Fincer
/
pam_usb
mirror of https://github.com/Fincer/pam_usb
1
0
Fork 0
Code Issues 0 Releases 4 Wiki Activity
Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
228 Commits
1 Branch
755 KiB
Tree: fb1d08a8d7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fb1d08a8d7'
${ noResults }
pam_usb/src/pam.c

114 lines
2.7 KiB
Raw Normal View History

Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Copyright update (2003-2007)
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Updated Free Software Foundation address in license notes
8 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Initialize the logging ASAP to catch earlier errors
17 years ago
Fixed compiler warning "dereferencing type-punned pointer will break strict-aliasing rules"
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Check the return of the conf initialization
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Improved local login detection
17 years ago
Fixed compiler warning "dereferencing type-punned pointer will break strict-aliasing rules"
17 years ago
Reindented using tabs only
17 years ago
Security fix
17 years ago
Reindented using tabs only
17 years ago
Cleanup
17 years ago
Reindented using tabs only
17 years ago
Cleanup
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
Reindented using tabs only
17 years ago
Implemented PAM module Fixed a bug in the logging facility Misc fixes
17 years ago
 
  1. /*

  2.  * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
  3.  *
  4.  * This file is part of the pam_usb project. pam_usb is free software;
  5.  * you can redistribute it and/or modify it under the terms of the GNU General
  6.  * Public License version 2, as published by the Free Software Foundation.
  7.  *
  8.  * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
  9.  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  10.  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  11.  * details.
  12.  *
  13.  * You should have received a copy of the GNU General Public License along with
  14.  * this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
  15.  * Street, Fifth Floor, Boston, MA 02110-1301 USA
  16.  */
  17. 

  18. #define PAM_SM_AUTH

  19. #include <security/pam_modules.h>

  20. #include <security/_pam_macros.h>

  21. 

  22. #include "version.h"

  23. #include "conf.h"

  24. #include "log.h"

  25. #include "local.h"

  26. #include "device.h"

  27. 

  28. PAM_EXTERN
  29. int pam_sm_authenticate(pam_handle_t *pamh, int flags,
  30. 		int argc, const char **argv)
  31. {
  32. 	t_pusb_options	opts;
  33. 	const char		*service;
  34. 	const char		*user;
  35. 	const char		*tty;
  36. 	char			*conf_file = PUSB_CONF_FILE;
  37. 	int				retval;
  38. 

  39. 	pusb_log_init(&opts);
  40. 	retval = pam_get_item(pamh, PAM_SERVICE,
  41. 			(const void **)(const void *)&service);
  42. 	if (retval != PAM_SUCCESS)
  43. 	{
  44. 		log_error("Unable to retrieve the PAM service name.\n");
  45. 		return (PAM_AUTH_ERR);
  46. 	}
  47. 

  48. 	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
  49. 	{
  50. 		log_error("Unable to retrieve the PAM user name.\n");
  51. 		return (PAM_AUTH_ERR);
  52. 	}
  53. 

  54. 	if (argc > 1)
  55. 		if (!strcmp(argv[0], "-c"))
  56. 			conf_file = (char *)argv[1];
  57. 	if (!pusb_conf_init(&opts))
  58. 		return (PAM_AUTH_ERR);
  59. 	if (!pusb_conf_parse(conf_file, &opts, user, service))
  60. 		return (PAM_AUTH_ERR);
  61. 

  62. 	if (!opts.enable)
  63. 	{
  64. 		log_debug("Not enabled, exiting...\n");
  65. 		return (PAM_IGNORE);
  66. 	}
  67. 

  68. 	log_info("pam_usb v%s\n", PUSB_VERSION);
  69. 	log_info("Authentication request for user \"%s\" (%s)\n",
  70. 			user, service);
  71. 

  72. 	if (pam_get_item(pamh, PAM_TTY,
  73. 				(const void **)(const void *)&tty) == PAM_SUCCESS)
  74. 	{
  75. 		if (tty && !strcmp(tty, "ssh"))
  76. 		{
  77. 			log_debug("SSH Authentication, aborting.\n");
  78. 			return (PAM_AUTH_ERR);
  79. 		}
  80. 	}
  81. 	if (!pusb_local_login(&opts, user))
  82. 	{
  83. 		log_error("Access denied.\n");
  84. 		return (PAM_AUTH_ERR);
  85. 	}
  86. 	if (pusb_device_check(&opts, user))
  87. 	{
  88. 		log_info("Access granted.\n");
  89. 		return (PAM_SUCCESS);
  90. 	}
  91. 	log_error("Access denied.\n");
  92. 	return (PAM_AUTH_ERR);
  93. }
  94. 

  95. PAM_EXTERN
  96. int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
  97. 		const char **argv)
  98. {
  99. 	return (PAM_SUCCESS);
  100. }
  101. 

  102. #ifdef PAM_STATIC

  103. 

  104. struct pam_module _pam_usb_modstruct = {
  105. 	"pam_usb",
  106. 	pam_sm_authenticate,
  107. 	pam_sm_setcred,
  108. 	NULL,
  109. 	NULL,
  110. 	NULL,
  111. 	NULL
  112. };
  113. 

  114. #endif