Browse Source

Tagged 0.4.2

0.4.2
Andrea Luzzardi 17 years ago
parent
commit
0f5ce22469
13 changed files with 92 additions and 30 deletions
  1. +1
    -0
      ChangeLog
  2. +17
    -11
      doc/CONFIGURATION
  3. +6
    -0
      doc/FAQ
  4. +17
    -1
      doc/QUICKSTART
  5. BIN
      doc/pamusb-agent.1.gz
  6. BIN
      doc/pamusb-check.1.gz
  7. BIN
      doc/pamusb-conf.1.gz
  8. +14
    -0
      doc/pamusb.conf
  9. +1
    -1
      src/conf.c
  10. +3
    -5
      src/pad.c
  11. +27
    -8
      src/pamusb-check.c
  12. +1
    -1
      src/version.h
  13. +5
    -3
      utils/roll_release.sh

+ 1
- 0
ChangeLog View File

@ -3,6 +3,7 @@
should be updated in order to reduce device writing. should be updated in order to reduce device writing.
- Support for time options in the configuration parser (5s, 2h, 10m, etc) - Support for time options in the configuration parser (5s, 2h, 10m, etc)
- Added the --verbose option to pamusb-conf - Added the --verbose option to pamusb-conf
- Added the --debug option to pamusb-check
- Fixed the ElementTree import statement of pamusb-agent to work with - Fixed the ElementTree import statement of pamusb-agent to work with
Python 2.5. Thanks to Donald Hayward <liquidsunshine@gmail.com> for Python 2.5. Thanks to Donald Hayward <liquidsunshine@gmail.com> for
the patch. the patch.


+ 17
- 11
doc/CONFIGURATION View File

@ -1,8 +1,9 @@
====== Configuration ====== ====== Configuration ======
Configuration is done through the pamusb-conf tool, as explained in the
[[quickstart]] section. Most users don't have to manually change pamusb.conf,
however if you want to change some default settings, this document explains the
syntax of the pamusb.conf configuration file.
===== Introduction ===== ===== Introduction =====
@ -48,6 +49,7 @@ pamusb-agent -c /some/other/path.conf
===== Options ===== ===== Options =====
^ Name ^ Type ^ Default value ^ Description ^ ^ Name ^ Type ^ Default value ^ Description ^
@ -61,8 +63,10 @@ output) |
| |
| one_time_pad | Boolean | true | Enable the use of one | one_time_pad | Boolean | true | Enable the use of one
time pads | time pads |
| probe_timeout | Integer | 10 | Time (in seconds) to
wait for the volume to be detected|
| probe_timeout | Time | 10s | Time to wait for the
volume to be detected|
| pad_expiration| Time | 1h | Time between pads
regeneration|
| hostname | String | Computer's hostname | Computer name. Must be | hostname | String | Computer's hostname | Computer name. Must be
unique accross computers using the same device | unique accross computers using the same device |
@ -129,6 +133,7 @@ SNDKXXXXXXXXXXXXXXXX |
</device> </device>
===== Users ===== ===== Users =====
^ Name ^ Type ^ Description ^ ^ Name ^ Type ^ Description ^
@ -147,12 +152,12 @@ below |
<!-- When the user "scox" removes the usb device, lock the screen and pause <!-- When the user "scox" removes the usb device, lock the screen and pause
beep-media-player --> beep-media-player -->
<hotplug event="lock">gnome-screensaver-command --lock</hotplug>
<hotplug event="lock">beep-media-player --pause</hotplug>
<agent event="lock">gnome-screensaver-command --lock</agent>
<agent event="lock">beep-media-player --pause</agent>
<!-- Resume operations when the usb device is plugged back and authenticated --> <!-- Resume operations when the usb device is plugged back and authenticated -->
<hotplug event="unlock">gnome-screensaver-command --deactivate</hotplug>
<hotplug event="unlock">beep-media-player --play</hotplug>
<agent event="unlock">gnome-screensaver-command --deactivate</agent>
<agent event="unlock">beep-media-player --play</agent>
</user> </user>
===== Services ===== ===== Services =====
@ -169,6 +174,7 @@ beep-media-player -->
===== Full example ===== ===== Full example =====
This example demonstrates how to write a pam_usb configuration file and how to This example demonstrates how to write a pam_usb configuration file and how to
@ -226,8 +232,8 @@ override the "quiet" option -->
<option name="quiet">true</option> <option name="quiet">true</option>
<!-- Agent settings, used by pamusb-agent --> <!-- Agent settings, used by pamusb-agent -->
<hotplug event="lock">gnome-screensaver-command --lock</hotplug>
<hotplug event="unlock">gnome-screensaver-command --deactivate</hotplug>
<agent event="lock">gnome-screensaver-command --lock</agent>
<agent event="unlock">gnome-screensaver-command --deactivate</agent>
</user> </user>
</users> </users>


