Add multi-factor authentication support

kohsuke · Jul 19, 2016 · 92c4e54 · 92c4e54
1 parent 713d4ce
commit 92c4e54
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/src/main/java/org/jvnet/libpam/PAM.java b/src/main/java/org/jvnet/libpam/PAM.java
@@ -57,10 +57,10 @@ public class PAM {
     private int ret;
 
     /**
-     * Temporarily stored to pass a value from {@link #authenticate(String, String)}
+     * Temporarily stored to pass a value from {@link #authenticate(String, String...)}
      * to {@link pam_conv}.
      */
-    private String password;
+    private String[] factors;
 
     /**
      * Creates a new authenticator.
@@ -73,7 +73,7 @@ public PAM(String serviceName) throws PAMException {
         pam_conv conv = new pam_conv(new PamCallback() {
             public int callback(int num_msg, Pointer msg, Pointer resp, Pointer _) {
                 LOGGER.fine("pam_conv num_msg="+num_msg);
-                if(password==null)
+                if(factors==null)
                     return PAM_CONV_ERR;
 
                 // allocates pam_response[num_msg]. the caller will free this
@@ -83,9 +83,9 @@ public int callback(int num_msg, Pointer msg, Pointer resp, Pointer _) {
                 for( int i=0; i<num_msg; i++ ) {
                     pam_message pm = new pam_message(msg.getPointer(POINTER_SIZE*i));
                     LOGGER.fine(pm.msg_style+":"+pm.msg);
-                    if(pm.msg_style==PAM_PROMPT_ECHO_OFF) {
-                        pam_response r = new pam_response(m.share(pam_response.SIZE*i));
-                        r.setResp(password);
+                    if (pm.msg_style == PAM_PROMPT_ECHO_OFF) {
+                        pam_response r = new pam_response(m.share(pam_response.SIZE * i));
+                        r.setResp(factors[i]);
                         r.write(); // write to (*resp)[i]
                     }
                 }
@@ -117,8 +117,8 @@ private void check(int ret, String msg) throws PAMException {
      * @throws PAMException
      *      If the authentication fails.
      */
-    public UnixUser authenticate(String username, String password) throws PAMException {
-        this.password = password;
+    public UnixUser authenticate(String username, String... factors) throws PAMException {
+        this.factors = factors;
         try {
             check(libpam.pam_set_item(pht,PAM_USER,username),"pam_set_item failed");
             check(libpam.pam_authenticate(pht,0),"pam_authenticate failed");
@@ -134,7 +134,7 @@ public UnixUser authenticate(String username, String password) throws PAMExcepti
                 throw new PAMException("Authentication succeeded but no user information is available");
             return new UnixUser(userName,pwd);
         } finally {
-            this.password = null;
+            this.factors = null;
         }
     }
 
@@ -180,4 +180,4 @@ protected void finalize() throws Throwable {
     }
 
     private static final Logger LOGGER = Logger.getLogger(PAM.class.getName());
-}
+}