|
[-]
[+]
|
Changed |
pam_usb.spec
|
|
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/AUTHORS
^
|
| @@ -1,6 +0,0 @@
-Original Author
--------------------
-Andrea Luzzardi <scox@gentoo.org>
-
-
-With many contributions from users: http://www.pamusb.org/about.html
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/Changelog
^
|
| @@ -1,181 +0,0 @@
-* 0.3.3
-- The option keypath is now splitted into local_keypath and device_keypath.
-- Fixed a bug that occurred when the TTY entry was empty.
-- pam_usb doesn't get anymore the tty name from PAM_TTY as it used to be
- empty on some systems.
-- Better defaults. The default options have been set to fit most needs,
- you are no longer required to use !check_device on 2.6.
-- Verbose mode. By default, pam_usb now prints some informations during
- the login process (access granted, the reason why access was refused, etc).
- This can be turned off using the brand new 'quiet' option.
-- Other small fixes.
-
-* 0.3.2
-- Now pam_usb will also try to autodetect /dev/sdN devices (not just
- /dev/sdNX).
-- Fixed a bug that happened when the application using PAM didn't set
- PAM_TTY correctly.
-- Added the use_first_pass and try_first_pass options.
- Now if you enter your password on another PAM module (such as pam_mount
- or pam_ssh), pam_usb will use that password to decrypt the private key.
-
-
-
-* 0.3.1
-- Lot of misc fixes (memory management, Makefiles, sanity checks, etc).
- I'd like to thank the PaX Team <pageexec@freemail.hu> who did almost
- the whole job.
-- Added the hostname option which allows to select what hostname should
- be used for authentication (useful for shared public keys over lan).
- Thanks to Nicolas Chauvat <chauvat@nerim.net> who reported the issue,
- the idea and the patch for this feature.
-
-
-
-* 0.3.0
-- Not much changes in this version beside a gcc fix, but the 0.2 branch
- reached too many new features so i wanted to name this release 0.3.0
- as i should have done with 0.2.3
-- Fixed a gcc 3.3 compile issue, and all related warning.
- I would like to thank the following guys for having reported this bug so fast:
- Lalande Fabrice <fabrice.lalande@orange.fr>
- Marco <gaedol@softhome.net>
- Neil Dunbar <neil.dunbar@hp.com>
-
-
-
-* 0.2.3
-- Added the usbhotplug tool.
- usbhotplug is a hotplug agent that will automagically start a lock handler
- when the usb device is removed and an unlock handler when the usb device
- is plugged back in and authenticated through pam_usb.
-
- The default handlers will start xlock when the usb device is removed,
- and will kill it when the usb device is plugged back in and authenticated.
-
- I'd like to thank Wout Mertens <wmertens@cisco.com> as we had a couple
- of discussions about hotplug which helped me implementing this tool.
-
-- The parser can now understand "option" and "!option" instead of
- option=1 and option=-1 (e.g. debug !check_device).
- Thanks to Jean-Christophe JASKULA <jean.christophe.jasku-la@wanadoo.fr> who
- suggested me that and provided an initial patch.
-
-- Fixed a loop bug on serial number checking. Thanks to Zs <horzsol@freemail.hu>
- for reporting the bug and a patch to fix it.
-
-- Added the direct_open option which allows to open the private key
- using O_DIRECT to avoid disk caching (works only on devices that
- supports it). Thanks to myles <myles@tenhand.com> who suggested me that.
-
-- Added some sanity checks here and there because it seems that the PAM
- API can return weird stuff from time to time.
-
-- Handling the mount point creation/remotion in a better way which seems
- to fix a couple of mntpoint problems.
-
-
-
-* 0.2.2
-- Added the keep_mounted option, which allows to not umount the mount point
- once logged (useful if the gpg/ssh key is stored on there)
-
-- Fixed the mntpoint option: do not delete the directory if it's not a
- temporary one.
-
-- Added the support to pass multiple filesystems name with the fs=
- option (comma separated list). Changed the default fs to "ext2,vfat"
-
-- Added the log_file option. Takes a filename as a argument.
- Combined with debug=1 it can log debug messages to a file.
-
-- Not mounting the device as read-only anymore. Instead, the mount_opts
- option has been created. It accepts a comma separated list of mount
- options (accepted options are: ro,bind,sync,remount,nosuid,noexec,nodev).
-
-- Fixed an issue which made the allow_remote feature not working correctly
- with gdm/kdm.
-
-- Introduced the local_hosts and local_consoles options. They contain a
- comma separated lists of hosts and consoles allowed to log in while using
- allow_remote=-1
-
-
-
-* 0.2.1
-- Changed the naming method from x.y to x.y.z
-
-- pam_usb is now able to distinguish local users from remote (as in
- logged via ssh), and denies the authentication of non-local users.
- Setting allow_remote to 1 disable this feature.
-
-- Mounting is now done in read-only.
-
-- Added the missing mandatory PAM functions.
-
-
-
-* 0.2_rc2
-- Workaround to make pam_usb not use /proc so it can run on Linux 2.6
- By setting check_device to -1, pam_usb will neither check the device's
- serial number, nor if it's attached. It's not a real problem if you
- don't need serial number checking, but don't combine it with
- check_if_mounted.
-
-- Added the force_device capability. Now you can specify a device that
- will be mounted without going in guessing mode. If the device cannot
- be mounted, it'll switch back to the default guess mode.
- Useful if guess mode fails, if you don't want it to try several
- devices before getting the right one (so you can login faster), or if
- you want to login using a floppy disk, a cdrom or whatever you want.
-
-- Modified the serial number authentication method so now if no serial
- numbers are avaible on a device, it will try to use the GUID.
- Thanks to Damien Braillard <damien.b@freesurf.ch> who reported the
- issue, suggested a way to fix it, and provided a first patch for it.
-
-
-
-* 0.2_rc1
-- Radically changed the way pam_usb authenticates the user on the
- system. Now it works with a pair of DSA keys.
-
- Thanks to Wout Mertens <wmertens@cisco.com> who told me that i could
- use a couple of SSH keys to fix the authentication issue.
- That gave me the idea to use a set of private/public keys.
-
- Thanks to Ilkka Mattila <ilkka@lyseo.edu.ouka.fi> who helped me to
- find out a better way to implement the key challenge: extracting the
- public key was inadequate.
-
- Also thanks to those who brought up weird scenarios and/or tested
- pre-releases of pam_usb, in alphabetical order:
-
- Ilkka Mattila <ilkka@lyseo.edu.ouka.fi>
- Joonas Kortesalmi
- Thomas Stewart <thomas@stewarts.org.uk>
- Tuure Laurinolli <tuure@laurinolli.net>
-
-
-
-* 0.1:
-- Now pam_usb doesn't require a mount point. Instead, it creates
- a temporary directory under /tmp.
- Thanks to Loic Jaquemet <jaquemet@fiifo.u-psud.fr> who gave me the idea.
-
-- Compiles with gcc 2.95 thanks to Tobias Bayer <tobi.bayer@gmx.de> bug
- report.
-
-
-
-* 0.1-beta2:
-- procfile and device entries autodetection have been fixed thanks to
- Thomas Stewart <thomas@stewarts.org.uk> bug reports.
-
-- devfs support added. Thanks to Loic Jaquemet <jaquemet@fiifo.u-psud.fr>
- for the bug report.
-
-
-
-* 0.1-beta1:
-- Initial release
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/README
^
|
| @@ -1,12 +0,0 @@
-pam_usb is a Linux PAM module that allows you to login into your
-Linux box using a mobile USB storage device such as an USB pen.
-
-It's released under the GNU General Public License (see COPYING).
-
-The official web site is:
- http://www.pamusb.org/
-
-You can get the documentation at:
- http://www.pamusb.org/doc/
-
-
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/Makefile
^
|
| @@ -1,24 +0,0 @@
-CC := gcc
-CFLAGS := -Wall -O2 -fPIC
-LDFLAGS := -shared -lssl
-SO := pam_usb.so
-SOURCES := $(wildcard *.c)
-OBJS := $(patsubst %.c,%.o,$(SOURCES))
-PAM_MODULES := $(DESTDIR)/lib/security
-
-all: $(SO)
-
-$(SO): $(OBJS)
- $(CC) $(LDFLAGS) -o $@ $(OBJS)
-
-%.o: %.c
- $(CC) -c $(CFLAGS) -o $@ $<
-
-clean:
- rm -f $(OBJS) $(SO)
-
-install: all
- install -m644 $(SO) $(PAM_MODULES)
-
-deinstall:
- rm -f $(PAM_MODULES)/$(SO)
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/auth.c
^
|
| @@ -1,231 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "pam.h"
-#include "parser.h"
-#include "conf.h"
-#include "device.h"
-#include "dsa.h"
-
-int pam_conv_pass (pam_handle_t *pamh, const char *prompt)
-{
- const struct pam_conv *conv;
- struct pam_message msg;
- const struct pam_message *msgs[1];
- struct pam_response *resp;
- const void *item;
-
- if (pam_get_item (pamh, PAM_CONV, &item) != PAM_SUCCESS)
- return 0;
-
- conv = (const struct pam_conv *)item;
-
- msg.msg_style = PAM_PROMPT_ECHO_OFF;
- msg.msg = prompt;
- msgs[0] = &msg;
-
- if ((conv->conv (1, msgs, &resp, conv->appdata_ptr)) != PAM_SUCCESS)
- return 0;
-
- if ((pam_set_item (pamh, PAM_AUTHTOK, resp[0].resp)) != PAM_SUCCESS)
- return 0;
-
- memset (resp[0].resp, 0, strlen (resp[0].resp));
- free (resp[0].resp);
- free (resp);
-
- return 1;
-}
-
-int pam_get_pass (pam_handle_t *pamh, const char **passp, const char *prompt)
-{
- const void *item = NULL;
-
- if ((usb_conf.try_first_pass == 1) || (usb_conf.use_first_pass == 1)) {
- if (pam_get_item (pamh, PAM_AUTHTOK, &item) != PAM_SUCCESS)
- return 0;
- }
-
- if (!item) {
- if (usb_conf.use_first_pass == 1) {
- DEBUGP ("Cannot import the passphrase\n");
- return 0;
- }
-
- if (!pam_conv_pass (pamh, prompt))
- return 0;
-
- if (pam_get_item (pamh, PAM_AUTHTOK, &item) != PAM_SUCCESS)
- return 0;
- } else {
- DEBUGP ("Importing the passphrase...\n");
- }
-
- *passp = (const char *)item;
-
- return 1;
-}
-
-int check_serial (FILE *proc)
-{
- FILE *f;
- char *line = NULL;
- char *serial = NULL;
- char type[] = "{S}";
-
- /* If there's no serial number file, authorize */
- if ((f = fopen (usb_conf.snfile, "r")) == NULL)
- return 1;
-
- DEBUGP ("Found serial number ACL file, checking...\n");
-
- serial = get_param (proc, "Serial Number", ':');
-
- if (!serial || !(strcmp (serial, "None"))) {
- free (serial);
- serial = NULL;
- /* trying with the GUID */
- DEBUGP ("Cannot fetch the device's serial number\n"
- "Checking the GUID...\n");
- type[1] = 'G';
- if (!(serial = get_param (proc, "GUID", ':'))) {
- /* no luck either */
- free (serial);
- fclose (f);
- return 0;
- }
- DEBUGP ("GUID found\n");
- }
-
- while ((line = get_param (f, type, ' '))) {
-
- if (!strcmp (serial, line)) {
- free (serial);
- free (line);
- fclose (f);
- DEBUGP ("Serial number matches\n");
- return 1;
- }
-
- free (line);
- }
-
- free (serial);
- fclose (f);
- DEBUGP ("Serial number doesn't match\n");
- return 0;
-}
-
-int check_device (void)
-{
- FILE *f;
- char *file;
-
- if (usb_conf.check_device == -1)
- return 1;
-
- while ((file = find_proc_file())) {
- DEBUGP("Using procfile %s\n", file);
-
- if (!(f = fopen (file, "r"))) {
- DEBUGP("Cannot open procfile %s\n", file);
- free (file);
- return 0;
- }
-
- if (!check_serial (f)) {
- DEBUGP("Invalid serial number\n");
- fclose (f);
- free (file);
- continue;
- }
-
- if (!check_param (f, "Attached", "Yes", ':')) {
- DEBUGP("Device found on %s is not attached\n", file);
- fclose (f);
- free (file);
- continue;
- }
-
- DEBUGP ("Found valid device %s\n", file);
- fclose (f);
- free (file);
- return 1;
- }
- return 0;
-}
-
-int authenticate (pam_handle_t* pamh, const char *user)
-{
- FILE *pubfd;
- FILE *privfd;
-
- char *file;
-
- int status;
-
- DSA *private;
- DSA *public;
-
- if (!(privfd = open_dev (user))) {
- INFOP ("Authentication denied: Unable to find a valid device.\n");
- return 0;
- }
-
- file = get_public_filename (user);
-
- if (!(pubfd = fopen (file, "r"))) {
- INFOP ("Authentication denied: Cannot open public key \"%s\"\n", file);
- free (file);
- close_dev (privfd);
- return 0;
- }
-
- if (!(private = import_private_key (privfd, pamh))) {
- INFOP("Authentication denied: Cannot import private key\n");
- free (file);
- close_dev (privfd);
- fclose (pubfd);
- return 0;
- }
-
- DEBUGP ("Private key imported\n");
-
- if (!(public = import_public_key (pubfd))) {
- INFOP ("Authentication denied: Cannot import public key \"%s\"\n",
- file);
- free (file);
- close_dev (privfd);
- fclose (pubfd);
- DSA_free (private);
- return 0;
- }
-
- DEBUGP ("Public key imported\n");
-
- free (file);
- close_dev (privfd);
- fclose (pubfd);
-
- status = valid_dsa_keys (private, public);
-
- DSA_free (private);
- DSA_free (public);
-
- return status;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/auth.h
^
|
| @@ -1,10 +0,0 @@
-#ifndef _H_AUTH
-#define _H_AUTH
-
-int check_serial (FILE *proc);
-int check_device (void);
-int authenticate (pam_handle_t *pamh, const char *user);
-int pam_conv_pass (pam_handle_t *pamh, const char *prompt);
-int pam_get_pass (pam_handle_t *pamh, const char **passp, const char *prompt);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/dsa.c
^
|
| @@ -1,103 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "pam.h"
-#include "conf.h"
-#include "dsa.h"
-#include "auth.h"
-
-int prompt_for_password (char *passphrase, int size, int rwflag, void *u)
-{
- pam_handle_t *pamh = (pam_handle_t *)u;
- const char *pass;
- int len;
-
- DEBUGP ("Private key is encrypted\n");
-
- if (!pam_get_pass (pamh, &pass, "Passphrase to unlock the key: "))
- return 0;
-
- len = strlen (pass);
-
- if (len <= 0)
- return 0;
- if (len > size)
- len = size;
-
- memcpy (passphrase, pass, len);
- return len;
-}
-
-DSA *import_public_key (FILE *f)
-{
- DSA *key;
-
- if (!(key = PEM_read_DSA_PUBKEY (f, NULL, NULL, NULL)))
- return NULL;
-
- return key;
-}
-
-DSA *import_private_key (FILE *f, pam_handle_t *pamh)
-{
- DSA *key;
-
- OpenSSL_add_all_algorithms();
-
- if (!(key = PEM_read_DSAPrivateKey (f, NULL, prompt_for_password,
- (void*)pamh)))
- return NULL;
-
- return key;
-}
-
-
-int valid_dsa_keys (DSA *private, DSA *public)
-{
- unsigned char rdata[20];
- unsigned char sig[256];
- unsigned int siglen;
- int i;
-
- DEBUGP ("Checking DSA key pair...\n");
-
- for (i=0; i < usb_conf.sign_times; ++i) {
-
- memset (rdata, 0, sizeof rdata);
- if (RAND_pseudo_bytes (rdata, sizeof rdata) < 0) {
- DEBUGP ("cannot generate pseudo random data\n");
- return 0;
- }
-
- DEBUGP ("Signing pseudo random data [%d time(s)]...\n", (i+1));
-
- DSA_sign (0, rdata, sizeof rdata, sig, &siglen, private);
- if (DSA_verify (0, rdata, sizeof rdata, sig, siglen, public) != 1) {
- INFOP ("Authentication denied: Invalid signature, key mismatch.\n");
- return 0;
- }
- DEBUGP ("Valid signature\n");
- }
-
- if (BN_cmp (private->pub_key, public->pub_key) != 0) {
- DEBUGP ("BNs mismatched\n");
- return 0;
- }
-
- return 1;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/dsa.h
^
|
| @@ -1,14 +0,0 @@
-#ifndef _H_CRYPTO
-#define _H_CRYPTO
-
-#include <openssl/rand.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-
-DSA *import_public_key (FILE *f);
-DSA *import_private_key (FILE *f, pam_handle_t *pamh);
-int valid_dsa_keys (DSA *private, DSA *public);
-int prompt_for_password (char *passphrase, int size, int rwflag, void *u);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/pam.h
^
|
| @@ -1,11 +0,0 @@
-#ifndef _H_PAM
-#define _H_PAM
-#define PVERSION "0.3.3"
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#include <stdio.h>
-#include "log.h"
-
-char *converse (pam_handle_t *pamh, int style, char *message);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/parser.c
^
|
| @@ -1,215 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "pam.h"
-#include "parser.h"
-#include "conf.h"
-
-void replace_char (char *str, char source, char dest)
-{
- size_t i = 0;
-
- while (str[i]) {
- if (str[i] == source)
- str[i] = dest;
- ++i;
- }
-}
-
-char *getline_until (FILE *f, char delim)
-{
- size_t c, i = 0, start = 0, skip = 0;
-
- char *buf = NULL;
- while ((c = fgetc(f)) != EOF) {
- /* skip comments */
-
- if (skip && c != '\n')
- continue;
-
- if (skip && c == '\n') {
- skip = 0;
- continue;
- }
-
- if (!start && c == '#') {
- skip = 1;
- continue;
- }
-
- /* skip spaces before text */
- if (!start && c == ' ')
- continue;
- ++start;
-
- buf = realloc (buf, i+1);
- if (c == delim) {
- buf [i] = '\0';
- return buf;
- }
- buf[i] = c;
- ++i;
- }
-
- return buf;
-}
-
-char *get_from_to (const char *line, char start, char stop)
-{
- size_t i, len, copied = 0, started = 0;
- char *buf = malloc (1);
-
- if (!buf)
- return NULL;
-
- if (!start)
- started = 1;
-
- len = strlen(line);
- for (i=0; i <= len; ++i)
- {
- if (line[i] == stop) {
- buf[copied] = '\0';
- return buf;
- }
-
- if (line[i] == start) {
- started = 1;
- continue;
- }
- if (!started)
- continue;
-
- buf[copied] = line[i];
- ++copied;
- buf = realloc (buf, copied+1);
- }
-
- return NULL;
-}
-
-char *get_param (FILE *f, char *param, char delim)
-{
- char *line;
- char *val;
-
- while ((line = getline_until(f, delim)))
- {
- val = getline_until(f, '\n');
- if (!strcmp(param, line)) {
- free (line);
- return val;
- }
- free (val);
- free (line);
- }
-
- return NULL;
-}
-
-int check_param (FILE *f, char *param, char *value, char delim)
-{
- char *val;
-
- val = get_param (f, param, delim);
- if (!val)
- return 0;
-
- if (!strcmp (value, val)) {
- free (val);
- return 1;
- }
-
- free (val);
- return 0;
-}
-
-char *insert_before (char *src, char *dst)
-{
- char *buf;
- size_t len = strlen(src) + strlen(dst) + 1;
-
- buf = malloc (len);
- if (buf) {
- strcpy(buf, src);
- strcat(buf, dst);
- }
-
- return buf;
-}
-
-void drop_split (char **split)
-{
- char **temp = split;
-
- while (*temp) {
- free (*temp);
- ++temp;
- }
-
- free (split);
-}
-
-char **split (char *line, int delim)
-{
- char *buf;
- char **ret;
- size_t i, len, copied = 0, nelem = 0;
-
- ret = malloc (sizeof(char*));
- buf = malloc (sizeof(char));
-
- ret[0] = NULL;
- buf[0] = '\0';
-
- len = strlen(line);
- for (i = 0; i <= len; ++i) {
- if ((line[i] == delim) || (line[i] == '\0')) {
- /* we found the delimiter, or the end of line */
-
- /* if empty, skip */
- if (!copied)
- continue;
-
- /* put the buffer into the array */
- buf[copied] = '\0';
- ret[nelem] = buf;
-
- /* reset the counter */
- copied = 0;
-
- /* increase the array size */
- ++nelem;
- ret = realloc (ret, (nelem+1) * sizeof(char*));
- ret[nelem] = NULL;
-
- /* reset buf */
- buf = malloc (sizeof(char));
- buf[0] = '\0';
-
- /* go ahead */
- continue;
- }
-
- buf[copied] = line[i];
- ++copied;
- buf = realloc (buf, copied+1);
- }
-
- return ret;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/src/parser.h
^
|
| @@ -1,21 +0,0 @@
-#ifndef _H_PARSER
-#define _H_PARSER
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <shadow.h>
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-char *getline_until (FILE *f, char delim);
-char *get_param (FILE *f, char *param, char delim);
-int check_param (FILE *f, char *param, char *value, char delim);
