Fincer
/
pam_usb
mirror of https://github.com/Fincer/pam_usb
1
0
Fork 0
Code Issues 0 Releases 4 Wiki Activity
Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
282 Commits
1 Branch
785 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
pam_usb/src/pamusb-check.c

164 lines
4.5 KiB
Raw Permalink Normal View History

Simple engine using HAL, XML parser, test application.
17 years ago
Copyright update (2003-2007)
17 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
Updated Free Software Foundation address in license notes
8 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
Added missing device.h
17 years ago
Implemented local checking (check whether the user is local or not) Improved the logging facility (added the quiet and color_log options)
17 years ago
Long argument parsing, easier to use
17 years ago
Implemented local checking (check whether the user is local or not) Improved the logging facility (added the quiet and color_log options)
17 years ago
Long argument parsing, easier to use
17 years ago
dump deny_remote value on pamusb-check --dump
13 years ago
- Added the pad_expiration option which tells pam_usb how often pads should be updated in order to reduce device writing. - Support for time options in the configuration parser (5s, 2h, 10m, etc)
17 years ago
Long argument parsing, easier to use
17 years ago
Implemented local checking (check whether the user is local or not) Improved the logging facility (added the quiet and color_log options)
17 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
Long argument parsing, easier to use
17 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
Long argument parsing, easier to use
17 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
update the --help option
16 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
Added the --debug option
16 years ago
Long argument parsing, easier to use
17 years ago
Added the --debug option
16 years ago
Long argument parsing, easier to use
17 years ago
fixed short/long options
16 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
fixed short/long options
16 years ago
Long argument parsing, easier to use
17 years ago
Initialize the logging ASAP to catch earlier errors
17 years ago
Added the --debug option
16 years ago
Initialize the logging ASAP to catch earlier errors
17 years ago
Check the return of the conf initialization
17 years ago
Long argument parsing, easier to use
17 years ago
Added the --debug option
16 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
pusb_check option parsing
17 years ago
Long argument parsing, easier to use
17 years ago
Simple engine using HAL, XML parser, test application.
17 years ago
 
  1. /*

  2.  * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
  3.  *
  4.  * This file is part of the pam_usb project. pam_usb is free software;
  5.  * you can redistribute it and/or modify it under the terms of the GNU General
  6.  * Public License version 2, as published by the Free Software Foundation.
  7.  *
  8.  * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
  9.  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  10.  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  11.  * details.
  12.  *
  13.  * You should have received a copy of the GNU General Public License along with
  14.  * this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
  15.  * Street, Fifth Floor, Boston, MA 02110-1301 USA
  16.  */
  17. 

  18. #include <stdio.h>

  19. #include <unistd.h>

  20. #include <string.h>

  21. #include <getopt.h>

  22. #include "conf.h"

  23. #include "log.h"

  24. #include "device.h"

  25. #include "local.h"

  26. 

  27. static void pusb_check_conf_dump(t_pusb_options *opts, const char *username,
  28. 		const char *service)
  29. {
  30. 	fprintf(stdout, "Configuration dump for user %s (service: %s):\n",
  31. 			username, service);
  32. 	fprintf(stdout, "enable\t\t\t: %s\n", opts->enable ? "true" : "false");
  33. 	fprintf(stdout, "debug\t\t\t: %s\n", opts->debug ? "true" : "false");
  34. 	fprintf(stdout, "quiet\t\t\t: %s\n", opts->quiet ? "true" : "false");
  35. 	fprintf(stdout, "color_log\t\t: %s\n", opts->color_log ? "true" : "false");
  36. 	fprintf(stdout, "one_time_pad\t\t: %s\n",
  37. 			opts->one_time_pad ? "true" : "false");
  38. 	fprintf(stdout, "deny_remote\t\t: %s\n",
  39. 			opts->deny_remote ? "true" : "false");
  40. 	fprintf(stdout, "pad_expiration\t\t: %u seconds\n", (unsigned int)opts->pad_expiration);
  41. 	fprintf(stdout, "probe_timeout\t\t: %d seconds\n", (unsigned int)opts->probe_timeout);
  42. 	fprintf(stdout, "hostname\t\t: %s\n", opts->hostname);
  43. 	fprintf(stdout, "system_pad_directory\t: %s\n",
  44. 			opts->system_pad_directory);
  45. 	fprintf(stdout, "device_pad_directory\t: %s\n",
  46. 			opts->device_pad_directory);
  47. }
  48. 

