diff --git a/ChangeLog b/ChangeLog index ac4ca31..b0a3f8e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ should be updated in order to reduce device writing. - Support for time options in the configuration parser (5s, 2h, 10m, etc) - Added the --verbose option to pamusb-conf +- Added the --debug option to pamusb-check - Fixed the ElementTree import statement of pamusb-agent to work with Python 2.5. Thanks to Donald Hayward for the patch. diff --git a/doc/CONFIGURATION b/doc/CONFIGURATION index da72e85..3409630 100644 --- a/doc/CONFIGURATION +++ b/doc/CONFIGURATION @@ -1,8 +1,9 @@ ====== Configuration ====== - - - +Configuration is done through the pamusb-conf tool, as explained in the +[[quickstart]] section. Most users don't have to manually change pamusb.conf, +however if you want to change some default settings, this document explains the +syntax of the pamusb.conf configuration file. ===== Introduction ===== @@ -48,6 +49,7 @@ pamusb-agent -c /some/other/path.conf + ===== Options ===== ^ Name ^ Type ^ Default value ^ Description ^ @@ -61,8 +63,10 @@ output) | | | one_time_pad | Boolean | true | Enable the use of one time pads | -| probe_timeout | Integer | 10 | Time (in seconds) to -wait for the volume to be detected| +| probe_timeout | Time | 10s | Time to wait for the +volume to be detected| +| pad_expiration| Time | 1h | Time between pads +regeneration| | hostname | String | Computer's hostname | Computer name. Must be unique accross computers using the same device | @@ -129,6 +133,7 @@ SNDKXXXXXXXXXXXXXXXX | + ===== Users ===== ^ Name ^ Type ^ Description ^ @@ -147,12 +152,12 @@ below | -gnome-screensaver-command --lock -beep-media-player --pause +gnome-screensaver-command --lock +beep-media-player --pause -gnome-screensaver-command --deactivate -beep-media-player --play +gnome-screensaver-command --deactivate +beep-media-player --play ===== Services ===== @@ -169,6 +174,7 @@ beep-media-player --> + ===== Full example ===== This example demonstrates how to write a pam_usb configuration file and how to @@ -226,8 +232,8 @@ override the "quiet" option --> - gnome-screensaver-command --lock - gnome-screensaver-command --deactivate + gnome-screensaver-command --lock + gnome-screensaver-command --deactivate diff --git a/doc/FAQ b/doc/FAQ index 37c76f3..f64308a 100644 --- a/doc/FAQ +++ b/doc/FAQ @@ -19,3 +19,9 @@ soon as you authenticate. > Q: Is my USB drive compatible with pam_usb ? >> A: About every USB flash drive will work with pam_usb. + +> Q: I can't authenticate anymore, pam_usb gives me the following error: Pad +checking failed. What should I do ? +>> A: It's a machine/device synchronization issue. To get rid of that error you +have to reset the pads of your system by removing the .pamusb folder located on +your home (/root/.pamusb/, /home/foobar/.pamusb/, etc). diff --git a/doc/QUICKSTART b/doc/QUICKSTART index d502914..75e011c 100644 --- a/doc/QUICKSTART +++ b/doc/QUICKSTART @@ -6,6 +6,22 @@ using an older version of pam_usb. ===== Installing ==== +==== Gentoo Linux ==== + +pam_usb 0.4.1 is currently keyword masked (~arch) on Gentoo, so you'll have to +unmask it before installing: + +# echo "sys-auth/pam_usb" >> /etc/portage/package.keywords +# emerge -av ">=sys-auth/pam_usb-0.4.1" + + +==== Debian GNU/Linux ==== + +pam_usb is available on Debian testing (lenny) and unstable (sid). + +# apt-get install libpam-usb pamusb-tools + + ==== Installing from sources ==== * Step 1: Download the latest release * Step 2: Unpack the distribution tarball @@ -15,7 +31,7 @@ $ cd pam_usb- * Step 3: Make sure that you have installed the required dependencies -pam_usb depends on libxml2, PAM and HAL. pam_usb's tools (pamusb-agent, +pam_usb depends on libxml2, PAM, HAL and pmount. pam_usb's tools (pamusb-agent, pamusb-conf) depends on python, python-celementtree and python-gobject. * Step 3: Compile and install diff --git a/doc/pamusb-agent.1.gz b/doc/pamusb-agent.1.gz index 6fad245..f40be71 100644 Binary files a/doc/pamusb-agent.1.gz and b/doc/pamusb-agent.1.gz differ diff --git a/doc/pamusb-check.1.gz b/doc/pamusb-check.1.gz index 898bd3c..63b3cf3 100644 Binary files a/doc/pamusb-check.1.gz and b/doc/pamusb-check.1.gz differ diff --git a/doc/pamusb-conf.1.gz b/doc/pamusb-conf.1.gz index b157065..dd10fdf 100644 Binary files a/doc/pamusb-conf.1.gz and b/doc/pamusb-conf.1.gz differ diff --git a/doc/pamusb.conf b/doc/pamusb.conf index 77f35c5..d562820 100644 --- a/doc/pamusb.conf +++ b/doc/pamusb.conf @@ -29,13 +29,27 @@ See http://www.pamusb.org/doc/configuring + + diff --git a/src/conf.c b/src/conf.c index 5c86fcb..f349a84 100644 --- a/src/conf.c +++ b/src/conf.c @@ -144,7 +144,7 @@ int pusb_conf_init(t_pusb_options *opts) opts->quiet = 0; opts->color_log = 1; opts->one_time_pad = 1; - opts->pad_expiration = 86400; + opts->pad_expiration = 3600; return (1); } diff --git a/src/pad.c b/src/pad.c index 3eb2631..779bb93 100644 --- a/src/pad.c +++ b/src/pad.c @@ -165,13 +165,13 @@ static int pusb_pad_should_update(t_pusb_options *opts, const char *user) if (delta > opts->pad_expiration) { - log_info("Pads expired %u seconds ago, updating...\n", + log_debug("Pads expired %u seconds ago, updating...\n", delta - opts->pad_expiration); return (1); } else { - log_info("Pads were generated %u seconds ago, not updating.\n", + log_debug("Pads were generated %u seconds ago, not updating.\n", delta); return (0); } @@ -189,6 +189,7 @@ static void pusb_pad_update(t_pusb_options *opts, if (!pusb_pad_should_update(opts, user)) return ; + log_info("Regenerating new pads...\n"); if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+"))) { log_error("Unable to update pads.\n"); @@ -258,10 +259,7 @@ int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx, return (0); retval = pusb_pad_compare(opts, volume, user); if (retval) - { - log_info("Verification match, updating one time pads...\n"); pusb_pad_update(opts, volume, user); - } else log_error("Pad checking failed !