+ 6
- 0
doc/FAQ View File

@ -19,3 +19,9 @@ soon as you authenticate.
> Q: Is my USB drive compatible with pam_usb ? > Q: Is my USB drive compatible with pam_usb ?
>> A: About every USB flash drive will work with pam_usb. >> A: About every USB flash drive will work with pam_usb.
> Q: I can't authenticate anymore, pam_usb gives me the following error: Pad
checking failed. What should I do ?
>> A: It's a machine/device synchronization issue. To get rid of that error you
have to reset the pads of your system by removing the .pamusb folder located on
your home (/root/.pamusb/, /home/foobar/.pamusb/, etc).

+ 17
- 1
doc/QUICKSTART View File

@ -6,6 +6,22 @@ using an older version of pam_usb.
===== Installing ==== ===== Installing ====
==== Gentoo Linux ====
pam_usb 0.4.1 is currently keyword masked (~arch) on Gentoo, so you'll have to
unmask it before installing:
# echo "sys-auth/pam_usb" >> /etc/portage/package.keywords
# emerge -av ">=sys-auth/pam_usb-0.4.1"
==== Debian GNU/Linux ====
pam_usb is available on Debian testing (lenny) and unstable (sid).
# apt-get install libpam-usb pamusb-tools
==== Installing from sources ==== ==== Installing from sources ====
* Step 1: Download the latest release * Step 1: Download the latest release
* Step 2: Unpack the distribution tarball * Step 2: Unpack the distribution tarball
@ -15,7 +31,7 @@ $ cd pam_usb-<version>
* Step 3: Make sure that you have installed the required dependencies * Step 3: Make sure that you have installed the required dependencies
pam_usb depends on libxml2, PAM and HAL. pam_usb's tools (pamusb-agent,
pam_usb depends on libxml2, PAM, HAL and pmount. pam_usb's tools (pamusb-agent,
pamusb-conf) depends on python, python-celementtree and python-gobject. pamusb-conf) depends on python, python-celementtree and python-gobject.
* Step 3: Compile and install * Step 3: Compile and install


BIN
doc/pamusb-agent.1.gz View File


BIN
doc/pamusb-check.1.gz View File


BIN
doc/pamusb-conf.1.gz View File


+ 14
- 0
doc/pamusb.conf View File

@ -29,13 +29,27 @@ See http://www.pamusb.org/doc/configuring
<!-- User settings --> <!-- User settings -->
<users> <users>
<!-- Note: Use pamusb-conf to add a user, then you can tweak
manually the configuration here if needed.
-->
<!-- Example: <!-- Example:
Authenticate user scox using "MyDevice", and configure pamusb-agent
to automatically start/stop gnome-screensaver on key insertion and
removal:
<user id="scox"> <user id="scox">
<device>MyDevice</device> <device>MyDevice</device>
<option name="quiet">true</option> <option name="quiet">true</option>
<agent event="lock">gnome-screensaver-command -lock</agent> <agent event="lock">gnome-screensaver-command -lock</agent>
<agent event="unlock">gnome-screensaver-command -deactivate</agent> <agent event="unlock">gnome-screensaver-command -deactivate</agent>
</user> </user>
Configure user root to authenticate using MyDevice, but update one
time pads at every login (default is 1 hour):
<user id="root">
<device>MyDevice</device>
<option name="pad_expiration">0</option>
</user>
--> -->
</users> </users>


