diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-10-17 18:10:54 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey94@gmail.com> | 2017-10-19 02:22:28 -0700 |
| commit | 7847ab8270efab472b7b6a4bf9a57f5b83cb7212 (patch) | |
| tree | dc8cb96be83a978389cd59793d18ad13af8df312 /pam/login.go | |
| parent | 36b313c802f9a8d23f2ad8ce5a59aa05f5925a2f (diff) | |
fmt almost done
Diffstat (limited to 'pam/login.go')
| -rw-r--r-- | pam/login.go | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/pam/login.go b/pam/login.go index 346edd4..29aa899 100644 --- a/pam/login.go +++ b/pam/login.go @@ -26,14 +26,15 @@ package pam import "C" import ( + "bufio" "fmt" "log" + "os" "sync" "github.com/pkg/errors" "github.com/google/fscrypt/crypto" - "github.com/google/fscrypt/util" ) // Pam error values @@ -53,12 +54,19 @@ var ( // nil indicates an error occurred. //export userInput func userInput(prompt *C.char) *C.char { - fmt.Print(C.GoString(prompt)) - input, err := util.ReadLine() - if err != nil { - log.Printf("getting input for PAM: %s", err) + goPrompt := C.GoString(prompt) + log.Printf("getting secret data for PAM: %q", goPrompt) + + fmt.Print(goPrompt) + scanner := bufio.NewScanner(os.Stdin) + scanner.Scan() + input := scanner.Text() + + if scanner.Err() != nil || len(input) >= MaxMessageSize { + log.Print("bad user input for PAM") return nil } + // The returned string will be owned by the PAM subsystem. return C.CString(input) } @@ -68,15 +76,15 @@ func userInput(prompt *C.char) *C.char { //export passphraseInput func passphraseInput(prompt *C.char) *C.char { log.Printf("getting secret data for PAM: %q", C.GoString(prompt)) + if tokenToCheck == nil { log.Print("secret data requested multiple times") return nil } - - // Subsequent calls to passphrase input should fail - input := (*C.char)(tokenToCheck.UnsafeToCString()) tokenToCheck = nil - return input + + // The returned string will be owned by the PAM subsystem. + return (*C.char)(tokenToCheck.UnsafeToCString()) } // IsUserLoginToken returns nil if the presented token is the user's login key, |