forked from CERN-CERT/pam_2fa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathssh_user_auth.c
61 lines (51 loc) · 1.24 KB
/
ssh_user_auth.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#include <stdlib.h>
#include <string.h>
#define DEBUG
#include <security/_pam_macros.h>
#include "ssh_user_auth.h"
const char * get_ssh_user_auth(pam_handle_t * pamh, int debug)
{
const char * ssh_user_auth;
ssh_user_auth = pam_getenv(pamh, "SSH_USER_AUTH");
if (ssh_user_auth == NULL) {
if (debug)
D("no SSH_USER_AUTH");
return NULL;
}
if (strlen(ssh_user_auth) == 0) {
if (debug)
D("empty SSH_USER_AUTH");
return NULL;
}
return ssh_user_auth;
}
char * extract_details(pam_handle_t * pamh, int debug, const char * method)
{
char *my_ssh_user_auth, *tok, *saveptr;
char *details = NULL;
size_t method_len = strlen(method);
const char *ssh_user_auth = get_ssh_user_auth(pamh, debug);
if (ssh_user_auth == NULL)
return NULL;
my_ssh_user_auth = strdup(ssh_user_auth);
if (my_ssh_user_auth == NULL)
return NULL;
tok = strtok_r(my_ssh_user_auth, ",", &saveptr);
while (tok != NULL) {
while (*tok == ' ')
++tok;
if (strncmp(tok, method, method_len) == 0)
break;
tok = strtok_r(NULL, ",", &saveptr);
}
if (tok != NULL) {
tok += method_len;
if (*tok != ':' || *(tok + 1) != ' ') {
D("empty details in SSH_USER_AUTH");
} else {
details = strdup(tok + 2);
}
}
free(my_ssh_user_auth);
return details;
}