diff --git a/pam_usb/Makefile b/pam_usb/Makefile index 860448b..86579ca 100644 --- a/pam_usb/Makefile +++ b/pam_usb/Makefile @@ -6,6 +6,7 @@ SRCS := src/test.c \ src/hal.c \ src/pad.c \ src/volume.c \ + src/local.c \ src/device.c OBJS := $(SRCS:.c=.o) NAME := pusb_check diff --git a/pam_usb/src/conf.c b/pam_usb/src/conf.c index fa8220c..b6933ac 100644 --- a/pam_usb/src/conf.c +++ b/pam_usb/src/conf.c @@ -36,6 +36,10 @@ static void pusb_conf_options_get_from(t_pusb_options *opts, sizeof(opts->device_pad_directory)); pusb_xpath_get_bool_from(doc, from, "option[@name='debug']", &(opts->debug)); + pusb_xpath_get_bool_from(doc, from, "option[@name='quiet']", + &(opts->quiet)); + pusb_xpath_get_bool_from(doc, from, "option[@name='color_log']", + &(opts->color_log)); pusb_xpath_get_bool_from(doc, from, "option[@name='enable']", &(opts->enable)); pusb_xpath_get_bool_from(doc, from, "option[@name='one_time_pad']", @@ -130,24 +134,13 @@ int pusb_conf_init(t_pusb_options *opts) strcpy(opts->device_pad_directory, ".auth"); opts->probe_timeout = 10; opts->enable = 1; - opts->one_time_pad = 1; opts->debug = 0; + opts->quiet = 0; + opts->color_log = 1; + opts->one_time_pad = 1; return (1); } -static void pusb_conf_dump(t_pusb_options *opts) -{ - log_debug("Configuration dump:\n"); - log_debug("enable\t\t\t: %s\n", opts->enable ? "true" : "false"); - log_debug("debug\t\t\t: %s\n", opts->debug ? "true" : "false"); - log_debug("one_time_pad\t\t: %s\n", opts->one_time_pad ? "true" : "false"); - log_debug("probe_timeout\t\t: %d\n", opts->probe_timeout); - log_debug("hostname\t\t\t: %s\n", opts->hostname); - log_debug("system_pad_directory\t: %s\n", opts->system_pad_directory); - log_debug("device_pad_directory\t: %s\n", opts->device_pad_directory); -} - - int pusb_conf_parse(const char *file, t_pusb_options *opts, const char *user, const char *service) { @@ -190,6 +183,5 @@ int pusb_conf_parse(const char *file, t_pusb_options *opts, } xmlFreeDoc(doc); xmlCleanupParser(); - pusb_conf_dump(opts); return (1); } diff --git a/pam_usb/src/conf.h b/pam_usb/src/conf.h index 82c9a80..a3ef738 100644 --- a/pam_usb/src/conf.h +++ b/pam_usb/src/conf.h @@ -35,8 +35,10 @@ typedef struct pusb_options { int probe_timeout; int enable; - int one_time_pad; int debug; + int quiet; + int color_log; + int one_time_pad; char hostname[32]; char system_pad_directory[128]; char device_pad_directory[32]; diff --git a/pam_usb/src/local.c b/pam_usb/src/local.c new file mode 100644 index 0000000..0af461b --- /dev/null +++ b/pam_usb/src/local.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2003-2006 Andrea Luzzardi + * + * This file is part of the pam_usb project. pam_usb is free software; + * you can redistribute it and/or modify it under the terms of the GNU General + * Public License version 2, as published by the Free Software Foundation. + * + * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include +#include +#include +#include +#include "log.h" +#include "conf.h" + +int pusb_local_login(t_pusb_options *opts, const char *user) +{ + char *from; + struct utmp utsearch; + struct utmp *utent; + int i; + + log_debug("Checking whether the caller is local or not...\n"); + from = ttyname(STDIN_FILENO); + if (!from) + return (1); + log_debug("Authentication request from tty %s\n", from); + if (!strncmp(from, "/dev/", strlen("/dev/"))) + from += strlen("/dev/"); + strncpy(utsearch.ut_line, from, sizeof(utsearch.ut_line)); + setutent(); + utent = getutline(&utsearch); + endutent(); + if (!utent) + { + log_debug("No utmp entry found for tty \"%s\"\n", + from); + return (1); + } + for (i = 0; i < 4; ++i) + { + if (utent->ut_addr_v6[i] != 0) + { + char *ptr = (char *)utent->ut_addr_v6; + + log_error("Remote authentication request: %s (%u.%u.%u.%u)\n", + utent->ut_host, ptr[0], ptr[1], ptr[2], ptr[3]); + return (0); + } + } + log_debug("Caller is local (good)\n"); + return (1); +} diff --git a/pam_usb/src/local.h b/pam_usb/src/local.h new file mode 100644 index 0000000..ed796ea --- /dev/null +++ b/pam_usb/src/local.