Browse Source

Pad chown/chmod on a per-user basis

Andrea Luzzardi 18 years ago
parent
commit
27f109da05
6 changed files with 72 additions and 34 deletions
  1. +3
    -2
      src/device.c
  2. +1
    -1
      src/device.h
  3. +1
    -0
      src/log.c
  4. +64
    -29
      src/pad.c
  5. +2
    -1
      src/pad.h
  6. +1
    -1
      src/test.c

+ 3
- 2
src/device.c View File

@ -47,7 +47,8 @@ static int pusb_device_connected(t_pusb_options *opts, LibHalContext *ctx)
return (1); return (1);
} }
int pusb_device_check(t_pusb_options *opts)
int pusb_device_check(t_pusb_options *opts,
const char *user)
{ {
DBusConnection *dbus = NULL; DBusConnection *dbus = NULL;
LibHalContext *ctx = NULL; LibHalContext *ctx = NULL;
@ -73,7 +74,7 @@ int pusb_device_check(t_pusb_options *opts)
if (opts->one_time_pad) if (opts->one_time_pad)
{ {
log_info("Performing one time pad verification...\n"); log_info("Performing one time pad verification...\n");
retval = pusb_pad_check(opts, ctx);
retval = pusb_pad_check(opts, ctx, user);
} }
else else
{ {


+ 1
- 1
src/device.h View File

@ -18,6 +18,6 @@
#ifndef PUSB_DEVICE_H_ #ifndef PUSB_DEVICE_H_
# define PUSB_DEVICE_H_ # define PUSB_DEVICE_H_
int pusb_device_check(t_pusb_options *opts);
int pusb_device_check(t_pusb_options *opts, const char *user);
#endif /* !PUSB_DEVICE_H_ */ #endif /* !PUSB_DEVICE_H_ */

+ 1
- 0
src/log.c View File

@ -23,6 +23,7 @@ void __log_debug(const char *file, int line, const char *fmt, ...)
{ {
va_list ap; va_list ap;
return ;
fprintf(stderr, "\033[01;34m*\033[00m [%s:%03d] ", file, line); fprintf(stderr, "\033[01;34m*\033[00m [%s:%03d] ", file, line);
va_start(ap, fmt); va_start(ap, fmt);
vfprintf(stderr, fmt, ap); vfprintf(stderr, fmt, ap);


