes */
+              while (strchr(password_prompt, (int) '\"')) {
+                password_prompt[strlen(password_prompt)-1] = '\0';
+                found=1;
+              }
+            }
+          }
+        }
+      DPRINT(LOG_DEBUG, "DEBUG: password_prompt specified: \"%s\"\n", password_prompt);
+
     } else if (!strcmp(*argv, "localifdown")) {
       conf->localifdown = 1;
 
@@ -1149,7 +1197,7 @@ pam_sm_authenticate(pam_handle_t *pamh,i
     
     /* check to see if we send a NULL password the first time around */
     if (!(ctrl & PAM_SKIP_PASSWD)) {
-      retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, "Password: ", &password);
+      retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, password_prompt, &password);
       PAM_FAIL_CHECK;
 
     }
@@ -1446,7 +1494,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int
   /* preliminary password change checks. */
   if (flags & PAM_PRELIM_CHECK) {
     if (!password) {		/* no previous password: ask for one */
-      retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, "Password: ", &password);
+      retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, password_prompt, &password);
       PAM_FAIL_CHECK;
     }
     
diff -rupN pam_radius-1.3.17/pam_radius_auth.h pam_radius-1.3.17.password_prompt/pam_radius_auth.h
--- pam_radius-1.3.17/pam_radius_auth.h	2007-03-25 23:35:31.000000000 -0600
+++ pam_radius-1.3.17.password_prompt/pam_radius_auth.h	2012-08-14 23:45:34.000000000 -0600
@@ -99,6 +99,7 @@ typedef struct radius_conf_t {
 #ifndef CONF_FILE       /* the configuration file holding the server secret */
 #define CONF_FILE       "/etc/raddb/server"
 #endif /* CONF_FILE */
+#define PASSWORD_PROMPT "Password: "
 
 #ifndef FALSE
 #define FALSE 0

More information about the Freeradius-Devel mailing list