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2003-2006 Andrea Luzzardi + * + * This file is part of the pam_usb project. pam_usb is free software; + * you can redistribute it and/or modify it under the terms of the GNU General + * Public License version 2, as published by the Free Software Foundation. + * + * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef PUSB_LOCAL_H_ +# define PUSB_LOCAL_H_ + +int pusb_local_login(t_pusb_options *opts, const char *user); + +#endif /* !PUSB_LOCAL_H_ */ diff --git a/pam_usb/src/log.c b/pam_usb/src/log.c index 9999b8b..5aaf324 100644 --- a/pam_usb/src/log.c +++ b/pam_usb/src/log.c @@ -18,10 +18,27 @@ #include #include #include +#include "conf.h" #include "log.h" +static t_pusb_options *pusb_opts = NULL; + static void pusb_log_syslog(int level, const char *format, va_list ap) { + if ((pusb_opts && !pusb_opts->quiet) || + level == LOG_ERR) + { + if (pusb_opts && pusb_opts->color_log) + { + if (level == LOG_ERR) + fprintf(stderr, "\033[01;31m*\033[00m "); + else if (level == LOG_NOTICE) + fprintf(stderr, "\033[01;32m*\033[00m "); + } + else + fprintf(stderr, "* "); + vfprintf(stderr, format, ap); + } openlog("pam_usb", LOG_PID, LOG_AUTH); vsyslog(level, format, ap); closelog(); @@ -31,7 +48,9 @@ void __log_debug(const char *file, int line, const char *fmt, ...) { va_list ap; - fprintf(stderr, "\033[01;34m*\033[00m [%s:%03d] ", file, line); + if (!pusb_opts || !pusb_opts->debug) + return ; + fprintf(stderr, "[%s:%03d] ", file, line); va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); @@ -41,10 +60,6 @@ void log_error(const char *fmt, ...) { va_list ap; - fprintf(stderr, "\033[01;31m*\033[00m "); - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - va_end(ap); va_start(ap, fmt); pusb_log_syslog(LOG_ERR, fmt, ap); va_end(ap); @@ -54,11 +69,12 @@ void log_info(const char *fmt, ...) { va_list ap; - fprintf(stderr, "\033[01;32m*\033[00m "); - va_start(ap, fmt); - vfprintf(stderr, fmt, ap); - va_end(ap); va_start(ap, fmt); pusb_log_syslog(LOG_NOTICE, fmt, ap); va_end(ap); } + +void pusb_log_init(t_pusb_options *opts) +{ + pusb_opts = opts; +} diff --git a/pam_usb/src/log.h b/pam_usb/src/log.h index f8e8400..52f8999 100644 --- a/pam_usb/src/log.h +++ b/pam_usb/src/log.h @@ -18,9 +18,12 @@ #ifndef PUSB_LOG_H_ # define PUSB_LOG_H_ # define log_debug(s, ...) __log_debug(__FILE__, __LINE__, s, ##__VA_ARGS__) +# include "conf.h" void __log_debug(const char *file, int line, const char *fmt, ...); void log_error(const char *fmt, ...); void log_info(const char *fmt, ...); +void pusb_log_init(t_pusb_options *opts); + #endif /* !PUSB_LOG_H_ */ diff --git a/pam_usb/src/pad.c b/pam_usb/src/pad.c index 5fa8910..b979f4c 100644 --- a/pam_usb/src/pad.c +++ b/pam_usb/src/pad.c @@ -164,7 +164,7 @@ static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume, int retval; if (!(f_system = pusb_pad_open_system(opts, user, "r"))) - return (1); + return (0); if (!(f_device = pusb_pad_open_device(opts, volume, user, "r"))) { fclose(f_system); diff --git a/pam_usb/src/test.c b/pam_usb/src/test.c index de9d9ac..c83c756 100644 --- a/pam_usb/src/test.c +++ b/pam_usb/src/test.c @@ -19,6 +19,24 @@ #include "conf.h" #include "log.h" #include "device.h" +#include "local.h" + +static void pusb_conf_dump(t_pusb_options *opts) +{ + fprintf(stdout, "Configuration dump:\n"); + fprintf(stdout, "enable\t\t\t: %s\n", opts->enable ? "true" : "false"); + fprintf(stdout, "debug\t\t\t: %s\n", opts->debug ? "true" : "false"); + fprintf(stdout, "quiet\t\t\t: %s\n", opts->quiet ? "true" : "false"); + fprintf(stdout, "color_log\t\t: %s\n", opts->color_log ? "true" : "false"); + fprintf(stdout, "one_time_pad\t\t: %s\n", + opts->one_time_pad ? "true" : "false"); + fprintf(stdout, "probe_timeout\t\t: %d\n", opts->probe_timeout); + fprintf(stdout, "hostname\t\t: %s\n", opts->hostname); + fprintf(stdout, "system_pad_directory\t: %s\n", + opts->system_pad_directory); + fprintf(stdout, "device_pad_directory\t: %s\n", + opts->device_pad_directory); +} int main(int argc, char **argv) { @@ -35,11 +53,18 @@ int main(int argc, char **argv) pusb_conf_init(&opts); if (!pusb_conf_parse("conf.xml", &opts, argv[1], argv[2])) return (0); + pusb_log_init(&opts); + pusb_conf_dump(&opts); if (!opts.enable) { log_debug("Not enabled, exiting...\n"); return (0); } + if (!pusb_local_login(&opts, argv[1])) + { + log_error("Access denied.\n"); + return (0); + } retval = pusb_device_check(&opts, argv[1]); if (retval) log_info("Access granted.\n"); @@ -47,3 +72,6 @@ int main(int argc, char **argv) log_error("Access denied.\n"); return (0); } + + +