-char *get_from_to (const char *line, char start, char stop);
-void replace_char (char *str, char source, char dest);
-char *insert_before (char *src, char *dst);
-char **split (char *line, int delim);
-void drop_split (char **split);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/Makefile
^
|
| @@ -1,17 +0,0 @@
-MAKE := make
-
-all:
- $(MAKE) all -C usbadm
- $(MAKE) all -C usbhotplug
-
-install:
- $(MAKE) install -C usbadm
- $(MAKE) install -C usbhotplug
-
-deinstall:
- $(MAKE) deinstall -C usbadm
- $(MAKE) deinstall -C usbhotplug
-
-clean:
- $(MAKE) clean -C usbadm
- $(MAKE) clean -C usbhotplug
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm
^
|
| -(directory)
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/Makefile
^
|
| @@ -1,30 +0,0 @@
-CC := gcc
-CFLAGS := -Wall -O2 -I../../src
-BIN := usbadm
-DEST := $(DESTDIR)/usr/bin
-MANDIR := $(DESTDIR)/usr/share/man
-SOURCES := $(wildcard *.c)
-OBJS := $(patsubst %.c,%.o,$(SOURCES))
-SOBJS := $(wildcard ../../src/*.o)
-
-all: pam_usb $(OBJS) $(BIN)
-
-pam_usb:
- make all -C ../../src
-
-$(BIN): $(OBJS)
- $(CC) $(CFLAGS) -lpam -lssl -lreadline -lncurses -o $@ $(OBJS) $(SOBJS)
-
-%.o: %.c
- $(CC) -c $(CFLAGS) -o $@ $<
-
-install: all
- install -m755 $(BIN) $(DEST)
- install usbadm.1.gz $(MANDIR)/man1/
-
-deinstall:
- rm -f $(DEST)/$(BIN)
- rm -f $(MANDIR)/man1/usbadm.1.gz
-
-clean:
- rm -f $(OBJS) $(BIN)
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/addserial.c
^
|
| @@ -1,121 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "usbadm.h"
-#include <device.h>
-#include <parser.h>
-
-int addserial (int ac, char **av)
-{
- char *serial = NULL;
- FILE *f;
-
- if (ac >= 3)
- serial = av[2];
-
- if (!serial) {
- char *file, *tmp;
-
- while ((file = find_proc_file ())) {
- if (!(f = fopen (file, "r"))) {
- free (file);
- continue;
- }
- printf ("[+] procfile: %s\n", file);
-
- serial = get_param(f, "Serial Number", ':');
-
- if (serial &&
- !strcmp (serial, "None")) {
- free (serial);
- serial = NULL;
- }
-
- if (!serial) {
- printf ("[-] serial number: none\n");
-
- /* fall back to GUID */
- if (!(serial = get_param (f, "GUID", ':'))) {
- fclose (f);
- free (file);
- printf ("[-] GUID: none\n");
- continue;
- }
-
- printf ("[+] GUID: %s\n", serial);
- tmp = insert_before ("{G} ", serial);
- free (serial);
- serial = tmp;
- } else {
- printf ("[+] serial number: %s\n", serial);
- tmp = insert_before ("{S} ", serial);
- free (serial);
- serial = tmp;
- }
-
- if (!serial) {
- fclose (f);
- free (file);
- break;
- }
-
- printf ("[+] auth number: %s\n", serial);
-
- if (!check_param (f, "Attached", "Yes", ':')) {
- fclose (f);
- free (file);
- free (serial);
- serial = NULL;
- printf ("[-] attached: no\n");
- continue;
- }
- fclose (f);
- free (file);
- printf ("[+] attached: yes\n");
- break;
- }
- }
-
- if (!serial) {
- printf ("[-] Cannot retrieve the serial number\n");
- return 1;
- }
-
- if (!(f = fopen (usb_conf.snfile, "a"))) {
- printf ("cannot open file %s\n", usb_conf.snfile);
- free (serial);
- return 1;
- }
-
- printf ("[!] Allowing serial number %s...", serial);
- fflush (stdout);
-
- if (fputs (serial, f) == EOF) {
- printf ("[-] cannot write file %s\n", usb_conf.snfile);
- fclose (f);
- free (serial);
- return 1;
- }
- fputc ('\n', f);
- fclose (f);
- free (serial);
-
- printf ("done.\n");
-
- return 0;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/cipher.c
^
|
| @@ -1,113 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "usbadm.h"
-#include <stdio.h>
-#include <ncurses.h>
-#include <term.h>
-#include <readline/readline.h>
-#include <readline/history.h>
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-
-#include <device.h>
-#include <parser.h>
-#include <dsa.h>
-
-const EVP_CIPHER *get_cipher (char *algo)
-{
- const EVP_CIPHER *enc = NULL;
-
- OpenSSL_add_all_algorithms();
- OpenSSL_add_all_ciphers();
-
- if (!algo || !strcmp(algo, "none"))
- enc = NULL;
- else
- if (!(enc = EVP_get_cipherbyname (algo)))
- printf ("[-] Invalid algorithm \"%s\".\n", algo);
-
- return enc;
-}
-
-int cipher (int ac, char **av)
-{
- char *algo = NULL, *user, *file;
- FILE *f;
- DSA *key;
-
- if (ac < 4) {
- print_usage (av[1], av);
- return 1;
- }
-
- user = av[3];
-
- if (ac >= 5)
- algo = av[4];
-
- OpenSSL_add_all_ciphers();
-
- file = get_private_filename (user, av[2]);
-
- if (!(f = fopen (file, "r"))) {
- printf ("[-] Cannot open file %s\n", file);
- free (file);
- return 1;
- }
-
-
- printf ("[!] Importing the private key...\n");
-
- if (!(key = PEM_read_DSAPrivateKey (f, NULL, NULL, NULL))) {
- printf ("[-] Cannot import private key\n");
- free (file);
- fclose (f);
- return 1;
- }
-
- printf ("[+] Private key imported\n");
-
- if (!algo) {
- printf ("[!] Encrypting the private key may prevent someone to authenticate with\n");
- printf (" your key. The drawback is that pam_usb will prompt you for password\n");
- printf (" every time you authenticate.\n");
-
- algo = readline ("[?] Which algorithm want you to use ? (none/des3/twofish): ");
- }
-
- fclose (f);
-
- if (!(f = fopen (file, "w"))) {
- printf ("[-] Cannot reopen file %s for writing\n", file);
- free (file);
- return 1;
- }
-
- free (file);
-
- if (!PEM_write_DSAPrivateKey (f, key, get_cipher (algo), NULL, 0, NULL, NULL)) {
- printf ("[-] Cannot write private key using cipher %s\n", algo);
- fclose (f);
- return 1;
- }
-
- fclose (f);
- printf ("[+] Private key successfully written using cipher %s\n", algo);
- return 0;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/help.c
^
|
| @@ -1,62 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "usbadm.h"
-
-extern struct action actions[];
-
-void print_usage (char *name, char **av)
-{
- struct action *action = NULL;
-
- action = find_action (name);
- printf ("Usage: %s %s %s\n", av[0], action->name, action->usage);
-}
-
-int help (int ac, char **av)
-{
- struct action *action = actions;
- char *name = NULL;
-
- if (ac == 2) {
- printf ("Usage: %s <action> [arguments]\n", av[0]);
- printf ("Avaible actions are: \n");
-
- while (action->name) {
- printf (" %s - %s\n", action->name, action->desc);
- action++;
- }
-
- printf ("See %s %s <action> for info.\n", av[0], av[1]);
- return 1;
- }
-
- name = av[2];
- if (!(action = find_action (name))) {
- printf ("%s: unknown action\n", name);
- printf ("See %s %s for actions.\n", av[0], av[1]);
- return 1;
- }
-
- printf ("Action: %s\n", action->name);
- printf ("Description: %s\n", action->desc);
- if (action->usage)
- print_usage(action->name, av);
-
- return 0;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/keygen.c
^
|
| @@ -1,190 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include "usbadm.h"
-#include <shadow.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdio.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-
-#include <device.h>
-#include <parser.h>
-#include <dsa.h>
-
-struct passwd *get_usr_nfo (char *user)
-{
- struct passwd *entry = NULL;
-
- while ((entry = getpwent ()))
- if (!strcmp (user, entry->pw_name) &&
- !strcmp (entry->pw_name, user))
- break;
- setpwent();
- return entry;
-}
-
-int dir_check (char *dir, char *keypath, uid_t owner, gid_t group)
-{
- char *auth_dir = NULL;
- struct stat buf;
-
- auth_dir = insert_before (dir, keypath);
- if (!auth_dir)
- return 0;
-
- if (stat (auth_dir, &buf) == 0) {
- free (auth_dir);
- return 1;
- }
-
- printf ("[!] Directory %s not found, creating one...\n", auth_dir);
-
- if (mkdir (auth_dir, S_IRUSR | S_IWUSR | S_IXUSR) == -1) {
- free (auth_dir);
- return 0;
- }
-
- if (chown (auth_dir, owner, group) == -1) {
- printf ("[W] Cannot chown u(%d) g(%d) the directory %s\n",
- owner, group, auth_dir);
- free (auth_dir);
- return 1;
- }
-
- free (auth_dir);
- return 1;
-}
-
-int check_tree (char *user, char *mnt)
-{
- struct passwd *entry = NULL;
-
- if (!(entry = get_usr_nfo(user)))
- return 0;
-
- if (!dir_check (entry->pw_dir, usb_conf.local_keypath, entry->pw_uid,
- entry->pw_gid))
- return 0;
-
- if (!dir_check (mnt, usb_conf.device_keypath, 0, 0))
- return 0;
-
- return 1;
-}
-
-int gen_dsa_keys (int bits, FILE *priv, FILE *pub)
-{
- DSA *key;
-
- key = DSA_generate_parameters (bits, NULL, 0, NULL, NULL, NULL, NULL);
-
- if (!key) {
- printf ("[-] Failed to generate private key's parameters\n");
- return 0;
- }
-
- printf ("[!] Extracting private key...\n");
-
- if (!DSA_generate_key (key)) {
- printf ("[-] Failed to extract private key\n");
- return 0;
- }
-
- printf ("[+] Private key extracted.\n");
-
- if (!PEM_write_DSAPrivateKey (priv, key, NULL, NULL, 0, NULL, NULL)) {
- printf ("[-] Cannot write DSA private key.\n");
- return 0;
- }
-
- printf ("[+] Private key successfully written.\n");
-
- printf ("[!] Writing public key...\n");
-
- if (!PEM_write_DSA_PUBKEY (pub, key)) {
- printf ("[-] Cannot write DSA public key.\n");
- return 0;
- }
-
- printf ("[+] Public key successfully written.\n");
-
- return 1;
-}
-
-int keygen (int ac, char **av)
-{
- FILE *pub, *priv;
-
- char hostname[32];
- char *user, *file;
- int bits;
-
- if (ac < 5) {
- print_usage (av[1], av);
- return 1;
- }
-
- if (gethostname (hostname, 32) != 0) {
- printf ("[-] Cannot get hostname\n");
- return 1;
- }
-
- user = av[3];
- bits = atoi (av[4]);
-
- if (!(check_tree (user, av[2]))) {
- printf ("[-] Unable to locate and/or create keys directories\n");
- return 1;
- }
-
- file = get_private_filename (user, av[2]);
-
- if (!(priv = fopen (file, "w"))) {
- printf ("[-] Cannot open private keyfile \"%s\"\n", file);
- free (file);
- return 1;
- }
-
- free (file);
-
- file = get_public_filename (user);
-
- if (!(pub = fopen (file, "w"))) {
- printf ("[-] Cannot open public keyfile \"%s\"\n", file);
- free (file);
- fclose (priv);
- return 1;
- }
-
- free (file);
-
- printf ("[!] Generating %d DSA key pair for %s@%s\n", bits, user, hostname);
- if (!gen_dsa_keys (bits, priv, pub)) {
- fclose (priv);
- fclose (pub);
- return 1;
- }
-
- fclose (priv);
- fclose (pub);
- return 0;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/usbadm.1.gz
^
|
| @@ -1,40 +0,0 @@
-.TH "USBADM" "1" "August 2005"
-.SH "NAME"
-usbadm \- tool to administrate the pam_usb PAM module
-.SH SYNOPSIS
-.B usbadm
-.I <action> [arguments]
-.SH DESCRIPTION
-This manual page documents briefly the
-.B usbadm
-command. This tool helps managing users and USB devices for use
-within pam_usb, providing functions to generate and encrypt private
-and public DSA keys, control serial numbers access list...
-.SH "COMMANDS"
-.TP
-.B help [command]
-display action description and usage. If an argument is supplied, print the
-specific action description and usage, else print the action list summary.
-.TP
-.B keygen <mntpoint> <user> <bits>
-generate per host private/public DSA key pair. Required arguments are:
-the mountpoint where you mounted the device, the user you want to
-generate a couple of keys for, and the number of bits the key should be
-generated with.
-.TP
-.B cipher <mntpoint> <user> [algorithm]
-Manage the cipher for the private key. Can be used for encrypt, decrypt or
-change password for the private key. See below for the mountpoint and
-the user. If no algorithm were supplited, you'll be prompted for one.
-It supports every algoritgm OpenSSL manage (blowfish and 3des among
-others). If algorithm is none, it'll decrypt the private key and no
-password will be prompted anymore.
-.TP
-.B addserial [serial number]
-Allows the specified serial number. If none were specified, it'll try to
-probe the plugged device's one and to allow it.
-.br
-.SH OTHER INFO
-The website for pam_usb is at http://www.pamusb.org/
-.SH AUTHOR
-Andrea Luzzardi <scox@sig11.org>,
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/usbadm.c
^
|
| @@ -1,67 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <shadow.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-
-#include <conf.h>
-#include "usbadm.h"
-
-struct action actions[] = {
- { "help", "display action description and usage.", "[action]", help},
- { "keygen", "generate per host private/public DSA key pair", "<mntpoint> <user> <bits>", keygen },
- { "cipher", "manage the private key encryption (encrypt/decrypt/change password)", "<mntpoint> <user> [algorithm]", cipher },
- { "addserial", "grants the specified serial number.", "[serial number]", addserial},
- { NULL, NULL, NULL, NULL }
-};
-
-struct action *find_action (char *name)
-{
- struct action *action = actions;
- while (action->name) {
- if (!strcmp (action->name, name)) {
- return action;
- }
- action++;
- }
- return NULL;
-}
-
-int main (int ac, char **av)
-{
- struct action *action = NULL;
-
- if (ac < 2) {
- printf ("usage: %s <action> [arguments]\n", av[0]);
- printf ("See %s help\n", av[0]);
- return 1;
- }
-
- parse_args (ac, (const char **)av);
- put_default_values ();
-
- if (!(action = find_action (av[1]))) {
- printf ("%s: unknown action\n", av[1]);
- return 1;
- }
- return action->handler(ac, av);
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbadm/usbadm.h
^
|
| @@ -1,25 +0,0 @@
-#ifndef _USBADM_H
-#define _USBADM_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <conf.h>
-
-struct action {
- char *name;
- char *desc;
- char *usage;
- int (*handler)(int, char **);
-};
-
-struct action *find_action (char *name);
-
-void print_usage (char *name, char **av);
-int help (int ac, char **av);
-int addserial (int ac, char **av);
-int keygen (int ac, char **av);
-int cipher (int ac, char **av);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug
^
|
| -(directory)
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/Makefile
^
|
| @@ -1,38 +0,0 @@
-CC := gcc
-CFLAGS := -Wall -O2 -I../../src
-BIN := usbhotplug
-DEST := $(DESTDIR)/usr/bin
-HOTPLUGDIR := $(DESTDIR)/etc/hotplug.d/default
-PAMUSBCONF := $(DESTDIR)/etc/pam_usb
-PAMDIR := $(DESTDIR)/etc/pam.d
-SOURCES := $(wildcard *.c)
-OBJS := $(patsubst %.c,%.o,$(SOURCES))
-SOBJS := $(wildcard ../../src/*.o)
-
-all: pam_usb $(BIN)
-
-pam_usb:
- make all -C ../../src
-
-$(BIN): $(OBJS)
- $(CC) $(CFLAGS) -lpam -lssl -o $@ $(OBJS) $(SOBJS)
-
-%.o: %.c
- $(CC) -c $(CFLAGS) -o $@ $<
-
-install: all
- install -m755 $(BIN) $(DEST)
- install -d $(HOTPLUGDIR)/
- install -m755 files/pamusb.hotplug $(HOTPLUGDIR)/
- install -d $(PAMUSBCONF)/handlers/
- install -m644 files/hotplug.conf $(PAMUSBCONF)/
- install -m755 files/xlock.sh $(PAMUSBCONF)/handlers/
- install -m644 files/usbhotplug.pam $(PAMDIR)/usbhotplug
-
-deinstall:
- rm -f $(DEST)/$(BIN)
- rm -f $(HOTPLUGDIR)/pamusb.hotplug
- rm -f $(PAMDIR)/usbhotplug
-
-clean:
- rm -f $(OBJS) $(BIN)
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/auth.c
^
|
| @@ -1,58 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-
-#include "usbhotplug.h"
-
-int conv (int n, const struct pam_message **msg,
- struct pam_response **resp, void *data)
-{
- /* Okay, as we're called by the kernel because of a hotplug
- * event, we can't prompt the user or tell him anything.
- * So we'll just ignore the conversation. */
-
- return PAM_BUF_ERR;
-}
-
-int pam_do_auth (void)
-{
- int status = 0;
- struct pam_conv c;
- pam_handle_t *pamh = NULL;
-
- c.conv = &conv;
-
- if (pam_start ((const char*)SERVICE, (const char*)config.auth, &c, &pamh)
- != PAM_SUCCESS) {
- DEBUG ("Cannot start PAM for the user %s\n", config.auth);
- return 0;
- }
-
- if (pam_set_item (pamh, PAM_TTY, ":0.0") != PAM_SUCCESS) {
- DEBUG ("Warning: Cannot set tty to :0.0\n");
- }
-
- status = pam_authenticate (pamh, 0);
-
- pam_end (pamh, status);
-
- if (status != PAM_SUCCESS)
- return 0;
-
- return 1;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/auth.h
^
|
| @@ -1,9 +0,0 @@
-#ifndef _USBHOTPLUG_AUTH_H
-#define _USBHOTPLUG_AUTH_H
-
-int conv (int n, const struct pam_message **msg,
- struct pam_response **resp, void *data);
-
-int pam_do_auth (void);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/event.c
^
|
| @@ -1,124 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-
-#include "usbhotplug.h"
-#include "event.h"
-
-#include <pwd.h>
-
-extern char **environ;
-
-int set_perm (void)
-{
- struct passwd *pw = NULL;
- char *user = config.user;
- int found = 0;
-
- uid_t uid = 0;
- gid_t gid = 0;
-
- if (!user)
- return 1;
-
- setpwent();
-
- while ((pw = getpwent())) {
- if (!strcmp (user, pw->pw_name)) {
- uid = pw->pw_uid;
- gid = pw->pw_gid;
-
- ++found;
- break;
- }
- }
-
- if (!found) {
- DEBUG ("Cannot find the entry for user %s, aborting\n", user);
- return 0;
- }
-
- if (setgid (gid) == -1)
- return 0;
-
- if (setegid (gid) == -1)
- return 0;
-
- if (setuid (uid) == -1)
- return 0;
-
- if (seteuid (uid) == -1)
- return 0;
-
- DEBUG ("Running as user %s [ uid:%u | gid:%u ]\n", user, uid, gid);
-
- return 1;
-}
-
-int retrieve_info (struct device_info *info)
-{
- if (!(info->action = getenv ("ACTION")))
- return 0;
-
- if (!(info->product = getenv ("PRODUCT")))
- return 0;
-
- DEBUG ("Received hotplug event [%s] for product [%s]\n",
- info->action, info->product);
-
- if ((strcmp (info->action, "add") != 0) &&
- (strcmp (info->action, "remove") != 0)) {
- DEBUG ("Unknown event: %s\n", info->action);
- return 0;
- }
-
- return 1;
-}
-
-int handle_event (int status)
-{
- if (!set_perm()) {
- DEBUG ("Cannot set permissions, aborting\n");
- return 0;
- }
-
- DEBUG ("Starting the %s handler\n", status ? "unlock" : "lock");
-
- if (status)
- return exec_handler (config.stop);
- else
- return exec_handler (config.start);
-}
-
-int exec_handler (char *handler)
-{
- char **args = NULL;
-
- /* we got something like program arg1 arg2 */
- args = split (handler, ' ');
-
- DEBUG ("About to execute %s...\n", handler);
-
- if (execve (args[0], args, environ < 0)) {
- DEBUG ("Cannot execute the handler %s: %s\n", handler,
- strerror(errno));
- return 0;
- }
-
- return 1;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/event.h
^
|
| @@ -1,8 +0,0 @@
-#ifndef _USBHOTPLUG_EVENT_H
-#define _USBHOTPLUG_EVENT_H
-
-int retrieve_info (struct device_info *info);
-int exec_handler (char *handler);
-int handle_event (int status);
-
-#endif
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/files
^
|
| -(directory)
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/files/hotplug.conf
^
|
| @@ -1,96 +0,0 @@
-# usbhotplug default configuration script.
-#
-# This script is read by usbhotplug whenever a usb storage device is inserted
-# or removed.
-#
-# Please read the documentation at http://www.pamusb.org for more informations.
-#
-# I'm sorry but I reused the parser of pam_usb which is not meant at all
-# for configuration files, so please note that a blank line is meant as
-# the end of the configuration, in short:
-#
-# DO NOT PUT BLANK LINES UNTIL THE END
-#
-# If you do, every option followed by that blank line will not be interpretated.
-#
-# I'll come up with a better parsed someday, in the meantime, use # instead of
-# blank lines.
-#
-#
-#
-# ENABLE
-#
-# Is usbhotplug enabled ?
