diff --git a/SSH/PAM/src/coreHandler.c b/SSH/PAM/src/coreHandler.c index 441489a..c3f21ff 100644 --- a/SSH/PAM/src/coreHandler.c +++ b/SSH/PAM/src/coreHandler.c @@ -119,7 +119,6 @@ void selectMethodModule(pam_handle_t *pamh, cJSON *methods, char **selectedMetho char *authentication = 0; int idx = 0; if(cJSON_GetArraySize(methods)) { - displayAvailableAuthenticationMethods(methods, pamh); do{ if(cJSON_GetArraySize(methods) == 1) { idx=1; @@ -153,6 +152,19 @@ cJSON *returnAvailableMethods(cJSON *methods, pam_handle_t *pamh) { return result; } +void areMobileAppMethodsAvailable(cJSON *methods, pam_handle_t *pamh, char *userEmail) { + char *supportedMethods[] = {"qrcode","totp","push"}; + int methodCount = 0, i, jsonIndex; + for (jsonIndex = 0 ; jsonIndex < cJSON_GetArraySize(methods) ; jsonIndex ++ ){ + for (i = 0 ; i < 3 ; i ++ ){ + if (strcmp(cJSON_GetArrayItem(methods, jsonIndex)->valuestring, supportedMethods[i]) == 0) + methodCount++; + } + } + if(methodCount == 0) + pam_prompt(pamh, PAM_TEXT_INFO, NULL, "Please install Rublon Authenticator on your mobile device (iOS, Android) and add your email address: %s",userEmail); +} + void displaySelectedMethodMsg(pam_handle_t *pamh, char *selectedMethod) { if (strcmp(selectedMethod, "email") == 0) { pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nWe have sent a verification link.\nUse this link to sign in to your account."); diff --git a/SSH/PAM/src/misc.h b/SSH/PAM/src/misc.h index fb5dc46..0b3e51e 100644 --- a/SSH/PAM/src/misc.h +++ b/SSH/PAM/src/misc.h @@ -35,6 +35,8 @@ int postConfirmCode(pam_handle_t *pamh, char *secretKey, char *systemToken, char void selectMethodModule(pam_handle_t *pamh, cJSON *methods, char **selectedMethod); cJSON *returnAvailableMethods(cJSON *methods, pam_handle_t *pamh); +void displayAvailableAuthenticationMethods(cJSON *methods, pam_handle_t *pamh); +void areMobileAppMethodsAvailable(cJSON *methods, pam_handle_t *pamh, char *userEmail); void substring(char s[], char sub[], int p, int l); char *curlResponseJsonParser(pam_handle_t *pamh, long headerLength, char *resp); char *curlResponseSignatureParser(pam_handle_t *pamh, long headerLength, char *resp); diff --git a/SSH/PAM/src/pamApp.c b/SSH/PAM/src/pamApp.c index f30274d..caf433d 100644 --- a/SSH/PAM/src/pamApp.c +++ b/SSH/PAM/src/pamApp.c @@ -126,14 +126,14 @@ int startRublon(pam_handle_t *pamh) { return STATUS_DENIED; else pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nYour membership in a company has been approved!"); - } else if(initStatus != STATUS_PENDING) return initStatus; - cJSON *availableMethods = returnAvailableMethods(methods, pamh); + if(cJSON_GetArraySize(availableMethods) < 1) { + areMobileAppMethodsAvailable(methods, pamh, userEmail); pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "No authentication methods available"); return STATUS_DENIED; } @@ -144,6 +144,8 @@ int startRublon(pam_handle_t *pamh) { char *methodsToCompare[] = {"totp","sms"}; do { bool onlyOneMethod = false; + displayAvailableAuthenticationMethods(methods, pamh); + areMobileAppMethodsAvailable(methods, pamh, userEmail); selectMethodModule(pamh, availableMethods, &selectedMethod); if(cJSON_GetArraySize(availableMethods) == 1) onlyOneMethod = true;