@@ -1,12 +1,28 @@

 #include <security/pam_appl.h>

 #include <security/pam_modules.h>

+#include <string.h>

+#include <stdlib.h>

+

 #include "logging.h"

 #include "token.h"

 #include "conversation.h"

 PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {

     const char *returned_token = ask_for_token(pamh);

-    int returned_validation = validate_token(returned_token);

+

+    int returned_token_length = strlen(returned_token);

+    char working_token[returned_token_length + 1];

+    strcpy(working_token, returned_token);

+    char *colon = strchr(working_token, ':');

+    if(!colon) {

+        return PAM_AUTH_ERR;

+    }

+

+    *colon = 0;

+    char *user = working_token;

+    char *token = colon + 1;

+

+    int returned_validation = validate_token(user, token);

     if (returned_validation) {

         log_success();

@@ -6,6 +6,7 @@

 #include "token.h"

 #include "test_util.h"

+const char *validated_user = "";

 const char *validated_token = "";

 const char *token_to_return = "";

 int validation_to_return = 0;

@@ -15,6 +16,7 @@ int at_least_one_failed_test = 0;

 pam_handle_t *passed_pam_handle = NULL;

 RESET_VARS_START

+validated_user = "";

 validated_token = "";

 validation_to_return = 1;

 passed_pam_handle = NULL;

@@ -27,7 +29,9 @@ const char *ask_for_token(pam_handle_t *pamh) {

     return token_to_return;

 }

-int validate_token(const char *token) {

+

+int validate_token(const char *user, const char *token) {

+    validated_user = user;

     validated_token = token;

     return validation_to_return;

 }

@@ -54,14 +58,15 @@ int pam_sm_setcred_returns_success() {

 int pam_sm_authenticate_validates_with_received_token() {

     // given

-    token_to_return = "mytoken";

+    token_to_return = "user:pin";

     pam_handle_t *handle = (pam_handle_t*)"";

     // when

     pam_sm_authenticate(handle, 0, 0, NULL);

     // then

-    checkstr("mytoken",validated_token, "validated token");

+    checkstr("pin",validated_token, "validated token");

+    checkstr("user",validated_user, "validated user");

     check(passed_pam_handle == handle, "incorrect handle");

     succeed();

 }

@@ -45,26 +45,14 @@ int get_passwd(const char *user, struct passwd *passwd, buffer_t buffer) {

     return (found_passwd != 0);

 }

-int validate_token(const char *token) {

+int validate_token(const char *user, const char *token) {

+

     char *filepath = 0;

     char *working_token = 0;

     buffer_t buffer = allocate_buffer();

     int ok = 0;

-

-    int token_length = strlen(token);

-    working_token = (char *) malloc((token_length + 1) * sizeof(char));

-    strcpy(working_token, token);

-    char *colon = strchr(working_token, ':');

-    if (!colon) {

-        goto finally;

-    }

-

-    *colon = 0;

-    char *user = working_token;

-    char *user_token = colon + 1;

-

     struct passwd passwd;

     int user_found = get_passwd(user, &passwd, buffer);

@@ -97,7 +85,7 @@ int validate_token(const char *token) {

     fclose(fp);

     // check if token matches

-    if(strcmp(user_token, fetched_token)) {

+    if(strcmp(token, fetched_token)) {

         goto finally;

     }

@@ -1,6 +1,6 @@

 #ifndef _TOKEN_H

 #define _TOKEN_H

-int validate_token(const char *token);

+int validate_token(const char *user, const char *token);

 #endif

@@ -74,7 +74,7 @@ int validate_compares_to_user_token() {

     // given

     // when

-    int valid = validate_token("msmith:123456");

+    int valid = validate_token("msmith", "123456");

     // then

     check(valid, "expected result to be valid");

@@ -87,7 +87,7 @@ int validates_from_the_right_user() {

     //given

     //when

-    int valid = validate_token("jbalcita:12346");

+    int valid = validate_token("jbalcita", "12346");

     //then

     check(!valid, "expected result to be invalid");

@@ -98,7 +98,7 @@ int validates_user_specific_token() {

     //given

     //when

-    int valid = validate_token("msmith:654321");

+    int valid = validate_token("msmith", "654321");

     //then

     check(!valid, "expected result to be invalid");