1 From 82eae28e2fd4f7ddfcbc185c7478db5806b4b4ea Mon Sep 17 00:00:00 2001
2 From: David Woodhouse <David.Woodhouse@intel.com>
3 Date: Mon, 26 Sep 2011 23:55:55 +0100
4 Subject: [PATCH 2/2] Allow expansion of PAM environment variables in secret
7 https://bugzilla.mindrot.org/show_bug.cgi?id=983#c43 makes OpenSSH set
8 a PAM environment variable indicating which SSH public key was used to
9 authenticate. This lets Google Authenticator use that information (or
10 anything else in PAM environment variables) to select an appropriate
13 libpam/Makefile | 4 ++--
14 libpam/pam_google_authenticator.c | 13 ++++++++++++-
15 2 files changed, 14 insertions(+), 3 deletions(-)
17 diff --git a/libpam/Makefile b/libpam/Makefile
18 index 9137d68..fbe93a8 100644
21 @@ -60,7 +60,7 @@ google-authenticator: google-authenticator.o base32.o hmac.o sha1.o
22 echo " -ldl") -o $@ $+
24 demo: demo.o pam_google_authenticator_demo.o base32.o hmac.o sha1.o
25 - $(CC) -g $(DEF_LDFLAGS) -rdynamic \
26 + $(CC) -g $(DEF_LDFLAGS) -rdynamic -lpam \
27 $(shell [ -f /usr/lib/libdl.so ] && echo " -ldl") -o $@ $+
29 pam_google_authenticator_unittest: pam_google_authenticator_unittest.o \
30 @@ -92,4 +92,4 @@ sha1.o: sha1.c sha1.h
32 $(CC) --std=gnu99 -Wall -O2 -g -fPIC -c $(DEF_CFLAGS) -o $@ $<
34 - $(CC) -shared -g $(DEF_LDFLAGS) -o $@ $+
35 + $(CC) -shared -g $(DEF_LDFLAGS) -lpam -o $@ $+
36 diff --git a/libpam/pam_google_authenticator.c b/libpam/pam_google_authenticator.c
37 index 1b83c38..4708c1e 100644
38 --- a/libpam/pam_google_authenticator.c
39 +++ b/libpam/pam_google_authenticator.c
40 @@ -170,7 +170,18 @@ static char *get_secret_filename(pam_handle_t *pamh, const Params *params,
43 } else if (secret_filename[offset] == '$') {
44 - if (!memcmp(cur, "${HOME}", 7)) {
45 + if (!memcmp(cur, "${PAM:", 6)) {
46 + char *cls = strchr(cur + 6, '}');
48 + char *envname = strndup(cur + 6, cls - cur - 6);
49 + subst = pam_getenv(pamh, envname);
54 + var_len = cls - cur + 1;
56 + } else if (!memcmp(cur, "${HOME}", 7)) {