diff --git a/pam_usb/src/pamusb-check.c b/pam_usb/src/pamusb-check.c index e5fbd14..6f8772f 100644 --- a/pam_usb/src/pamusb-check.c +++ b/pam_usb/src/pamusb-check.c @@ -17,119 +17,124 @@ #include #include +#include +#include #include "conf.h" #include "log.h" #include "device.h" #include "local.h" -static void pusb_check_conf_dump(t_pusb_options *opts) +static void pusb_check_conf_dump(t_pusb_options *opts, const char *username, + const char *service) { - fprintf(stdout, "Configuration dump:\n"); - fprintf(stdout, "enable\t\t\t: %s\n", opts->enable ? "true" : "false"); - fprintf(stdout, "debug\t\t\t: %s\n", opts->debug ? "true" : "false"); - fprintf(stdout, "quiet\t\t\t: %s\n", opts->quiet ? "true" : "false"); - fprintf(stdout, "color_log\t\t: %s\n", opts->color_log ? "true" : "false"); - fprintf(stdout, "one_time_pad\t\t: %s\n", - opts->one_time_pad ? "true" : "false"); - fprintf(stdout, "probe_timeout\t\t: %d\n", opts->probe_timeout); - fprintf(stdout, "hostname\t\t: %s\n", opts->hostname); - fprintf(stdout, "system_pad_directory\t: %s\n", - opts->system_pad_directory); - fprintf(stdout, "device_pad_directory\t: %s\n", - opts->device_pad_directory); + fprintf(stdout, "Configuration dump for user %s (service: %s):\n", + username, service); + fprintf(stdout, "enable\t\t\t: %s\n", opts->enable ? "true" : "false"); + fprintf(stdout, "debug\t\t\t: %s\n", opts->debug ? "true" : "false"); + fprintf(stdout, "quiet\t\t\t: %s\n", opts->quiet ? "true" : "false"); + fprintf(stdout, "color_log\t\t: %s\n", opts->color_log ? "true" : "false"); + fprintf(stdout, "one_time_pad\t\t: %s\n", + opts->one_time_pad ? "true" : "false"); + fprintf(stdout, "probe_timeout\t\t: %d\n", opts->probe_timeout); + fprintf(stdout, "hostname\t\t: %s\n", opts->hostname); + fprintf(stdout, "system_pad_directory\t: %s\n", + opts->system_pad_directory); + fprintf(stdout, "device_pad_directory\t: %s\n", + opts->device_pad_directory); } -static int pusb_check_perform_authentication(t_pusb_options *opts, - const char *user, - const char *service) +static int pusb_check_perform_authentication(t_pusb_options *opts, + const char *user, + const char *service) { - int retval; + int retval; - if (!opts->enable) - { - log_debug("Not enabled, exiting...\n"); - return (0); - } - log_info("Authentication request for user \"%s\" (%s)\n", - user, service); - if (!pusb_local_login(opts, user)) - { - log_error("Access denied.\n"); - return (0); - } - retval = pusb_device_check(opts, user); - if (retval) - log_info("Access granted.\n"); - else - log_error("Access denied.\n"); - return (retval); + if (!opts->enable) + { + log_debug("Not enabled, exiting...\n"); + return (0); + } + log_info("Authentication request for user \"%s\" (%s)\n", + user, service); + if (!pusb_local_login(opts, user)) + { + log_error("Access denied.\n"); + return (0); + } + retval = pusb_device_check(opts, user); + if (retval) + log_info("Access granted.\n"); + else + log_error("Access denied.