+ 1
- 1
src/conf.c View File

@ -144,7 +144,7 @@ int pusb_conf_init(t_pusb_options *opts)
opts->quiet = 0; opts->quiet = 0;
opts->color_log = 1; opts->color_log = 1;
opts->one_time_pad = 1; opts->one_time_pad = 1;
opts->pad_expiration = 86400;
opts->pad_expiration = 3600;
return (1); return (1);
} }


+ 3
- 5
src/pad.c View File

@ -165,13 +165,13 @@ static int pusb_pad_should_update(t_pusb_options *opts, const char *user)
if (delta > opts->pad_expiration) if (delta > opts->pad_expiration)
{ {
log_info("Pads expired %u seconds ago, updating...\n",
log_debug("Pads expired %u seconds ago, updating...\n",
delta - opts->pad_expiration); delta - opts->pad_expiration);
return (1); return (1);
} }
else else
{ {
log_info("Pads were generated %u seconds ago, not updating.\n",
log_debug("Pads were generated %u seconds ago, not updating.\n",
delta); delta);
return (0); return (0);
} }
@ -189,6 +189,7 @@ static void pusb_pad_update(t_pusb_options *opts,
if (!pusb_pad_should_update(opts, user)) if (!pusb_pad_should_update(opts, user))
return ; return ;
log_info("Regenerating new pads...\n");
if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+"))) if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+")))
{ {
log_error("Unable to update pads.\n"); log_error("Unable to update pads.\n");
@ -258,10 +259,7 @@ int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx,
return (0); return (0);
retval = pusb_pad_compare(opts, volume, user); retval = pusb_pad_compare(opts, volume, user);
if (retval) if (retval)
{
log_info("Verification match, updating one time pads...\n");
pusb_pad_update(opts, volume, user); pusb_pad_update(opts, volume, user);
}
else else
log_error("Pad checking failed !\n"); log_error("Pad checking failed !\n");
pusb_volume_destroy(volume); pusb_volume_destroy(volume);


+ 27
- 8
src/pamusb-check.c View File

@ -72,7 +72,7 @@ static int pusb_check_perform_authentication(t_pusb_options *opts,
static void pusb_check_usage(const char *name) static void pusb_check_usage(const char *name)
{ {
fprintf(stderr, "Usage: %s [--help] [--config=path] [--service=name] [--dump] [--quiet]" \
fprintf(stderr, "Usage: %s [--help] [--debug] [--config=path] [--service=name] [--dump] [--quiet] [--debug]" \
" <username>\n", name); " <username>\n", name);
} }
@ -84,17 +84,19 @@ int main(int argc, char **argv)
char *user = NULL; char *user = NULL;
int quiet = 0; int quiet = 0;
int dump = 0; int dump = 0;
int debug = 0;
int opt; int opt;
int opt_index = 0; int opt_index = 0;
extern char *optarg; extern char *optarg;
char *short_options = "hc:s:dq";
char *short_options = "hc:s:dqD";
struct option long_options[] = { struct option long_options[] = {
{ "help", 0, 0, 0},
{ "config", 1, 0, 0},
{ "service", 1, 0, 0},
{ "dump", 0, &dump, 1 },
{ "quiet", 0, &quiet, 1},
{ 0, 0, 0, 0}
{ "help", 0, 0, 0 },
{ "config", 1, 0, 0 },
{ "service", 1, 0, 0 },
{ "dump", 0, 0, 0 },
{ "quiet", 0, 0, 0 },
{ "debug", 0, 0, 0 },
{ 0, 0, 0, 0 }
}; };
while ((opt = getopt_long(argc, argv, short_options, long_options, while ((opt = getopt_long(argc, argv, short_options, long_options,
@ -109,6 +111,12 @@ int main(int argc, char **argv)
conf_file = optarg; conf_file = optarg;
else if (opt == 's' || (!opt && !strcmp(long_options[opt_index].name, "service"))) else if (opt == 's' || (!opt && !strcmp(long_options[opt_index].name, "service")))
service = optarg; service = optarg;
else if (opt == 'd' || (!opt && !strcmp(long_options[opt_index].name, "dump")))
dump = 1;
else if (opt == 'q' || (!opt && !strcmp(long_options[opt_index].name, "quiet")))
quiet = 1;
else if (opt == 'D' || (!opt && !strcmp(long_options[opt_index].name, "debug")))
debug = 1;
else if (opt == '?') else if (opt == '?')
{ {
pusb_check_usage(argv[0]); pusb_check_usage(argv[0]);
@ -124,6 +132,12 @@ int main(int argc, char **argv)
return (1); return (1);
} }
if (quiet && debug)
{
fprintf(stderr, "Error: You cannot use --quiet and --debug together.");
return (1);
}
pusb_log_init(&opts); pusb_log_init(&opts);
if (!pusb_conf_init(&opts)) if (!pusb_conf_init(&opts))
return (1); return (1);
@ -134,6 +148,11 @@ int main(int argc, char **argv)
opts.quiet = 1; opts.quiet = 1;
opts.debug = 0; opts.debug = 0;
} }
else if (debug)
{
opts.quiet = 0;
opts.debug = 1;
}
if (dump) if (dump)
{ {
pusb_check_conf_dump(&opts, user, service); pusb_check_conf_dump(&opts, user, service);


