Browse Source

Implemented PAM module

Fixed a bug in the logging facility
Misc fixes
Andrea Luzzardi 18 years ago
parent
commit
2a659c7a87
6 changed files with 188 additions and 17 deletions
  1. +18
    -10
      Makefile
  2. +13
    -3
      src/log.c
  3. +3
    -1
      src/pad.c
  4. +131
    -0
      src/pam.c
  5. +0
    -3
      src/pusb_check.c
  6. +23
    -0
      src/version.h

+ 18
- 10
Makefile View File

@ -1,6 +1,12 @@
# Set to 'yes' to include debugging informations, e.g. DEBUG=yes make -e
DEBUG := no
# compiler/linker options
CC := gcc
CFLAGS := -Wall `pkg-config --cflags libxml-2.0` \
`pkg-config --cflags hal-storage`
LDFLAGS := `pkg-config --libs libxml-2.0` \
`pkg-config --libs hal-storage`
# common source files
SRCS := src/conf.c \
@ -13,24 +19,26 @@ SRCS := src/conf.c \
src/device.c
OBJS := $(SRCS:.c=.o)
# pam_usb
PAM_USB_SRCS := src/pam.c
PAM_USB_OBJS := $(PAM_USB_SRCS:.c=.o)
PAM_USB := pam_usb.so
PAM_USB_LDFLAGS := -shared $(LDFLAGS)
# pusb_check
PUSB_CHECK_SRCS := src/pusb_check.c
PUSB_CHECK_OBJS := $(PUSB_CHECK_SRCS:.c=.o)
PUSB_CHECK := pusb_check
# compiler/linker options
CC := gcc
CFLAGS := -Wall `pkg-config --cflags libxml-2.0` \
`pkg-config --cflags hal-storage`
LDFLAGS := `pkg-config --libs libxml-2.0` \
`pkg-config --libs hal-storage`
ifeq (yes, ${DEBUG})
CFLAGS := ${CFLAGS} -ggdb
endif
all : $(PUSB_CHECK)
all : $(PAM_USB) $(PUSB_CHECK)
$(PAM_USB) : $(OBJS) $(PAM_USB_OBJS)
$(CC) -o $(PAM_USB) $(PAM_USB_LDFLAGS) $(OBJS) $(PAM_USB_OBJS)
$(PUSB_CHECK) : $(OBJS) $(PUSB_CHECK_OBJS)
$(CC) -o $(PUSB_CHECK) $(LDFLAGS) $(OBJS) $(PUSB_CHECK_OBJS)
@ -38,4 +46,4 @@ $(PUSB_CHECK) : $(OBJS) $(PUSB_CHECK_OBJS)
${CC} -c ${CFLAGS} $< -o $@
clean :
rm -f $(OBJS) $(PUSB_CHECK_OBJS)
rm -f $(PAM_USB) $(PUSB_CHECK) $(OBJS) $(PUSB_CHECK_OBJS) $(PAM_USB_OBJS)

+ 13
- 3
src/log.c View File

@ -24,6 +24,13 @@
static t_pusb_options *pusb_opts = NULL;
static void pusb_log_syslog(int level, const char *format, va_list ap)
{
openlog("pam_usb", LOG_PID, LOG_AUTH);
vsyslog(level, format, ap);
closelog();
}
static void pusb_log_output(int level, const char *format, va_list ap)
{
if ((pusb_opts && !pusb_opts->quiet) ||
level == LOG_ERR)
@ -39,9 +46,6 @@ static void pusb_log_syslog(int level, const char *format, va_list ap)
fprintf(stderr, "* ");
vfprintf(stderr, format, ap);
}
openlog("pam_usb", LOG_PID, LOG_AUTH);
vsyslog(level, format, ap);
closelog();
}
void __log_debug(const char *file, int line, const char *fmt, ...)
@ -63,6 +67,9 @@ void log_error(const char *fmt, ...)
va_start(ap, fmt);
pusb_log_syslog(LOG_ERR, fmt, ap);
va_end(ap);
va_start(ap, fmt);
pusb_log_output(LOG_ERR, fmt, ap);
va_end(ap);
}
void log_info(const char *fmt, ...)
@ -72,6 +79,9 @@ void log_info(const char *fmt, ...)
va_start(ap, fmt);
pusb_log_syslog(LOG_NOTICE, fmt, ap);
va_end(ap);
va_start(ap, fmt);
pusb_log_output(LOG_NOTICE, fmt, ap);
va_end(ap);
}
void pusb_log_init(t_pusb_options *opts)


+ 3
- 1
src/pad.c View File

@ -164,7 +164,7 @@ static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
int retval;
if (!(f_system = pusb_pad_open_system(opts, user, "r")))
return (0);
return (1);
if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
{
fclose(f_system);
@ -177,6 +177,8 @@ static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
retval = memcmp(magic_system, magic_device, sizeof(magic_system));
fclose(f_system);
fclose(f_device);
if (!retval)
log_debug("Pad match.\n");
return (retval == 0);
}


+ 131
- 0
src/pam.c View File

@ -0,0 +1,131 @@
/*
* Copyright (c) 2003-2006 Andrea Luzzardi <scox@sig11.org>
*
* This file is part of the pam_usb project. pam_usb is free software;
* you can redistribute it and/or modify it under the terms of the GNU General
* Public License version 2, as published by the Free Software Foundation.
*
* pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA
*/
#define PAM_SM_AUTH
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include "version.h"
#include "conf.h"
#include "log.h"
#include "local.h"
#include "device.h"
#define PUSB_CONFIG_FILE "/etc/pam_usb/pusb.conf"
PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
t_pusb_options opts;
const char *service;
const char *user;
char *conf_file = PUSB_CONFIG_FILE;
int retval;
retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
if (retval != PAM_SUCCESS)
{
log_error("Unable to retrieve the PAM service name.\n");
return (PAM_AUTH_ERR);
}
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
{
log_error("Unable to retrieve the PAM user name.\n");
return (PAM_AUTH_ERR);
}
if (argc > 1)
if (!strcmp(argv[0], "-c"))
conf_file = (char *)argv[1];
pusb_conf_init(&opts);
if (!pusb_conf_parse(conf_file, &opts, user, service))
return (PAM_AUTH_ERR);
pusb_log_init(&opts);
if (!opts.enable)
{
log_debug("Not enabled, exiting...\n");
return (PAM_IGNORE);
}
log_info("pam_usb v.%s\n", PUSB_VERSION);
log_info("Authentication request for user \"%s\" (%s)\n",
user, service);
if (!pusb_local_login(&opts, user))
{
log_error("Access denied.\n");
return (PAM_AUTH_ERR);
}
if (pusb_device_check(&opts, user))
{
log_info("Access granted.\n");
return (PAM_SUCCESS);
}
log_error("Access denied.\n");
return (PAM_AUTH_ERR);
}
PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
const char **argv)
{
return (PAM_IGNORE);
}
PAM_EXTERN
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return (PAM_IGNORE);
}
PAM_EXTERN
int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return (PAM_IGNORE);
}
PAM_EXTERN
int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return (PAM_IGNORE);
}
PAM_EXTERN
int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return (PAM_IGNORE);
}
#ifdef PAM_STATIC
struct pam_module _pam_usb_modstruct = {
"pam_usb",
pam_sm_authenticate,
pam_sm_setcred,
pam_sm_acct_mgmt,
pam_sm_open_session,
pam_sm_close_session,
pam_sm_chauthtok
};
#endif

+ 0
- 3
src/pusb_check.c View File

@ -72,6 +72,3 @@ int main(int argc, char **argv)
log_error("Access denied.\n");
return (0);
}

+ 23
- 0
src/version.h View File

@ -0,0 +1,23 @@
/*
* Copyright (c) 2003-2006 Andrea Luzzardi <scox@sig11.org>
*
* This file is part of the pam_usb project. pam_usb is free software;
* you can redistribute it and/or modify it under the terms of the GNU General
* Public License version 2, as published by the Free Software Foundation.
*
* pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef PUSB_VERSION_H_
# define PUSB_VERSION_H_
# define PUSB_VERSION "SVN"
#endif /* !PUSB_VERSION_H_ */

Loading…
Cancel
Save