diff --git a/Cargo.lock b/Cargo.lock index 019bd6a4..e48a318d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1965,9 +1965,9 @@ dependencies = [ [[package]] name = "pam-bindings" -version = "0.1.2" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ebcdd98d8b23979d48652df6a126a5ee7f389b8ce9e821ae626dcf27b8e2fad" +checksum = "702856d628a09bbdc2b9b2dadd608193ae46ab4b081b6d1fd5baec1251a92057" dependencies = [ "libc", ] diff --git a/pam/Cargo.toml b/pam/Cargo.toml index b204f251..abf78259 100644 --- a/pam/Cargo.toml +++ b/pam/Cargo.toml @@ -20,7 +20,7 @@ gethostname = "1.1.0" hex = "0.4.3" libc = "0.2.186" log = "0.4.31" -pam-bindings = "0.1.2" +pam-bindings = "0.2.1" serde = "1.0.228" serde_json = "1.0.150" whoami = "2.1.0" diff --git a/pam/src/auth.rs b/pam/src/auth.rs index e62047a3..53cadad3 100644 --- a/pam/src/auth.rs +++ b/pam/src/auth.rs @@ -72,7 +72,7 @@ pub fn authenticate_impl( "failed to send prompt" ) { Some(password) => match password.to_str() { - Ok(t) => t, + Ok(t) => t.to_owned(), Err(_) => { log::warn!("failed to convert password"); return PamResultCode::PAM_AUTH_ERR; @@ -102,7 +102,7 @@ pub fn authenticate_impl( log::debug!("Token authentication"); let raw_token = password .strip_prefix(PW_PREFIX) - .unwrap_or(password) + .unwrap_or(&password) .to_string(); let decoded = match decode_pb::(raw_token) { Ok(t) => t, diff --git a/pam/src/auth/fido.rs b/pam/src/auth/fido.rs index 76d920cb..e6b11946 100644 --- a/pam/src/auth/fido.rs +++ b/pam/src/auth/fido.rs @@ -30,25 +30,29 @@ pub fn fido2(raw: String, conv: &Conv<'_>) -> Result = if req.uv { match conv.send(PAM_PROMPT_ECHO_OFF, "Input Security key PIN: ") { Ok(c) => match c { - Some(c) => match c.to_str() { - Ok(cc) => { - assertion_args.pin = Some(cc); - assertion_args.uv = None; - } - Err(e) => return Err(Box::from(e)), - }, + Some(c) => Some(c), None => { log::warn!("Failed to get PIN"); return Err(Box::from("failed to get pin")); } }, - Err(_) => { - return Err(Box::from("failed to get pin")); + Err(_) => return Err(Box::from("failed to get pin")), + } + } else { + None + }; + + if let Some(ref pc) = pin_cstring { + match pc.to_str() { + Ok(cc) => { + assertion_args.pin = Some(cc); + assertion_args.uv = None; } - }; + Err(e) => return Err(Box::from(e)), + } } pam_print_user(conv, "Touch your security key..."); diff --git a/pam/src/auth/interactive.rs b/pam/src/auth/interactive.rs index bae115c4..97b3331e 100644 --- a/pam/src/auth/interactive.rs +++ b/pam/src/auth/interactive.rs @@ -132,7 +132,7 @@ pub fn auth_interactive( let credential = match conv.send(style, &challenge.prompt) { Ok(c) => match c { Some(c) => match c.to_str() { - Ok(cc) => cc, + Ok(cc) => cc.to_owned(), Err(_) => { log::warn!("failed to convert PAM Conversation response to string"); return Err(PamResultCode::PAM_ABORT); @@ -152,7 +152,7 @@ pub fn auth_interactive( return Err(e); } }; - req_inner.value = credential.to_owned(); + req_inner.value = credential; } Err(_) => { log::warn!(