-# Can be set either to 0 or 1.
-#
-# If you don't want to use usbhotplug, just leave it to 0.
-#
-ENABLE=0
-#
-#
-# AUTH
-#
-# Which user should we try to authenticate ?
-#
-AUTH=root
-#
-#
-# USER (optional)
-#
-# usbhotplug will setuid and setgid to its uid and gid before
-# executing the start and stop handlers.
-# If not used, it will not change uid/gid, and will run as root.
-#
-USER=root
-#
-#
-# START (aka LOCK)
-#
-# The program that will be executed whenever a usb storage device is removed
-# and the user AUTH cannot be authenticated.
-# This option can take arguments, they will be passed to the
-# program when executed.
-# Note that usbhotplug uses execve(), so shell commands won't work here.
-# I recommend to put a shell script as argument here, and then handle
-# all the locking through it. Don't forget to chmod +x it.
-# Take as example the default START handler.
-#
-START=/etc/pam_usb/handlers/xlock.sh start
-#
-#
-# STOP (aka UNLOCK)
-#
-# Same as START, but will executed when a usb storage device
-# is plugged in and user AUTH can be authenticated.
-#
-STOP=/etc/pam_usb/handlers/xlock.sh stop
-#
-#
-# DELAY (optional)
-#
-# Takes an argument in seconds.
-#
-# Your device may take a few time to initialize.
-# In that case you may want to tell usbhotplug to sleep a bit
-# before trying to authenticate the user.
-#
-DELAY=0
-#
-#
-# LOG_FILE (optional)
-#
-# Takes a file name as argument.
-#
-# usbhotplug will log every event in there, mostly useful for
-# debugging.
-#
-# Commenting the following line will make usbhotplug print the
-# log messages to stderr, which you won't see as it's executed by
-# the kernel, but can be useful while debugging.
-#
-# LOG_FILE=/var/log/usbhotplug
-
-
-
-
-
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/files/pamusb.hotplug
^
|
| @@ -1,18 +0,0 @@
-#!/bin/sh
-#
-# pamusb.hotplug : Hotplug script to start the real usbhotplug agent.
-#
-# This script is used to call the usbhotplug agent through the linux-hotplug
-# agent (http://linux-hotplug.sourceforge.net).
-#
-# usbhotplug can also work on standalone mode (if you don't want to install
-# linux-hotplug) by setting kernel.hotplug=/usr/bin/usbhotplug into
-# /etc/sysctl.conf.
-#
-# Both this script and the usbhotplug agent are part of the pam_usb project
-# http://www.pamusb.org/
-#
-
-if [ -x /usr/bin/usbhotplug ] ; then
- /usr/bin/usbhotplug $1
-fi
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/files/usbhotplug.pam
^
|
| @@ -1,3 +0,0 @@
-auth sufficient /lib/security/pam_usb.so !check_device debug
-
-
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/files/xlock.sh
^
|
| @@ -1,26 +0,0 @@
-#!/bin/sh
-#
-# xlock.sh: usbhotplug handler for xlock.
-#
-# It will basically just start xlock to lock the system, and kill it
-# to unlock the system.
-#
-# Yes, I know it's a dirty way: it would be much cleaner with xscreensaver but
-# once locked it can't be unlocked, i'm currently working on it.
-#
-
-DISP=":0.0"
-ACTION=$1
-
-case $ACTION in
-
-start)
- DISPLAY=${DISP} xlock
-;;
-
-stop)
- killall xlock
-
-;;
-
-esac
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/usbhotplug.c
^
|
| @@ -1,150 +0,0 @@
-/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-
-#include "usbhotplug.h"
-#include "auth.h"
-#include "event.h"
-
-struct hotplug_config config;
-
-struct _expected_config expected_config[] = {
- {"ENABLE" , &config.enable, 1 },
- {"AUTH" , &config.auth, 1 },
- {"USER" , &config.user, 0 },
- {"START" , &config.start, 1 },
- {"STOP" , &config.stop, 1 },
- {"DELAY" , &config.sleep, 0 },
- {"LOG_FILE" , &config.logfile, 0 },
- {NULL , NULL, 0 }
-};
-
-int load_config (void)
-{
- struct _expected_config *config_mem = expected_config;
- FILE *f;
-
- if (!(f = fopen (CONF_FILE, "r"))) {
- DEBUG ("Cannot open configuration file (%s)\n", CONF_FILE);
- return 0;
- }
-
- while (config_mem->name) {
- (*config_mem->value) = get_param (f, config_mem->name, '=');
-
- if (!(*config_mem->value) && config_mem->required) {
- DEBUG ("Missing required argument [%s], aborting.\n",
- config_mem->name);
- return 0;
- }
-
- DEBUG ("Got %s = %s\n", config_mem->name, (*config_mem->value) ? (*config_mem->value) : "none");
-
- rewind (f);
- config_mem++;
- }
-
- return 1;
-}
-
-void init_log (void)
-{
- if (!(config.logfile))
- return;
-
- if (!(log_stream = fopen (config.logfile, "a"))) {
- log_stream = stderr;
- DEBUG ("Cannot open log file %s\n", config.logfile);
- return;
- }
-
- DEBUG ("--- LOG STARTED ---\n");
-}
-
-void fini_log (void)
-{
- if (!config.logfile)
- return;
-
- fclose (log_stream);
-}
-
-int main (int ac, char **av)
-{
- int status = 0;
- int delay = 0;
-
- struct device_info info;
-
- memset (&info, '\0', sizeof (struct device_info));
- memset (&config, '\0', sizeof (struct hotplug_config));
-
- log_stream = stderr;
-
- put_default_values();
-
- if (ac < 2) {
- fprintf (stderr, "%s: don't run this manually.\n", av[0]);
- return 1;
- }
-
- if (!load_config()) {
- DEBUG ("Unable to load configuration.\n");
- return 1;
- }
-
- if (strcmp (av[1], "block") != 0) {
- DEBUG ("Discarding non-usb device hotplug event [%s]\n", av[1]);
- return 0;
- }
-
- init_log();
-
- DEBUG ("Received a hotplug event\n");
-
- if (!atoi(config.enable)) {
- DEBUG ("usbhotplug not enabled, aborting.\n");
- DEBUG ("Set ENABLE=1 to enable.\n");
- return 0;
- }
-
- /* Who cares we cannot retrieve the informations...
- * if we cannot authenticate the user, then we must lock down.
- * In short, just display a warning and try to authenticate the user.
- */
-
- if (!retrieve_info (&info))
- DEBUG ("Cannot retrieve device informations\n");
-
- /* Give it some time to do its job... */
- delay = atoi (config.sleep);
-
- if (delay)
- sleep (delay);
-
- status = pam_do_auth();
-
- DEBUG ("Access %s for user %s, starting the handler\n",
- status ? "granted" : "denied", config.auth);
-
- handle_event (status);
-
- fini_log();
-
- return 0;
-}
|
|
[-]
[+]
|
Deleted |
pam_usb-0.3.3.tar.gz/tools/usbhotplug/usbhotplug.h
^
|
| @@ -1,50 +0,0 @@
-#ifndef _USBHOTPLUG_H
-#define _USBHOTPLUG_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <security/pam_appl.h>
-
-#include <pam.h>
-#include <parser.h>
-#include <conf.h>
-
-#define SERVICE "usbhotplug"
-#define CONF_FILE "/etc/pam_usb/hotplug.conf"
-
-FILE *log_stream;
-
-#define DEBUG(s, ...) \
-do { \
- fprintf (log_stream, "[%s] ", SERVICE); \
- fprintf (log_stream, s, ##__VA_ARGS__); \
- fflush (log_stream); \
-} while(0)
-
-struct _expected_config {
- char *name;
- char **value;
- int required;
-};
-
-struct hotplug_config {
- char *enable;
- char *auth;
- char *user;
- char *logfile;
- char *start;
- char *stop;
- char *sleep;
-};
-
-struct device_info {
- char *action;
- char *product;
-};
-
-extern struct hotplug_config config;
-
-#endif
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/ChangeLog
^
|
| @@ -0,0 +1,211 @@
+* 0.5.0
+- Migrated the code base to UDisks. pam_usb doesn't depend on HAL anymore.
+- Added deny_remote option (defaults to true). If false,
+ local login check will be disabled.
+- Fixed a bug in the device recognition (--add-device)
+
+* 0.4.2
+- Added the pad_expiration option which tells pam_usb how often pads
+ should be updated in order to reduce device writing.
+- Support for time options in the configuration parser (5s, 2h, 10m, etc)
+- Added the --verbose option to pamusb-conf
+- Added the --debug option to pamusb-check
+- Fixed the ElementTree import statement of pamusb-agent to work with
+ Python 2.5. Thanks to Donald Hayward <liquidsunshine@gmail.com> for
+ the patch.
+- Fixed pamusb-conf to work without vendor and product name
+- Improved the device detection to work with any removable storage device.
+ Thanks to Guillermo Antonio Amaral Bastidas <me@guillermoamaral.com>
+ for providing the patch.
+- Added a workaround for a DBUS bug that prevented pam_usb to work with su.
+ https://bugs.freedesktop.org/show_bug.cgi?id=11876
+- Disable log outputting if the application doesn't have any tty
+ attached (fixes gksudo and other software).
+- Various minor bugfix
+
+* 0.4.1
+- Fixed a security issue related to OpenSSH authentication
+- Fixed the quiet option (now it is really quiet)
+- Support for devices without vendor/model information
+
+* 0.4.0
+- Both pam_usb and its tools (adm, hotplug) have been redesigned from the
+ ground up and rewritten from scratch.
+- Hardware recognition is now done through HAL which provides a stable
+ interface over kernel changes.
+- Certificates have been replaced by one time pads. That will prevent
+ copies of the USB device to be used for authentication.
+- Device's manufacturer properties verification. pam_usb now verifies
+ device informations (vendor, product, serial number, UUID) in the
+ authentication process.
+- Configuration is now handled in a central place, the pamusb.conf
+ configuration file. This XML file contains configuration entries for
+ users, devices and services.
+- pamusb-agent (formely usbhotplug) make use of DBUS signals (sent by HAL)
+ instead of kernel hotplugging. Also, its configuration has been merged
+ into the pamusb.conf configuration file.
+- A new tool named pamusb-check has been added. It can perform authentication
+ the way the PAM module does. It can be useful for testing and scripting
+ purposes.
+
+* 0.3.3
+- The option keypath is now splitted into local_keypath and device_keypath.
+- Fixed a bug that occurred when the TTY entry was empty.
+- pam_usb doesn't get anymore the tty name from PAM_TTY as it used to be
+ empty on some systems.
+- Better defaults. The default options have been set to fit most needs,
+ you are no longer required to use !check_device on 2.6.
+- Verbose mode. By default, pam_usb now prints some informations during
+ the login process (access granted, the reason why access was refused, etc).
+ This can be turned off using the brand new 'quiet' option.
+- Other small fixes.
+
+* 0.3.2
+- Now pam_usb will also try to autodetect /dev/sdN devices (not just
+ /dev/sdNX).
+- Fixed a bug that happened when the application using PAM didn't set
+ PAM_TTY correctly.
+- Added the use_first_pass and try_first_pass options.
+ Now if you enter your password on another PAM module (such as pam_mount
+ or pam_ssh), pam_usb will use that password to decrypt the private key.
+
+* 0.3.1
+- Lot of misc fixes (memory management, Makefiles, sanity checks, etc).
+ I'd like to thank the PaX Team <pageexec@freemail.hu> who did almost
+ the whole job.
+- Added the hostname option which allows to select what hostname should
+ be used for authentication (useful for shared public keys over lan).
+ Thanks to Nicolas Chauvat <chauvat@nerim.net> who reported the issue,
+ the idea and the patch for this feature.
+
+* 0.3.0
+- Not much changes in this version beside a gcc fix, but the 0.2 branch
+ reached too many new features so i wanted to name this release 0.3.0
+ as i should have done with 0.2.3
+- Fixed a gcc 3.3 compile issue, and all related warning.
+ I would like to thank the following guys for having reported this bug so fast:
+ Lalande Fabrice <fabrice.lalande@orange.fr>
+ Marco <gaedol@softhome.net>
+ Neil Dunbar <neil.dunbar@hp.com>
+
+* 0.2.3
+- Added the usbhotplug tool.
+ usbhotplug is a hotplug agent that will automagically start a lock handler
+ when the usb device is removed and an unlock handler when the usb device
+ is plugged back in and authenticated through pam_usb.
+
+ The default handlers will start xlock when the usb device is removed,
+ and will kill it when the usb device is plugged back in and authenticated.
+
+ I'd like to thank Wout Mertens <wmertens@cisco.com> as we had a couple
+ of discussions about hotplug which helped me implementing this tool.
+
+- The parser can now understand "option" and "!option" instead of
+ option=1 and option=-1 (e.g. debug !check_device).
+ Thanks to Jean-Christophe JASKULA <jean.christophe.jasku-la@wanadoo.fr> who
+ suggested me that and provided an initial patch.
+
+- Fixed a loop bug on serial number checking. Thanks to Zs <horzsol@freemail.hu>
+ for reporting the bug and a patch to fix it.
+
+- Added the direct_open option which allows to open the private key
+ using O_DIRECT to avoid disk caching (works only on devices that
+ supports it). Thanks to myles <myles@tenhand.com> who suggested me that.
+
+- Added some sanity checks here and there because it seems that the PAM
+ API can return weird stuff from time to time.
+
+- Handling the mount point creation/remotion in a better way which seems
+ to fix a couple of mntpoint problems.
+
+* 0.2.2
+- Added the keep_mounted option, which allows to not umount the mount point
+ once logged (useful if the gpg/ssh key is stored on there)
+
+- Fixed the mntpoint option: do not delete the directory if it's not a
+ temporary one.
+
+- Added the support to pass multiple filesystems name with the fs=
+ option (comma separated list). Changed the default fs to "ext2,vfat"
+
+- Added the log_file option. Takes a filename as a argument.
+ Combined with debug=1 it can log debug messages to a file.
+
+- Not mounting the device as read-only anymore. Instead, the mount_opts
+ option has been created. It accepts a comma separated list of mount
+ options (accepted options are: ro,bind,sync,remount,nosuid,noexec,nodev).
+
+- Fixed an issue which made the allow_remote feature not working correctly
+ with gdm/kdm.
+
+- Introduced the local_hosts and local_consoles options. They contain a
+ comma separated lists of hosts and consoles allowed to log in while using
+ allow_remote=-1
+
+* 0.2.1
+- Changed the naming method from x.y to x.y.z
+
+- pam_usb is now able to distinguish local users from remote (as in
+ logged via ssh), and denies the authentication of non-local users.
+ Setting allow_remote to 1 disable this feature.
+
+- Mounting is now done in read-only.
+
+- Added the missing mandatory PAM functions.
+
+* 0.2_rc2
+- Workaround to make pam_usb not use /proc so it can run on Linux 2.6
+ By setting check_device to -1, pam_usb will neither check the device's
+ serial number, nor if it's attached. It's not a real problem if you
+ don't need serial number checking, but don't combine it with
+ check_if_mounted.
+
+- Added the force_device capability. Now you can specify a device that
+ will be mounted without going in guessing mode. If the device cannot
+ be mounted, it'll switch back to the default guess mode.
+ Useful if guess mode fails, if you don't want it to try several
+ devices before getting the right one (so you can login faster), or if
+ you want to login using a floppy disk, a cdrom or whatever you want.
+
+- Modified the serial number authentication method so now if no serial
+ numbers are avaible on a device, it will try to use the GUID.
+ Thanks to Damien Braillard <damien.b@freesurf.ch> who reported the
+ issue, suggested a way to fix it, and provided a first patch for it.
+
+* 0.2_rc1
+- Radically changed the way pam_usb authenticates the user on the
+ system. Now it works with a pair of DSA keys.
+
+ Thanks to Wout Mertens <wmertens@cisco.com> who told me that i could
+ use a couple of SSH keys to fix the authentication issue.
+ That gave me the idea to use a set of private/public keys.
+
+ Thanks to Ilkka Mattila <ilkka@lyseo.edu.ouka.fi> who helped me to
+ find out a better way to implement the key challenge: extracting the
+ public key was inadequate.
+
+ Also thanks to those who brought up weird scenarios and/or tested
+ pre-releases of pam_usb, in alphabetical order:
+
+ Ilkka Mattila <ilkka@lyseo.edu.ouka.fi>
+ Joonas Kortesalmi
+ Thomas Stewart <thomas@stewarts.org.uk>
+ Tuure Laurinolli <tuure@laurinolli.net>
+
+* 0.1:
+- Now pam_usb doesn't require a mount point. Instead, it creates
+ a temporary directory under /tmp.
+ Thanks to Loic Jaquemet <jaquemet@fiifo.u-psud.fr> who gave me the idea.
+
+- Compiles with gcc 2.95 thanks to Tobias Bayer <tobi.bayer@gmx.de> bug
+ report.
+
+* 0.1-beta2:
+- procfile and device entries autodetection have been fixed thanks to
+ Thomas Stewart <thomas@stewarts.org.uk> bug reports.
+
+- devfs support added. Thanks to Loic Jaquemet <jaquemet@fiifo.u-psud.fr>
+ for the bug report.
+
+* 0.1-beta1:
+- Initial release
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/Makefile
^
|
| @@ -1,21 +1,88 @@
-MAKE = make
-
-all: pam_usb tools
-
-pam_usb:
- $(MAKE) all -C src
- $(MAKE) all -C tools
-
-install:
- $(MAKE) install -C src
- $(MAKE) install -C tools
-
-deinstall:
- $(MAKE) deinstall -C src
- $(MAKE) deinstall -C tools
-
-clean:
- $(MAKE) clean -C src
- $(MAKE) clean -C tools
-
+# Set to 'yes' to include debugging informations, e.g. DEBUG=yes make -e
+DEBUG := no
+# compiler/linker options
+CC := gcc
+CFLAGS := $(CFLAGS) -Wall -fPIC `pkg-config --cflags libxml-2.0` \
+ `pkg-config --cflags dbus-1`
+LIBS := `pkg-config --libs libxml-2.0` \
+ `pkg-config --libs dbus-1`
+
+# common source files
+SRCS := src/conf.c \
+ src/mem.c \
+ src/log.c \
+ src/xpath.c \
+ src/hal.c \
+ src/pad.c \
+ src/volume.c \
+ src/local.c \
+ src/device.c
+OBJS := $(SRCS:.c=.o)
+
+# pam_usb
+PAM_USB_SRCS := src/pam.c
+PAM_USB_OBJS := $(PAM_USB_SRCS:.c=.o)
+PAM_USB := pam_usb.so
+PAM_USB_LDFLAGS := -shared
+PAM_USB_DEST := $(DESTDIR)/lib/security
+
+# pamusb-check
+PAMUSB_CHECK_SRCS := src/pamusb-check.c
+PAMUSB_CHECK_OBJS := $(PAMUSB_CHECK_SRCS:.c=.o)
+PAMUSB_CHECK := pamusb-check
+
+# Tools
+PAMUSB_CONF := pamusb-conf
+PAMUSB_AGENT := pamusb-agent
+TOOLS_DEST := $(DESTDIR)/usr/bin
+TOOLS_SRC := tools
+
+# Conf
+CONFS := doc/pamusb.conf
+CONFS_DEST := $(DESTDIR)/etc
+
+# Doc
+DOCS := doc/QUICKSTART doc/CONFIGURATION doc/UPGRADING doc/FAQ
+DOCS_DEST := $(DESTDIR)/usr/share/doc/pamusb
+
+# Man
+MANS := doc/pamusb-conf.1.gz doc/pamusb-agent.1.gz doc/pamusb-check.1.gz
+MANS_DEST := $(DESTDIR)/usr/share/man/man1
+
+# Binaries
+RM := rm
+INSTALL := install
+MKDIR := mkdir
+
+ifeq (yes, ${DEBUG})
+ CFLAGS := ${CFLAGS} -ggdb
+endif
+
+all : $(PAM_USB) $(PAMUSB_CHECK)
+
+$(PAM_USB) : $(OBJS) $(PAM_USB_OBJS)
+ $(CC) -o $(PAM_USB) $(PAM_USB_LDFLAGS) $(LDFLAGS) $(OBJS) $(PAM_USB_OBJS) $(LIBS)
+
+$(PAMUSB_CHECK) : $(OBJS) $(PAMUSB_CHECK_OBJS)
+ $(CC) -o $(PAMUSB_CHECK) $(LDFLAGS) $(OBJS) $(PAMUSB_CHECK_OBJS) $(LIBS)
+
+%.o : %.c
+ ${CC} -c ${CFLAGS} $< -o $@
+
+clean :
+ $(RM) -f $(PAM_USB) $(PAMUSB_CHECK) $(OBJS) $(PAMUSB_CHECK_OBJS) $(PAM_USB_OBJS)
+
+install : all
+ $(MKDIR) -p $(CONFS_DEST) $(DOCS_DEST) $(MANS_DEST) $(TOOLS_DEST) $(PAM_USB_DEST)
+ $(INSTALL) -m755 $(PAM_USB) $(PAM_USB_DEST)
+ $(INSTALL) -m755 $(PAMUSB_CHECK) $(TOOLS_SRC)/$(PAMUSB_CONF) $(TOOLS_SRC)/$(PAMUSB_AGENT) $(TOOLS_DEST)
+ $(INSTALL) -b -m644 $(CONFS) $(CONFS_DEST)
+ $(INSTALL) -m644 $(DOCS) $(DOCS_DEST)
+ $(INSTALL) -m644 $(MANS) $(MANS_DEST)
+
+deinstall :
+ $(RM) -f $(PAM_USB_DEST)/$(PAM_USB)
+ $(RM) -f $(TOOLS_DEST)/$(PAMUSB_CHECK) $(TOOLS_DEST)/$(PAMUSB_CONF) $(TOOLS_DEST)/$(PAMUSB_AGENT)
+ $(RM) -rf $(DOCS_DEST)
+ $(RM) -f $(MANS_DEST)/pusb_*
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/README.md
^
|
| @@ -0,0 +1,17 @@
+pam\_usb provides hardware authentication for Linux using ordinary USB Flash Drives.
