Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 82f49fa007107b5cb77b469746f87bf9417ec5aa^! / .
commit82f49fa007107b5cb77b469746f87bf9417ec5aa[log] [tgz]
authorEd Tanous <etanous@nvidia.com>Tue Aug 27 11:37:09 2024 -0700
committerEd Tanous <ed@tanous.net>Wed Sep 04 19:32:24 2024 +0000
treec64d71aa3233c8022d9fec6925c4ea72bc100065
parent3a58c5a8f5f753a3229f6af85ebf3e85f1a44387 [diff]
Move response creation into PasswordData class

No functional changes.

Tested: WIP

Change-Id: Ia306322e08690375f170ae82a82cde2aa8ce850d
Signed-off-by: Ed Tanous <etanous@nvidia.com>

diff --git a/include/pam_authenticate.hpp b/include/pam_authenticate.hpp
index fbb3f61..e7c7d8d 100644
--- a/include/pam_authenticate.hpp
+++ b/include/pam_authenticate.hpp

@@ -11,6 +11,63 @@
 {
     std::string password;
     std::optional<std::string> token;
+
+    int makeResponse(const pam_message& msg, pam_response& response)
+    {
+        switch (msg.msg_style)
+        {
+            case PAM_PROMPT_ECHO_ON:
+                break;
+            case PAM_PROMPT_ECHO_OFF:
+            {
+                // Assume PAM is only prompting for the password as hidden input
+                // Allocate memory only when PAM_PROMPT_ECHO_OFF is encountered
+                size_t appPassSize = password.size();
+                if ((appPassSize + 1) > PAM_MAX_RESP_SIZE)
+                {
+                    return PAM_CONV_ERR;
+                }
+                std::string_view message(msg.msg);
+                constexpr std::string_view passwordPrompt = "Password: ";
+                // String used by Google authenticator to ask for one time code
+                constexpr std::string_view totpPrompt = "Verification code: ";
+                if (message.starts_with(passwordPrompt))
+                {
+                    response.resp = strdup(password.c_str()); // Password input
+                }
+                else if (message.starts_with(totpPrompt))
+                {
+                    if (!token)
+                    {
+                        return PAM_CONV_ERR;
+                    }
+                    // TOTP input
+                    response.resp = strdup(token->c_str());
+                }
+                else
+                {
+                    return PAM_CONV_ERR;
+                }
+            }
+            break;
+            case PAM_ERROR_MSG:
+            {
+                BMCWEB_LOG_ERROR("Pam error {}", msg.msg);
+            }
+            break;
+            case PAM_TEXT_INFO:
+            {
+                BMCWEB_LOG_ERROR("Pam info {}", msg.msg);
+            }
+            break;
+            default:
+            {
+                return PAM_CONV_ERR;
+            }
+        }
+
+        return PAM_SUCCESS;
+    }
 };
 
 // function used to get user input
@@ -41,51 +98,10 @@
         response.resp_retcode = 0;
         response.resp = nullptr;
 
-        switch (msg.msg_style)
+        int r = appPass->makeResponse(msg, response);
+        if (r != PAM_SUCCESS)
         {
-            case PAM_PROMPT_ECHO_ON:
-                break;
-            case PAM_PROMPT_ECHO_OFF:
-            {
-                // Assume PAM is only prompting for the password as hidden input
-                // Allocate memory only when PAM_PROMPT_ECHO_OFF is encountered
-                size_t appPassSize = appPass->password.size();
-                if ((appPassSize + 1) > PAM_MAX_RESP_SIZE)
-                {
-                    return PAM_CONV_ERR;
-                }
-                std::string_view message(msg.msg);
-                constexpr std::string_view passwordPrompt = "Password: ";
-                // String used by Google authenticator to ask for one time code
-                constexpr std::string_view totpPrompt = "Verification code: ";
-                if (message.starts_with(passwordPrompt))
-                {
-                    response.resp =
-                        strdup(appPass->password.c_str()); // Password input
-                }
-                else if (message.starts_with(totpPrompt))
-                {
-                    if (!appPass->token)
-                    {
-                        return PAM_CONV_ERR;
-                    }
-                    response.resp =
-                        strdup(appPass->token->c_str()); // TOTP input
-                }
-                else
-                {
-                    return PAM_CONV_ERR;
-                }
-            }
-            break;
-            case PAM_ERROR_MSG:
-                BMCWEB_LOG_ERROR("Pam error {}", msg.msg);
-                break;
-            case PAM_TEXT_INFO:
-                BMCWEB_LOG_ERROR("Pam info {}", msg.msg);
-                break;
-            default:
-                return PAM_CONV_ERR;
+            return r;
         }
     }