Browse Source

Removed enforce_otp and try_otp, use "one_time_pad" instead.

Renamed otp_directory to pad_directory
master
Andrea Luzzardi 18 years ago
parent
commit
8f267459bf
5 changed files with 31 additions and 37 deletions
  1. +14
    -18
      pam_usb/src/conf.c
  2. +3
    -4
      pam_usb/src/conf.h
  3. +4
    -5
      pam_usb/src/conf.xml
  4. +5
    -5
      pam_usb/src/device.c
  5. +5
    -5
      pam_usb/src/otp.c

+ 14
- 18
pam_usb/src/conf.c View File

@ -28,20 +28,18 @@ static void pusb_conf_options_get_from(t_pusb_options *opts,
{ {
pusb_xpath_get_string_from(doc, from, "option[@name='hostname']", pusb_xpath_get_string_from(doc, from, "option[@name='hostname']",
opts->hostname, sizeof(opts->hostname)); opts->hostname, sizeof(opts->hostname));
pusb_xpath_get_string_from(doc, from, "option[@name='system_otp_directory']",
opts->system_otp_directory,
sizeof(opts->system_otp_directory));
pusb_xpath_get_string_from(doc, from, "option[@name='device_otp_directory']",
opts->device_otp_directory,
sizeof(opts->device_otp_directory));
pusb_xpath_get_string_from(doc, from, "option[@name='system_pad_directory']",
opts->system_pad_directory,
sizeof(opts->system_pad_directory));
pusb_xpath_get_string_from(doc, from, "option[@name='device_pad_directory']",
opts->device_pad_directory,
sizeof(opts->device_pad_directory));
pusb_xpath_get_bool_from(doc, from, "option[@name='debug']", pusb_xpath_get_bool_from(doc, from, "option[@name='debug']",
&(opts->debug)); &(opts->debug));
pusb_xpath_get_bool_from(doc, from, "option[@name='enable']", pusb_xpath_get_bool_from(doc, from, "option[@name='enable']",
&(opts->enable)); &(opts->enable));
pusb_xpath_get_bool_from(doc, from, "option[@name='try_otp']",
&(opts->try_otp));
pusb_xpath_get_bool_from(doc, from, "option[@name='enforce_otp']",
&(opts->enforce_otp));
pusb_xpath_get_bool_from(doc, from, "option[@name='one_time_pad']",
&(opts->one_time_pad));
pusb_xpath_get_int_from(doc, from, "option[@name='probe_timeout']", pusb_xpath_get_int_from(doc, from, "option[@name='probe_timeout']",
&(opts->probe_timeout)); &(opts->probe_timeout));
} }
@ -128,12 +126,11 @@ int pusb_conf_init(t_pusb_options *opts)
log_error("gethostname: %s\n", strerror(errno)); log_error("gethostname: %s\n", strerror(errno));
return (0); return (0);
} }
strcpy(opts->system_otp_directory, "./");
strcpy(opts->device_otp_directory, ".auth");
strcpy(opts->system_pad_directory, "./");
strcpy(opts->device_pad_directory, ".auth");
opts->probe_timeout = 10; opts->probe_timeout = 10;
opts->enable = 1; opts->enable = 1;
opts->try_otp = 1;
opts->enforce_otp = 0;
opts->one_time_pad = 1;
opts->debug = 0; opts->debug = 0;
return (1); return (1);
} }
@ -143,12 +140,11 @@ static void pusb_conf_dump(t_pusb_options *opts)
log_debug("Configuration dump:\n"); log_debug("Configuration dump:\n");
log_debug("enable\t\t\t: %s\n", opts->enable ? "true" : "false"); log_debug("enable\t\t\t: %s\n", opts->enable ? "true" : "false");
log_debug("debug\t\t\t: %s\n", opts->debug ? "true" : "false"); log_debug("debug\t\t\t: %s\n", opts->debug ? "true" : "false");
log_debug("try_otp\t\t\t: %s\n", opts->try_otp ? "true" : "false");
log_debug("enforce_otp\t\t: %s\n", opts->enforce_otp ? "true" : "false");
log_debug("one_time_pad\t\t: %s\n", opts->one_time_pad ? "true" : "false");
log_debug("probe_timeout\t\t: %d\n", opts->probe_timeout); log_debug("probe_timeout\t\t: %d\n", opts->probe_timeout);
log_debug("hostname\t\t\t: %s\n", opts->hostname); log_debug("hostname\t\t\t: %s\n", opts->hostname);
log_debug("system_otp_directory\t: %s\n", opts->system_otp_directory);
log_debug("device_otp_directory\t: %s\n", opts->device_otp_directory);
log_debug("system_pad_directory\t: %s\n", opts->system_pad_directory);
log_debug("device_pad_directory\t: %s\n", opts->device_pad_directory);
} }