+ 1
- 1
src/version.h View File

@ -18,6 +18,6 @@
#ifndef PUSB_VERSION_H_ #ifndef PUSB_VERSION_H_
# define PUSB_VERSION_H_ # define PUSB_VERSION_H_
# define PUSB_VERSION "SVN"
# define PUSB_VERSION "0.4.2"
#endif /* !PUSB_VERSION_H_ */ #endif /* !PUSB_VERSION_H_ */

+ 5
- 3
utils/roll_release.sh View File

@ -27,8 +27,9 @@ create_release()
BUILD_ENV=`mktemp -d /tmp/build.XXXXXX` BUILD_ENV=`mktemp -d /tmp/build.XXXXXX`
SRC_PATH=${BUILD_ENV}/pam_usb-${1} SRC_PATH=${BUILD_ENV}/pam_usb-${1}
TARBALL=pam_usb-${1}.tar.gz TARBALL=pam_usb-${1}.tar.gz
TAG_PATH=${TRUNK_PATH}/../../tags/${1}
if [ -d "${TRUNK_PATH}/../../tags/${1}" -o -f $TARBALL ] ; then
if [ -d $TAG_PATH -o -f $TARBALL ] ; then
rm -rf $BUILD_ENV rm -rf $BUILD_ENV
echo "! Release $1 already exists !" echo "! Release $1 already exists !"
exit exit
@ -36,20 +37,21 @@ create_release()
echo "* Rolling release $1 on $BUILD_ENV..." echo "* Rolling release $1 on $BUILD_ENV..."
svn export $TRUNK_PATH ${SRC_PATH}
svn cp $TRUNK_PATH/../pam_usb $TAG_PATH
svn export $TRUNK_PATH $SRC_PATH
echo "* Cleaning up..." echo "* Cleaning up..."
rm -rf $SRC_PATH/utils rm -rf $SRC_PATH/utils
echo "* Tagging release \"$1\"" echo "* Tagging release \"$1\""
sed -ri "s/(PUSB_VERSION) \"[^\"]*\"/\1 \"${1}\"/" ${SRC_PATH}/src/version.h sed -ri "s/(PUSB_VERSION) \"[^\"]*\"/\1 \"${1}\"/" ${SRC_PATH}/src/version.h
cp -f ${SRC_PATH}/src/version.h ${TAG_PATH}/src/version.h
echo "* Creating tarball..." echo "* Creating tarball..."
cd $BUILD_ENV cd $BUILD_ENV
tar -zcf $TARBALL pam_usb-${1} tar -zcf $TARBALL pam_usb-${1}
cd - > /dev/null cd - > /dev/null
cp -a $SRC_PATH ${TRUNK_PATH}/../../tags/${1}
cp ${BUILD_ENV}/${TARBALL} . cp ${BUILD_ENV}/${TARBALL} .
rm -rf $BUILD_ENV rm -rf $BUILD_ENV


Loading…
Cancel
Save