+ 64
- 29
src/pad.c View File

@ -21,6 +21,8 @@
#include <unistd.h> #include <unistd.h>
#include <errno.h> #include <errno.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
#include <time.h> #include <time.h>
#include <libhal-storage.h> #include <libhal-storage.h>
#include "conf.h" #include "conf.h"
@ -29,7 +31,9 @@
#include "pad.h" #include "pad.h"
static FILE *pusb_pad_open_device(t_pusb_options *opts, static FILE *pusb_pad_open_device(t_pusb_options *opts,
LibHalVolume *volume, const char *mode)
LibHalVolume *volume,
const char *user,
const char *mode)
{ {
FILE *f; FILE *f;
char *path; char *path;
@ -39,16 +43,16 @@ static FILE *pusb_pad_open_device(t_pusb_options *opts,
mnt_point = (char *)libhal_volume_get_mount_point(volume); mnt_point = (char *)libhal_volume_get_mount_point(volume);
if (!mnt_point) if (!mnt_point)
return (NULL); return (NULL);
path_size = strlen(mnt_point) + 1 + strlen(opts->device_pad_directory) + \
1 + strlen(opts->hostname) + strlen(".pad") + 1;
path_size = strlen(mnt_point) + 1 + strlen(opts->device_pad_directory) +
1 + strlen(user) + 1 + strlen(opts->hostname) + strlen(".pad") + 1;
if (!(path = malloc(path_size))) if (!(path = malloc(path_size)))
{ {
log_error("malloc error!\n"); log_error("malloc error!\n");
return (NULL); return (NULL);
} }
memset(path, 0x00, path_size); memset(path, 0x00, path_size);
snprintf(path, path_size, "%s/%s/%s.pad", mnt_point,
opts->device_pad_directory, opts->hostname);
snprintf(path, path_size, "%s/%s/%s.%s.pad", mnt_point,
opts->device_pad_directory, user, opts->hostname);
f = fopen(path, mode); f = fopen(path, mode);
free(path); free(path);
if (!f) if (!f)
@ -59,22 +63,50 @@ static FILE *pusb_pad_open_device(t_pusb_options *opts,
return (f); return (f);
} }
static FILE *pusb_pad_open_system(t_pusb_options *opts, const char *mode)
static int pusb_pad_protect(const char *user, int fd)
{
struct passwd *user_ent = NULL;
log_debug("Protecting pad file...\n");
if (!(user_ent = getpwnam(user)))
{
log_error("Unable to retrieve informations for user \"%s\": %s\n",
strerror(errno));
return (0);
}
if (fchown(fd, user_ent->pw_uid, user_ent->pw_gid) == -1)
{
log_error("Unable to change owner of the pad: %s\n",
strerror(errno));
return (0);
}
if (fchmod(fd, S_IRUSR | S_IWUSR) == -1)
{
log_error("Unable to change mode of the pad: %s\n",
strerror(errno));
return (0);
}
return (1);
}
static FILE *pusb_pad_open_system(t_pusb_options *opts,
const char *user,
const char *mode)
{ {
FILE *f; FILE *f;
char *path; char *path;
size_t path_size; size_t path_size;
path_size = strlen(opts->system_pad_directory) + 1 + path_size = strlen(opts->system_pad_directory) + 1 +
strlen(opts->device.serial) + strlen(".pad") + 1;
strlen(user) + 1 + strlen(opts->device.name) + strlen(".pad") + 1;
if (!(path = malloc(path_size))) if (!(path = malloc(path_size)))
{ {
log_error("malloc error\n"); log_error("malloc error\n");
return (NULL); return (NULL);
} }
memset(path, 0x00, path_size); memset(path, 0x00, path_size);
snprintf(path, path_size, "%s/%s.pad", opts->system_pad_directory,
opts->device.serial);
snprintf(path, path_size, "%s/%s.%s.pad", opts->system_pad_directory,
user, opts->device.name);
f = fopen(path, mode); f = fopen(path, mode);
free(path); free(path);
if (!f) if (!f)
@ -86,32 +118,35 @@ static FILE *pusb_pad_open_system(t_pusb_options *opts, const char *mode)
} }
static void pusb_pad_update(t_pusb_options *opts, static void pusb_pad_update(t_pusb_options *opts,
LibHalVolume *volume)
LibHalVolume *volume,
const char *user)
{ {
FILE *f_device = NULL; FILE *f_device = NULL;
FILE *f_system = NULL; FILE *f_system = NULL;
int magic[1024];
char magic[1024];
int i; int i;
if (!(f_device = pusb_pad_open_device(opts, volume, "w+")))
if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+")))
{ {
log_error("Unable to update pads.\n"); log_error("Unable to update pads.\n");
return ; return ;
} }
if (!(f_system = pusb_pad_open_system(opts, "w+")))
pusb_pad_protect(user, fileno(f_device));
if (!(f_system = pusb_pad_open_system(opts, user, "w+")))
{ {
log_error("Unable to update pads.\n"); log_error("Unable to update pads.\n");
