Re: [opensc-devel] Some small PAM prompt changes to pam_pkcs11 module

Thu, 09 Oct 2008 17:08:32 -0700 

Hello,
I have completed the prompt configuration enhancement, as suggested by Ludovic. In this enhancement, I added a new field, token_type, in the pam_pkcs11.conf file. The value of the "token_type" will be used in the user prompt messages and its default value is "Smart card". 


The pam_pkcs11 source code has been updated accordingly and the patch 
file is attached here.   Please feel free to modify the prompt messages, 
as you see fit.


Thanks,
Huie-Ying




Huie-Ying Lee wrote:

Ludovic Rousseau wrote:



I propose to use a configuration here. The default name would be
"smart card" but the admin could use "secure token" or whatever else
 We could add a "token_name" parameter in the pkcs11_module
configuration.

 # NSS (Network Security Service) config
 pkcs11_module nss {
   nss_dir = /etc/ssl/nssdb;
   crl_policy = none;
   token_name = "secure slot"
 }

Comments?

Good idea.     But I  prefer to use "token_type" than token_name.


No objection for "token_type".

Can you propose a patch to implement these changes?

Regards,



OK, I can try sometime next week.

Huie-Ying



Index: src/pam_pkcs11/pam_pkcs11.c
===================================================================
--- src/pam_pkcs11/pam_pkcs11.c (revision 340)
+++ src/pam_pkcs11/pam_pkcs11.c (working copy)
@@ -281,7 +281,7 @@
        } 
   } else {
         pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-                   _("Please insert your smart card or enter your username."));
+                   _("Please enter your username."));
        /* get user name */
        rv = pam_get_user(pamh, &user, NULL);
 
@@ -370,7 +370,7 @@
       /* we haven't prompted for the user yet, get the user and see if
        * the smart card has been inserted in the mean time */
       pam_prompt(pamh, PAM_TEXT_INFO, NULL, 
-                 _("Please insert your smart card or enter your username."));
+                 _("Please enter your username."));
       rv = pam_get_user(pamh, &user, NULL);
 
       /* check one last time for the smart card before bouncing to the next
@@ -389,7 +389,8 @@
       }
     }
   } else {
-      pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Smart card inserted. "));
+      sprintf(password_prompt, "Found the %s.", configuration->token_type);
+      pam_prompt(pamh, PAM_TEXT_INFO, NULL, _(password_prompt));
   }
   rv = open_pkcs11_session(ph, slot_num);
   if (rv != 0) {
@@ -402,14 +403,14 @@
   /* get password */
   sprintf(password_prompt, _("Welcome %.32s!"), get_slot_tokenlabel(ph));
   pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
+  sprintf(password_prompt, "%s PIN: ", configuration->token_type);
   if (configuration->use_first_pass) {
     rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
   } else if (configuration->try_first_pass) {
-    rv = pam_get_pwd(pamh, &password, _("Smart card password: "), PAM_AUTHTOK,
+    rv = pam_get_pwd(pamh, &password, _(password_prompt), PAM_AUTHTOK,
       PAM_AUTHTOK);
   } else {
-    rv = pam_get_pwd(pamh, &password, _("Smart card password: "), 0,
-      PAM_AUTHTOK);
+    rv = pam_get_pwd(pamh, &password, _(password_prompt), 0, PAM_AUTHTOK);
   }
   if (rv != PAM_SUCCESS) {
     release_pkcs11_module(ph);
Index: src/pam_pkcs11/pam_config.c
===================================================================
--- src/pam_pkcs11/pam_config.c (revision 340)
+++ src/pam_pkcs11/pam_config.c (working copy)
@@ -58,6 +58,7 @@
                CONFDIR "/nssdb",
                OCSP_NONE
        },
+       "Smart card",                   /* token_type */
        NULL                            /* char *username */
 };
 
@@ -189,6 +190,11 @@
                }
                policy_list= policy_list->next;
            }
+
+           configuration.token_type = (char *)
+                       
scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type);
+
+           
        }
        screen_saver_list = scconf_find_list(root,"screen_savers");
        if (screen_saver_list) {
@@ -319,6 +325,12 @@
                }
                continue;
           }
+
+          if (strstr(argv[i],"token_type=") ) {
+               
res=sscanf(argv[i],"token_type=%255s",&configuration.token_type);
+               continue;
+          }
+
           if (strstr(argv[i],"config_file=") ) {
                /* already parsed, skip */
                continue;
Index: src/pam_pkcs11/pam_config.h
===================================================================
--- src/pam_pkcs11/pam_config.h (revision 340)
+++ src/pam_pkcs11/pam_config.h (working copy)
@@ -42,6 +42,7 @@
        int slot_num;
        int support_threads;
        cert_policy policy;
+       char *token_type;
        char *username; /* provided user name */
 };
 
Index: etc/pam_pkcs11.conf.example
===================================================================
--- etc/pam_pkcs11.conf.example (revision 340)
+++ etc/pam_pkcs11.conf.example (working copy)
@@ -82,6 +82,12 @@
     # You can use a combination of ca,crl, and signature flags, or just
     # use "none".
     cert_policy = ca,signature;
+
+    # What kind of tokens ?
+    # The value of the token_type parameter will be used in the user prompt
+    # messages.   The default value is "Smart card".
+    token_type = "Smart card";
+
   }
 
   # Aladdin eTokenPRO 32

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel





















					Reply via email to