Implemented local checking (check whether the user is local or not)

Improved the logging facility (added the quiet and color_log options)

pam_usb/Makefile

@@ -6,6 +6,7 @@ SRCS	:= src/test.c \
 	   src/hal.c \
 	   src/pad.c \
 	   src/volume.c \
+	   src/local.c \
 	   src/device.c
 OBJS	:= $(SRCS:.c=.o)
 NAME	:= pusb_check

pam_usb/src/conf.c

@@ -36,6 +36,10 @@ static void	pusb_conf_options_get_from(t_pusb_options *opts,
 			     sizeof(opts->device_pad_directory));
   pusb_xpath_get_bool_from(doc, from, "option[@name='debug']",
 			   &(opts->debug));
+  pusb_xpath_get_bool_from(doc, from, "option[@name='quiet']",
+			   &(opts->quiet));
+  pusb_xpath_get_bool_from(doc, from, "option[@name='color_log']",
+			   &(opts->color_log));
   pusb_xpath_get_bool_from(doc, from, "option[@name='enable']",
 			   &(opts->enable));
   pusb_xpath_get_bool_from(doc, from, "option[@name='one_time_pad']",
@@ -130,24 +134,13 @@ int	pusb_conf_init(t_pusb_options *opts)
   strcpy(opts->device_pad_directory, ".auth");
   opts->probe_timeout = 10;
   opts->enable = 1;
-  opts->one_time_pad = 1;
   opts->debug = 0;
+  opts->quiet = 0;
+  opts->color_log = 1;
+  opts->one_time_pad = 1;
   return (1);
 }
 
-static void	pusb_conf_dump(t_pusb_options *opts)
-{
-  log_debug("Configuration dump:\n");
-  log_debug("enable\t\t\t: %s\n", opts->enable ? "true" : "false");
-  log_debug("debug\t\t\t: %s\n", opts->debug ? "true" : "false");
-  log_debug("one_time_pad\t\t: %s\n", opts->one_time_pad ? "true" : "false");
-  log_debug("probe_timeout\t\t: %d\n", opts->probe_timeout);
-  log_debug("hostname\t\t\t: %s\n", opts->hostname);
-  log_debug("system_pad_directory\t: %s\n", opts->system_pad_directory);
-  log_debug("device_pad_directory\t: %s\n", opts->device_pad_directory);
-}
-
-
 int		pusb_conf_parse(const char *file, t_pusb_options *opts,
 				const char *user, const char *service)
 {
@@ -190,6 +183,5 @@ int		pusb_conf_parse(const char *file, t_pusb_options *opts,
     }
   xmlFreeDoc(doc);
   xmlCleanupParser();
-  pusb_conf_dump(opts);
   return (1);
 }

pam_usb/src/conf.h

@@ -35,8 +35,10 @@ typedef struct	pusb_options
 {
   int		probe_timeout;
   int		enable;
-  int		one_time_pad;
   int		debug;
+  int		quiet;
+  int		color_log;
+  int		one_time_pad;
   char		hostname[32];
   char		system_pad_directory[128];
   char		device_pad_directory[32];

pam_usb/src/local.c

@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2003-2006 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <utmp.h>
+#include "log.h"
+#include "conf.h"
+
+int		pusb_local_login(t_pusb_options *opts, const char *user)
+{
+  char		*from;
+  struct utmp	utsearch;
+  struct utmp	*utent;
+  int		i;
+
+  log_debug("Checking whether the caller is local or not...\n");
+  from = ttyname(STDIN_FILENO);
+  if (!from)
+      return (1);
+  log_debug("Authentication request from tty %s\n", from);
+  if (!strncmp(from, "/dev/", strlen("/dev/")))
+    from += strlen("/dev/");
+  strncpy(utsearch.ut_line, from, sizeof(utsearch.ut_line));
+  setutent();
+  utent = getutline(&utsearch);
+  endutent();
+  if (!utent)
+    {
+      log_debug("No utmp entry found for tty \"%s\"\n",
+		from);
+      return (1);
+    }
+  for (i = 0; i < 4; ++i)
+    {
+      if (utent->ut_addr_v6[i] != 0)
+	{
+	  char	*ptr = (char *)utent->ut_addr_v6;
+
+	  log_error("Remote authentication request: %s (%u.%u.%u.%u)\n",
+		    utent->ut_host, ptr[0], ptr[1], ptr[2], ptr[3]);
+	  return (0);
+	}
+    }
+  log_debug("Caller is local (good)\n");
+  return (1);
+}

pam_usb/src/local.h

@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2003-2006 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef PUSB_LOCAL_H_
+# define PUSB_LOCAL_H_
+
+int	pusb_local_login(t_pusb_options *opts, const char *user);
+
+#endif /* !PUSB_LOCAL_H_ */

pam_usb/src/log.c

@@ -18,10 +18,27 @@
 #include <stdio.h>
 #include <syslog.h>
 #include <stdarg.h>
+#include "conf.h"
 #include "log.h"
 