fclose(f_device); fclose(f_device);
return ; return ;
} }
pusb_pad_protect(user, fileno(f_system));
log_debug("Generating %d bytes unique pad...\n", sizeof(magic)); log_debug("Generating %d bytes unique pad...\n", sizeof(magic));
srand(getpid() * time(NULL)); srand(getpid() * time(NULL));
for (i = 0; i < (sizeof(magic) / sizeof(int)); ++i)
magic[i] = rand();
for (i = 0; i < sizeof(magic); ++i)
magic[i] = (char)rand();
log_debug("Writing pad to the device...\n"); log_debug("Writing pad to the device...\n");
fwrite(magic, sizeof(int), sizeof(magic) / sizeof(int), f_system);
fwrite(magic, sizeof(char), sizeof(magic), f_system);
log_debug("Writing pad to the system...\n"); log_debug("Writing pad to the system...\n");
fwrite(magic, sizeof(int), sizeof(magic) / sizeof(int), f_device);
fwrite(magic, sizeof(char), sizeof(magic), f_device);
log_debug("Synchronizing filesystems...\n"); log_debug("Synchronizing filesystems...\n");
fclose(f_system); fclose(f_system);
fclose(f_device); fclose(f_device);
@ -119,34 +154,34 @@ static void pusb_pad_update(t_pusb_options *opts,
log_debug("One time pads updated.\n"); log_debug("One time pads updated.\n");
} }
static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume)
static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
const char *user)
{ {
FILE *f_device = NULL; FILE *f_device = NULL;
FILE *f_system = NULL; FILE *f_system = NULL;
int magic_device[1024];
int magic_system[1024];
char magic_device[1024];
char magic_system[1024];
int retval; int retval;
if (!(f_system = pusb_pad_open_system(opts, "r")))
if (!(f_system = pusb_pad_open_system(opts, user, "r")))
return (1); return (1);
if (!(f_device = pusb_pad_open_device(opts, volume, "r")))
if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
{ {
fclose(f_system); fclose(f_system);
return (0); return (0);
} }
log_debug("Loading device pad...\n"); log_debug("Loading device pad...\n");
fread(magic_device, sizeof(int), sizeof(magic_device) / sizeof(int),
f_device);
fread(magic_device, sizeof(char), sizeof(magic_device), f_device);
log_debug("Loading system pad...\n"); log_debug("Loading system pad...\n");
fread(magic_system, sizeof(int), sizeof(magic_system) / sizeof(int),
f_system);
fread(magic_system, sizeof(char), sizeof(magic_system), f_system);
retval = memcmp(magic_system, magic_device, sizeof(magic_system)); retval = memcmp(magic_system, magic_device, sizeof(magic_system));
fclose(f_system); fclose(f_system);
fclose(f_device); fclose(f_device);
return (retval == 0); return (retval == 0);
} }
int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx)
int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx,
const char *user)
{ {
LibHalVolume *volume = NULL; LibHalVolume *volume = NULL;
int retval; int retval;
@ -154,11 +189,11 @@ int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx)
volume = pusb_volume_get(opts, ctx); volume = pusb_volume_get(opts, ctx);
if (!volume) if (!volume)
return (0); return (0);
retval = pusb_pad_compare(opts, volume);
retval = pusb_pad_compare(opts, volume, user);
if (retval) if (retval)
{ {
log_info("Verification match, updating one time pads...\n"); log_info("Verification match, updating one time pads...\n");
pusb_pad_update(opts, volume);
pusb_pad_update(opts, volume, user);
} }
else else
log_error("Pad checking failed !\n"); log_error("Pad checking failed !\n");


+ 2
- 1
src/pad.h View File

@ -18,6 +18,7 @@
#ifndef PUSB_OTP_H_ #ifndef PUSB_OTP_H_
# define PUSB_OTP_H_ # define PUSB_OTP_H_
int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx);
int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx,
const char *user);
#endif /* !PUSB_OTP_H_ */ #endif /* !PUSB_OTP_H_ */

+ 1
- 1
src/test.c View File

@ -40,7 +40,7 @@ int main(int argc, char **argv)
log_debug("Not enabled, exiting...\n"); log_debug("Not enabled, exiting...\n");
return (0); return (0);
} }
retval = pusb_device_check(&opts);
retval = pusb_device_check(&opts, argv[1]);
if (retval) if (retval)
log_info("Access granted.\n"); log_info("Access granted.\n");
else else


Loading…
Cancel
Save