Fincer
/
pam_usb
mirror of https://github.com/Fincer/pam_usb
1
0
Fork 0
Code Issues 0 Releases 4 Wiki Activity
Hardware authentication for Linux using ordinary USB Flash Drives.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 Commits
1 Branch
910 KiB
 
 
 
 
 
Tree: 604d6911d4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '604d6911d4'
${ noResults }
pam_usb/src/pad.c

222 lines
6.1 KiB
Raw Blame History

/*
* Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
*
* This file is part of the pam_usb project. pam_usb is free software;
* you can redistribute it and/or modify it under the terms of the GNU General
* Public License version 2, as published by the Free Software Foundation.
*
* pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
#include <time.h>
#include <libhal-storage.h>
#include "conf.h"
#include "log.h"
#include "volume.h"
#include "pad.h"
static FILE *pusb_pad_open_device(t_pusb_options *opts,
LibHalVolume *volume,
const char *user,
const char *mode)
{
FILE *f;
char path[PATH_MAX];
const char *mnt_point;
struct stat sb;
mnt_point = (char *)libhal_volume_get_mount_point(volume);
if (!mnt_point)
return (NULL);
memset(path, 0x00, PATH_MAX);
snprintf(path, PATH_MAX, "%s/%s", mnt_point, opts->device_pad_directory);
if (stat(path, &sb) != 0)
{
log_debug("Directory %s does not exist, creating one.\n", path);
if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
{
log_debug("Unable to create directory %s: %s\n", path,
strerror(errno));
return (NULL);
}
memset(path, 0x00, PATH_MAX);
}
snprintf(path, PATH_MAX, "%s/%s/%s.%s.pad", mnt_point,
opts->device_pad_directory, user, opts->hostname);
f = fopen(path, mode);
if (!f)
{
log_debug("Cannot open device file: %s\n", strerror(errno));
return (NULL);
}
return (f);
}
static FILE *pusb_pad_open_system(t_pusb_options *opts,
const char *user,
const char *mode)
{
FILE *f;
char path[PATH_MAX];
struct passwd *user_ent = NULL;
struct stat sb;
if (!(user_ent = getpwnam(user)) || !(user_ent->pw_dir))
{
log_error("Unable to retrieve informations for user \"%s\": %s\n",
strerror(errno));
return (0);
}
memset(path, 0x00, PATH_MAX);
snprintf(path, PATH_MAX, "%s/%s", user_ent->pw_dir,
opts->system_pad_directory);
if (stat(path, &sb) != 0)
{
log_debug("Directory %s does not exist, creating one.\n", path);
if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
{
log_debug("Unable to create directory %s: %s\n", path,
strerror(errno));
return (NULL);
}
chown(path, user_ent->pw_uid, user_ent->pw_gid);
chmod(path, S_IRUSR | S_IWUSR | S_IXUSR);
}
memset(path, 0x00, PATH_MAX);
snprintf(path, PATH_MAX, "%s/%s/%s.pad", user_ent->pw_dir,
opts->system_pad_directory, opts->device.name);
f = fopen(path, mode);
if (!f)
{
log_debug("Cannot open system file: %s\n", strerror(errno));
return (NULL);
}
return (f);
}
static int pusb_pad_protect(const char *user, int fd)
{
struct passwd *user_ent = NULL;
log_debug("Protecting pad file...\n");
if (!(user_ent = getpwnam(user)))
{
log_error("Unable to retrieve informations for user \"%s\": %s\n",
strerror(errno));
return (0);
}
if (fchown(fd, user_ent->pw_uid, user_ent->pw_gid) == -1)
{
log_error("Unable to change owner of the pad: %s\n",
strerror(errno));
return (0);
}
if (fchmod(fd, S_IRUSR | S_IWUSR) == -1)
{
log_error("Unable to change mode of the pad: %s\n",
strerror(errno));
return (0);
}
return (1);
}
static void pusb_pad_update(t_pusb_options *opts,
LibHalVolume *volume,
const char *user)
{
FILE *f_device = NULL;
FILE *f_system = NULL;
char magic[1024];
int i;
if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+")))
{
log_error("Unable to update pads.\n");
return ;
}
pusb_pad_protect(user, fileno(f_device));
if (!(f_system = pusb_pad_open_system(opts, user, "w+")))
{
log_error("Unable to update pads.\n");
fclose(f_device);
return ;
}
pusb_pad_protect(user, fileno(f_system));
log_debug("Generating %d bytes unique pad...\n", sizeof(magic));
srand(getpid() * time(NULL));
for (i = 0; i < sizeof(magic); ++i)
magic[i] = (char)rand();
log_debug("Writing pad to the device...\n");
fwrite(magic, sizeof(char), sizeof(magic), f_system);
log_debug("Writing pad to the system...\n");
fwrite(magic, sizeof(char), sizeof(magic), f_device);
log_debug("Synchronizing filesystems...\n");
fclose(f_system);
fclose(f_device);
sync();
log_debug("One time pads updated.\n");
}
static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
const char *user)
{
FILE *f_device = NULL;
FILE *f_system = NULL;
char magic_device[1024];
char magic_system[1024];
int retval;
if (!(f_system = pusb_pad_open_system(opts, user, "r")))
return (1);
if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
{
fclose(f_system);
return (0);
}
log_debug("Loading device pad...\n");
fread(magic_device, sizeof(char), sizeof(magic_device), f_device);
log_debug("Loading system pad...\n");
fread(magic_system, sizeof(char), sizeof(magic_system), f_system);
retval = memcmp(magic_system, magic_device, sizeof(magic_system));
fclose(f_system);
fclose(f_device);
if (!retval)
log_debug("Pad match.\n");
return (retval == 0);
}
int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx,
const char *user)
{
LibHalVolume *volume = NULL;
int retval;
volume = pusb_volume_get(opts, ctx);
if (!volume)
return (0);
retval = pusb_pad_compare(opts, volume, user);
if (retval)
{
log_info("Verification match, updating one time pads...\n");
pusb_pad_update(opts, volume, user);
}
else
log_error("Pad checking failed !\n");
pusb_volume_destroy(volume);
return (retval);
}