diff -rupN pam_radius-1.3.17/pam_radius_auth.c pam_radius-1.3.17.password_prompt/pam_radius_auth.c --- pam_radius-1.3.17/pam_radius_auth.c 2007-03-26 03:36:13.000000000 -0600 +++ pam_radius-1.3.17.password_prompt/pam_radius_auth.c 2012-08-15 02:29:43.000000000 -0600 @@ -69,6 +69,7 @@ /* internal data */ static CONST char *pam_module_name = "pam_radius_auth"; static char conf_file[BUFFER_SIZE]; /* configuration file */ +static char password_prompt[BUFFER_SIZE]; /* password prompt */ /* we need to save these from open_session to close_session, since * when close_session will be called we won't be root anymore and @@ -98,6 +99,7 @@ static int _pam_parse(int argc, CONST ch memset(conf, 0, sizeof(radius_conf_t)); /* ensure it's initialized */ strcpy(conf_file, CONF_FILE); + strcpy(password_prompt, PASSWORD_PROMPT); /* * If either is not there, then we can't parse anything. @@ -125,6 +127,52 @@ static int _pam_parse(int argc, CONST ch } else if (!strncmp(*argv, "retry=", 6)) { conf->retries = atoi(*argv+6); + } else if (!strncmp(*argv, "password_prompt=", 16)) { + + /* There's three possibilities for the format of password_quote. + 1: Naked string. Save it for later display. + 2: Quoted single-word string. Trim quotes and save it. + 3: Quoted multi-word string. Trim opening quote. Append + spaces and additional arguments until we find closing quote. + */ + + if (strncmp(*argv+16,"\"",1)) { + /* No quotes found. We're done. */ + strcpy(password_prompt,*argv+16); + } else { + /* Found an opening quote. Skip it. */ + strcpy(password_prompt,*argv+17); + + if (strchr(password_prompt, (int) '\"')) { + /* We found the closing quote. Remove it and go on. */ + password_prompt[strlen(password_prompt)-1] = '\0'; + + } else { + /* If the current arg doesn't end with closing quote, we need to keep + appending argv to password_prompt until we find a closing quote. + Once we find it, strip it and go on. + */ + int found=0; + while (!found) { + strcat(password_prompt, " "); + argc--; argv++; + strcat(password_prompt, *argv); + + /* If entire arg is a close quote, the user wanted a trailing space */ + if (!strcmp(*argv, "\"")) { + strcat(password_prompt, " "); + } + + /* Trim trailing quotes */ + while (strchr(password_prompt, (int) '\"')) { + password_prompt[strlen(password_prompt)-1] = '\0'; + found=1; + } + } + } + } + DPRINT(LOG_DEBUG, "DEBUG: password_prompt specified: \"%s\"\n", password_prompt); + } else if (!strcmp(*argv, "localifdown")) { conf->localifdown = 1; @@ -1149,7 +1197,7 @@ pam_sm_authenticate(pam_handle_t *pamh,i /* check to see if we send a NULL password the first time around */ if (!(ctrl & PAM_SKIP_PASSWD)) { - retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, "Password: ", &password); + retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, password_prompt, &password); PAM_FAIL_CHECK; } @@ -1446,7 +1494,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int /* preliminary password change checks. */ if (flags & PAM_PRELIM_CHECK) { if (!password) { /* no previous password: ask for one */ - retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, "Password: ", &password); + retval = rad_converse(pamh, PAM_PROMPT_ECHO_OFF, password_prompt, &password); PAM_FAIL_CHECK; } diff -rupN pam_radius-1.3.17/pam_radius_auth.h pam_radius-1.3.17.password_prompt/pam_radius_auth.h --- pam_radius-1.3.17/pam_radius_auth.h 2007-03-25 23:35:31.000000000 -0600 +++ pam_radius-1.3.17.password_prompt/pam_radius_auth.h 2012-08-14 23:45:34.000000000 -0600 @@ -99,6 +99,7 @@ typedef struct radius_conf_t { #ifndef CONF_FILE /* the configuration file holding the server secret */ #define CONF_FILE "/etc/raddb/server" #endif /* CONF_FILE */ +#define PASSWORD_PROMPT "Password: " #ifndef FALSE #define FALSE 0