\n"); + return (retval); } -static void pusb_check_usage(const char *name) +static void pusb_check_usage(const char *name) { - fprintf(stderr, "Usage: %s [-c ] -u -s " \ - " [options]\n", name); - fprintf(stderr, "-u and -s are mandatory\n"); - fprintf(stderr, "Options can be one or more of the followings:\n"); - fprintf(stderr, "\t-a Authenticate: Try to authenticate the user\n"); - fprintf(stderr, "\t-d Dump: Parse and dump the settings\n"); - fprintf(stderr, "\t-q Quiet: Silent mode\n"); + fprintf(stderr, "Usage: %s [--help] [--config=path] [--service=name] [--dump] [--quiet]" \ + " \n", name); } -int main(int argc, char **argv) +int main(int argc, char **argv) { - t_pusb_options opts; - char *conf_file = PUSB_CONF_FILE; - int quiet = 0; - char *user = NULL; - char *service = NULL; - int opt; - int mode = 0; - extern char *optarg; + t_pusb_options opts; + char *conf_file = PUSB_CONF_FILE; + char *service = "pamusb-check"; + char *user = NULL; + int quiet = 0; + int dump = 0; + int opt; + int opt_index = 0; + extern char *optarg; + char *short_options = "hc:s:dq"; + struct option long_options[] = { + { "help", 0, 0, 0}, + { "config", 1, 0, 0}, + { "service", 1, 0, 0}, + { "dump", 0, &dump, 1 }, + { "quiet", 0, &quiet, 1}, + { 0, 0, 0, 0} + }; - while ((opt = getopt(argc, argv, "u:s:c:qad")) != EOF) - { - switch (opt) + while ((opt = getopt_long(argc, argv, short_options, long_options, + &opt_index)) != EOF) + { + if (opt == 'h' || (!opt && !strcmp(long_options[opt_index].name, "help"))) + { + pusb_check_usage(argv[0]); + return (1); + } + else if (opt == 'c' || (!opt && !strcmp(long_options[opt_index].name, "config"))) + conf_file = optarg; + else if (opt == 's' || (!opt && !strcmp(long_options[opt_index].name, "service"))) + service = optarg; + else if (opt == '?') + { + pusb_check_usage(argv[0]); + return (1); + } + } + + if ((argc - 1) == optind) + user = argv[optind]; + else + { + pusb_check_usage(argv[0]); + return (1); + } + pusb_conf_init(&opts); + if (!pusb_conf_parse(conf_file, &opts, user, service)) + return (1); + if (quiet) + { + opts.quiet = 1; + opts.debug = 0; + } + pusb_log_init(&opts); + if (dump) { - case 'u': - user = optarg; - break; - case 's': - service = optarg; - break; - case 'c': - conf_file = optarg; - break; - case 'q': - quiet = 1; - break; - case 'a': - mode = 1; - break; - case 'd': - mode = 2; - break; - default: - break; + pusb_check_conf_dump(&opts, user, service); + return (1); } - } - if (!user || !service || !mode) - { - pusb_check_usage(argv[0]); - return (1); - } - pusb_conf_init(&opts); - if (!pusb_conf_parse(conf_file, &opts, user, service)) - return (1); - if (quiet) - { - opts.quiet = 1; - opts.debug = 0; - } - pusb_log_init(&opts); - if (mode == 1) - return (!pusb_check_perform_authentication(&opts, user, service)); - else if (mode == 2) - pusb_check_conf_dump(&opts); - return (0); + return (!pusb_check_perform_authentication(&opts, user, service)); } diff --git a/pam_usb/tools/pamusb-agent b/pam_usb/tools/pamusb-agent index 5eae2d9..5d512e1 100755 --- a/pam_usb/tools/pamusb-agent +++ b/pam_usb/tools/pamusb-agent @@ -182,9 +182,8 @@ def authChangeCallback(event): logger.info('Device "%s" has been inserted. ' \ 'Performing verification...' % deviceName) - cmdLine = "%s -q -c %s -u %s -s pamusb-agent -a" % (options['check'], - options['configFile'], - username) + cmdLine = "%s --quiet --config=%s --service=pamusb-agent %s" % ( + options['check'], options['configFile'], username) logger.info('Executing "%s"' % cmdLine) if not os.system(cmdLine): logger.info('Authentication succeeded. ' \