diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-10-17 18:10:54 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey94@gmail.com> | 2017-10-19 02:22:28 -0700 |
| commit | 7847ab8270efab472b7b6a4bf9a57f5b83cb7212 (patch) | |
| tree | dc8cb96be83a978389cd59793d18ad13af8df312 /pam | |
| parent | 36b313c802f9a8d23f2ad8ce5a59aa05f5925a2f (diff) | |
fmt almost done
Diffstat (limited to 'pam')
| -rw-r--r-- | pam/constants.go | 5 | ||||
| -rw-r--r-- | pam/login.go | 26 |
2 files changed, 21 insertions, 10 deletions
diff --git a/pam/constants.go b/pam/constants.go index 5c57e06..3747e6f 100644 --- a/pam/constants.go +++ b/pam/constants.go @@ -52,6 +52,9 @@ package pam */ import "C" +// MaxMessageSize is the longest allowed responce length. +const MaxMessageSize = C.PAM_MAX_MSG_SIZE + // Item is a an PAM information type. type Item int @@ -90,7 +93,7 @@ const ( // EstablishCred indicates that credentials should be established // for the user. EstablishCred = C.PAM_ESTABLISH_CRED - // DeleteCred inidicates that credentials should be deleted. + // DeleteCred indicates that credentials should be deleted. DeleteCred = C.PAM_DELETE_CRED // ReinitializeCred indicates that credentials should be fully // reinitialized. diff --git a/pam/login.go b/pam/login.go index 346edd4..29aa899 100644 --- a/pam/login.go +++ b/pam/login.go @@ -26,14 +26,15 @@ package pam import "C" import ( + "bufio" "fmt" "log" + "os" "sync" "github.com/pkg/errors" "github.com/google/fscrypt/crypto" - "github.com/google/fscrypt/util" ) // Pam error values @@ -53,12 +54,19 @@ var ( // nil indicates an error occurred. //export userInput func userInput(prompt *C.char) *C.char { - fmt.Print(C.GoString(prompt)) - input, err := util.ReadLine() - if err != nil { - log.Printf("getting input for PAM: %s", err) + goPrompt := C.GoString(prompt) + log.Printf("getting secret data for PAM: %q", goPrompt) + + fmt.Print(goPrompt) + scanner := bufio.NewScanner(os.Stdin) + scanner.Scan() + input := scanner.Text() + + if scanner.Err() != nil || len(input) >= MaxMessageSize { + log.Print("bad user input for PAM") return nil } + // The returned string will be owned by the PAM subsystem. return C.CString(input) } @@ -68,15 +76,15 @@ func userInput(prompt *C.char) *C.char { //export passphraseInput func passphraseInput(prompt *C.char) *C.char { log.Printf("getting secret data for PAM: %q", C.GoString(prompt)) + if tokenToCheck == nil { log.Print("secret data requested multiple times") return nil } - - // Subsequent calls to passphrase input should fail - input := (*C.char)(tokenToCheck.UnsafeToCString()) tokenToCheck = nil - return input + + // The returned string will be owned by the PAM subsystem. + return (*C.char)(tokenToCheck.UnsafeToCString()) } // IsUserLoginToken returns nil if the presented token is the user's login key, |