\n"); pusb_volume_destroy(volume); diff --git a/src/pamusb-check.c b/src/pamusb-check.c index 0466b71..31c2e0e 100644 --- a/src/pamusb-check.c +++ b/src/pamusb-check.c @@ -72,7 +72,7 @@ static int pusb_check_perform_authentication(t_pusb_options *opts, static void pusb_check_usage(const char *name) { - fprintf(stderr, "Usage: %s [--help] [--config=path] [--service=name] [--dump] [--quiet]" \ + fprintf(stderr, "Usage: %s [--help] [--debug] [--config=path] [--service=name] [--dump] [--quiet] [--debug]" \ " \n", name); } @@ -84,17 +84,19 @@ int main(int argc, char **argv) char *user = NULL; int quiet = 0; int dump = 0; + int debug = 0; int opt; int opt_index = 0; extern char *optarg; - char *short_options = "hc:s:dq"; + char *short_options = "hc:s:dqD"; struct option long_options[] = { - { "help", 0, 0, 0}, - { "config", 1, 0, 0}, - { "service", 1, 0, 0}, - { "dump", 0, &dump, 1 }, - { "quiet", 0, &quiet, 1}, - { 0, 0, 0, 0} + { "help", 0, 0, 0 }, + { "config", 1, 0, 0 }, + { "service", 1, 0, 0 }, + { "dump", 0, 0, 0 }, + { "quiet", 0, 0, 0 }, + { "debug", 0, 0, 0 }, + { 0, 0, 0, 0 } }; while ((opt = getopt_long(argc, argv, short_options, long_options, @@ -109,6 +111,12 @@ int main(int argc, char **argv) conf_file = optarg; else if (opt == 's' || (!opt && !strcmp(long_options[opt_index].name, "service"))) service = optarg; + else if (opt == 'd' || (!opt && !strcmp(long_options[opt_index].name, "dump"))) + dump = 1; + else if (opt == 'q' || (!opt && !strcmp(long_options[opt_index].name, "quiet"))) + quiet = 1; + else if (opt == 'D' || (!opt && !strcmp(long_options[opt_index].name, "debug"))) + debug = 1; else if (opt == '?') { pusb_check_usage(argv[0]); @@ -124,6 +132,12 @@ int main(int argc, char **argv) return (1); } + if (quiet && debug) + { + fprintf(stderr, "Error: You cannot use --quiet and --debug together."); + return (1); + } + pusb_log_init(&opts); if (!pusb_conf_init(&opts)) return (1); @@ -134,6 +148,11 @@ int main(int argc, char **argv) opts.quiet = 1; opts.debug = 0; } + else if (debug) + { + opts.quiet = 0; + opts.debug = 1; + } if (dump) { pusb_check_conf_dump(&opts, user, service); diff --git a/src/version.h b/src/version.h index 99b4a90..b8edb86 100644 --- a/src/version.h +++ b/src/version.h @@ -18,6 +18,6 @@ #ifndef PUSB_VERSION_H_ # define PUSB_VERSION_H_ -# define PUSB_VERSION "SVN" +# define PUSB_VERSION "0.4.2" #endif /* !PUSB_VERSION_H_ */ diff --git a/utils/roll_release.sh b/utils/roll_release.sh index f60da65..a8eea8b 100755 --- a/utils/roll_release.sh +++ b/utils/roll_release.sh @@ -27,8 +27,9 @@ create_release() BUILD_ENV=`mktemp -d /tmp/build.XXXXXX` SRC_PATH=${BUILD_ENV}/pam_usb-${1} TARBALL=pam_usb-${1}.tar.gz + TAG_PATH=${TRUNK_PATH}/../../tags/${1} - if [ -d "${TRUNK_PATH}/../../tags/${1}" -o -f $TARBALL ] ; then + if [ -d $TAG_PATH -o -f $TARBALL ] ; then rm -rf $BUILD_ENV echo "! Release $1 already exists !" exit @@ -36,20 +37,21 @@ create_release() echo "* Rolling release $1 on $BUILD_ENV..." - svn export $TRUNK_PATH ${SRC_PATH} + svn cp $TRUNK_PATH/../pam_usb $TAG_PATH + svn export $TRUNK_PATH $SRC_PATH echo "* Cleaning up..." rm -rf $SRC_PATH/utils echo "* Tagging release \"$1\"" sed -ri "s/(PUSB_VERSION) \"[^\"]*\"/\1 \"${1}\"/" ${SRC_PATH}/src/version.h + cp -f ${SRC_PATH}/src/version.h ${TAG_PATH}/src/version.h echo "* Creating tarball..." cd $BUILD_ENV tar -zcf $TARBALL pam_usb-${1} cd - > /dev/null - cp -a $SRC_PATH ${TRUNK_PATH}/../../tags/${1} cp ${BUILD_ENV}/${TARBALL} . rm -rf $BUILD_ENV