diff --git a/README b/README index c8e1b518..7520ad79 100644 --- a/README +++ b/README @@ -218,6 +218,10 @@ respectively. cainfo:: Option to allow usage of a CA bundle instead of path. +prompt:: +Specifies the prompt that PAM should display when prompting for the +OTP token. If not specified "YubiKey for `%s': " is used. + proxy:: specify a proxy to connect to the validation server. Valid schemes are http://, https://, socks4://, socks4a://, socks5:// or socks5h://. diff --git a/pam_yubico.c b/pam_yubico.c index cf277953..aa0b9199 100644 --- a/pam_yubico.c +++ b/pam_yubico.c @@ -120,6 +120,7 @@ struct cfg const char *capath; const char *cainfo; const char *proxy; + const char *prompt; const char *url; const char *urllist; const char *ldapserver; @@ -838,6 +839,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) cfg->cainfo = argv[i] + 7; if (strncmp (argv[i], "proxy=", 6) == 0) cfg->proxy = argv[i] + 6; + if (strncmp (argv[i], "prompt=", 7) == 0) + cfg->prompt = argv[i] + 7; if (strncmp (argv[i], "url=", 4) == 0) cfg->url = argv[i] + 4; if (strncmp (argv[i], "urllist=", 8) == 0) @@ -935,6 +938,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) DBG ("urllist=%s", cfg->urllist ? cfg->urllist : "(null)"); DBG ("capath=%s", cfg->capath ? cfg->capath : "(null)"); DBG ("cainfo=%s", cfg->cainfo ? cfg->cainfo : "(null)"); + DBG ("prompt=%s", cfg->prompt ? cfg->prompt : "(null)"); DBG ("proxy=%s", cfg->proxy ? cfg->proxy : "(null)"); DBG ("token_id_length=%u", cfg->token_id_length); DBG ("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" ); @@ -1140,7 +1144,12 @@ pam_sm_authenticate (pam_handle_t * pamh, pmsg[0] = &msg[0]; { #define QUERY_TEMPLATE "YubiKey for `%s': " - size_t len = strlen (QUERY_TEMPLATE) + strlen (user); + size_t len = strlen (user); + if (cfg->prompt != NULL) { + len += strlen (cfg->prompt); + } else { + len += strlen (QUERY_TEMPLATE); + } int wrote; msg[0].msg = malloc (len); @@ -1150,7 +1159,11 @@ pam_sm_authenticate (pam_handle_t * pamh, goto done; } - wrote = snprintf ((char *) msg[0].msg, len, QUERY_TEMPLATE, user); + if (cfg->prompt != NULL) { + wrote = snprintf ((char *) msg[0].msg, len, cfg->prompt, user); + } else { + wrote = snprintf ((char *) msg[0].msg, len, QUERY_TEMPLATE, user); + } if (wrote < 0 || wrote >= len) { retval = PAM_BUF_ERR;