+
+It works with any application supporting PAM, such as _su_, any login manager (_GDM_, _KDM_), etc. The pam\_usb package contains:
+
+* A PAM Module
+ * Password-less authentication. Use your USB stick for authentication, don't type passwords anymore.
+ * Device auto probing.You don't need to mount the device, or even to configure the device location (_sda1_, _sdb1_, etc). pam\_usb.so will automatically locate the device using _HAL_ and access its data by itself.
+ * Two-factor authentication. Achieve greater security by requiring both the USB stick and the password to authenticate the user.
+ * Non-intrusive. pam\_usb doesn't require any modifications of the USB storage device to work (no additional partitions required).
+ * USB Serial number, model and vendor verification.
+ * Support for **One Time Pads** authentication.
+ * You can use the same device accross multiple machines.
+ * Support for all kind of removable devices (SD, MMC, etc).
+* Several tools
+ * **pamusb-agent**: trigger actions (such as locking the screen) upon device authentication and removal.
+ * **pamusb-conf**: configuration helper.
+ * **pamusb-check**: integrate pam\_usb's authentication engine within your scripts or applications.
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc
^
|
| +(directory)
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/CONFIGURATION
^
|
| @@ -0,0 +1,264 @@
+====== Configuration ======
+
+Configuration is done through the pamusb-conf tool, as explained in the
+[[quickstart]] section. Most users don't have to manually change pamusb.conf,
+however if you want to change some default settings, this document explains the
+syntax of the pamusb.conf configuration file.
+
+===== Introduction =====
+
+* The configuration file is formatted in XML and subdivided in 4 sections:
+ - Default options, shared among every device, user and service
+ - Devices declaration and settings
+ - Users declaration and settings
+ - Services declaration and settings
+
+* The syntax is the following:
+<configuration>
+ <defaults>
+ <!-- default options -->
+ </defaults>
+
+ <devices>
+ <!-- devices definitions -->
+ </devices>
+
+ <users>
+ <!-- users definitions -->
+ </users>
+
+ <services>
+ <!-- services definitions -->
+ </services>
+</configuration>
+
+* Location of the configuration file
+
+By default, pam_usb.so and its tools will look for the configuration file
+located in /etc/pamusb.conf, but you can tell it to use a different file by
+using the -c option:
+
+# /etc/pam.d/common-auth
+auth sufficient pam_usb.so -c /some/other/path.conf
+auth required pam_unix.so nullok_secure
+
+You will also have to use the -c option when calling pam_usb's tools. For
+instance, when calling pamusb-agent:
+pamusb-agent -c /some/other/path.conf
+
+
+
+
+
+===== Options =====
+
+^ Name ^ Type ^ Default value ^ Description ^
+| enable | Boolean | true | Enable pam_usb
+|
+| debug | Boolean | false | Enable debug messages
+|
+| quiet | Boolean | false | Quiet mode (no verbose
+output) |
+| color_log | Boolean | true | Enable colored output
+|
+| one_time_pad | Boolean | true | Enable the use of one
+time pads |
+| deny_remote | Boolean | true | Deny access from
+remote host (ssh) |
+| probe_timeout | Time | 10s | Time to wait for the
+volume to be detected|
+| pad_expiration| Time | 1h | Time between pads
+regeneration|
+| hostname | String | Computer's hostname | Computer name. Must be
+unique accross computers using the same device |
+
+| system_pad_directory | String | .pamusb | Relative path to the
+user's home used to store one time pads |
+| device_pad_directory | String | .pamusb | Relative path to the
+device used to store one time pads|
+
+* Example:
+
+<configuration>
+<defaults>
+ <!-- Disable colored output by default -->
+ <option name="color_log">false</option>
+ <!-- Enable debug output -->
+ <option name="debug">true</option>
+ </defaults>
+ <users>
+ <user id="root">
+ <!-- Enable colored output for user "root" -->
+ <option name="color_log">true</option>
+ </user>
+ <user id="scox">
+ <!-- Disable debug output for user "scox" -->
+ <option name="debug">false</option>
+ </users>
+ <devices>
+ <device id="sandisk">
+ <!-- Wait 15 seconds instead of the default 10 seconds for the "sandisk"
+device to be detected -->
+ <option name="probe_timeout">15</option>
+ </devices>
+ <services>
+ <service id="su">
+ <!-- Disable pam_usb for "su" ("su" will ask for a password as usual) -->
+ <option name="enable">false<option>
+ </service>
+ </services>
+</configuration>
+
+===== Devices =====
+
+^ Name ^ Type ^ Description ^
+Example ^
+| id | Attribute | Arbitrary device name |
+MyDevice |
+| vendor | Element | device's vendor name |
+SanDisk Corp. |
+| model | Element | device's model name |
+Cruzer Titanium |
+| serial | Element | serial number of the device |
+SNDKXXXXXXXXXXXXXXXX |
+| volume_uuid | Element | UUID of the device's volume used to store pads |
+6F6B-42FC |
+
+
+* Example:
+
+<device id="MyDevice">
+<vendor>SanDisk Corp.</vendor>
+<model>Cruzer Titanium</model>
+<serial>SNDKXXXXXXXXXXXXXXXX</serial>
+<volume_uuid>6F6B-42FC</volume_uuid>
+</device>
+
+
+
+===== Users =====
+
+^ Name ^ Type ^ Description ^
+Example ^
+| id | Attribute | Login of the user | root
+|
+| device | Element | id of the device associated to the user |
+MyDevice |
+| agent | Element | Agent commands, for use with pamusb-agent | See
+below |
+
+* Example:
+
+<user id="scox">
+<device>MyDevice</device>
+
+<!-- When the user "scox" removes the usb device, lock the screen and pause
+beep-media-player -->
+<agent event="lock">gnome-screensaver-command --lock</agent>
+<agent event="lock">beep-media-player --pause</agent>
+
+<!-- Resume operations when the usb device is plugged back and authenticated -->
+<agent event="unlock">gnome-screensaver-command --deactivate</agent>
+<agent event="unlock">beep-media-player --play</agent>
+</user>
+
+===== Services =====
+
+^ Name ^ Type ^ Description ^ Example ^
+| id | Attribute | Name of the service | su |
+
+<service id="su">
+<!--
+ Here you can put service specific options such as "enable", "debug" etc.
+ See the options section of this document.
+-->
+</service>
+
+
+
+
+===== Full example =====
+
+This example demonstrates how to write a pam_usb configuration file and how to
+combine and override options.
+
+<configuration>
+<!-- Default options -->
+<defaults>
+ <!-- Enable debug output by default-->
+ <option name="debug">true</option> -->
+ <!-- Disable one time pads by default -->
+ <option name="one_time_pad">false</option> -->
+</defaults>
+
+<!-- Device settings -->
+<devices>
+ <device id="MyDevice">
+ <!-- This part was generated by pamusb-conf -->
+ <vendor>SanDisk Corp.</vendor>
+ <model>Cruzer Titanium</model>
+ <serial>SNDKXXXXXXXXXXXXXXXX</serial>
+ <volume_uuid>6F6B-42FC</volume_uuid>
+
+ <!--
+ Override the debug option previously enabled by "defaults".
+ Everytime a user associated to that device tries to authenticate,
+debugging will be disabled.
+ For other users using different devices, the debugging will still be
+enabled.
+ -->
+ <option name="debug">disable</option>
+ </device>
+</devices>
+
+<!-- User settings -->
+<users>
+
+ <!-- Authenticate user "root" with device "MyDevice". -->
+ <user id="root">
+ <device>MyDevice</device>
+
+ <!--
+ One time pads were disabled in the "defaults" section.
+ Now we want to enable them for the user "root" so we override the option:
+ -->
+ <option name="one_time_pad">true</option>
+ </user>
+
+ <!-- Authenticate user "scox" with device "MyDevice". -->
+ <user id="scox">
+ <device>MyDevice</device>
+
+ <!-- We want pam_usb to work in quiet mode when authenticating "scox", so we
+override the "quiet" option -->
+ <option name="quiet">true</option>
+
+ <!-- Agent settings, used by pamusb-agent -->
+ <agent event="lock">gnome-screensaver-command --lock</agent>
+ <agent event="unlock">gnome-screensaver-command --deactivate</agent>
+ </user>
+</users>
+
+<!-- Services settings (e.g. gdm, su, sudo...) -->
+<services>
+
+ <!-- Disable pam_usb for gdm (a password will be asked as usual) -->
+ <service id="gdm">
+ <option name="enable">false</option>
+ </service>
+
+ <!--
+ We already disabled one time pads in the defaults section, but then
+re-enabled them for the
+ user "root" in the users section.
+
+ Now we want to speed up console login for user root, so we simply override
+again the one_time_pad option
+ for the "login" (console) service.
+ -->
+ <service id="login">
+ <option name="one_time_pad">false</option>
+ </service>
+</services>
+</configuration>
+</code>
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/FAQ
^
|
| @@ -0,0 +1,28 @@
+====== Frequently Asked Questions ======
+
+> Q: Can I use my USB drive as usual ?
+>> A: Yes. pam_usb only occupies a few kilobytes of the device's space.
+
+> Q: What if I lose or break my USB key ? Will I be able to log back in ?
+>> A: Sure. Your usual password will be asked.
+
+> Q: How is the USB key identified ?
+>> A: The USB device is both identified by its manufacturer attributes (vendor,
+product, serial number) and by a few random bytes called one time pads that
+pam_usb writes and updates on the USB device upon authentication.
+
+> Q: What if someone copies the content of my flash drive ? Will she/he be able
+to log into my account ?
+>> A: Even if that person manages to fake your device's attributes (vendor,
+product, serial number, UUID), the one time pad they copied will be outdated as
+soon as you authenticate.
+
+> Q: Is my USB drive compatible with pam_usb ?
+>> A: About every USB flash drive will work with pam_usb.
+
+> Q: I can't authenticate anymore, pam_usb gives me the following error: Pad
+checking failed. What should I do ?
+>> A: It's a machine/device synchronization issue. To get rid of that error you
+have to reset the pads of your system by removing the .pamusb folder located on
+your home (/root/.pamusb/, /home/foobar/.pamusb/, etc).
+
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/QUICKSTART
^
|
| @@ -0,0 +1,238 @@
+====== Quickstart ======
+
+Before going ahead, make sure to follow the upgrading instructions if you're
+using a version of pam_usb prior to 0.4.0.
+
+===== Installing ====
+
+
+==== Gentoo Linux ====
+
+# emerge -av pam_usb
+
+
+==== Ubuntu and Debian ====
+
+# apt-get install libpam-usb pamusb-tools
+
+
+==== Installing from sources ====
+* Step 1: Download the latest release
+* Step 2: Unpack the distribution tarball
+
+$ tar -zxvf pam_usb-<version>.tar.gz
+$ cd pam_usb-<version>
+
+* Step 3: Make sure that you have installed the required dependencies
+
+pam_usb depends on libxml2, PAM, udisks and pmount. pam_usb's tools
+(pamusb-agent, pamusb-conf) depends on python, python-celementtree and
+python-gobject.
+
+* Step 3: Compile and install
+
+$ make
+# make install
+
+==== Installing from git ====
+
+If you want to use the development version, you can fetch the sources from
+GitHub
+$ git clone git:github.com/aluzzardi/pam_usb.git
+
+===== Setting up =====
+
+
+
+==== Devices and Users ====
+
+* Once you've connected your USB device to the computer, use pamusb-conf to add
+it to the configuration file:
+
+# pamusb-conf --add-device MyDevice
+Please select the device you wish to add.
+* Using "SanDisk Corp. Cruzer Titanium (SNDKXXXXXXXXXXXXXXXX)" (only option)
+Which volume would you like to use for storing data ?
+* Using "/dev/sda1 (UUID: <6F6B-42FC>)" (only option)
+Name : MyDevice
+Vendor : SanDisk Corp.
+Model : Cruzer Titanium
+Serial : SNDKXXXXXXXXXXXXXXXX
+Volume UUID : 6F6B-42FC (/dev/sda1)
+Save to /etc/pamusb.conf ?
+[Y/n] y
+Done.
+
+Note that MyDevice can be any arbitrary name you'd like. Also, you can add as
+many devices as you want.
+
+* Users
+
+Now that we have added the devices, we have to configure the users.
+
+ # pamusb-conf --add-user root
+ Which device would you like to use for authentication ?
+ * Using "MyDevice" (only option)
+ User : root
+ Device : MyDevice
+ Save to /etc/pamusb.conf ?
+ [Y/n] y
+ Done.
+
+Repeat this step for every other username you'd like to use pam_usb with (e.g.
+pamusb-conf --add-user MyUsername).
+
+* In order to check if everything went fine, we are going to use the
+pamusb-check tool which will simulate an authentication event.
+
+# pamusb-check root
+* Authentication request for user "root" (pamusb-check)
+* Device "MyDevice" is connected (good).
+* Performing one time pad verification...
+* Verification match, updating one time pads...
+* Access granted.
+
+
+
+==== PAM Module ====
+
+The PAM module pam_usb.so is used to let applications authenticate you using
+your USB device instead of asking your password. The default password-based
+authentication will be used as fallback if the device authentication goes wrong.
+
+* Depending on the operating system you're using, you have to tell PAM to use
+pam_usb.so as default authentication method. There should be a file named
+either common-auth (Gentoo) under /etc/pam.d/. If you do NOT have neither of
+those files, you'll have to edit each pam.d service file you want to use (e.g.
+/etc/pam.d/su, /etc/pam.d/gdm and so on).
+
+* Locate the following line on /etc/pam.d/common-auth or /etc/pam.d/system-auth:
+
+auth required pam_unix.so nullok_secure
+
+* And change it to look something like that:
+
+auth sufficient pam_usb.so
+auth required pam_unix.so nullok_secure
+
+* You should now be able to authenticate the users configured in pamusb.conf
+using your USB device:
+
+scox $ su
+* pam_usb v.SVN
+* Authentication request for user "root" (su)
+* Device "MyDevice" is connected (good).
+* Performing one time pad verification...
+* Verification match, updating one time pads...
+* Access granted.
+
+* Try to authenticate to a different application. pam_usb.so should work with
+any application using xscreensaver and many more).
+
+
+
+
+==== Agent ====
+
+The pam_usb agent (pamusb-agent) allows you to automatically execute commands
+upon locking and unlocking events. Those events are generated when you insert or
+remove your authentication device.
+To configure the commands, you have to edit pam_usb's configuration file
+(/etc/pamusb.conf) and add agent entries into your user section.
+
+For instance, you could automatically start your screensaver as soon as you
+remove the device, and deactivate it when you plug the device back.
+
+* GNOME (gnome-screensaver):
+<user id="scox">
+ <device>MyDevice</device>
+ <agent event="lock">gnome-screensaver-command --lock</agent>
+ <agent event="unlock">gnome-screensaver-command --deactivate</agent>
+</user>
+
+* KDE (kscreensaver):
+<user id="scox">
+ <device>MyDevice</device>
+ <agent event="lock">dcop kdesktop KScreensaverIface lock</agent>
+ <agent event="unlock">dcop kdesktop KScreensaverIface quit</agent>
+</user>
+
+You can execute more commands by adding extra <agent> entries.
+
+
+$ pamusb-agent
+pamusb-agent[18329]: pamusb-agent up and running.
+pamusb-agent[18329]: Watching device "MyDevice" for user "scox"
+pamusb-agent[18329]: Device "MyDevice" has been removed, locking down user
+"scox"...
+pamusb-agent[18329]: Running "gnome-screensaver-command --lock"
+pamusb-agent[18329]: Locked.
+pamusb-agent[18329]: Device "MyDevice" has been inserted. Performing
+verification...
+pamusb-agent[18329]: Executing "/usr/bin/pamusb-check --quiet
+--config=/etc/pamusb.conf --service=pamusb-agent scox"
+pamusb-agent[18329]: Authentication succeeded. Unlocking user "scox"...
+pamusb-agent[18329]: Running "gnome-screensaver-command --deactivate"
+pamusb-agent[18329]: Unlocked.
+
+Depending on your desktop environment, you have to add pamusb-agent to the list
+of autostarted applications so it will be started automatically.
+
+* GNOME:
+ - Open System -> Preferences -> Sessions
+ - Select Startup Programs and press Add
+ - Enter pamusb-agent and press OK
+ - Press Close
+
+* KDE:
+ - cd ~/.kde/Autostart
+ - ln -s /usr/bin/pamusb-agent pamusb-agent
+
+===== Troubleshooting =====
+
+
+==== Log Analysis ====
+
+Both pam_usb.so and pamusb-agent use the syslog facility to log authentication
+attempts.
+This can be useful for GUI-driven applications (for instance GDM) where you
+don't get to see console output.
+Messages are logged with the AUTH facility, they are usually written to
+/var/log/auth.log but may vary
+depending on the operating system you're using.
+
+# tail -f /var/log/auth.log
+pamusb-agent[25429]: Device "sandisk" has been inserted. Performing
+verification...
+pamusb-agent[25429]: Executing "/usr/bin/pamusb-check --quiet
+--config=/etc/pamusb.conf --service=pamusb-agent scox"
+pam_usb[25485]: Authentication request for user "scox" (pamusb-agent)
+pam_usb[25485]: Device "sandisk" is connected (good).
+pam_usb[25485]: Access granted.
+pamusb-agent[25429]: Authentication succeeded. Unlocking user "scox"...
+pamusb-agent[25429]: Unlocked.
+
+
+==== Enabling debug ====
+
+Enabling debug messages may help you find out what's wrong.
+
+To enable them, edit /etc/pamusb.conf and set the following option:
+<defaults>
+ <option name="debug">true</option>
+</defaults>
+
+If you wish, you could enable debug messages only for a specific user, device or
+service.
+For instance, if you want to enable debug messages only for the sudo service,
+you could do the following:
+
+<services>
+ <service id="sudo">
+ <option name="debug">true</option>
+ </service>
+</services>
+
+===== It works - What next ? =====
+
+* Have a look at the configuration documentation
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/UPGRADING
^
|
| @@ -0,0 +1,58 @@
+====== Upgrading ======
+
+If you're already using a pam_usb version prior to 0.4.0, you will have to
+remove the older version before installing.
+
+You do not have to do this if you're already using >=0.4.0.
+
+===== Remove pam_usb.so from pam.d =====
+
+$ grep -r pam_usb.so /etc/pam.d
+/etc/pam.d/su:auth sufficient pam_usb.so
+/etc/pam.d/gdm:auth sufficient pam_usb.so
+[...]
+
+Edit every matching file and remove the pam_usb.so lines.
+At the end of the operation, there shouldn't be any file contanining a reference
+to pam_usb.so:
+
+$ grep -r pam_usb /etc/pam.d
+$
+
+
+===== Remove .auth directories =====
+
+Older versions of pam_usb used to create .auth directories in both the device
+and the user's home directory. Those directories aren't used anymore, so feel
+free to remove them:
+
+# rm -rf /root/.auth
+# rm -rf /home/scox/.auth
+# rm -rf /media/usbdisk/.auth
+
+
+
+===== Remove configuration files =====
+
+As configuration files of pam_usb 0.4.0 aren't backward compatible, the old
+/etc/pam_usb is no more needed.
+
+# rm -rf /etc/pam_usb
+
+
+
+===== Deinstall pam_usb =====
+
+If you installed the old pam_usb version using your operating system's package
+manager, then remove it by the same mean.
+
+Otherwise, you can remove it by hand by performing the following instructions:
+
+# rm -f /usr/bin/usbadm /usr/share/man/usbadm.1.gz
+# rm -f /usr/bin/usbhotplug /etc/hotplug.d/default/pamusb.hotplug
+/etc/pam.d/usbhotplug
+# rm -f /lib/security/pam_usb.so
+
+===== Next =====
+
+Go aheand and install the new version.
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/pamusb-agent.1.gz
^
|
| @@ -0,0 +1,32 @@
+." Text automatically generated by txt2man
+.TH pamusb-agent 1 "September 12, 2007" "" "PAM_USB"
+
+.SH NAME
+\fBpamusb-agent \fP- pam_usb event handler
+.SH SYNOPSIS
+.nf
+.fam C
+\fBpamusb-agent\fP [\fB--help\fP] [\fB--config\fP=path] [\fB--daemon\fP] [\fB--check\fP=path]
+.fam T
+.fi
+.SH DESCRIPTION
+\fBpamusb-agent\fP is in charge of executing commands upon USB device insertion (once
+authenticated through pam_usb) and removal.
+.PP
+See http:www.pamusb.org/doc/installation#hotplug for instructions on how to
+setup \fBpamusb-agent\fP.
+.SH OPTIONS
+.TP
+.B
+\fB--help\fP, \fB-h\fP
+Show summary of options.
+\fB--config\fP, \fB-c\fP Use the given configuration file (defaults to /etc/pamusb.conf).
+\fB--daemon\fP, \fB-d\fP Run \fBpamusb-agent\fP in the background.
+.TP
+.B
+\fB--check\fP, \fB-c\fP
+Set the path to pamusb-check (defaults to /usr/bin/pamusb-check)
+.SH BUGS
+Please send bug reports to the pam_usb mailing list.
