Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

268 lines
7.8 KiB

18 years ago
18 years ago
17 years ago
13 years ago
17 years ago
13 years ago
13 years ago
17 years ago
13 years ago
13 years ago
17 years ago
13 years ago
18 years ago
17 years ago
17 years ago
18 years ago
17 years ago
18 years ago
17 years ago
13 years ago
17 years ago
17 years ago
17 years ago
17 years ago
17 years ago
17 years ago
17 years ago
17 years ago
17 years ago
18 years ago
17 years ago
18 years ago
18 years ago
17 years ago
18 years ago
17 years ago
18 years ago
18 years ago
17 years ago
17 years ago
17 years ago
18 years ago
17 years ago
18 years ago
18 years ago
13 years ago
  1. #!/usr/bin/env python
  2. #
  3. # Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
  4. #
  5. # This file is part of the pam_usb project. pam_usb is free software;
  6. # you can redistribute it and/or modify it under the terms of the GNU General
  7. # Public License version 2, as published by the Free Software Foundation.
  8. #
  9. # pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
  10. # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  11. # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
  12. # details.
  13. #
  14. # You should have received a copy of the GNU General Public License along with
  15. # this program; if not, write to the Free Software Foundation, Inc., 59 Temple
  16. # Place, Suite 330, Boston, MA 02111-1307 USA
  17. import dbus
  18. import sys
  19. import os
  20. from xml.dom import minidom
  21. class Device:
  22. def __init__(self, udi):
  23. self.__udi = udi
  24. deviceObj = bus.get_object('org.freedesktop.UDisks',
  25. udi)
  26. #deviceProperties = deviceObj.getProperties()
  27. #dbus_interface = 'org.freedesktop.UDisks.Device')
  28. deviceProperties = dbus.Interface(deviceObj, dbus.PROPERTIES_IFACE)
  29. if deviceProperties.Get('org.freedesktop.UDisks.Device', 'DeviceIsRemovable') != 1:
  30. raise Exception, 'Not a removable device'
  31. self.vendor = None
  32. self.product = None
  33. self.vendor = deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveVendor')
  34. self.model = deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveModel')
  35. self.serialNumber = deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveSerial')
  36. if len(self.volumes()) < 1:
  37. raise Exception, 'Device does not contain any volume'
  38. def volumes(self):
  39. vols = []
  40. for udi in halManager.get_dbus_method('EnumerateDevices')():
  41. deviceObj = bus.get_object('org.freedesktop.UDisks',
  42. udi)
  43. deviceProperties = dbus.Interface(deviceObj, dbus.PROPERTIES_IFACE)
  44. if deviceProperties.Get('org.freedesktop.UDisks.Device', 'DeviceIsPartition') != 1:
  45. continue
  46. if deviceProperties.Get('org.freedesktop.UDisks.Device', 'PartitionSlave') != self.__udi:
  47. continue
  48. vols.append({'uuid' : deviceProperties.Get('org.freedesktop.UDisks.Device', 'IdUuid'),
  49. 'device' : deviceProperties.Get('org.freedesktop.UDisks.Device', 'DeviceFile')})
  50. return vols
  51. def __repr__(self):
  52. if self.product is not None:
  53. return "%s %s (%s)" % (self.vendor, self.product, self.serialNumber)
  54. return self.serialNumber
  55. def listOptions(question, options, autodetect = True):
  56. if autodetect == True and len(options) == 1:
  57. print question
  58. print "* Using \"%s\" (only option)" % options[0]
  59. print
  60. return 0
  61. while True:
  62. try:
  63. print question
  64. for i in range(len(options)):
  65. print "%d) %s" % (i, options[i])
  66. print
  67. sys.stdout.write('[%s-%s]: ' % (0, len(options) - 1))
  68. optionId = int(sys.stdin.readline())
  69. print
  70. if optionId not in range(len(options)):
  71. raise Exception
  72. return optionId
  73. except KeyboardInterrupt: sys.exit()
  74. except Exception: pass
  75. else: break
  76. def writeConf(options, doc):
  77. try:
  78. f = open(options['configFile'], 'w')
  79. doc.writexml(f)
  80. f.close()
  81. except Exception, err:
  82. print 'Unable to save %s: %s' % (options['configFile'], err)
  83. sys.exit(1)
  84. else:
  85. print 'Done.'
  86. def shouldSave(options, items):
  87. print "\n".join(["%s\t\t: %s" % item for item in items])
  88. print
  89. print 'Save to %s ?' % options['configFile']
  90. sys.stdout.write('[Y/n] ')
  91. response = sys.stdin.readline().strip()
  92. if len(response) > 0 and response.lower() != 'y':
  93. sys.exit(1)
  94. def prettifyElement(element):
  95. tmp = minidom.parseString(element.toprettyxml())
  96. return tmp.lastChild
  97. def addUser(options):
  98. try:
  99. doc = minidom.parse(options['configFile'])
  100. except Exception, err:
  101. print 'Unable to read %s: %s' % (options['configFile'], err)
  102. sys.exit(1)
  103. devSection = doc.getElementsByTagName('devices')
  104. if len(devSection) == 0:
  105. print 'Malformed configuration file: No <devices> section found.'
