Merge remote-tracking branch 'remotes/origin/RDEV-1239'

2019-12-03 11:54:03 +01:00 · 2019-12-03 11:54:03 +01:00 · 0fa8b816b4
commit 0fa8b816b4
parent b655c214ff f69823f76a
3 changed files with 19 additions and 3 deletions
--- a/SSH/PAM/src/coreHandler.c
+++ b/SSH/PAM/src/coreHandler.c
@ -119,7 +119,6 @@ void selectMethodModule(pam_handle_t *pamh, cJSON *methods, char **selectedMetho
    char *authentication = 0;
    int idx = 0;
    if(cJSON_GetArraySize(methods)) {
-        displayAvailableAuthenticationMethods(methods, pamh);
        do{
            if(cJSON_GetArraySize(methods) == 1) {
                idx=1;
@ -153,6 +152,19 @@ cJSON *returnAvailableMethods(cJSON *methods, pam_handle_t *pamh) {
    return result;
 }

+void areMobileAppMethodsAvailable(cJSON *methods, pam_handle_t *pamh, char *userEmail) {
+    char *supportedMethods[] = {"qrcode","totp","push"};
+    int methodCount = 0, i, jsonIndex;
+    for (jsonIndex = 0 ; jsonIndex < cJSON_GetArraySize(methods) ; jsonIndex ++ ){
+        for (i = 0 ; i < 3 ; i ++ ){
+            if (strcmp(cJSON_GetArrayItem(methods, jsonIndex)->valuestring, supportedMethods[i]) == 0)
+                methodCount++;
+	    }
+    }
+    if(methodCount == 0)
+        pam_prompt(pamh, PAM_TEXT_INFO, NULL, "Please install Rublon Authenticator on your mobile device (iOS, Android) and add your email address: %s",userEmail);
+}
+
 void displaySelectedMethodMsg(pam_handle_t *pamh, char *selectedMethod) {   
    if (strcmp(selectedMethod, "email") == 0) {
        pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nWe have sent a verification link.\nUse this link to sign in to your account.");
--- a/SSH/PAM/src/misc.h
+++ b/SSH/PAM/src/misc.h
@ -35,6 +35,8 @@ int postConfirmCode(pam_handle_t *pamh, char *secretKey, char *systemToken, char

 void selectMethodModule(pam_handle_t *pamh, cJSON *methods, char **selectedMethod);
 cJSON *returnAvailableMethods(cJSON *methods, pam_handle_t *pamh);
+void displayAvailableAuthenticationMethods(cJSON *methods, pam_handle_t *pamh);
+void areMobileAppMethodsAvailable(cJSON *methods, pam_handle_t *pamh, char *userEmail);
 void substring(char s[], char sub[], int p, int l);
 char *curlResponseJsonParser(pam_handle_t *pamh, long headerLength, char *resp);
 char *curlResponseSignatureParser(pam_handle_t *pamh, long headerLength, char *resp);
--- a/SSH/PAM/src/pamApp.c
+++ b/SSH/PAM/src/pamApp.c
@ -126,14 +126,14 @@ int startRublon(pam_handle_t *pamh) {
            return STATUS_DENIED;
        else
            pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nYour membership in a company has been approved!");
-        
    }
    else if(initStatus != STATUS_PENDING)
        return initStatus;

-
    cJSON *availableMethods = returnAvailableMethods(methods, pamh);
+           
    if(cJSON_GetArraySize(availableMethods) < 1) {
+        areMobileAppMethodsAvailable(methods, pamh, userEmail);
        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "No authentication methods available");
        return STATUS_DENIED;
    }
@ -144,6 +144,8 @@ int startRublon(pam_handle_t *pamh) {
    char *methodsToCompare[] = {"totp","sms"};
    do {
        bool onlyOneMethod = false;
+        displayAvailableAuthenticationMethods(methods, pamh);
+        areMobileAppMethodsAvailable(methods, pamh, userEmail);
        selectMethodModule(pamh, availableMethods, &selectedMethod);
        if(cJSON_GetArraySize(availableMethods) == 1)
            onlyOneMethod = true;