From d37bf89f77b204599bc27eaaab3adcdf25a6d9ce Mon Sep 17 00:00:00 2001 From: Brandon Smith Date: Fri, 4 Mar 2016 09:40:56 -0800 Subject: [PATCH 1/2] Make u2f consistent with normal challenge/response --- privacyidea_pam.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/privacyidea_pam.py b/privacyidea_pam.py index c5013a2..5d4c247 100644 --- a/privacyidea_pam.py +++ b/privacyidea_pam.py @@ -209,15 +209,15 @@ def u2f_challenge_response(self, transaction_id, message, attributes): %s ----- END U2F CHALLENGE -----""" % (self.URL, json.dumps(attributes["u2fSignRequest"]), - str(message or "")) + message) if bool(attributes.get("hideResponseInput", True)): prompt_type = self.pamh.PAM_PROMPT_ECHO_OFF else: prompt_type = self.pamh.PAM_PROMPT_ECHO_ON - message = self.pamh.Message(prompt_type, challenge) - response = self.pamh.conversation(message) + pam_message = self.pamh.Message(prompt_type, challenge) + response = self.pamh.conversation(pam_message) chal_response = json.loads(response.resp) data = {"user": self.user, From ec86e6772c64ab0d25695f51a51098635672b595 Mon Sep 17 00:00:00 2001 From: Brandon Smith Date: Fri, 4 Mar 2016 09:45:30 -0800 Subject: [PATCH 2/2] Make OTP prompt configurable --- ssh-u2f.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssh-u2f.py b/ssh-u2f.py index 0d9215e..57a4267 100755 --- a/ssh-u2f.py +++ b/ssh-u2f.py @@ -31,10 +31,13 @@ Usage: Make executable + Configure otp_prompt variable to match your pam prompt Symlink ssh-u2f, scp-u2f, sftp-u2f, mosh-u2f, etc. into your PATH Call just like ssh, eg. "ssh-u2f name@example.com" """ +otp_prompt = "privacyIDEA_Authentication" + ssh = None def handler(signum, frame): @@ -75,7 +78,7 @@ def passthrough(): while True: index = ssh.expect(["Authenticated with partial success.", - "([Pp]assword[^:\r\n]*|Enter additional factors): ?", + "([Pp]assword[^:\r\n]*|%s): ?" % otp_prompt, "----- BEGIN U2F CHALLENGE -----\r\n", "[^ \r\n]+", pexpect.EOF])