From 7847ab8270efab472b7b6a4bf9a57f5b83cb7212 Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Tue, 17 Oct 2017 18:10:54 -0700 Subject: fmt almost done --- pam/constants.go | 5 ++++- pam/login.go | 26 +++++++++++++++++--------- 2 files changed, 21 insertions(+), 10 deletions(-) (limited to 'pam') diff --git a/pam/constants.go b/pam/constants.go index 5c57e06..3747e6f 100644 --- a/pam/constants.go +++ b/pam/constants.go @@ -52,6 +52,9 @@ package pam */ import "C" +// MaxMessageSize is the longest allowed responce length. +const MaxMessageSize = C.PAM_MAX_MSG_SIZE + // Item is a an PAM information type. type Item int @@ -90,7 +93,7 @@ const ( // EstablishCred indicates that credentials should be established // for the user. EstablishCred = C.PAM_ESTABLISH_CRED - // DeleteCred inidicates that credentials should be deleted. + // DeleteCred indicates that credentials should be deleted. DeleteCred = C.PAM_DELETE_CRED // ReinitializeCred indicates that credentials should be fully // reinitialized. diff --git a/pam/login.go b/pam/login.go index 346edd4..29aa899 100644 --- a/pam/login.go +++ b/pam/login.go @@ -26,14 +26,15 @@ package pam import "C" import ( + "bufio" "fmt" "log" + "os" "sync" "github.com/pkg/errors" "github.com/google/fscrypt/crypto" - "github.com/google/fscrypt/util" ) // Pam error values @@ -53,12 +54,19 @@ var ( // nil indicates an error occurred. //export userInput func userInput(prompt *C.char) *C.char { - fmt.Print(C.GoString(prompt)) - input, err := util.ReadLine() - if err != nil { - log.Printf("getting input for PAM: %s", err) + goPrompt := C.GoString(prompt) + log.Printf("getting secret data for PAM: %q", goPrompt) + + fmt.Print(goPrompt) + scanner := bufio.NewScanner(os.Stdin) + scanner.Scan() + input := scanner.Text() + + if scanner.Err() != nil || len(input) >= MaxMessageSize { + log.Print("bad user input for PAM") return nil } + // The returned string will be owned by the PAM subsystem. return C.CString(input) } @@ -68,15 +76,15 @@ func userInput(prompt *C.char) *C.char { //export passphraseInput func passphraseInput(prompt *C.char) *C.char { log.Printf("getting secret data for PAM: %q", C.GoString(prompt)) + if tokenToCheck == nil { log.Print("secret data requested multiple times") return nil } - - // Subsequent calls to passphrase input should fail - input := (*C.char)(tokenToCheck.UnsafeToCString()) tokenToCheck = nil - return input + + // The returned string will be owned by the PAM subsystem. + return (*C.char)(tokenToCheck.UnsafeToCString()) } // IsUserLoginToken returns nil if the presented token is the user's login key, -- cgit v1.2.3