+.SH AUTHOR
+Andrea Luzzardi <scox@sig11.org>
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/pamusb-check.1.gz
^
|
| @@ -0,0 +1,102 @@
+." Text automatically generated by txt2man
+.TH pamusb-check 1 "September 12, 2007" "" "PAM_USB"
+
+.SH NAME
+\fBpamusb-check
+.SH SYNOPSIS
+.nf
+.fam C
+Usage: \fIpamusb-check\fP [\fB--help\fP] [\fB--debug\fP] [\fB--config\fP=path] [\fB--service\fP=name] [\fB--dump\fP]
+[\fB--quiet\fP] <username>
+.fam T
+.fi
+.SH DESCRIPTION
+\fIpamusb-check\fP can simulate authentication through the pam_usb engine.
+It is useful for both testing purposes (to check the pam_usb configuration
+without having to try with a
+real program), but also for scripting. \fIpamusb-check\fP's exit code is 0 if the
+authentication was successful, 1 otherwise.
+It is used by pamusb-agent to check the device.
+.SH EXAMPLES
+$ \fIpamusb-check\fP scox
+.IP \(bu 3
+Authentication request for user "scox" (\fIpamusb-check\fP)
+.IP \(bu 3
+Device "creative" is connected (good).
+.IP \(bu 3
+Access granted.
+.PP
+$ \fIpamusb-check\fP \fB--service\fP=su scox
+.IP \(bu 3
+Authentication request for user "scox" (su)
+.IP \(bu 3
+Device "creative" is connected (good).
+.IP \(bu 3
+Access granted.
+.PP
+$ \fIpamusb-check\fP \fB--dump\fP scox
+.PP
+Configuration dump for user scox (service: \fIpamusb-check\fP):
+.TP
+.B
+enable
+: true
+.TP
+.B
+debug
+: false
+.TP
+.B
+quiet
+: false
+.TP
+.B
+color_log
+: true
+.TP
+.B
+one_time_pad
+: true
+.TP
+.B
+probe_timeout
+: 10
+.TP
+.B
+hostname
+: helium
+.TP
+.B
+system_pad_directory
+: .pamusb
+.TP
+.B
+device_pad_directory
+: .pamusb
+.SH OPTIONS
+.TP
+.B
+\fB--help\fP, \fB-h\fP
+Show summary of options.
+.TP
+.B
+\fB--debug\fP, \fB-D\fP
+Shows debug messages.
+.TP
+.B
+\fB--config\fP, \fB-c\fP
+Use the given configuration file (defaults to /etc/pamusb.conf).
+\fB--service\fP, \fB-s\fP Service name to be used for authentication (defaults to
+\fIpamusb-check\fP)
+.TP
+.B
+\fB--dump\fP, \fB-d\fP
+Dump the configuration, but do not try to authenticate
+.TP
+.B
+\fB--quiet\fP, \fB-q\fP
+Quiet mode
+.SH BUGS
+Please send bug reports to the pam_usb mailing list.
+.SH AUTHOR
+Andrea Luzzardi <scox@sig11.org>
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/pamusb-conf.1.gz
^
|
| @@ -0,0 +1,41 @@
+." Text automatically generated by txt2man
+.TH pamusb-conf 1 "September 12, 2007" "" "PAM_USB"
+
+.SH NAME
+\fBpamusb-conf \fP- pam_usb configuration tool
+.SH SYNOPSIS
+.nf
+.fam C
+\fBpamusb-conf\fP [\fB--help\fP] [\fB--verbose\fP] [\fB--config\fP=path] [\fB--add-user\fP=name |
+\fB--add-device\fP=name]
+.fam T
+.fi
+.SH DESCRIPTION
+\fBpamusb-conf\fP is a tool designed to help generating the pamusb.conf configuration
+file.
+.SH OPTIONS
+.TP
+.B
+\fB--help\fP, \fB-h\fP
+Show summary of options.
+.TP
+.B
+\fB--verbose\fP, \fB-v\fP
+Verbose output
+.TP
+.B
+\fB--config\fP, \fB-c\fP
+Use the given configuration file (defaults to
+/etc/pamusb.conf).
+.TP
+.B
+\fB--add-device\fP, \fB-d\fP
+Add a device
+.TP
+.B
+\fB--add-user\fP, \fB-u\fP
+Add a user
+.SH BUGS
+Please send bug reports to the pam_usb mailing list.
+.SH AUTHOR
+Andrea Luzzardi <scox@sig11.org>
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/doc/pamusb.conf
^
|
| @@ -0,0 +1,72 @@
+<!--
+pamusb.conf: Configuration file for pam_usb.
+
+See http://www.pamusb.org/doc/configuring
+-->
+
+<configuration>
+ <!-- Default options -->
+ <defaults>
+ <!-- Example:
+ <option name="debug">true</option>
+ -->
+ </defaults>
+
+ <!-- Device settings -->
+ <devices>
+ <!-- Example:
+ Note: You should use pamusb-conf to add devices automatically.
+ <device id="MyDevice">
+ <vendor>SanDisk Corp.</vendor>
+ <model>Cruzer Titanium</model>
+ <serial>SNDKXXXXXXXXXXXXXXXX</serial>
+ <volume_uuid>6F6B-42FC</volume_uuid>
+ <option name="probe_timeout">10</option>
+ </device>
+ -->
+ </devices>
+
+
+ <!-- User settings -->
+ <users>
+ <!-- Note: Use pamusb-conf to add a user, then you can tweak
+ manually the configuration here if needed.
+ -->
+
+ <!-- Example:
+ Authenticate user scox using "MyDevice", and configure pamusb-agent
+ to automatically start/stop gnome-screensaver on key insertion and
+ removal:
+ <user id="scox">
+ <device>MyDevice</device>
+ <option name="quiet">true</option>
+ <agent event="lock">gnome-screensaver-command -lock</agent>
+ <agent event="unlock">gnome-screensaver-command -deactivate</agent>
+ </user>
+
+ Configure user root to authenticate using MyDevice, but update one
+ time pads at every login (default is 1 hour):
+ <user id="root">
+ <device>MyDevice</device>
+ <option name="pad_expiration">0</option>
+ </user>
+ -->
+ </users>
+
+ <!-- Services settings (e.g. gdm, su, sudo...) -->
+ <services>
+ <!-- Example: Speed up hotplugging by disabling one time pads -->
+ <!--
+ <service id="pamusb-agent">
+ <option name="one_time_pad">false</option>
+ </service>
+ -->
+
+ <!-- Disable output for 'su' (needed for gksu) -->
+ <!--
+ <service id="su">
+ <option name="quiet">true</option>
+ </service>
+ -->
+ </services>
+</configuration>
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/conf.c
^
|
| @@ -1,132 +1,190 @@
/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <sys/utsname.h>
+#include <string.h>
+#include <errno.h>
+#include "mem.h"
+#include "conf.h"
+#include "xpath.h"
+#include "log.h"
+static void pusb_conf_options_get_from(t_pusb_options *opts,
+ const char *from,
+ xmlDoc *doc)
+{
+ pusb_xpath_get_string_from(doc, from, "option[@name='hostname']",
+ opts->hostname, sizeof(opts->hostname));
+ pusb_xpath_get_string_from(doc, from, "option[@name='system_pad_directory']",
+ opts->system_pad_directory,
+ sizeof(opts->system_pad_directory));
+ pusb_xpath_get_string_from(doc, from, "option[@name='device_pad_directory']",
+ opts->device_pad_directory,
+ sizeof(opts->device_pad_directory));
+ pusb_xpath_get_bool_from(doc, from, "option[@name='debug']",
+ &(opts->debug));
+ pusb_xpath_get_bool_from(doc, from, "option[@name='quiet']",
+ &(opts->quiet));
+ pusb_xpath_get_bool_from(doc, from, "option[@name='color_log']",
+ &(opts->color_log));
+ pusb_xpath_get_bool_from(doc, from, "option[@name='enable']",
+ &(opts->enable));
+ pusb_xpath_get_bool_from(doc, from, "option[@name='one_time_pad']",
+ &(opts->one_time_pad));
+ pusb_xpath_get_time_from(doc, from, "option[@name='pad_expiration']",
+ &(opts->pad_expiration));
+ pusb_xpath_get_time_from(doc, from, "option[@name='probe_timeout']",
+ &(opts->probe_timeout));
+ pusb_xpath_get_bool_from(doc, from, "option[@name='deny_remote']",
+ &(opts->deny_remote));
+}
-#include "conf.h"
-#include "parser.h"
+static int pusb_conf_parse_options(t_pusb_options *opts,
+ xmlDoc *doc,
+ const char *user,
+ const char *service)
+{
+ char *xpath = NULL;
+ size_t xpath_size;
+ int i;
+ struct s_opt_list opt_list[] = {
+ { CONF_DEVICE_XPATH, opts->device.name },
+ { CONF_USER_XPATH, (char *)user },
+ { CONF_SERVICE_XPATH, (char *)service },
+ { NULL, NULL }
+ };
+
+ pusb_conf_options_get_from(opts, "//configuration/defaults/", doc);
+ for (i = 0; opt_list[i].name != NULL; ++i)
+ {
+ xpath_size = strlen(opt_list[i].name) + strlen(opt_list[i].value) + 1;
+ xpath = xmalloc(xpath_size);
+ memset(xpath, 0x00, xpath_size);
+ snprintf(xpath, xpath_size, opt_list[i].name, opt_list[i].value, "");
+ pusb_conf_options_get_from(opts, xpath, doc);
+ xfree(xpath);
+ }
+ return (1);
+}
-struct _usb_conf usb_conf;
+static int pusb_conf_device_get_property(t_pusb_options *opts,
+ xmlDoc *doc,
+ const char *property,
+ char *store,
+ size_t size)
+{
+ char *xpath = NULL;
+ size_t xpath_len;
+ int retval;
+
+ xpath_len = strlen(CONF_DEVICE_XPATH) + strlen(opts->device.name) + \
+ strlen(property) + 1;
+ xpath = xmalloc(xpath_len);
+ memset(xpath, 0x00, xpath_len);
+ snprintf(xpath, xpath_len, CONF_DEVICE_XPATH, opts->device.name,
+ property);
+ retval = pusb_xpath_get_string(doc, xpath, store, size);
+ xfree(xpath);
+ return (retval);
+}
-struct _usb_accepted_conf usb_accepted_conf[] = {
-/* name type default value value */
- {"mntpoint", CHAR, (char*)"/tmp/pam_usbXXXXXX", &usb_conf.mntpoint},
- {"proc_basename", CHAR, (char*)"/proc/scsi/usb-storage-%d/", &usb_conf.proc_basename},
- {"local_keypath", CHAR, (char*)"/.auth/", &usb_conf.local_keypath},
- {"device_keypath", CHAR, (char*)"/.auth/", &usb_conf.device_keypath},
- {"pubkey", CHAR, (char*)"id_pub", &usb_conf.pubkey},
- {"snfile", CHAR, (char*)"/etc/pam_usb/serials.conf", &usb_conf.snfile},
- {"fs", CHAR, (char*)"ext2,vfat", &usb_conf.fs},
- {"utmp", CHAR, (char*)"/var/run/utmp", &usb_conf.utmp},
- {"mount_opts", CHAR, (char*)"", &usb_conf.mount_opts},
- {"log_file", CHAR, (char*)"", &usb_conf.log_file},
- {"force_device", CHAR, (char*)"", &usb_conf.force_device},
- {"local_consoles", CHAR, (char*)"/dev/vc/,/dev/tty,:,tty", &usb_conf.local_consoles},
- {"local_hosts", CHAR, (char*)":", &usb_conf.local_hosts},
- {"hostname", CHAR, (char*)"", &usb_conf.hostname},
- {"direct_open", INT, (char*)"-1", &usb_conf.direct_open},
- {"try_first_pass", INT, (char*)"-1", &usb_conf.try_first_pass},
- {"use_first_pass", INT, (char*)"-1", &usb_conf.use_first_pass},
- {"allow_remote", INT, (char*)"-1", &usb_conf.allow_remote},
- {"check_device", INT, (char*)"-1", &usb_conf.check_device},
- {"check_if_mounted",INT, (char*)"-1", &usb_conf.check_if_mounted},
- {"delete_mntpoint", INT, (char*)"-1", &usb_conf.delete_mntpoint},
- {"keep_mounted", INT, (char*)"-1", &usb_conf.keep_mounted},
- {"sign_times", INT, (char*)"3", &usb_conf.sign_times},
- {"debug", INT, (char*)"-1", &usb_conf.debug},
- {"quiet", INT, (char*)"-1", &usb_conf.quiet},
- {NULL, 0, NULL, NULL}
-};
-
-int put_arg_value (char *name, char *value)
-{
- struct _usb_accepted_conf *conf_member = usb_accepted_conf;
-
- while (conf_member->name != NULL) {
- if (!strcmp (conf_member->name, name))
- {
- /* we found a winner */
-
- if (conf_member->type == CHAR) {
- *((char **)conf_member->value) = strdup(value);
- } else if (conf_member->type == INT) {
- *((int *)conf_member->value) = atoi(value);
- }
- return 1;
- }
- conf_member++;
- }
- return 0;
-}
-
-void put_default_values (void)
-{
- struct _usb_accepted_conf *conf_member = usb_accepted_conf;
-
- while (conf_member->name) {
- switch (conf_member->type) {
- case CHAR:
- if (!*((char **)conf_member->value))
- put_arg_value (conf_member->name,
- conf_member->default_val);
- break;
- case INT:
- if (*((int *)conf_member->value) == 0) {
- put_arg_value (conf_member->name,
- conf_member->default_val);
- }
- break;
- }
-
- conf_member++;
- }
-
-}
-
-/* FIXME: this function should update ac and av by removing parsed options.
- This would make possible to outside applications (usbadm) to parse arguments
- without adding extra code.
-*/
-
-void parse_args (int ac, const char **av)
-{
- int i;
- char *name = NULL;
- char *value = NULL;
-
- for (i=0; i<ac; ++i)
- {
- /* Is there's no equal, then assume it's boolean */
- if (!strchr (av[i], '=')) {
- switch (av[i][0]) {
- case '!':
- put_arg_value ((char*)&(av[i][1]), "-1");
- break;
- default:
- put_arg_value ((char*)av[i], "1");
- }
- continue;
- }
-
- if ((name = get_from_to (av[i], 0, '=')) &&
- (value = get_from_to (av[i], '=', '\0')))
- put_arg_value (name, value);
+static int pusb_conf_parse_device(t_pusb_options *opts, xmlDoc *doc)
+{
+ pusb_conf_device_get_property(opts, doc, "vendor", opts->device.vendor,
+ sizeof(opts->device.vendor));
+ pusb_conf_device_get_property(opts, doc, "model", opts->device.model,
+ sizeof(opts->device.model));
+ if (!pusb_conf_device_get_property(opts, doc, "serial", opts->device.serial,
+ sizeof(opts->device.serial)))
+ return (0);
+ pusb_conf_device_get_property(opts, doc, "volume_uuid",
+ opts->device.volume_uuid,
+ sizeof(opts->device.volume_uuid));
+ return (1);
+}
- free (name);
- free (value);
+int pusb_conf_init(t_pusb_options *opts)
+{
+ struct utsname u;
+
+ memset(opts, 0x00, sizeof(*opts));
+ if (uname(&u) == -1)
+ {
+ log_error("uname: %s\n", strerror(errno));
+ return (0);
+ }
+ strncpy(opts->hostname, u.nodename, sizeof(opts->hostname) - 1);
+ if (strlen(u.nodename) > sizeof(opts->hostname))
+ log_info("Hostname \"%s\" is too long, truncating to \"%s\".\n",
+ u.nodename, opts->hostname);
+ strcpy(opts->system_pad_directory, ".pamusb");
+ strcpy(opts->device_pad_directory, ".pamusb");
+ opts->probe_timeout = 10;
+ opts->enable = 1;
+ opts->debug = 0;
+ opts->quiet = 0;
+ opts->color_log = 1;
+ opts->one_time_pad = 1;
+ opts->pad_expiration = 3600;
+ opts->deny_remote = 1;
+ return (1);
+}
+
+int pusb_conf_parse(const char *file, t_pusb_options *opts,
+ const char *user, const char *service)
+{
+ xmlDoc *doc = NULL;
+ int retval;
+ char device_xpath[sizeof(CONF_USER_XPATH) + CONF_USER_MAXLEN + \
+ sizeof("device")];
+
+ log_debug("Parsing settings...\n",
+ user, service);
+ if (strlen(user) > CONF_USER_MAXLEN)
+ {
+ log_error("Username \"%s\" is too long (max: %d).\n", user,
+ CONF_USER_MAXLEN);
+ return (0);
+ }
+ if (!(doc = xmlReadFile(file, NULL, 0)))
+ {
+ log_error("Unable to parse \"%s\".\n", file);
+ return (0);
+ }
+ snprintf(device_xpath, sizeof(device_xpath), CONF_USER_XPATH, user,
+ "device");
+ retval = pusb_xpath_get_string(doc,
+ device_xpath,
+ opts->device.name,
+ sizeof(opts->device.name));
+ if (!retval || !pusb_conf_parse_device(opts, doc))
+ {
+ log_error("No device configured for user \"%s\".\n", user);
+ xmlFreeDoc(doc);
+ xmlCleanupParser();
+ return (0);
+ }
+ if (!pusb_conf_parse_options(opts, doc, user, service))
+ {
+ xmlFreeDoc(doc);
+ xmlCleanupParser();
+ return (0);
}
+ xmlFreeDoc(doc);
+ xmlCleanupParser();
+ return (1);
}
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/conf.h
^
|
| @@ -1,48 +1,66 @@
-#ifndef _H_ARGS
-#define _H_ARGS
-
-#define CHAR 0
-#define INT 1
-
-struct _usb_accepted_conf {
- char *name;
- int type;
- char *default_val;
- void *value;
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_CONF_H_
+# define PUSB_CONF_H_
+# define PUSB_CONF_FILE "/etc/pamusb.conf"
+# define CONF_DEVICE_XPATH "//configuration/devices/device[@id='%s']/%s"
+# define CONF_USER_XPATH "//configuration/users/user[@id='%s']/%s"
+# define CONF_SERVICE_XPATH "//configuration/services/service[@id='%s']/%s"
+# define CONF_USER_MAXLEN 32
+# include <limits.h>
+# include <linux/limits.h>
+# include <sys/time.h>
+# ifndef PATH_MAX
+# define PATH_MAX 4096
+# endif
+
+typedef struct pusb_device
+{
+ char name[128];
+ char vendor[128];
+ char model[128];
+ char serial[128];
+ char volume_uuid[128];
+} t_pusb_device;
+
+typedef struct pusb_options
+{
+ time_t probe_timeout;
+ int enable;
+ int debug;
+ int quiet;
+ int color_log;
+ int one_time_pad;
+ time_t pad_expiration;
+ int deny_remote;
+ char hostname[64];
+ char system_pad_directory[PATH_MAX];
+ char device_pad_directory[PATH_MAX];
+ t_pusb_device device;
+} t_pusb_options;
+
+struct s_opt_list
+{
+ char *name;
+ char *value;
};
-struct _usb_conf {
- char *mntpoint;
- char *proc_basename;
- char *local_keypath;
- char *device_keypath;
- char *pubkey;
- char *snfile;
- char *fs;
- char *utmp;
- char *force_device;
- char *log_file;
- char *mount_opts;
- char *local_consoles;
- char *local_hosts;
- char *hostname;
- int direct_open;
- int try_first_pass;
- int use_first_pass;
- int allow_remote;
- int check_device;
- int check_if_mounted;
- int delete_mntpoint;
- int keep_mounted;
- int sign_times;
- int debug;
- int quiet;
-};
-
-extern struct _usb_conf usb_conf;
-
-int put_arg_value (char *name, char *value);
-void put_default_values (void);
-void parse_args (int ac, const char **av);
+int pusb_conf_init(t_pusb_options *opts);
+int pusb_conf_parse(const char *file, t_pusb_options *opts, const char *user, const char *service);
-#endif
+#endif /* !PUSB_CONF_H_ */
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/device.c
^
|
| @@ -1,458 +1,80 @@
/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
-#include <pwd.h>
-#include <sys/mount.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <string.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <dirent.h>
-
-#include "pam.h"
-#include "parser.h"
+#include <dbus/dbus.h>
+#include "mem.h"
#include "conf.h"
+#include "hal.h"
+#include "log.h"
+#include "pad.h"
#include "device.h"
-extern struct _usb_conf usb_conf;
-
-FILE *direct_open (char *file)
-{
- int fd;
-
- if (!file || !file[0])
- return NULL;
-
- if (usb_conf.direct_open != 1)
- return fopen(file, "r");
-
- if ((fd = open (file, O_RDONLY | O_DIRECT)) == -1) {
- DEBUGP ("Cannot open [%s] in direct mode: %s\n"
- "Hint: Not every device supports direct opening\n"
- "Switching back to caching mode...\n", file,
- strerror(errno));
-
- return fopen(file, "r");
- }
-
- return fdopen (fd, "r");
-}
-
-char *find_proc_directory (void)
-{
- static unsigned int i=0;
- struct stat proc;
- char *directory = NULL;
-
- if (i > 99)
- return NULL;
-
- directory = malloc (strlen(usb_conf.proc_basename) + 1);
- if (!directory)
- return NULL;
-
- sprintf (directory, usb_conf.proc_basename, i);
-
- if (stat(directory, &proc) == -1) {
- i=0;
- DEBUGP("Directory %s not found\n", directory);
- free (directory);
- return NULL;
- }
-
- i++;
- return directory;
-}
-
-char *find_proc_file (void)
-{
- struct dirent *dir_entry;
- static DIR *dirp = NULL;
- static char *directory = NULL;
- char *file;
-
- while (1) {
- if (!dirp) {
- if (!(directory = find_proc_directory()))
- return NULL;
- if (!(dirp = opendir(directory))) {
- free (directory);
- directory = NULL;
- return NULL;
- }
-
- DEBUGP ("Directory %s found\n", directory);
- }
-
- if ((dir_entry = readdir(dirp))) {
- if (strchr(dir_entry->d_name, '.'))