  106. sys.exit(1)
  107. devicesObj = devSection[0].getElementsByTagName('device')
  108. if len(devicesObj) == 0:
  109. print 'No devices found.'
  110. print 'You must add a device (--add-device) before adding users'
  111. sys.exit(1)
  112. devices = []
  113. for device in devicesObj:
  114. devices.append(device.getAttribute('id'))
  115. device = devices[listOptions("Which device would you like to use for authentication ?",
  116. devices)]
  117. shouldSave(options, [
  118. ('User', options['userName']),
  119. ('Device', device)
  120. ])
  121. users = doc.getElementsByTagName('users')
  122. user = doc.createElement('user')
  123. user.attributes['id'] = options['userName']
  124. e = doc.createElement('device')
  125. t = doc.createTextNode(device)
  126. e.appendChild(t)
  127. user.appendChild(e)
  128. users[0].appendChild(prettifyElement(user))
  129. writeConf(options, doc)
  130. def addDevice(options):
  131. devices = []
  132. for udi in halManager.get_dbus_method('EnumerateDevices')():
  133. try:
  134. if options['verbose']:
  135. print 'Inspecting %s' % udi
  136. devices.append(Device(udi))
  137. except Exception, ex:
  138. if options['verbose']:
  139. print "\tInvalid: %s" % ex
  140. pass
  141. else:
  142. if options['verbose']:
  143. print "\tValid"
  144. if len(devices) == 0:
  145. print 'No devices detected.'
  146. sys.exit()
  147. device = devices[listOptions("Please select the device you wish to add.", devices)]
  148. volumes = device.volumes()
  149. volume = volumes[listOptions("Which volume would you like to use for " \
  150. "storing data ?",
  151. ["%s (UUID: %s)" % (volume['device'],
  152. volume['uuid'] or "<UNDEFINED>")
  153. for volume in volumes]
  154. )]
  155. if volume['uuid'] == '':
  156. print 'WARNING: No UUID detected for device %s. One time pads will be disabled.' % volume['device']
  157. shouldSave(options,[
  158. ('Name', options['deviceName']),
  159. ('Vendor', device.vendor or "Unknown"),
  160. ('Model', device.product or "Unknown"),
  161. ('Serial', device.serialNumber),
  162. ('UUID', volume['uuid'] or "Unknown")
  163. ])
  164. try:
  165. doc = minidom.parse(options['configFile'])
  166. except Exception, err:
  167. print 'Unable to read %s: %s' % (options['configFile'], err)
  168. sys.exit(1)
  169. devs = doc.getElementsByTagName('devices')
  170. dev = doc.createElement('device')
  171. dev.attributes['id'] = options['deviceName']
  172. for name, value in (('vendor', device.vendor),
  173. ('model', device.product),
  174. ('serial', device.serialNumber),
  175. ('volume_uuid', volume['uuid'])):
  176. if value is None or value == '':
  177. continue
  178. e = doc.createElement(name)
  179. t = doc.createTextNode(value)
  180. e.appendChild(t)
  181. dev.appendChild(e)
  182. # Disable one time pads if there's no device UUID
  183. if volume['uuid'] == '':
  184. e = doc.createElement('option')
  185. e.setAttribute('name', 'one_time_pad')
  186. e.appendChild(doc.createTextNode('false'))
  187. dev.appendChild(e)
  188. devs[0].appendChild(prettifyElement(dev))
  189. writeConf(options, doc)
  190. def usage():
  191. print 'Usage: %s [--help] [--verbose] [--config=path] [--add-user=name | --add-device=name]' % os.path.basename(__file__)
  192. sys.exit(1)
  193. import getopt
  194. try:
  195. opts, args = getopt.getopt(sys.argv[1:], "hvd:nu:c:",
  196. ["help", "verbose", "add-device=", "add-user=", "config="])
  197. except getopt.GetoptError:
  198. usage()
  199. if len(args) != 0:
  200. usage()
  201. options = { 'deviceName' : None, 'userName' : None,
  202. 'configFile' : '/etc/pamusb.conf', 'verbose' : False }
  203. for o, a in opts:
  204. if o in ("-h", "--help"):
  205. usage()
  206. if o in ("-v", "--verbose"):
  207. options['verbose'] = True
  208. if o in ("-d", "--add-device"):
  209. options['deviceName'] = a
  210. if o in ("-u", "--add-user"):
  211. options['userName'] = a
  212. if o in ("-c", "--config"):
  213. options['configFile'] = a
  214. if options['deviceName'] is not None and options['userName'] is not None:
  215. print 'You cannot use both --add-user and --add-device'
  216. usage()
  217. if options['deviceName'] is None and options['userName'] is None:
  218. usage()
  219. if options['deviceName'] is not None:
  220. bus = dbus.SystemBus()
  221. halService = bus.get_object('org.freedesktop.UDisks',
  222. '/org/freedesktop/UDisks')
  223. halManager = dbus.Interface(halService, 'org.freedesktop.UDisks')
  224. try:
  225. addDevice(options)
  226. except KeyboardInterrupt:
  227. sys.exit(1)
  228. if options['userName'] is not None:
  229. try:
  230. addUser(options)
  231. except KeyboardInterrupt:
  232. sys.exit(1)