Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

114 lines
2.7 KiB

17 years ago
18 years ago
18 years ago
  1. /*
  2. * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
  3. *
  4. * This file is part of the pam_usb project. pam_usb is free software;
  5. * you can redistribute it and/or modify it under the terms of the GNU General
  6. * Public License version 2, as published by the Free Software Foundation.
  7. *
  8. * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
  9. * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  10. * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  11. * details.
  12. *
  13. * You should have received a copy of the GNU General Public License along with
  14. * this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
  15. * Street, Fifth Floor, Boston, MA 02110-1301 USA
  16. */
  17. #define PAM_SM_AUTH
  18. #include <security/pam_modules.h>
  19. #include <security/_pam_macros.h>
  20. #include "version.h"
  21. #include "conf.h"
  22. #include "log.h"
  23. #include "local.h"
  24. #include "device.h"
  25. PAM_EXTERN
  26. int pam_sm_authenticate(pam_handle_t *pamh, int flags,
  27. int argc, const char **argv)
  28. {
  29. t_pusb_options opts;
  30. const char *service;
  31. const char *user;
  32. const char *tty;
  33. char *conf_file = PUSB_CONF_FILE;
  34. int retval;
  35. pusb_log_init(&opts);
  36. retval = pam_get_item(pamh, PAM_SERVICE,
  37. (const void **)(const void *)&service);
  38. if (retval != PAM_SUCCESS)
  39. {
  40. log_error("Unable to retrieve the PAM service name.\n");
  41. return (PAM_AUTH_ERR);
  42. }
  43. if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
  44. {
  45. log_error("Unable to retrieve the PAM user name.\n");
  46. return (PAM_AUTH_ERR);
  47. }
  48. if (argc > 1)
  49. if (!strcmp(argv[0], "-c"))
  50. conf_file = (char *)argv[1];
  51. if (!pusb_conf_init(&opts))
  52. return (PAM_AUTH_ERR);
  53. if (!pusb_conf_parse(conf_file, &opts, user, service))
  54. return (PAM_AUTH_ERR);
  55. if (!opts.enable)
  56. {
  57. log_debug("Not enabled, exiting...\n");
  58. return (PAM_IGNORE);
  59. }
  60. log_info("pam_usb v%s\n", PUSB_VERSION);
  61. log_info("Authentication request for user \"%s\" (%s)\n",
  62. user, service);
  63. if (pam_get_item(pamh, PAM_TTY,
  64. (const void **)(const void *)&tty) == PAM_SUCCESS)
  65. {
  66. if (tty && !strcmp(tty, "ssh"))
  67. {
  68. log_debug("SSH Authentication, aborting.\n");
  69. return (PAM_AUTH_ERR);
  70. }
  71. }
  72. if (!pusb_local_login(&opts, user))
  73. {
  74. log_error("Access denied.\n");
  75. return (PAM_AUTH_ERR);
  76. }
  77. if (pusb_device_check(&opts, user))
  78. {
  79. log_info("Access granted.\n");
  80. return (PAM_SUCCESS);
  81. }
  82. log_error("Access denied.\n");
  83. return (PAM_AUTH_ERR);
  84. }
  85. PAM_EXTERN
  86. int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
  87. const char **argv)
  88. {
  89. return (PAM_SUCCESS);
  90. }
  91. #ifdef PAM_STATIC
  92. struct pam_module _pam_usb_modstruct = {
  93. "pam_usb",
  94. pam_sm_authenticate,
  95. pam_sm_setcred,
  96. NULL,
  97. NULL,
  98. NULL,
  99. NULL
  100. };
  101. #endif