- continue;
- file = insert_before (directory, dir_entry->d_name);
- DEBUGP ("File %s found\n", file);
- return file;
- }
-
- closedir (dirp);
- dirp = NULL;
- free (directory);
- directory = NULL;
- };
-}
-
-char *get_private_filename (const char *user, char *mntpoint)
-{
- char hostname[HOSTLEN];
- char *file;
- size_t len;
-
- if (*usb_conf.hostname)
- strncpy (hostname, usb_conf.hostname, HOSTLEN);
- else if (gethostname (hostname, HOSTLEN) == -1)
- return NULL;
-
- hostname[HOSTLEN - 1] = 0;
- len = strlen (mntpoint) + strlen (usb_conf.device_keypath) +
- strlen (user) + strlen (hostname) + 2;
-
- file = malloc (len + 1);
-
- if (file)
- sprintf (file, "%s%s%s.%s", mntpoint, usb_conf.device_keypath, user,
- hostname);
-
- return file;
-}
-
-char *get_public_filename (const char *user)
-{
- struct passwd *pw;
- char *home = NULL;
- char *file;
- size_t len;
-
- setpwent();
- while ((pw = getpwent())) {
- if (!strcmp ((char *)user, pw->pw_name)) {
- home = pw->pw_dir;
- break;
- }
- }
- endpwent();
-
- if (!home) {
- DEBUGP ("Cannot retrieve %s user information\n", user);
- return NULL;
- }
-
- len = strlen (home) + strlen (usb_conf.local_keypath) +
- strlen (usb_conf.pubkey) + 1;
-
- file = malloc (len);
- if (file)
- sprintf (file, "%s%s%s", home, usb_conf.local_keypath, usb_conf.pubkey);
- return file;
-}
-
-FILE *open_dev_userfile (char *mntpoint, const char *user)
-{
- FILE *f;
- char *file;
-
- if (!(file = get_private_filename (user, mntpoint))) {
- DEBUGP ("Cannot open private file\n");
- return NULL;
- }
-
- DEBUGP ("Opening %s\n", file);
-
- f = direct_open (file);
- free (file);
- return f;
-}
-
-unsigned long get_mount_opts (void)
-{
- char **opts = NULL;
- int i = 0;
- unsigned long mnt_opts = (0xC0EDUL<<16);
-
- opts = split (usb_conf.mount_opts, ',');
-
- while (opts[i]) {
- if (!strcmp (opts[i], "ro")) {
- mnt_opts |= MS_RDONLY;
- } else if (!strcmp (opts[i], "bind")) {
- mnt_opts |= MS_BIND;
- } else if (!strcmp (opts[i], "sync")) {
- mnt_opts |= MS_SYNCHRONOUS;
- } else if (!strcmp (opts[i], "remount")) {
- mnt_opts |= MS_REMOUNT;
- } else if (!strcmp (opts[i], "nosuid")) {
- mnt_opts |= MS_NOSUID;
- } else if (!strcmp (opts[i], "noexec")) {
- mnt_opts |= MS_NOEXEC;
- } else if (!strcmp (opts[i], "nodev")) {
- mnt_opts |= MS_NODEV;
- } else {
- DEBUGP ("Unknown mount option: %s\n", opts[i]);
- }
-
- ++i;
- }
-
- if (i)
- DEBUGP ("Parsed %d mount options (%s)\n", i, usb_conf.mount_opts);
-
- drop_split (opts);
-
- return mnt_opts;
-}
-
-FILE *device_mount (char *dev_name, const char *user)
-{
- FILE *f;
- char **fs = NULL;
- unsigned long mnt_opts = get_mount_opts();
- int i = 0, ret = -1;
-
- fs = split (usb_conf.fs, ',');
-
- while (fs[i]) {
- DEBUGP ("Trying to mount %s on %s using %s\n", dev_name,
- usb_conf.mntpoint, fs[i]);
-
- if (!(ret = mount (dev_name, usb_conf.mntpoint, fs[i], mnt_opts, NULL)))
- break;
-
- DEBUGP("mount failed: %s\n", strerror(errno));
- ++i;
- }
-
- drop_split (fs);
-
- if (ret == -1) {
- DEBUGP ("Unable to mount %s, tried with %d fs\n", dev_name, i);
- return NULL;
- }
-
- DEBUGP ("Device mounted, trying to open private key\n");
-
- if (!(f = open_dev_userfile (usb_conf.mntpoint, user))) {
- DEBUGP("Cannot open password file\n");
- umount(usb_conf.mntpoint);
- return NULL;
- }
-
- DEBUGP("Private key opened\n");
- return f;
-}
-
-FILE *try_device_mount (char **dev, const char *user)
-{
- int try = -1;
- struct stat dev_stat;
- FILE *f = NULL;
- char *mntpoint = NULL;
-
- /* strlen ("/dev/sdXN") = 9 */
-
- /* we got a valid /dev/sdXN name, a devfs entry or a
- user forced device*/
- if (strlen(*dev) >= 9 || *(usb_conf.force_device))
- return device_mount(*dev, user);
-
- if (strlen(*dev) != 8)
- return NULL;
-
- *dev = realloc (*dev, 10);
-
- DEBUGP("Trying to guess device name...\n");
- do {
- /* FIXME: Cannot work with devices greater than sda9 */
- if (try >= 0) {
- (*dev)[8] = try + '1';
- (*dev)[9] = '\0';
- } else
- (*dev)[8] = '\0';
-
- if (usb_conf.check_if_mounted == 1 &&
- (mntpoint = already_mounted(*dev)) &&
- (f = open_dev_userfile (mntpoint, user))) {
- DEBUGP ("Device already mounted on %s\n", mntpoint);
- break;
- }
-
- if ((f = device_mount(*dev, user)))
- break;
- ++try;
- } while (stat(*dev, &dev_stat) != -1);
-
- return f;
-}
-
-char *already_mounted (char *dev)
+static int pusb_device_connected(t_pusb_options *opts, DBusConnection *dbus)
{
- FILE *f;
- char *device = NULL;
- char *mntpoint = NULL;
+ char *udi = NULL;
- if (!(f = fopen ("/proc/mounts", "r"))) {
- DEBUGP ("Cannot open mounts file\n");
- return NULL;
+ log_debug("Searching for \"%s\" in the hardware database...\n",
+ opts->device.name);
+ udi = pusb_hal_find_item(dbus,
+ "DriveSerial", opts->device.serial,
+ "DriveVendor", opts->device.vendor,
+ "DriveModel", opts->device.model,
+ NULL);
+ if (!udi)
+ {
+ log_error("Device \"%s\" is not connected.\n",
+ opts->device.name);
+ return (0);
}
-
- while ((device = getline_until (f, ' '))) {
- if (!strcmp (device, dev)) {
- mntpoint = getline_until (f, ' ');
- free (device);
- fclose (f);
- return mntpoint;
- }
- free (device);
- free (getline_until (f, '\n'));
- }
-
- fclose (f);
- return NULL;
+ xfree(udi);
+ log_info("Device \"%s\" is connected (good).\n", opts->device.name);
+ return (1);
}
-
-FILE *try_device_open (char **dev, const char *user)
+int pusb_device_check(t_pusb_options *opts,
+ const char *user)
{
- char *mntpoint;
+ DBusConnection *dbus = NULL;
+ int retval = 0;
- if (usb_conf.check_if_mounted == 1 &&
- (mntpoint = already_mounted(*dev))) {
- DEBUGP ("Device already mounted on %s\n", mntpoint);
- return open_dev_userfile (mntpoint, user);
- }
-
- if (strstr (usb_conf.mntpoint, "XXXXXX")) {
- DEBUGP ("Creating temporary mount point...\n");
- if (!(usb_conf.mntpoint = mkdtemp (usb_conf.mntpoint))) {
- DEBUGP ("Cannot get temporary mntpoint (%s)\n",
- strerror(errno));
- return NULL;
- }
+ log_debug("Connecting to HAL...\n");
+ if (!(dbus = pusb_hal_dbus_connect()))
+ return (0);
- /* As we created the /tmp mount point, we have to delete it */
- DEBUGP ("Scheduling [%s] for dropping\n", usb_conf.mntpoint);
- usb_conf.delete_mntpoint = 1;
+ if (!pusb_device_connected(opts, dbus))
+ {
+ pusb_hal_dbus_disconnect(dbus);
+ return (0);
}
- DEBUGP ("Using %s as mount point\n", usb_conf.mntpoint);
-
- return try_device_mount (dev, user);
-}
-
-FILE *open_dev (const char *user)
-{
- FILE *f;
- FILE *proc;
- int i;
- char *devnum = NULL, *devname = NULL, *tmp;
-
- if (*(usb_conf.force_device)) {
- DEBUGP ("Forcing device %s\n", usb_conf.force_device);
-
- if ((f = try_device_open(&(usb_conf.force_device), user)))
- return f;
-
- DEBUGP ("Device forcing failed, back to guess mode\n");
+ if (opts->one_time_pad)
+ {
+ log_info("Performing one time pad verification...\n");
+ retval = pusb_pad_check(opts, dbus, user);
}
-
- if (!(proc = fopen ("/proc/partitions", "r")))
- return NULL;
-
- while ((devnum = getline_until (proc, ' '))) {
-
- for (i=0; i<=1; ++i)
- free (getline_until(proc, ' '));
- devname = getline_until (proc, ' ');
-
- if (atoi (devnum) != 8) {
- /* if we're not at the end of the line, then get to the next line */
- if (!strchr (devname, '\n'))
- free (getline_until (proc, '\n'));
- free (devname);
- free (devnum);
- continue;
- }
-
- replace_char (devname, '\n', '\0');
- tmp = insert_before ("/dev/", devname);
- free (devname);
- devname = tmp;
- if (!devname) {
- free (devnum);
- return NULL;
- }
-
- DEBUGP("Found a valid device (%s)\n", devname);
-
- if (!(f = try_device_open(&devname, user))) {
- DEBUGP ("invalid device %s\n", devname);
- free (devname);
- free (devnum);
- continue;
- }
-
- free (devname);
- free (devnum);
- return f;
+ else
+ {
+ log_debug("One time pad is disabled, no more verifications to do.\n");
+ retval = 1;
}
- DEBUGP("Cannot find any device\n");
-
- drop_mntpoint();
-
- return NULL;
-}
-
-void close_dev (FILE *dev)
-{
- fclose (dev);
-
- if (usb_conf.keep_mounted == 1)
- return;
-
- umount (usb_conf.mntpoint);
-
- drop_mntpoint();
-}
-
-void drop_mntpoint (void)
-{
- struct stat mnt_stat;
-
- /* Check if we should keep it or not */
-
- if (usb_conf.delete_mntpoint == -1)
- return;
-
- if (usb_conf.keep_mounted == 1)
- return;
-
- if (stat (usb_conf.mntpoint, &mnt_stat) != 0)
- return;
-
- /* drop the mountpoint */
- DEBUGP ("Dropping [%s]\n", usb_conf.mntpoint);
- rmdir (usb_conf.mntpoint);
+ pusb_hal_dbus_disconnect(dbus);
+ return (retval);
}
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/device.h
^
|
| @@ -1,23 +1,23 @@
-#ifndef _H_DEV
-#define _H_DEV
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
-#ifndef O_DIRECT
-#define O_DIRECT 040000
-#endif
+#ifndef PUSB_DEVICE_H_
+# define PUSB_DEVICE_H_
-#define HOSTLEN 32
+int pusb_device_check(t_pusb_options *opts, const char *user);
-char *find_proc_directory (void);
-char *find_proc_file (void);
-FILE *open_dev_userfile (char *mntpoint, const char *user);
-FILE *device_mount (char *dev_name, const char *user);
-FILE *try_device_mount (char **dev, const char *user);
-char *already_mounted (char *dev);
-FILE *try_device_open (char **dev, const char *user);
-FILE *open_dev (const char *user);
-void close_dev (FILE *dev);
-char *get_public_filename (const char *user);
-char *get_private_filename (const char *user, char *mntpoint);
-void drop_mntpoint (void);
-
-#endif
+#endif /* !PUSB_DEVICE_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/hal.c
^
|
| @@ -0,0 +1,345 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "mem.h"
+#include "log.h"
+#include "hal.h"
+
+DBusConnection *pusb_hal_dbus_connect(void)
+{
+ DBusConnection *dbus = NULL;
+ DBusError error;
+
+ dbus_error_init(&error);
+ if (!(dbus = dbus_bus_get(DBUS_BUS_SYSTEM, &error)))
+ {
+ /* Workaround for https://bugs.freedesktop.org/show_bug.cgi?id=11876 */
+ uid_t ruid;
+ uid_t euid;
+
+ if (!(euid = geteuid()) && (ruid = getuid()))
+ {
+ dbus_error_free(&error);
+ setreuid(euid, euid);
+ dbus = dbus_bus_get(DBUS_BUS_SYSTEM, &error);
+ setreuid(ruid, euid);
+ }
+ if (!dbus)
+ {
+ log_error("Cannot connect to system bus: %s\n",
+ error.message);
+ dbus_error_free(&error);
+ return (NULL);
+ }
+ }
+ return (dbus);
+}
+
+void pusb_hal_dbus_disconnect(DBusConnection *dbus)
+{
+ dbus_connection_unref(dbus);
+}
+
+void pusb_hal_free_string_array(char **str_array, int length)
+{
+ int i;
+
+ if (str_array == NULL)
+ return ;
+
+ for (i = 0; i < length; ++i)
+ xfree(str_array[i]);
+ xfree(str_array);
+}
+
+char **pusb_hal_get_string_array_from_iter(DBusMessageIter *iter, int *num_elements)
+{
+ int count;
+ char **buffer;
+
+ count = 0;
+ buffer = (char **)xmalloc(sizeof(char *) * 8);
+
+ buffer[0] = NULL;
+ while (dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_STRING ||
+ dbus_message_iter_get_arg_type(iter) == DBUS_TYPE_OBJECT_PATH)
+ {
+ const char *value;
+
+ if ((count % 8) == 0 && count != 0) {
+ buffer = xrealloc(buffer, sizeof (char *) * (count + 8));
+ }
+
+ dbus_message_iter_get_basic(iter, &value);
+ buffer[count] = xstrdup(value);
+
+ dbus_message_iter_next(iter);
+ count++;
+ }
+
+ if (num_elements != NULL)
+ *num_elements = count;
+ return buffer;
+}
+
+
+
+DBusMessage *pusb_hal_get_raw_property(DBusConnection *dbus,
+ const char *udi,
+ const char *name)
+{
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ DBusError error;
+ char *iface = "org.freedesktop.UDisks.Device";
+
+ message = dbus_message_new_method_call("org.freedesktop.UDisks", udi,
+ "org.freedesktop.DBus.Properties",
+ "Get");
+ if (message == NULL) {
+ log_error("Could not allocate D-BUS message\n");
+ return (NULL);
+ }
+ dbus_message_iter_init_append(message, &iter);
+ dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &iface);
+ dbus_message_iter_append_basic(&iter, DBUS_TYPE_STRING, &name);
+
+ dbus_error_init(&error);
+ reply = dbus_connection_send_with_reply_and_block(dbus,
+ message, -1,
+ &error);
+ dbus_message_unref(message);
+ if (dbus_error_is_set(&error)) {
+ log_error("Error communicating with D-BUS\n");
+ return (NULL);
+ }
+ dbus_error_free(&error);
+ return (reply);
+}
+
+char *pusb_hal_get_string_property(DBusConnection *dbus,
+ const char *udi,
+ const char *name)
+{
+ DBusMessage *reply;
+ DBusMessageIter reply_iter;
+ char *data;
+ char *dbus_str;
+
+ reply = pusb_hal_get_raw_property(dbus, udi, name);
+ if (reply == NULL) {
+ return (NULL);
+ }
+
+ dbus_message_iter_init(reply, &reply_iter);
+
+ if (dbus_message_iter_get_arg_type(&reply_iter) != DBUS_TYPE_VARIANT)
+ {
+ dbus_message_unref(reply);
+ return (NULL);
+ }
+
+ DBusMessageIter subiter;
+ dbus_message_iter_recurse(&reply_iter, &subiter);
+ dbus_message_iter_get_basic(&subiter, &dbus_str);
+ if (dbus_str != NULL)
+ data = xstrdup(dbus_str);
+ dbus_message_unref(reply);
+ return (data);
+}
+
+char **pusb_hal_get_string_array_property(DBusConnection *dbus,
+ const char *udi,
+ const char *name,
+ int *n_items)
+{
+ DBusMessage *reply;
+ DBusMessageIter reply_iter;
+ char **items;
+
+ reply = pusb_hal_get_raw_property(dbus, udi, name);
+ if (reply == NULL) {
+ return (NULL);
+ }
+
+ dbus_message_iter_init(reply, &reply_iter);
+
+ if (dbus_message_iter_get_arg_type(&reply_iter) != DBUS_TYPE_VARIANT)
+ {
+ dbus_message_unref(reply);
+ return (NULL);
+ }
+
+ DBusMessageIter subiter, subsubiter;
+ dbus_message_iter_recurse(&reply_iter, &subiter);
+ dbus_message_iter_recurse(&subiter, &subsubiter);
+ items = pusb_hal_get_string_array_from_iter(&subsubiter, n_items);
+ dbus_message_unref(reply);
+ if (!*n_items)
+ {
+ pusb_hal_free_string_array(items, *n_items);
+ return (NULL);
+ }
+ return (items);
+}
+
+
+
+int pusb_hal_get_bool_property(DBusConnection *dbus,
+ const char *udi,
+ const char *name,
+ dbus_bool_t *value)
+{
+ DBusMessage *reply;
+ DBusMessageIter reply_iter;
+
+ reply = pusb_hal_get_raw_property(dbus, udi, name);
+ if (reply == NULL) {
+ return (0);
+ }
+
+ dbus_message_iter_init(reply, &reply_iter);
+
+ if (dbus_message_iter_get_arg_type(&reply_iter) !=
+ DBUS_TYPE_VARIANT)
+ {
+ dbus_message_unref(reply);
+ return (0);
+ }
+
+ DBusMessageIter subiter;
+ dbus_message_iter_recurse(&reply_iter, &subiter);
+ dbus_message_iter_get_basic(&subiter, value);
+ dbus_message_unref(reply);
+ return (1);
+}
+
+int pusb_hal_check_property(DBusConnection *dbus,
+ const char *udi,
+ const char *name,
+ const char *value)
+{
+ char *data;
+ int retval;
+
+ data = pusb_hal_get_string_property(dbus, udi, name);
+ if (!data)
+ return (0);
+ retval = (strcmp(data, value) == 0);
+ xfree(data);
+ return (retval);
+}
+
+char **pusb_hal_find_all_items(DBusConnection *dbus, int *count)
+{
+ DBusError error;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter_array, reply_iter;
+ char **devices;
+ int n_devices;
+
+ *count = 0;
+ message = dbus_message_new_method_call("org.freedesktop.UDisks",
+ "/org/freedesktop/UDisks",
+ "org.freedesktop.UDisks",
+ "EnumerateDevices");
+ if (message == NULL)
+ {
+ log_error("Couldn't allocate D-BUS message\n");
+ return (NULL);
+ }
+ dbus_error_init(&error);
+ reply = dbus_connection_send_with_reply_and_block(dbus,
+ message, -1,
+ &error);
+ dbus_message_unref(message);
+ if (dbus_error_is_set(&error)) {
+ log_error("Error communicating with D-BUS\n");
+ return (NULL);
+ }
+ if (reply == NULL) {
+ return (NULL);
+ }
+ dbus_message_iter_init(reply, &reply_iter);
+ if (dbus_message_iter_get_arg_type(&reply_iter) != DBUS_TYPE_ARRAY) {
+ log_error("Malformed D-BUS reply");
+ return (NULL);
+ }
+ dbus_message_iter_recurse(&reply_iter, &iter_array);
+ devices = pusb_hal_get_string_array_from_iter(&iter_array, &n_devices);
+ dbus_message_unref(reply);
+ if (!n_devices)
+ {
+ pusb_hal_free_string_array(devices, n_devices);
+ return (NULL);
+ }
+ *count = n_devices;
+ return (devices);
+}
+
+char *pusb_hal_find_item(DBusConnection *dbus,
+ ...)
