Re: [opensc-devel] Some small PAM prompt changes to pam_pkcs11 module

[Huie-Ying Lee]

Robert Relyea wrote:
Huie-Ying Lee wrote:
Hello,
I have completed the prompt configuration enhancement, as suggested 
by Ludovic.     In this enhancement,  I added a new field, 
token_type, in the  pam_pkcs11.conf file.   The value of the 
"token_type" will be used in the user prompt messages and its default 
value is "Smart card".

The pam_pkcs11 source code has been updated accordingly and the patch 
file is attached here.   Please feel free to modify the prompt 
messages, as you see fit.

Thanks,
Huie-Ying
Hi Huie,

It still looks like you are unconditionally changing the prompt to be 
'Enter your user name'. That still leaves the problem of telling the 
user that 'smart card login' is enabled. We at least need something 
like 'Please insert your token', etc. I wouldn't have a problem with 
reading that from a config file either.

Agreed.   I have updated the source to include "Please insert your 
token" in the "Enter your user name" prompts.   Attached is the updated 
patch.

bob

BTW does the _(password_prompt) do the right thing for the translation 
teams?

Regarding the internationalization issue,  since Ludovic has kindly 
agreed to look into it,    I will wait for his resolve.

bob
Thanks,
Huie-Ying
Index: src/pam_pkcs11/pam_pkcs11.c
===================================================================
--- src/pam_pkcs11/pam_pkcs11.c (revision 340)
+++ src/pam_pkcs11/pam_pkcs11.c (working copy)
@@ -281,7 +281,7 @@
        } 
   } else {
         pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-                   _("Please insert your smart card or enter your username."));
+                   _("Please insert your token or enter your username."));
        /* get user name */
        rv = pam_get_user(pamh, &user, NULL);
 
@@ -370,7 +370,7 @@
       /* we haven't prompted for the user yet, get the user and see if
        * the smart card has been inserted in the mean time */
       pam_prompt(pamh, PAM_TEXT_INFO, NULL, 
-                 _("Please insert your smart card or enter your username."));
+                 _("Please insert your token or enter your username."));
       rv = pam_get_user(pamh, &user, NULL);
 
       /* check one last time for the smart card before bouncing to the next
@@ -389,7 +389,8 @@
       }
     }
   } else {
-      pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Smart card inserted. "));
+      sprintf(password_prompt, "Found the %s.", configuration->token_type);
+      pam_prompt(pamh, PAM_TEXT_INFO, NULL, _(password_prompt));
   }
   rv = open_pkcs11_session(ph, slot_num);
   if (rv != 0) {
@@ -402,14 +403,14 @@
   /* get password */
   sprintf(password_prompt, _("Welcome %.32s!"), get_slot_tokenlabel(ph));
   pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
+  sprintf(password_prompt, "%s PIN: ", configuration->token_type);
   if (configuration->use_first_pass) {
     rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
   } else if (configuration->try_first_pass) {
-    rv = pam_get_pwd(pamh, &password, _("Smart card password: "), PAM_AUTHTOK,
+    rv = pam_get_pwd(pamh, &password, _(password_prompt), PAM_AUTHTOK,
       PAM_AUTHTOK);
   } else {
-    rv = pam_get_pwd(pamh, &password, _("Smart card password: "), 0,
-      PAM_AUTHTOK);
+    rv = pam_get_pwd(pamh, &password, _(password_prompt), 0, PAM_AUTHTOK);
   }
   if (rv != PAM_SUCCESS) {
     release_pkcs11_module(ph);
Index: src/pam_pkcs11/pam_config.c
===================================================================
--- src/pam_pkcs11/pam_config.c (revision 340)
+++ src/pam_pkcs11/pam_config.c (working copy)
@@ -58,6 +58,7 @@
                CONFDIR "/nssdb",
                OCSP_NONE
        },
+       "Smart card",                   /* token_type */
        NULL                            /* char *username */
 };
 
@@ -189,6 +190,11 @@
                }
                policy_list= policy_list->next;
            }
+
+           configuration.token_type = (char *)
+                       
scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type);
+
+           
        }
        screen_saver_list = scconf_find_list(root,"screen_savers");
        if (screen_saver_list) {
@@ -319,6 +325,12 @@
                }
                continue;
           }
+
+          if (strstr(argv[i],"token_type=") ) {
+               
res=sscanf(argv[i],"token_type=%255s",&configuration.token_type);
+               continue;
+          }
+
           if (strstr(argv[i],"config_file=") ) {
                /* already parsed, skip */
                continue;
Index: src/pam_pkcs11/pam_config.h
===================================================================
--- src/pam_pkcs11/pam_config.h (revision 340)
+++ src/pam_pkcs11/pam_config.h (working copy)
@@ -42,6 +42,7 @@
        int slot_num;
        int support_threads;
        cert_policy policy;
+       char *token_type;
        char *username; /* provided user name */
 };
 
Index: etc/pam_pkcs11.conf.example
===================================================================
--- etc/pam_pkcs11.conf.example (revision 340)
+++ etc/pam_pkcs11.conf.example (working copy)
@@ -82,6 +82,12 @@
     # You can use a combination of ca,crl, and signature flags, or just
     # use "none".
     cert_policy = ca,signature;
+
+    # What kind of tokens ?
+    # The value of the token_type parameter will be used in the user prompt
+    # messages.   The default value is "Smart card".
+    token_type = "Smart card";
+
   }
 
   # Aladdin eTokenPRO 32
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel