diff --git a/Makefile b/Makefile index b8bcc5a..a605017 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,12 @@ # Set to 'yes' to include debugging informations, e.g. DEBUG=yes make -e DEBUG := no +# compiler/linker options +CC := gcc +CFLAGS := -Wall `pkg-config --cflags libxml-2.0` \ + `pkg-config --cflags hal-storage` +LDFLAGS := `pkg-config --libs libxml-2.0` \ + `pkg-config --libs hal-storage` # common source files SRCS := src/conf.c \ @@ -13,24 +19,26 @@ SRCS := src/conf.c \ src/device.c OBJS := $(SRCS:.c=.o) +# pam_usb +PAM_USB_SRCS := src/pam.c +PAM_USB_OBJS := $(PAM_USB_SRCS:.c=.o) +PAM_USB := pam_usb.so +PAM_USB_LDFLAGS := -shared $(LDFLAGS) + # pusb_check PUSB_CHECK_SRCS := src/pusb_check.c PUSB_CHECK_OBJS := $(PUSB_CHECK_SRCS:.c=.o) PUSB_CHECK := pusb_check -# compiler/linker options -CC := gcc -CFLAGS := -Wall `pkg-config --cflags libxml-2.0` \ - `pkg-config --cflags hal-storage` -LDFLAGS := `pkg-config --libs libxml-2.0` \ - `pkg-config --libs hal-storage` - - ifeq (yes, ${DEBUG}) CFLAGS := ${CFLAGS} -ggdb endif -all : $(PUSB_CHECK) +all : $(PAM_USB) $(PUSB_CHECK) + +$(PAM_USB) : $(OBJS) $(PAM_USB_OBJS) + $(CC) -o $(PAM_USB) $(PAM_USB_LDFLAGS) $(OBJS) $(PAM_USB_OBJS) + $(PUSB_CHECK) : $(OBJS) $(PUSB_CHECK_OBJS) $(CC) -o $(PUSB_CHECK) $(LDFLAGS) $(OBJS) $(PUSB_CHECK_OBJS) @@ -38,4 +46,4 @@ $(PUSB_CHECK) : $(OBJS) $(PUSB_CHECK_OBJS) ${CC} -c ${CFLAGS} $< -o $@ clean : - rm -f $(OBJS) $(PUSB_CHECK_OBJS) \ No newline at end of file + rm -f $(PAM_USB) $(PUSB_CHECK) $(OBJS) $(PUSB_CHECK_OBJS) $(PAM_USB_OBJS) diff --git a/src/log.c b/src/log.c index 5aaf324..b595a26 100644 --- a/src/log.c +++ b/src/log.c @@ -24,6 +24,13 @@ static t_pusb_options *pusb_opts = NULL; static void pusb_log_syslog(int level, const char *format, va_list ap) +{ + openlog("pam_usb", LOG_PID, LOG_AUTH); + vsyslog(level, format, ap); + closelog(); +} + +static void pusb_log_output(int level, const char *format, va_list ap) { if ((pusb_opts && !pusb_opts->quiet) || level == LOG_ERR) @@ -39,9 +46,6 @@ static void pusb_log_syslog(int level, const char *format, va_list ap) fprintf(stderr, "* "); vfprintf(stderr, format, ap); } - openlog("pam_usb", LOG_PID, LOG_AUTH); - vsyslog(level, format, ap); - closelog(); } void __log_debug(const char *file, int line, const char *fmt, ...) @@ -63,6 +67,9 @@ void log_error(const char *fmt, ...) va_start(ap, fmt); pusb_log_syslog(LOG_ERR, fmt, ap); va_end(ap); + va_start(ap, fmt); + pusb_log_output(LOG_ERR, fmt, ap); + va_end(ap); } void log_info(const char *fmt, ...) @@ -72,6 +79,9 @@ void log_info(const char *fmt, ...) va_start(ap, fmt); pusb_log_syslog(LOG_NOTICE, fmt, ap); va_end(ap); + va_start(ap, fmt); + pusb_log_output(LOG_NOTICE, fmt, ap); + va_end(ap); } void pusb_log_init(t_pusb_options *opts) diff --git a/src/pad.c b/src/pad.c index b979f4c..c707de1 100644 --- a/src/pad.c +++ b/src/pad.c @@ -164,7 +164,7 @@ static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume, int retval; if (!(f_system = pusb_pad_open_system(opts, user, "r"))) - return (0); + return (1); if (!(f_device = pusb_pad_open_device(opts, volume, user, "r"))) { fclose(f_system); @@ -177,6 +177,8 @@ static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume, retval = memcmp(magic_system, magic_device, sizeof(magic_system)); fclose(f_system); fclose(f_device); + if (!retval) + log_debug("Pad match.\n"); return (retval == 0); } diff --git a/src/pam.c b/src/pam.c new file mode 100644 index 0000000..5e243f6 --- /dev/null +++ b/src/pam.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2003-2006 Andrea Luzzardi + * + * This file is part of the pam_usb project. pam_usb is free software; + * you can redistribute it and/or modify it under the terms of the GNU General + * Public License version 2, as published by the Free Software Foundation. + * + * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#define PAM_SM_AUTH +#include +#include + +#include "version.h" +#include "conf.h" +#include "log.h" +#include "local.h" +#include "device.h" + +#define PUSB_CONFIG_FILE "/etc/pam_usb/pusb.conf" + +PAM_EXTERN +int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) +{ + t_pusb_options opts; + const char *service; + const char *user; + char *conf_file = PUSB_CONFIG_FILE; + int retval; + + retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&service); + if (retval != PAM_SUCCESS) + { + log_error("Unable to retrieve the PAM service name.\n"); + return (PAM_AUTH_ERR); + } + + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user) + { + log_error("Unable to retrieve the PAM user name.\n"); + return (PAM_AUTH_ERR); + } + + if (argc > 1) + if (!strcmp(argv[0], "-c")) + conf_file = (char *)argv[1]; + pusb_conf_init(&opts); + if (!pusb_conf_parse(conf_file, &opts, user, service)) + return (PAM_AUTH_ERR); + + pusb_log_init(&opts); + if (!opts.enable) + { + log_debug("Not enabled, exiting...\n"); + return (PAM_IGNORE); + } + + log_info("pam_usb v.%s\n", PUSB_VERSION); + log_info("Authentication request for user \"%s\" (%s)\n", + user, service); + if (!pusb_local_login(&opts, user)) + { + log_error("Access denied.\n"); + return (PAM_AUTH_ERR); + } + if (pusb_device_check(&opts, user)) + { + log_info("Access granted.\n"); + return (PAM_SUCCESS); + } + log_error("Access denied.\n"); + return (PAM_AUTH_ERR); +} + +PAM_EXTERN +int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc, + const char **argv) +{ + return (PAM_IGNORE); +} + +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return (PAM_IGNORE); +} + +PAM_EXTERN +int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return (PAM_IGNORE); +} + +PAM_EXTERN +int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return (PAM_IGNORE); +} + +PAM_EXTERN +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return (PAM_IGNORE); +} + +#ifdef PAM_STATIC + +struct pam_module _pam_usb_modstruct = { + "pam_usb", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok +}; + +#endif diff --git a/src/pusb_check.c b/src/pusb_check.c index bef92fd..15ad2b8 100644 --- a/src/pusb_check.c +++ b/src/pusb_check.c @@ -72,6 +72,3 @@ int main(int argc, char **argv) log_error("Access denied.\n"); return (0); } - - - diff --git a/src/version.h b/src/version.h new file mode 100644 index 0000000..7e79597 --- /dev/null +++ b/src/version.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2003-2006 Andrea Luzzardi + * + * This file is part of the pam_usb project. pam_usb is free software; + * you can redistribute it and/or modify it under the terms of the GNU General + * Public License version 2, as published by the Free Software Foundation. + * + * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef PUSB_VERSION_H_ +# define PUSB_VERSION_H_ + +# define PUSB_VERSION "SVN" + +#endif /* !PUSB_VERSION_H_ */