+{
+ char **devices;
+ int n_devices;
+ char *udi = NULL;
+ va_list ap;
+ int i;
+
+ devices = pusb_hal_find_all_items(dbus, &n_devices);
+ if (!devices)
+ return (NULL);
+ if (!n_devices)
+ return (NULL);
+
+ for (i = 0; i < n_devices; ++i)
+ {
+ char *key = NULL;
+ int match = 1;
+
+ va_start(ap, dbus);
+ while ((key = va_arg(ap, char *)))
+ {
+ char *value = NULL;
+
+ value = va_arg(ap, char *);
+ if (!value || *value == 0x0)
+ continue ;
+ if (!pusb_hal_check_property(dbus, devices[i],
+ key, value))
+ {
+ match = 0;
+ break;
+ }
+ }
+ if (match)
+ {
+ udi = xstrdup(devices[i]);
+ break;
+ }
+ va_end(ap);
+ }
+ pusb_hal_free_string_array(devices, n_devices);
+ return (udi);
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/hal.h
^
|
| @@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_HAL_H_
+# define PUSB_HAL_H_
+# include <dbus/dbus.h>
+
+DBusConnection *pusb_hal_dbus_connect(void);
+void pusb_hal_dbus_disconnect(DBusConnection *dbus);
+char *pusb_hal_get_string_property(DBusConnection *dbus, const char *udi, const char *name);
+int pusb_hal_get_bool_property(DBusConnection *dbus, const char *udi, const char *name, dbus_bool_t *value);
+char **pusb_hal_get_string_array_property(DBusConnection *dbus, const char *udi, const char *name, int *n_items);
+int pusb_hal_check_property(DBusConnection *dbus, const char *udi, const char *name, const char *value);
+char *pusb_hal_find_item(DBusConnection *dbus, ...);
+void pusb_hal_free_string_array(char **str_array, int length);
+
+#endif /* !PUSB_HAL_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/local.c
^
|
| @@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <utmp.h>
+#include "log.h"
+#include "conf.h"
+
+int pusb_local_login(t_pusb_options *opts, const char *user)
+{
+ struct utmp utsearch;
+ struct utmp *utent;
+ const char *from;
+ int i;
+
+ if (!opts->deny_remote)
+ {
+ log_debug("deny_remote is disabled. Skipping local check.\n");
+ return (1);
+ }
+ log_debug("Checking whether the caller is local or not...\n");
+ from = ttyname(STDIN_FILENO);
+ if (!from || !(*from))
+ {
+ log_debug("Couldn't retrieve the tty name, aborting.\n");
+ return (1);
+ }
+ if (!strncmp(from, "/dev/", strlen("/dev/")))
+ from += strlen("/dev/");
+ log_debug("Authentication request from tty %s\n", from);
+ strncpy(utsearch.ut_line, from, sizeof(utsearch.ut_line) - 1);
+ setutent();
+ utent = getutline(&utsearch);
+ endutent();
+ if (!utent)
+ {
+ log_debug("No utmp entry found for tty \"%s\"\n",
+ from);
+ return (1);
+ }
+ for (i = 0; i < 4; ++i)
+ {
+ if (utent->ut_addr_v6[i] != 0)
+ {
+ log_error("Remote authentication request: %s\n", utent->ut_host);
+ return (0);
+ }
+ }
+ log_debug("Caller is local (good)\n");
+ return (1);
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/local.h
^
|
| @@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_LOCAL_H_
+# define PUSB_LOCAL_H_
+
+int pusb_local_login(t_pusb_options *opts, const char *user);
+
+#endif /* !PUSB_LOCAL_H_ */
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/log.c
^
|
| @@ -1,67 +1,98 @@
/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
#include <stdio.h>
+#include <unistd.h>
+#include <syslog.h>
#include <stdarg.h>
-#include "pam.h"
-#include "log.h"
#include "conf.h"
+#include "log.h"
-extern struct _usb_conf usb_conf;
-FILE *debug_stream = NULL;
+static t_pusb_options *pusb_opts = NULL;
-void log_init (void)
+static void pusb_log_syslog(int level, const char *format, va_list ap)
{
- /* no log file, print to stderr */
- if (!*(usb_conf.log_file)) {
- debug_stream = stderr;
- return;
- }
+ openlog("pam_usb", LOG_PID, LOG_AUTH);
+ vsyslog(level, format, ap);
+ closelog();
+}
- /* log_file has been specified, open it and turn debug on */
- if (!(debug_stream = fopen (usb_conf.log_file, "a")))
- debug_stream = stderr;
-
- usb_conf.debug = 1;
+static void pusb_log_output(int level, const char *format, va_list ap)
+{
+ if (!isatty(fileno(stdin)))
+ return ;
+ if (pusb_opts && !pusb_opts->quiet)
+ {
+ if (pusb_opts && pusb_opts->color_log)
+ {
+ if (level == LOG_ERR)
+ fprintf(stderr, "\033[01;31m*\033[00m ");
+ else if (level == LOG_NOTICE)
+ fprintf(stderr, "\033[01;32m*\033[00m ");
+ }
+ else
+ fprintf(stderr, "* ");
+ vfprintf(stderr, format, ap);
+ }
}
-void log_fini (void)
+void __log_debug(const char *file, int line, const char *fmt, ...)
{
- if ((usb_conf.debug == 1) && (debug_stream != stderr))
- fclose (debug_stream);
+ va_list ap;
+
+ if (!pusb_opts || !pusb_opts->debug)
+ return ;
+ fprintf(stderr, "[%s:%03d] ", file, line);
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+
+ va_start(ap, fmt);
+ pusb_log_syslog(LOG_DEBUG, fmt, ap);
+ va_end(ap);
}
-void log_print(int level, char *format, ...)
+void log_error(const char *fmt, ...)
{
- va_list ap;
- int log_level = 0;
+ va_list ap;
- if (usb_conf.debug == 1)
- log_level = PLOG_DEBUG;
- if (!log_level && usb_conf.quiet == -1)
- log_level = PLOG_INFO;
+ va_start(ap, fmt);
+ pusb_log_syslog(LOG_ERR, fmt, ap);
+ va_end(ap);
+
+ va_start(ap, fmt);
+ pusb_log_output(LOG_ERR, fmt, ap);
+ va_end(ap);
+}
+
+void log_info(const char *fmt, ...)
+{
+ va_list ap;
- if (log_level < level)
- return;
+ va_start(ap, fmt);
+ pusb_log_syslog(LOG_NOTICE, fmt, ap);
+ va_end(ap);
- if (log_level == PLOG_INFO)
- fprintf(debug_stream, "* ");
- va_start(ap, format);
- vfprintf(debug_stream, format, ap);
+ va_start(ap, fmt);
+ pusb_log_output(LOG_NOTICE, fmt, ap);
va_end(ap);
}
+
+void pusb_log_init(t_pusb_options *opts)
+{
+ pusb_opts = opts;
+}
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/log.h
^
|
| @@ -1,20 +1,29 @@
-#ifndef _H_LOG
-#define _H_LOG
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
-#define PLOG_INFO 1
-#define PLOG_DEBUG 2
+#ifndef PUSB_LOG_H_
+# define PUSB_LOG_H_
+# define log_debug(s, ...) __log_debug(__FILE__, __LINE__, s, ##__VA_ARGS__)
+# include "conf.h"
-#define DEBUGP(format, ...) \
- do { \
- log_print(PLOG_DEBUG, "[%s:%d] ", __FILE__, __LINE__); \
- log_print(PLOG_DEBUG, format, ##__VA_ARGS__); \
- } while(0)
+void __log_debug(const char *file, int line, const char *fmt, ...);
+void log_error(const char *fmt, ...);
+void log_info(const char *fmt, ...);
+void pusb_log_init(t_pusb_options *opts);
-#define INFOP(format, ...) \
- log_print(PLOG_INFO, format, ##__VA_ARGS__)
-void log_init (void);
-void log_fini (void);
-void log_print(int level, char *format, ...);
-
-#endif
+#endif /* !PUSB_LOG_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/mem.c
^
|
| @@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <assert.h>
+#include "mem.h"
+
+void *xmalloc(size_t size)
+{
+ void *data = malloc(size);
+ assert(data != NULL && "malloc() failed");
+ return (data);
+}
+
+void *xrealloc(void *ptr, size_t size)
+{
+ void *data = realloc(ptr, size);
+ assert(data != NULL && "realloc() failed");
+ return (data);
+}
+
+void xfree(void *ptr)
+{
+ free(ptr);
+}
+
+char *xstrdup(const char *s)
+{
+ char *data = strdup(s);
+ assert(data != NULL && "strdup() failed");
+ return (data);
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/mem.h
^
|
| @@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_MEM_H_
+# define PUSB_MEM_H_
+# include <stdlib.h>
+# include <string.h>
+
+void *xmalloc(size_t size);
+void *xrealloc(void *ptr, size_t size);
+void xfree(void *ptr);
+char *xstrdup(const char *s);
+
+#endif /* !PUSB_MEM_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/pad.c
^
|
| @@ -0,0 +1,262 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <pwd.h>
+#include <time.h>
+#include "conf.h"
+#include "log.h"
+#include "volume.h"
+#include "pad.h"
+
+static FILE *pusb_pad_open_device(t_pusb_options *opts,
+ const char *mnt_point,
+ const char *user,
+ const char *mode)
+{
+ FILE *f;
+ char path[PATH_MAX];
+ struct stat sb;
+
+ memset(path, 0x00, PATH_MAX);
+ snprintf(path, PATH_MAX, "%s/%s", mnt_point, opts->device_pad_directory);
+ if (stat(path, &sb) != 0)
+ {
+ log_debug("Directory %s does not exist, creating one.\n", path);
+ if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
+ {
+ log_debug("Unable to create directory %s: %s\n", path,
+ strerror(errno));
+ return (NULL);
+ }
+ memset(path, 0x00, PATH_MAX);
+ }
+ snprintf(path, PATH_MAX, "%s/%s/%s.%s.pad", mnt_point,
+ opts->device_pad_directory, user, opts->hostname);
+ f = fopen(path, mode);
+ if (!f)
+ {
+ log_debug("Cannot open device file: %s\n", strerror(errno));
+ return (NULL);
+ }
+ return (f);
+}
+
+static FILE *pusb_pad_open_system(t_pusb_options *opts,
+ const char *user,
+ const char *mode)
+{
+ FILE *f;
+ char path[PATH_MAX];
+ struct passwd *user_ent = NULL;
+ struct stat sb;
+
+ if (!(user_ent = getpwnam(user)) || !(user_ent->pw_dir))
+ {
+ log_error("Unable to retrieve informations for user \"%s\": %s\n",
+ strerror(errno));
+ return (0);
+ }
+ memset(path, 0x00, PATH_MAX);
+ snprintf(path, PATH_MAX, "%s/%s", user_ent->pw_dir,
+ opts->system_pad_directory);
+ if (stat(path, &sb) != 0)
+ {
+ log_debug("Directory %s does not exist, creating one.\n", path);
+ if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
+ {
+ log_debug("Unable to create directory %s: %s\n", path,
+ strerror(errno));
+ return (NULL);
+ }
+ chown(path, user_ent->pw_uid, user_ent->pw_gid);
+ chmod(path, S_IRUSR | S_IWUSR | S_IXUSR);
+ }
+ memset(path, 0x00, PATH_MAX);
+ snprintf(path, PATH_MAX, "%s/%s/%s.pad", user_ent->pw_dir,
+ opts->system_pad_directory, opts->device.name);
+ f = fopen(path, mode);
+ if (!f)
+ {
+ log_debug("Cannot open system file: %s\n", strerror(errno));
+ return (NULL);
+ }
+ return (f);
+}
+
+static int pusb_pad_protect(const char *user, int fd)
+{
+ struct passwd *user_ent = NULL;
+
+ log_debug("Protecting pad file...\n");
+ if (!(user_ent = getpwnam(user)))
+ {
+ log_error("Unable to retrieve informations for user \"%s\": %s\n",
+ strerror(errno));
+ return (0);
+ }
+ if (fchown(fd, user_ent->pw_uid, user_ent->pw_gid) == -1)
+ {
+ log_debug("Unable to change owner of the pad: %s\n",
+ strerror(errno));
+ return (0);
+ }
+ if (fchmod(fd, S_IRUSR | S_IWUSR) == -1)
+ {
+ log_debug("Unable to change mode of the pad: %s\n",
+ strerror(errno));
+ return (0);
+ }
+ return (1);
+}
+
+static int pusb_pad_should_update(t_pusb_options *opts, const char *user)
+{
+ FILE *f_system = NULL;
+ struct stat st;
+ time_t now;
+ time_t delta;
+
+ log_debug("Checking whether pads are expired or not...\n");
+ if (!(f_system = pusb_pad_open_system(opts, user, "r")))
+ {
+ log_debug("Unable to open system pad, pads must be generated.\n");
+ return (1);
+ }
+ if (fstat(fileno(f_system), &st) == -1)
+ {
+ fclose(f_system);
+ return (1);
+ }
+ fclose(f_system);
+
+ if (time(&now) == ((time_t)-1))
+ {
+ log_error("Unable to fetch current time.\n");
+ return (1);
+ }
+
+ delta = now - st.st_mtime;
+
+ if (delta > opts->pad_expiration)
+ {
+ log_debug("Pads expired %u seconds ago, updating...\n",
+ delta - opts->pad_expiration);
+ return (1);
+ }
+ else
+ {
+ log_debug("Pads were generated %u seconds ago, not updating.\n",
+ delta);
+ return (0);
+ }
+ return (1);
+}
+
+static void pusb_pad_update(t_pusb_options *opts,
+ const char *volume,
+ const char *user)
+{
+ FILE *f_device = NULL;
+ FILE *f_system = NULL;
+ char magic[1024];
+ int i;
+
+ if (!pusb_pad_should_update(opts, user))
+ return ;
+ log_info("Regenerating new pads...\n");
+ if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+")))
+ {
+ log_error("Unable to update pads.\n");
+ return ;
+ }
+ pusb_pad_protect(user, fileno(f_device));
+
+ if (!(f_system = pusb_pad_open_system(opts, user, "w+")))
+ {
+ log_error("Unable to update pads.\n");
+ fclose(f_device);
+ return ;
+ }
+ pusb_pad_protect(user, fileno(f_system));
+
+ log_debug("Generating %d bytes unique pad...\n", sizeof(magic));
+ srand(getpid() * time(NULL));
+ for (i = 0; i < sizeof(magic); ++i)
+ magic[i] = (char)rand();
+ log_debug("Writing pad to the device...\n");
+ fwrite(magic, sizeof(char), sizeof(magic), f_system);
+ log_debug("Writing pad to the system...\n");
+ fwrite(magic, sizeof(char), sizeof(magic), f_device);
+ log_debug("Synchronizing filesystems...\n");
+ fclose(f_system);
+ fclose(f_device);
+ sync();
+ log_debug("One time pads updated.\n");
+}
+
+static int pusb_pad_compare(t_pusb_options *opts, const char *volume,
+ const char *user)
+{
+ FILE *f_device = NULL;
+ FILE *f_system = NULL;
+ char magic_device[1024];
+ char magic_system[1024];
+ int retval;
+
+ if (!(f_system = pusb_pad_open_system(opts, user, "r")))
+ return (1);
+ if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
+ {
+ fclose(f_system);
+ return (0);
+ }
+ log_debug("Loading device pad...\n");
+ fread(magic_device, sizeof(char), sizeof(magic_device), f_device);
+ log_debug("Loading system pad...\n");
+ fread(magic_system, sizeof(char), sizeof(magic_system), f_system);
+ retval = memcmp(magic_system, magic_device, sizeof(magic_system));
+ fclose(f_system);
+ fclose(f_device);
+ if (!retval)
+ log_debug("Pad match.\n");
+ return (retval == 0);
+}
+
+int pusb_pad_check(t_pusb_options *opts, DBusConnection *dbus,
+ const char *user)
+{
+ char *volume = NULL;
+ int retval = 0;
+
+ volume = pusb_volume_get(opts, dbus);
+ if (!volume)
+ return (0);
+ retval = pusb_pad_compare(opts, volume, user);
+ if (retval)
+ pusb_pad_update(opts, volume, user);
+ else
+ log_error("Pad checking failed !\n");
+ pusb_volume_destroy(volume);
+ return (retval);
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/pad.h
^
|
| @@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_OTP_H_
+# define PUSB_OTP_H_
+
+int pusb_pad_check(t_pusb_options *opts, DBusConnection *dbus, const char *user);
+
+#endif /* !PUSB_OTP_H_ */
|
|
[-]
[+]
|
Changed |
pam_usb-0.5.0.tar.bz2/src/pam.c
^
|
| @@ -1,223 +1,102 @@
/*
-** Copyright (c) 2003,2004,2005 Andrea Luzzardi <scox@gentoo.org>
-**
-** This program is free software; you can redistribute it and/or modify
-** it under the terms of the GNU General Public License as published by
-** the Free Software Foundation; either version 2 of the License, or
-** (at your option) any later version.
-**
-** This program is distributed in the hope that it will be useful,
-** but WITHOUT ANY WARRANTY; without even the implied warranty of
-** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-** GNU General Public License for more details.
