From ilmar@watson.org  Mon Aug 20 04:38:17 2001
Return-Path: <ilmar@watson.org>
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 66C5137B414
	for <freebsd-gnats-submit@freebsd.org>; Mon, 20 Aug 2001 04:38:16 -0700 (PDT)
	(envelope-from ilmar@watson.org)
Received: from localhost (ilmar@localhost)
	by fledge.watson.org (8.11.5/8.11.5) with SMTP id f7KBcEx39768
	for <freebsd-gnats-submit@freebsd.org>; Mon, 20 Aug 2001 07:38:14 -0400 (EDT)
	(envelope-from ilmar@watson.org)
Message-Id: <Pine.BSF.3.96.1010820073512.39718A-100000@fledge.watson.org>
Date: Mon, 20 Aug 2001 07:38:14 -0400 (EDT)
From: "Ilmar S. Habibulin" <ilmar@watson.org>
To: freebsd-gnats-submit@freebsd.org
Subject: pam_unix patch, which uses loginclass passwd_prompt

>Number:         29897
>Category:       bin
>Synopsis:       [patch] pam_unix(8) loginclass passwd_prompt
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 20 04:40:02 PDT 2001
>Closed-Date:    
>Last-Modified:  Wed May 21 21:01:56 UTC 2008
>Originator:     Ilmar
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
home user
>Environment:
System: FreeBSD somehost. 5.0-CURRENT FreeBSD 5.0-CURRENT #3: Fri Aug 17 11:33:40 MSD 2001 root@somehost.:/usr/src/sys/i386/compile/WS_ILMAR i386


	
>Description:
	We have "prompt"(login_prompt in login.conf(5) - error!) and "passwd_prompt"
loginclass capabilities, which should be read and presented by login(1). But only
"prompt" works in PAM environment, because authentification module pam_unix(8) doesn't
know about such capabilities. So i made a patch, that make pam_unix know about them
(about only one - passwd_prompt of cause).
>How-To-Repeat:
	Nothing to repeat. ;-)
>Fix:
	Just simple patch below or on http://www.watson.org/~ilmar/download/pam_unix.patch


diff -ruiN pam_unix/CVS/Root pam_unix.new/CVS/Root
--- pam_unix/CVS/Root	Mon Aug 20 14:44:29 2001
+++ pam_unix.new/CVS/Root	Mon Aug 13 13:23:14 2001
@@ -1 +1 @@
-/mnt/cvs/FreeBSD
+/mnt/cvs
diff -ruiN pam_unix/pam_unix.c pam_unix.new/pam_unix.c
--- pam_unix/pam_unix.c	Mon Jul  9 22:20:50 2001
+++ pam_unix.new/pam_unix.c	Mon Aug 20 14:45:30 2001
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.7 2001/07/09 18:20:50 markm Exp $
+ *	$FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.c,v 1.7 2001/07/09 18:20:50 markm Exp $ - this version
  */
 
 #include <sys/types.h>
@@ -41,7 +41,7 @@
 
 #include "pam_mod_misc.h"
 
-#define PASSWORD_PROMPT	"Password:"
+#define DEFAULT_PASSWORD_PROMPT	"Password:"
 #define DEFAULT_WARN  (2L * 7L * 86400L)  /* Two weeks */
 
 enum { PAM_OPT_AUTH_AS_SELF=PAM_OPT_STD_MAX, PAM_OPT_NULLOK };
@@ -52,6 +52,8 @@
 	{ NULL, 0 }
 };
 
+
+
 /*
  * authentication management
  */
@@ -64,6 +66,8 @@
 	int retval;
 	const char *password, *user;
 	char *encrypted;
+	login_cap_t *lc;
+	char	*passwd_prompt=DEFAULT_PASSWORD_PROMPT;
 
 	pam_std_option(&options, other_options, argc, argv);
 
@@ -84,6 +88,21 @@
 
 		PAM_LOG("Doing real authentication");
 
+		lc = login_getclass(NULL);
+/*****************************************
+ *
+ * I don't understand why prompts should be default for all login classes
+ * I think that lc = login_getpwclass(pwd) is more flexiable solution
+ *
+ *		lc = login_getclass(NULL);
+ *		lc = login_getpwclass(pwd);
+ */
+		passwd_prompt = login_getcapstr(lc, "passwd_prompt",
+	    					DEFAULT_PASSWORD_PROMPT, 
+						DEFAULT_PASSWORD_PROMPT);
+		login_close(lc);
+		lc = NULL;
+
 		if (pwd->pw_passwd[0] == '\0'
 		    && pam_test_option(&options, PAM_OPT_NULLOK, NULL)) {
 			/*
@@ -94,7 +113,7 @@
 			PAM_RETURN(PAM_SUCCESS);
 		}
 		else {
-			retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
+			retval = pam_get_pass(pamh, &password, passwd_prompt,
 			    &options);
 			if (retval != PAM_SUCCESS)
 				PAM_RETURN(retval);
@@ -118,7 +137,7 @@
 		 * User unknown.
 		 * Encrypt a dummy password so as to not give away too much.
 		 */
-		retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
+		retval = pam_get_pass(pamh, &password, passwd_prompt,
 		    &options);
 		if (retval != PAM_SUCCESS)
 			PAM_RETURN(retval);

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->markm 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Wed Jan 30 04:42:20 PST 2002 
Responsible-Changed-Why:  
Over to PAM maintainer. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29897 
Responsible-Changed-From-To: markm->des 
Responsible-Changed-By: markm 
Responsible-Changed-When: Mon Mar 28 13:00:57 GMT 2005 
Responsible-Changed-Why:  
Over to Mr PAM. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=29897 
>Unformatted:
