Implemented PAM module

Fixed a bug in the logging facility
Misc fixes

Makefile

@@ -1,6 +1,12 @@
 # Set to 'yes' to include debugging informations, e.g. DEBUG=yes make -e
 DEBUG		:= no
 
+# compiler/linker options
+CC		:= gcc
+CFLAGS		:= -Wall `pkg-config --cflags libxml-2.0` \
+	`pkg-config --cflags hal-storage`
+LDFLAGS		:= `pkg-config --libs libxml-2.0` \
+	`pkg-config --libs hal-storage`
 
 # common source files
 SRCS		:= src/conf.c \
@@ -13,24 +19,26 @@ SRCS		:= src/conf.c \
 		   src/device.c
 OBJS		:= $(SRCS:.c=.o)
 
+# pam_usb
+PAM_USB_SRCS	:= src/pam.c
+PAM_USB_OBJS	:= $(PAM_USB_SRCS:.c=.o)
+PAM_USB		:= pam_usb.so
+PAM_USB_LDFLAGS	:= -shared $(LDFLAGS)
+
 # pusb_check
 PUSB_CHECK_SRCS	:= src/pusb_check.c
 PUSB_CHECK_OBJS	:= $(PUSB_CHECK_SRCS:.c=.o)
 PUSB_CHECK	:= pusb_check
 
-# compiler/linker options
-CC		:= gcc
-CFLAGS		:= -Wall `pkg-config --cflags libxml-2.0` \
-	`pkg-config --cflags hal-storage`
-LDFLAGS		:= `pkg-config --libs libxml-2.0` \
-	`pkg-config --libs hal-storage`
-
-
 ifeq (yes, ${DEBUG})
 	CFLAGS := ${CFLAGS} -ggdb
 endif
 
-all		: $(PUSB_CHECK)
+all		: $(PAM_USB) $(PUSB_CHECK)
+
+$(PAM_USB)	: $(OBJS) $(PAM_USB_OBJS)
+		$(CC) -o $(PAM_USB) $(PAM_USB_LDFLAGS) $(OBJS) $(PAM_USB_OBJS)
+
 $(PUSB_CHECK)	: $(OBJS) $(PUSB_CHECK_OBJS)
 		$(CC) -o $(PUSB_CHECK) $(LDFLAGS) $(OBJS) $(PUSB_CHECK_OBJS)
 
@@ -38,4 +46,4 @@ $(PUSB_CHECK)	: $(OBJS) $(PUSB_CHECK_OBJS)
 		${CC} -c ${CFLAGS} $< -o $@
 
 clean		:
-		rm -f $(OBJS) $(PUSB_CHECK_OBJS)
+		rm -f $(PAM_USB) $(PUSB_CHECK) $(OBJS) $(PUSB_CHECK_OBJS) $(PAM_USB_OBJS)

src/log.c

@@ -24,6 +24,13 @@
 static t_pusb_options	*pusb_opts = NULL;
 
 static void	pusb_log_syslog(int level, const char *format, va_list ap)
+{
+  openlog("pam_usb", LOG_PID, LOG_AUTH);
+  vsyslog(level, format, ap);
+  closelog();
+}
+
+static void	pusb_log_output(int level, const char *format, va_list ap)
 {
   if ((pusb_opts && !pusb_opts->quiet) ||
       level == LOG_ERR)
@@ -39,9 +46,6 @@ static void	pusb_log_syslog(int level, const char *format, va_list ap)
 	fprintf(stderr, "* ");
       vfprintf(stderr, format, ap);
     }
-  openlog("pam_usb", LOG_PID, LOG_AUTH);
-  vsyslog(level, format, ap);
-  closelog();
 }
 
 void		__log_debug(const char *file, int line, const char *fmt, ...)
@@ -63,6 +67,9 @@ void		log_error(const char *fmt, ...)
   va_start(ap, fmt);
   pusb_log_syslog(LOG_ERR, fmt, ap);
   va_end(ap);
+  va_start(ap, fmt);
+  pusb_log_output(LOG_ERR, fmt, ap);
+  va_end(ap);
 }
 
 void		log_info(const char *fmt, ...)
@@ -72,6 +79,9 @@ void		log_info(const char *fmt, ...)
   va_start(ap, fmt);
   pusb_log_syslog(LOG_NOTICE, fmt, ap);
   va_end(ap);
+  va_start(ap, fmt);
+  pusb_log_output(LOG_NOTICE, fmt, ap);
+  va_end(ap);
 }
 
 void		pusb_log_init(t_pusb_options *opts)

src/pad.c

@@ -164,7 +164,7 @@ static int	pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
   int		retval;
 
   if (!(f_system = pusb_pad_open_system(opts, user, "r")))
-    return (0);
+    return (1);
   if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
     {
       fclose(f_system);
@@ -177,6 +177,8 @@ static int	pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
   retval = memcmp(magic_system, magic_device, sizeof(magic_system));
   fclose(f_system);
   fclose(f_device);
+  if (!retval)
+    log_debug("Pad match.\n");
   return (retval == 0);
 }
 

src/pam.c

@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2003-2006 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+
+#include "version.h"
+#include "conf.h"
+#include "log.h"
+#include "local.h"
+#include "device.h"
+
+#define PUSB_CONFIG_FILE "/etc/pam_usb/pusb.conf"
+
+PAM_EXTERN
+int			pam_sm_authenticate(pam_handle_t *pamh, int flags,
+					    int argc, const char **argv)
+{
+  t_pusb_options	opts;
+  const char		*service;
+  const char		*user;
+  char			*conf_file = PUSB_CONFIG_FILE;
+  int			retval;
+
+  retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
+  if (retval != PAM_SUCCESS)
+    {
+      log_error("Unable to retrieve the PAM service name.\n");
+      return (PAM_AUTH_ERR);
+    }
+
+  if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
+    {
+      log_error("Unable to retrieve the PAM user name.\n");
+      return (PAM_AUTH_ERR);
+    }
+
+  if (argc > 1)
+    if (!strcmp(argv[0], "-c"))
+      conf_file = (char *)argv[1];
+  pusb_conf_init(&opts);
+  if (!pusb_conf_parse(conf_file, &opts, user, service))
+    return (PAM_AUTH_ERR);
+
+  pusb_log_init(&opts);
+  if (!opts.enable)
+    {
+      log_debug("Not enabled, exiting...\n");
+      return (PAM_IGNORE);
+    }
+
+  log_info("pam_usb v.%s\n", PUSB_VERSION);
+  log_info("Authentication request for user \"%s\" (%s)\n",
+	   user, service);
+  if (!pusb_local_login(&opts, user))
+    {
+      log_error("Access denied.\n");
+      return (PAM_AUTH_ERR);
+    }
+  if (pusb_device_check(&opts, user))
+    {
+      log_info("Access granted.\n");
+      return (PAM_SUCCESS);
+    }
+  log_error("Access denied.\n");
+  return (PAM_AUTH_ERR);
+}
+
+PAM_EXTERN
+int	pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
+		       const char **argv)
+{
+  return (PAM_IGNORE);
+}
+
+PAM_EXTERN
+int	pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+			 const char **argv)
+{
+  return (PAM_IGNORE);
+}
+
+PAM_EXTERN
+int	pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
+			    const char **argv)
+{
+  return (PAM_IGNORE);
+}
+
+PAM_EXTERN
+int	pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
+			     const char **argv)
+{
+  return (PAM_IGNORE);
+}
+
+PAM_EXTERN
+int	pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
+			 const char **argv)
+{
+  return (PAM_IGNORE);
+}
+
+#ifdef PAM_STATIC
+
+struct pam_module _pam_usb_modstruct = {
+  "pam_usb",
+  pam_sm_authenticate,
+  pam_sm_setcred,
+  pam_sm_acct_mgmt,
+  pam_sm_open_session,
+  pam_sm_close_session,
+  pam_sm_chauthtok
+};
+
+#endif

src/pusb_check.c

@@ -72,6 +72,3 @@ int			main(int argc, char **argv)
     log_error("Access denied.\n");
   return (0);
 }
-
-
-

src/version.h

@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2003-2006 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef PUSB_VERSION_H_
+# define PUSB_VERSION_H_
+
+# define PUSB_VERSION "SVN"
+
+#endif /* !PUSB_VERSION_H_ */