  49. static int pusb_check_perform_authentication(t_pusb_options *opts,
  50. 		const char *user,
  51. 		const char *service)
  52. {
  53. 	int		retval;
  54. 

  55. 	if (!opts->enable)
  56. 	{
  57. 		log_debug("Not enabled, exiting...\n");
  58. 		return (0);
  59. 	}
  60. 	log_info("Authentication request for user \"%s\" (%s)\n",
  61. 			user, service);
  62. 	if (!pusb_local_login(opts, user))
  63. 	{
  64. 		log_error("Access denied.\n");
  65. 		return (0);
  66. 	}
  67. 	retval = pusb_device_check(opts, user);
  68. 	if (retval)
  69. 		log_info("Access granted.\n");
  70. 	else
  71. 		log_error("Access denied.\n");
  72. 	return (retval);
  73. }
  74. 

  75. static void pusb_check_usage(const char *name)
  76. {
  77. 	fprintf(stderr, "Usage: %s [--help] [--debug] [--config=path] [--service=name] [--dump] [--quiet] [--debug]" \
  78. 			" <username>\n", name);
  79. }
  80. 

  81. int main(int argc, char **argv)
  82. {
  83. 	t_pusb_options	opts;
  84. 	char			*conf_file = PUSB_CONF_FILE;
  85. 	char			*service = "pamusb-check";
  86. 	char			*user = NULL;
  87. 	int				quiet = 0;
  88. 	int				dump = 0;
  89. 	int				debug = 0;
  90. 	int				opt;
  91. 	int				opt_index = 0;
  92. 	extern char		*optarg;
  93. 	char			*short_options = "hc:s:dqD";
  94. 	struct option	long_options[] = {
  95. 		{ "help", 0, 0, 0 },
  96. 		{ "config", 1, 0, 0 },
  97. 		{ "service", 1, 0, 0 },
  98. 		{ "dump", 0, 0, 0 },
  99. 		{ "quiet", 0, 0, 0 },
  100. 		{ "debug", 0, 0, 0 },
  101. 		{ 0, 0, 0, 0 }
  102. 	};
  103. 

  104. 	while ((opt = getopt_long(argc, argv, short_options, long_options,
  105. 					&opt_index)) != EOF)
  106. 	{
  107. 		if (opt == 'h' || (!opt && !strcmp(long_options[opt_index].name, "help")))
  108. 		{
  109. 			pusb_check_usage(argv[0]);
  110. 			return (1);
  111. 		}
  112. 		else if (opt == 'c' || (!opt && !strcmp(long_options[opt_index].name, "config")))
  113. 			conf_file = optarg;
  114. 		else if (opt == 's' || (!opt && !strcmp(long_options[opt_index].name, "service")))
  115. 			service = optarg;
  116. 		else if (opt == 'd' || (!opt && !strcmp(long_options[opt_index].name, "dump")))
  117. 			dump = 1;
  118. 		else if (opt == 'q' || (!opt && !strcmp(long_options[opt_index].name, "quiet")))
  119. 			quiet = 1;
  120. 		else if (opt == 'D' || (!opt && !strcmp(long_options[opt_index].name, "debug")))
  121. 			debug = 1;
  122. 		else if (opt == '?')
  123. 		{
  124. 			pusb_check_usage(argv[0]);
  125. 			return (1);
  126. 		}
  127. 	}
  128. 

  129. 	if ((argc - 1) == optind)
  130. 		user = argv[optind];
  131. 	else
  132. 	{
  133. 		pusb_check_usage(argv[0]);
  134. 		return (1);
  135. 	}
  136. 

  137. 	if (quiet && debug)
  138. 	{
  139. 		fprintf(stderr, "Error: You cannot use --quiet and --debug together.");
  140. 		return (1);
  141. 	}
  142. 

  143. 	pusb_log_init(&opts);
  144. 	if (!pusb_conf_init(&opts))
  145. 		return (1);
  146. 	if (!pusb_conf_parse(conf_file, &opts, user, service))
  147. 		return (1);
  148. 	if (quiet)
  149. 	{
  150. 		opts.quiet = 1;
  151. 		opts.debug = 0;
  152. 	}
  153. 	else if (debug)
  154. 	{
  155. 		opts.quiet = 0;
  156. 		opts.debug = 1;
  157. 	}
  158. 	if (dump)
  159. 	{
  160. 		pusb_check_conf_dump(&opts, user, service);
  161. 		return (1);
  162. 	}
  163. 	return (!pusb_check_perform_authentication(&opts, user, service));
  164. }