+static t_pusb_options	*pusb_opts = NULL;
+
 static void	pusb_log_syslog(int level, const char *format, va_list ap)
 {
+  if ((pusb_opts && !pusb_opts->quiet) ||
+      level == LOG_ERR)
+    {
+      if (pusb_opts && pusb_opts->color_log)
+	{
+	  if (level == LOG_ERR)
+	    fprintf(stderr, "\033[01;31m*\033[00m ");
+	  else if (level == LOG_NOTICE)
+	    fprintf(stderr, "\033[01;32m*\033[00m ");
+	}
+      else
+	fprintf(stderr, "* ");
+      vfprintf(stderr, format, ap);
+    }
   openlog("pam_usb", LOG_PID, LOG_AUTH);
   vsyslog(level, format, ap);
   closelog();
@@ -31,7 +48,9 @@ void		__log_debug(const char *file, int line, const char *fmt, ...)
 {
   va_list	ap;
 
-  fprintf(stderr, "\033[01;34m*\033[00m [%s:%03d] ", file, line);
+  if (!pusb_opts || !pusb_opts->debug)
+    return ;
+  fprintf(stderr, "[%s:%03d] ", file, line);
   va_start(ap, fmt);
   vfprintf(stderr, fmt, ap);
   va_end(ap);
@@ -41,10 +60,6 @@ void		log_error(const char *fmt, ...)
 {
   va_list	ap;
 
-  fprintf(stderr, "\033[01;31m*\033[00m ");
-  va_start(ap, fmt);
-  vfprintf(stderr, fmt, ap);
-  va_end(ap);
   va_start(ap, fmt);
   pusb_log_syslog(LOG_ERR, fmt, ap);
   va_end(ap);
@@ -54,11 +69,12 @@ void		log_info(const char *fmt, ...)
 {
   va_list	ap;
 
-  fprintf(stderr, "\033[01;32m*\033[00m ");
-  va_start(ap, fmt);
-  vfprintf(stderr, fmt, ap);
-  va_end(ap);
   va_start(ap, fmt);
   pusb_log_syslog(LOG_NOTICE, fmt, ap);
   va_end(ap);
 }
+
+void		pusb_log_init(t_pusb_options *opts)
+{
+  pusb_opts = opts;
+}

pam_usb/src/log.h

@@ -18,9 +18,12 @@
 #ifndef PUSB_LOG_H_
 # define PUSB_LOG_H_
 # define log_debug(s, ...) __log_debug(__FILE__, __LINE__, s, ##__VA_ARGS__)
+# include "conf.h"
 
 void	__log_debug(const char *file, int line, const char *fmt, ...);
 void	log_error(const char *fmt, ...);
 void	log_info(const char *fmt, ...);
+void	pusb_log_init(t_pusb_options *opts);
+
 
 #endif /* !PUSB_LOG_H_ */

pam_usb/src/pad.c

@@ -164,7 +164,7 @@ static int	pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
   int		retval;
 
   if (!(f_system = pusb_pad_open_system(opts, user, "r")))
-    return (1);
+    return (0);
   if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
     {
       fclose(f_system);

pam_usb/src/test.c

@@ -19,6 +19,24 @@
 #include "conf.h"
 #include "log.h"
 #include "device.h"
+#include "local.h"
+
+static void	pusb_conf_dump(t_pusb_options *opts)
+{
+  fprintf(stdout, "Configuration dump:\n");
+  fprintf(stdout, "enable\t\t\t: %s\n", opts->enable ? "true" : "false");
+  fprintf(stdout, "debug\t\t\t: %s\n", opts->debug ? "true" : "false");
+  fprintf(stdout, "quiet\t\t\t: %s\n", opts->quiet ? "true" : "false");
+  fprintf(stdout, "color_log\t\t: %s\n", opts->color_log ? "true" : "false");
+  fprintf(stdout, "one_time_pad\t\t: %s\n",
+	  opts->one_time_pad ? "true" : "false");
+  fprintf(stdout, "probe_timeout\t\t: %d\n", opts->probe_timeout);
+  fprintf(stdout, "hostname\t\t: %s\n", opts->hostname);
+  fprintf(stdout, "system_pad_directory\t: %s\n",
+	  opts->system_pad_directory);
+  fprintf(stdout, "device_pad_directory\t: %s\n",
+	  opts->device_pad_directory);
+}
 
 int			main(int argc, char **argv)
 {
@@ -35,11 +53,18 @@ int			main(int argc, char **argv)
   pusb_conf_init(&opts);
   if (!pusb_conf_parse("conf.xml", &opts, argv[1], argv[2]))
     return (0);
+  pusb_log_init(&opts);
+  pusb_conf_dump(&opts);
   if (!opts.enable)
     {
       log_debug("Not enabled, exiting...\n");
       return (0);
     }
+  if (!pusb_local_login(&opts, argv[1]))
+    {
+      log_error("Access denied.\n");
+      return (0);
+    }
   retval = pusb_device_check(&opts, argv[1]);
   if (retval)
     log_info("Access granted.\n");
@@ -47,3 +72,6 @@ int			main(int argc, char **argv)
     log_error("Access denied.\n");
   return (0);
 }
+
+
+