+ 3
- 4
pam_usb/src/conf.h View File

@ -35,12 +35,11 @@ typedef struct pusb_options
{ {
int probe_timeout; int probe_timeout;
int enable; int enable;
int try_otp;
int enforce_otp;
int one_time_pad;
int debug; int debug;
char hostname[32]; char hostname[32];
char system_otp_directory[128];
char device_otp_directory[32];
char system_pad_directory[128];
char device_pad_directory[32];
t_pusb_device device; t_pusb_device device;
} t_pusb_options; } t_pusb_options;


+ 4
- 5
pam_usb/src/conf.xml View File

@ -1,12 +1,11 @@
<configuration> <configuration>
<defaults> <defaults>
<option name="hostname">foobar</option> <option name="hostname">foobar</option>
<option name="try_otp">true</option>
<option name="enforce_otp">false</option>
<option name="one_time_pad">true</option>
<option name="probe_timeout">10</option> <option name="probe_timeout">10</option>
<option name="debug">false</option> <option name="debug">false</option>
<!-- <option name="system_otp_directory">.</option>
<option name="device_otp_directory">.auth</option> -->
<!-- <option name="system_pad_directory">.</option>
<option name="device_pad_directory">.auth</option> -->
</defaults> </defaults>
<devices> <devices>
@ -22,11 +21,11 @@
<users> <users>
<user id="scox"> <user id="scox">
<device>foobar</device> <device>foobar</device>
<option name="one_time_pad">false</option>
</user> </user>
<user id="root"> <user id="root">
<device>foobar</device> <device>foobar</device>
<option name="enforce_otp">true</option>
</user> </user>
</users> </users>


+ 5
- 5
pam_usb/src/device.c View File

@ -70,15 +70,15 @@ int pusb_device_check(t_pusb_options *opts)
return (0); return (0);
} }
if (!opts->try_otp && !opts->enforce_otp)
if (opts->one_time_pad)
{ {
log_debug("One time pad is disabled, no more verifications to do.\n");
retval = 1;
log_info("Performing one time pad verification...\n");
retval = pusb_otp_check(opts, ctx);
} }
else else
{ {
log_info("Performing one time pad verification...\n");
retval = pusb_otp_check(opts, ctx);
log_debug("One time pad is disabled, no more verifications to do.\n");
retval = 1;
} }
pusb_hal_dbus_disconnect(dbus); pusb_hal_dbus_disconnect(dbus);


+ 5
- 5
pam_usb/src/otp.c View File

@ -39,7 +39,7 @@ static FILE *pusb_otp_open_device(t_pusb_options *opts,
mnt_point = (char *)libhal_volume_get_mount_point(volume); mnt_point = (char *)libhal_volume_get_mount_point(volume);
if (!mnt_point) if (!mnt_point)
return (NULL); return (NULL);
path_size = strlen(mnt_point) + 1 + strlen(opts->device_otp_directory) + \
path_size = strlen(mnt_point) + 1 + strlen(opts->device_pad_directory) + \
1 + strlen(opts->hostname) + strlen(".otp") + 1; 1 + strlen(opts->hostname) + strlen(".otp") + 1;
if (!(path = malloc(path_size))) if (!(path = malloc(path_size)))
{ {
@ -48,7 +48,7 @@ static FILE *pusb_otp_open_device(t_pusb_options *opts,
} }
memset(path, 0x00, path_size); memset(path, 0x00, path_size);
snprintf(path, path_size, "%s/%s/%s.otp", mnt_point, snprintf(path, path_size, "%s/%s/%s.otp", mnt_point,
opts->device_otp_directory, opts->hostname);
opts->device_pad_directory, opts->hostname);
f = fopen(path, mode); f = fopen(path, mode);
free(path); free(path);
if (!f) if (!f)
@ -65,7 +65,7 @@ static FILE *pusb_otp_open_system(t_pusb_options *opts, const char *mode)
char *path; char *path;
size_t path_size; size_t path_size;
path_size = strlen(opts->system_otp_directory) + 1 +
path_size = strlen(opts->system_pad_directory) + 1 +
strlen(opts->device.serial) + strlen(".otp") + 1; strlen(opts->device.serial) + strlen(".otp") + 1;
if (!(path = malloc(path_size))) if (!(path = malloc(path_size)))
{ {
@ -73,7 +73,7 @@ static FILE *pusb_otp_open_system(t_pusb_options *opts, const char *mode)
return (NULL); return (NULL);
} }
memset(path, 0x00, path_size); memset(path, 0x00, path_size);
snprintf(path, path_size, "%s/%s.otp", opts->system_otp_directory,
snprintf(path, path_size, "%s/%s.otp", opts->system_pad_directory,
opts->device.serial); opts->device.serial);
f = fopen(path, mode); f = fopen(path, mode);
free(path); free(path);
@ -153,7 +153,7 @@ int pusb_otp_check(t_pusb_options *opts, LibHalContext *ctx)
volume = pusb_volume_get(opts, ctx); volume = pusb_volume_get(opts, ctx);
if (!volume) if (!volume)
return (!opts->enforce_otp);
return (0);
retval = pusb_otp_compare(opts, volume); retval = pusb_otp_compare(opts, volume);
if (retval) if (retval)
{ {


Loading…
Cancel
Save