-**
-** You should have received a copy of the GNU General Public License
-** along with this program; if not, write to the Free Software
-** Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <shadow.h>
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <utmp.h>
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
#define PAM_SM_AUTH
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
-#include "pam.h"
-#include "parser.h"
+#include "version.h"
#include "conf.h"
+#include "log.h"
+#include "local.h"
#include "device.h"
-#include "auth.h"
-
-char *converse (pam_handle_t *pamh, int style, char *message)
-{
- struct pam_conv *c;
- struct pam_message pam_msg;
- struct pam_response *reply = NULL;
-
- const struct pam_message *msg_ptr;
-
- union {
- struct pam_conv *c;
- } cnv;
-
- if (pam_get_item (pamh, PAM_CONV, (const void **)&cnv.c) != PAM_SUCCESS) {
- DEBUGP ("Cannot start conversation\n");
- return NULL;
- }
-
- pam_msg.msg_style = style;
- pam_msg.msg = message;
- msg_ptr = &pam_msg;
-
- c = cnv.c;
- c->conv (1, &msg_ptr, &reply, c->appdata_ptr);
-
- if (reply && style != PAM_PROMPT_ECHO_OFF)
- _pam_drop_reply (reply, 1);
-
- return reply->resp;
-}
-
-int local_login (const char *login, pam_handle_t *pamh)
+PAM_EXTERN
+int pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
{
- struct utmp *utent = NULL;
- char **local = NULL;
- char *tty = NULL;
- int ret = 1, i = 0;
-
- if (usb_conf.allow_remote == 1)
- return 1;
-
- tty = ttyname(fileno(stdin));
-
- if (!tty) {
- INFOP("Authentication denied: Cannot retrieve tty name, rejecting.\n");
- return 0;
- }
-
- local = split (usb_conf.local_consoles, ',');
-
- while (local[i]) {
- if (!strncmp (tty, local[i], strlen(local[i]))) {
- INFOP ("Authentication request for user %s from local console" \
- " (%s)\n", login, tty);
- drop_split (local);
- return 1;
+ t_pusb_options opts;
+ const char *service;
+ const char *user;
+ const char *tty;
+ char *conf_file = PUSB_CONF_FILE;
+ int retval;
+
+ pusb_log_init(&opts);
+ retval = pam_get_item(pamh, PAM_SERVICE,
+ (const void **)(const void *)&service);
+ if (retval != PAM_SUCCESS)
+ {
+ log_error("Unable to retrieve the PAM service name.\n");
+ return (PAM_AUTH_ERR);
+ }
+
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
+ {
+ log_error("Unable to retrieve the PAM user name.\n");
+ return (PAM_AUTH_ERR);
+ }
+
+ if (argc > 1)
+ if (!strcmp(argv[0], "-c"))
+ conf_file = (char *)argv[1];
+ if (!pusb_conf_init(&opts))
+ return (PAM_AUTH_ERR);
+ if (!pusb_conf_parse(conf_file, &opts, user, service))
+ return (PAM_AUTH_ERR);
+
+ if (!opts.enable)
+ {
+ log_debug("Not enabled, exiting...\n");
+ return (PAM_IGNORE);
+ }
+
+ log_info("pam_usb v%s\n", PUSB_VERSION);
+ log_info("Authentication request for user \"%s\" (%s)\n",
+ user, service);
+
+ if (pam_get_item(pamh, PAM_TTY,
+ (const void **)(const void *)&tty) == PAM_SUCCESS)
+ {
+ if (tty && !strcmp(tty, "ssh"))
+ {
+ log_debug("SSH Authentication, aborting.\n");
+ return (PAM_AUTH_ERR);
}
-
- ++i;
- }
-
- if (!strncmp(tty, "/dev/", strlen("/dev/")))
- tty += strlen("/dev/");
-
- i = 0;
- drop_split (local);
-
- utmpname (usb_conf.utmp);
- setutent();
-
- DEBUGP ("Searching the utmp entry for tty %s...\n", tty);
-
- while ((utent = getutent ()) != NULL) {
- if (!(ret = strcmp (tty, utent->ut_line)))
- break;
}
-
- endutent();
-
- if (ret != 0) {
- DEBUGP ("Cannot retrieve the utmp entry\n");
- return 0;
+ if (!pusb_local_login(&opts, user))
+ {
+ log_error("Access denied.\n");
+ return (PAM_AUTH_ERR);
}
-
- INFOP ("Authentication request for user %s (%s %s)\n", login,
- tty, utent->ut_host);
-
- if (!strlen(utent->ut_host))
- return 1;
-
- local = split (usb_conf.local_hosts, ',');
-
- while (local[i]) {
- if (!strncmp (utent->ut_host, local[i], strlen(local[i]))) {
- drop_split (local);
- return 1;
- }
-
- ++i;
+ if (pusb_device_check(&opts, user))
+ {
+ log_info("Access granted.\n");
+ return (PAM_SUCCESS);
}
-
- drop_split (local);
-
- return 0;
+ log_error("Access denied.\n");
+ return (PAM_AUTH_ERR);
}
PAM_EXTERN
-int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
+int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
const char **argv)
{
- const char *user = NULL;
-
- if (pam_get_user (pamh, &user, NULL) != PAM_SUCCESS)
- return PAM_AUTH_ERR;
-
- /* Do we trust data returned by PAM functions ? */
-
- if (!user || strlen(user) <= 0)
- return PAM_AUTH_ERR;
-
- parse_args (argc, argv);
- put_default_values();
-
- log_init();
-
- INFOP("pam_usb v%s, (C) 2003-2005 Andrea Luzzardi <scox@sig11.org>\n",
- PVERSION);
-
- if (!(local_login(user, pamh))) {
- INFOP ("Authentication denied: remote user.\n");
- return PAM_AUTH_ERR;
- }
-
- if (!(check_device())) {
- INFOP("Authentication denied: Invalid device.\n");
- return PAM_AUTHINFO_UNAVAIL;
- }
-
- if (!authenticate(pamh, user)) {
- DEBUGP ("Cannot authenticate user \"%s\"\n", user);
- return PAM_AUTH_ERR;
- }
-
- INFOP("Access granted\n\n");
-
- log_fini();
-
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN
-int pam_sm_setcred (pam_handle_t *pamh,int flags,int argc, const char **argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN
-int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc,
- const char **argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN
-int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc,
- const char **argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN
-int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
- const char **argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN
-int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc,
- const char **argv)
-{
- return PAM_SUCCESS;
+ return (PAM_SUCCESS);
}
#ifdef PAM_STATIC
@@ -226,10 +105,10 @@
"pam_usb",
pam_sm_authenticate,
pam_sm_setcred,
- pam_sm_acct_mgmt,
- pam_sm_open_session,
- pam_sm_close_session,
- pam_sm_chauthtok
+ NULL,
+ NULL,
+ NULL,
+ NULL
};
#endif
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/pamusb-check.c
^
|
| @@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <getopt.h>
+#include "conf.h"
+#include "log.h"
+#include "device.h"
+#include "local.h"
+
+static void pusb_check_conf_dump(t_pusb_options *opts, const char *username,
+ const char *service)
+{
+ fprintf(stdout, "Configuration dump for user %s (service: %s):\n",
+ username, service);
+ fprintf(stdout, "enable\t\t\t: %s\n", opts->enable ? "true" : "false");
+ fprintf(stdout, "debug\t\t\t: %s\n", opts->debug ? "true" : "false");
+ fprintf(stdout, "quiet\t\t\t: %s\n", opts->quiet ? "true" : "false");
+ fprintf(stdout, "color_log\t\t: %s\n", opts->color_log ? "true" : "false");
+ fprintf(stdout, "one_time_pad\t\t: %s\n",
+ opts->one_time_pad ? "true" : "false");
+ fprintf(stdout, "deny_remote\t\t: %s\n",
+ opts->deny_remote ? "true" : "false");
+ fprintf(stdout, "pad_expiration\t\t: %u seconds\n", (unsigned int)opts->pad_expiration);
+ fprintf(stdout, "probe_timeout\t\t: %d seconds\n", (unsigned int)opts->probe_timeout);
+ fprintf(stdout, "hostname\t\t: %s\n", opts->hostname);
+ fprintf(stdout, "system_pad_directory\t: %s\n",
+ opts->system_pad_directory);
+ fprintf(stdout, "device_pad_directory\t: %s\n",
+ opts->device_pad_directory);
+}
+
+static int pusb_check_perform_authentication(t_pusb_options *opts,
+ const char *user,
+ const char *service)
+{
+ int retval;
+
+ if (!opts->enable)
+ {
+ log_debug("Not enabled, exiting...\n");
+ return (0);
+ }
+ log_info("Authentication request for user \"%s\" (%s)\n",
+ user, service);
+ if (!pusb_local_login(opts, user))
+ {
+ log_error("Access denied.\n");
+ return (0);
+ }
+ retval = pusb_device_check(opts, user);
+ if (retval)
+ log_info("Access granted.\n");
+ else
+ log_error("Access denied.\n");
+ return (retval);
+}
+
+static void pusb_check_usage(const char *name)
+{
+ fprintf(stderr, "Usage: %s [--help] [--debug] [--config=path] [--service=name] [--dump] [--quiet] [--debug]" \
+ " <username>\n", name);
+}
+
+int main(int argc, char **argv)
+{
+ t_pusb_options opts;
+ char *conf_file = PUSB_CONF_FILE;
+ char *service = "pamusb-check";
+ char *user = NULL;
+ int quiet = 0;
+ int dump = 0;
+ int debug = 0;
+ int opt;
+ int opt_index = 0;
+ extern char *optarg;
+ char *short_options = "hc:s:dqD";
+ struct option long_options[] = {
+ { "help", 0, 0, 0 },
+ { "config", 1, 0, 0 },
+ { "service", 1, 0, 0 },
+ { "dump", 0, 0, 0 },
+ { "quiet", 0, 0, 0 },
+ { "debug", 0, 0, 0 },
+ { 0, 0, 0, 0 }
+ };
+
+ while ((opt = getopt_long(argc, argv, short_options, long_options,
+ &opt_index)) != EOF)
+ {
+ if (opt == 'h' || (!opt && !strcmp(long_options[opt_index].name, "help")))
+ {
+ pusb_check_usage(argv[0]);
+ return (1);
+ }
+ else if (opt == 'c' || (!opt && !strcmp(long_options[opt_index].name, "config")))
+ conf_file = optarg;
+ else if (opt == 's' || (!opt && !strcmp(long_options[opt_index].name, "service")))
+ service = optarg;
+ else if (opt == 'd' || (!opt && !strcmp(long_options[opt_index].name, "dump")))
+ dump = 1;
+ else if (opt == 'q' || (!opt && !strcmp(long_options[opt_index].name, "quiet")))
+ quiet = 1;
+ else if (opt == 'D' || (!opt && !strcmp(long_options[opt_index].name, "debug")))
+ debug = 1;
+ else if (opt == '?')
+ {
+ pusb_check_usage(argv[0]);
+ return (1);
+ }
+ }
+
+ if ((argc - 1) == optind)
+ user = argv[optind];
+ else
+ {
+ pusb_check_usage(argv[0]);
+ return (1);
+ }
+
+ if (quiet && debug)
+ {
+ fprintf(stderr, "Error: You cannot use --quiet and --debug together.");
+ return (1);
+ }
+
+ pusb_log_init(&opts);
+ if (!pusb_conf_init(&opts))
+ return (1);
+ if (!pusb_conf_parse(conf_file, &opts, user, service))
+ return (1);
+ if (quiet)
+ {
+ opts.quiet = 1;
+ opts.debug = 0;
+ }
+ else if (debug)
+ {
+ opts.quiet = 0;
+ opts.debug = 1;
+ }
+ if (dump)
+ {
+ pusb_check_conf_dump(&opts, user, service);
+ return (1);
+ }
+ return (!pusb_check_perform_authentication(&opts, user, service));
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/version.h
^
|
| @@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_VERSION_H_
+# define PUSB_VERSION_H_
+
+# define PUSB_VERSION "0.5.0"
+
+#endif /* !PUSB_VERSION_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/volume.c
^
|
| @@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include "mem.h"
+#include "conf.h"
+#include "log.h"
+#include "hal.h"
+#include "volume.h"
+
+static int pusb_volume_mount(t_pusb_options *opts, char *udi,
+ DBusConnection *dbus)
+{
+ char command[1024];
+ char tempname[32];
+ const char *devname;
+
+ snprintf(tempname, sizeof(tempname), "pam_usb%d", getpid());
+ if (!(devname = pusb_hal_get_string_property(dbus, udi, "DeviceFile")))
+ {
+ log_error("Unable to retrieve device filename\n");
+ return (0);
+ }
+ log_debug("Attempting to mount device %s with label %s\n",
+ devname, tempname);
+ snprintf(command, sizeof(command), "pmount -A -s %s %s",
+ devname, tempname);
+ log_debug("Executing \"%s\"\n", command);
+ if (system(command) != 0)
+ {
+ log_error("Mount failed\n");
+ return (0);
+ }
+
+ log_debug("Mount succeeded.\n");
+ return (1);
+}
+
+static char *pusb_volume_mount_path(t_pusb_options *opts, char *udi, DBusConnection* dbus)
+{
+ dbus_bool_t is_mounted;
+ if (!pusb_hal_get_bool_property(dbus, udi, "DeviceIsMounted", &is_mounted))
+ {
+ return (NULL);
+ }
+ if (is_mounted != TRUE)
+ {
+ log_debug("Device %s is not mounted\n", udi);
+ return (NULL);
+ }
+
+ int n_mount;
+ char **mount_pathes = pusb_hal_get_string_array_property(dbus, udi, "DeviceMountPaths", &n_mount);
+ if (!mount_pathes)
+ {
+ log_debug("Failed to retrieve device %s mount path\n", udi);
+ return (NULL);
+ }
+ if (n_mount > 1)
+ {
+ log_debug("Device %s is mounted more than once\n", udi);
+ }
+ char *mount_path = xstrdup(mount_pathes[0]);
+ pusb_hal_free_string_array(mount_pathes, n_mount);
+ log_debug("Device %s is mounted on %s\n", udi, mount_path);
+ return (mount_path);
+}
+
+static char *pusb_volume_probe(t_pusb_options *opts,
+ DBusConnection *dbus)
+{
+ int maxtries = 0;
+ int i;
+
+ if (!*(opts->device.volume_uuid))
+ {
+ log_debug("No UUID configured for device\n");
+ return (NULL);
+ }
+ log_debug("Searching for volume with uuid %s\n", opts->device.volume_uuid);
+ maxtries = ((opts->probe_timeout * 1000000) / 250000);
+ for (i = 0; i < maxtries; ++i)
+ {
+ char *udi = NULL;
+
+ if (i == 1)
+ log_info("Probing volume (this could take a while)...\n");
+ udi = pusb_hal_find_item(dbus,
+ "IdUuid", opts->device.volume_uuid,
+ NULL);
+ if (!udi)
+ {
+ usleep(250000);
+ continue;
+ }
+ return (udi);
+ }
+ return (NULL);
+}
+
+char *pusb_volume_get(t_pusb_options *opts, DBusConnection *dbus)
+{
+ char *volume_udi;
+ char *mount_point;
+
+ if (!(volume_udi = pusb_volume_probe(opts, dbus)))
+ return (NULL);
+ log_debug("Found volume %s\n", opts->device.volume_uuid);
+ mount_point = pusb_volume_mount_path(opts, volume_udi, dbus);
+ if (mount_point)
+ {
+ log_debug("Volume is already mounted.\n");
+ return (mount_point);
+ }
+ if (!pusb_volume_mount(opts, volume_udi, dbus))
+ {
+ xfree(volume_udi);
+ return (NULL);
+ }
+ mount_point = pusb_volume_mount_path(opts, volume_udi, dbus);
+ if (!mount_point)
+ {
+ log_error("Unable to retrieve %s mount point\n", volume_udi);
+ return (NULL);
+ }
+ return (mount_point);
+}
+
+void pusb_volume_destroy(char *mntpoint)
+{
+ if (mntpoint && strstr(mntpoint, "pam_usb"))
+ {
+ char command[1024];
+
+ log_debug("Attempting to umount %s\n",
+ mntpoint);
+ snprintf(command, sizeof(command), "pumount %s", mntpoint);
+ log_debug("Executing \"%s\"\n", command);
+ if (!system(command))
+ log_debug("Umount succeeded.\n");
+ else
+ log_error("Unable to umount %s\n", mntpoint);
+ }
+ xfree(mntpoint);
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/volume.h
^
|
| @@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef VOLUME_H_
+# define VOLUME_H_
+# include "hal.h"
+
+char *pusb_volume_get(t_pusb_options *opts, DBusConnection *dbus);
+void pusb_volume_destroy(char *mntpoint);
+
+#endif /* !VOLUME_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/xpath.c
^
|
| @@ -0,0 +1,257 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <libxml/xpath.h>
+#include <ctype.h>
+#include <string.h>
+#include "mem.h"
+#include "xpath.h"
+#include "log.h"
+
+static xmlXPathObject *pusb_xpath_match(xmlDocPtr doc, const char *path)
+{
+ xmlXPathContext *context = NULL;
+ xmlXPathObject *result = NULL;
+
+ context = xmlXPathNewContext(doc);
+ if (context == NULL)
+ {
+ log_error("Unable to create XML context\n");
+ return (NULL);
+ }
+ result = xmlXPathEvalExpression((xmlChar *)path, context);
+ xmlXPathFreeContext(context);
+ if (result == NULL)
+ {
+ log_error("Error in xmlXPathEvalExpression\n");
+ return (NULL);
+ }
+ if (xmlXPathNodeSetIsEmpty(result->nodesetval))
+ {
+ xmlXPathFreeObject(result);
+ return (NULL);
+ }
+ return (result);
+}
+
+static int pusb_xpath_strip_string(char *dest, const char *src,
+ size_t size)
+{
+ int first_char = -1;
+ int last_char = -1;
+ int i;
+
+ for (i = 0; src[i]; ++i)
+ {
+ if (isspace(src[i]))
+ continue ;
+
+ if (first_char == -1)
+ first_char = i;
+ last_char = i;
+ }
+
+ if (first_char == -1 || last_char == -1)
+ return (0);
+
+ if ((last_char - first_char) > (size - 1))
+ {
+ log_error("Device name is too long: %s", src);
+ return (0);
+ }
+
+ memset(dest, 0x0, size);
+ strncpy(dest, &(src[first_char]), last_char - first_char + 1);
+ return (1);
+}
+
+int pusb_xpath_get_string(xmlDocPtr doc, const char *path,
+ char *value, size_t size)
+{
+ xmlXPathObject *result = NULL;
+ xmlNode *node = NULL;
+ xmlChar *result_string = NULL;
+
+ if (!(result = pusb_xpath_match(doc, path)))
+ return (0);
+
+ if (result->nodesetval->nodeNr > 1)
+ {
+ xmlXPathFreeObject(result);
+ log_debug("Syntax error: %s: more than one record found\n", path);
+ return (0);
+ }
+
+ node = result->nodesetval->nodeTab[0]->xmlChildrenNode;
+ result_string = xmlNodeListGetString(doc, node, 1);
+ if (!result_string)
+ {
+ xmlXPathFreeObject(result);
+ log_debug("Empty value for %s\n", path);
+ return (0);
+ }
+ if (!pusb_xpath_strip_string(value, (const char *)result_string, size))
+ {
+ xmlFree(result_string);
+ xmlXPathFreeObject(result);
+ log_debug("Result for %s (%s) is too long (max: %d)\n",
+ path, (const char *)result_string, size);
+ return (0);
+ }
+ xmlFree(result_string);
+ xmlXPathFreeObject(result);
+ return (1);
+}
+
+int pusb_xpath_get_string_from(xmlDocPtr doc,
+ const char *base,
+ const char *path,
+ char *value, size_t size)
+{
+ char *xpath = NULL;
+ size_t xpath_size;
+ int retval;
+
+ xpath_size = strlen(base) + strlen(path) + 1;
+ xpath = xmalloc(xpath_size);
+ memset(xpath, 0x00, xpath_size);
+ snprintf(xpath, xpath_size, "%s%s", base, path);
+ retval = pusb_xpath_get_string(doc, xpath, value, size);
+ if (retval)
+ log_debug("%s%s -> %s\n", base, path, value);
+ xfree(xpath);
+ return (retval);
+}
+
+int pusb_xpath_get_bool(xmlDocPtr doc, const char *path, int *value)
+{
+ char ret[6]; /* strlen("false") + 1 */
+
+ if (!pusb_xpath_get_string(doc, path, ret, sizeof(ret)))
+ return (0);
+
+ if (!strcmp(ret, "true"))
+ {
+ *value = 1;
+ return (1);
+ }
+
+ if (!strcmp(ret, "false"))
+ {
+ *value = 0;
+ return (1);
+ }
+
+ log_debug("Expecting a boolean, got %s\n", ret);
+ return (0);
+}
+
+int pusb_xpath_get_bool_from(xmlDocPtr doc,
+ const char *base,
+ const char *path,
+ int *value)
+{
+ char *xpath = NULL;
+ size_t xpath_size;
+ int retval;
+
+ xpath_size = strlen(base) + strlen(path) + 1;
+ xpath = xmalloc(xpath_size);
+ memset(xpath, 0x00, xpath_size);
+ snprintf(xpath, xpath_size, "%s%s", base, path);
+ retval = pusb_xpath_get_bool(doc, xpath, value);
+ xfree(xpath);
+ return (retval);
+}
+
+int pusb_xpath_get_time(xmlDocPtr doc, const char *path, time_t *value)
+{
+ char ret[64];
+ char *last;
+ int coef;
+
+ if (!pusb_xpath_get_string(doc, path, ret, sizeof(ret)))
+ return (0);
+
+ last = &(ret[strlen(ret) - 1]);
+ coef = 1;
+ if (*last == 's')
+ coef = 1;
+ else if (*last == 'm')
+ coef = 60;
+ else if (*last == 'h')
+ coef = 3600;
+ else if (*last == 'd')
+ coef = 3600 * 24;
+ else
+ if (!isdigit(*last))
+ {
+ log_debug("Expecting a time modifier, got %c\n", *last);
+ return (0);
+ }
+ if (!isdigit(*last))
+ *last = '\0';
+ *value = atoi(ret) * coef;
+
+ return (0);
+}
+
+int pusb_xpath_get_time_from(xmlDocPtr doc,
+ const char *base,
+ const char *path,
+ time_t *value)
+{
+ char *xpath = NULL;
+ size_t xpath_size;
+ int retval;
+
+ xpath_size = strlen(base) + strlen(path) + 1;
+ xpath = xmalloc(xpath_size);
+ memset(xpath, 0x00, xpath_size);
+ snprintf(xpath, xpath_size, "%s%s", base, path);
+ retval = pusb_xpath_get_time(doc, xpath, value);
+ xfree(xpath);
+ return (retval);
+}
+
+int pusb_xpath_get_int(xmlDocPtr doc, const char *path, int *value)
+{
+ char ret[64];
+
+ if (!pusb_xpath_get_string(doc, path, ret, sizeof(ret)))
+ return (0);
+ *value = atoi(ret);
+ return (1);
+}
+
+int pusb_xpath_get_int_from(xmlDocPtr doc,
+ const char *base,
+ const char *path,
+ int *value)
+{
+ char *xpath = NULL;
+ size_t xpath_size;
+ int retval;
+
+ xpath_size = strlen(base) + strlen(path) + 1;
+ xpath = xmalloc(xpath_size);
+ memset(xpath, 0x00, xpath_size);
+ snprintf(xpath, xpath_size, "%s%s", base, path);
+ retval = pusb_xpath_get_int(doc, xpath, value);
+ xfree(xpath);
+ return (retval);
+}
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/src/xpath.h
^
|
| @@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+ *
+ * This file is part of the pam_usb project. pam_usb is free software;
+ * you can redistribute it and/or modify it under the terms of the GNU General
+ * Public License version 2, as published by the Free Software Foundation.
+ *
+ * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef PUSB_XPATH_H_
+# define PUSB_XPATH_H_
+# include <libxml/parser.h>
+
+int pusb_xpath_get_string(xmlDocPtr doc, const char *path, char *value, size_t size);
+int pusb_xpath_get_string_from(xmlDocPtr doc, const char *base, const char *path, char *value, size_t size);
+int pusb_xpath_get_bool(xmlDocPtr doc, const char *path, int *value);
+int pusb_xpath_get_bool_from(xmlDocPtr doc, const char *base, const char *path, int *value);
+int pusb_xpath_get_time(xmlDocPtr doc, const char *path, time_t *value);
+int pusb_xpath_get_time_from(xmlDocPtr doc, const char *base, const char *path, time_t *value);
+int pusb_xpath_get_int(xmlDocPtr doc, const char *path, int *value);
+int pusb_xpath_get_int_from(xmlDocPtr doc, const char *base, const char *path, int *value);
+
+#endif /* !PUSB_XPATH_H_ */
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/tools/pamusb-agent
^
|
| @@ -0,0 +1,212 @@
+#!/usr/bin/env python
+#
+# Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+#
+# This file is part of the pam_usb project. pam_usb is free software;
+# you can redistribute it and/or modify it under the terms of the GNU General
+# Public License version 2, as published by the Free Software Foundation.
+#
+# pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA
+
+import os
+import sys
+import pwd
+import getopt
+import syslog
+import gobject
+import dbus
+if getattr(dbus, 'version', (0,0,0)) >= (0,41,0):
+ import dbus.glib
+try:
+ # Python 2.5
+ import xml.etree.ElementTree as et
+except ImportError:
+ # Python 2.4
+ try:
+ import cElementTree as et
+ except ImportError:
+ import elementtree.ElementTree as et
+
+class HotPlugDevice:
+ def __init__(self, serial):
+ self.__udi = None
+ self.__serial = serial
+ self.__callbacks = []
+ self.__bus = dbus.SystemBus()
+ self.__running = False
+
+ def run(self):
+ self.__scanDevices()
+ self.__registerSignals()
+ self.__running = True
+ gobject.MainLoop().run()
+ print 'signals registered'
+
+ def addCallback(self, callback):
+ self.__callbacks.append(callback)
+
+ def __scanDevices(self):
+ halService = self.__bus.get_object('org.freedesktop.UDisks',
+ '/org/freedesktop/UDisks')
+ halManager = dbus.Interface(halService, 'org.freedesktop.UDisks')
+ for udi in halManager.EnumerateDevices():
+ self.__deviceAdded(udi)
+
+ def __registerSignals(self):
+ halService = self.__bus.get_object('org.freedesktop.UDisks',
+ '/org/freedesktop/UDisks')
+ halManager = dbus.Interface(halService, 'org.freedesktop.UDisks')
+ for signal, callback in (('DeviceAdded', self.__deviceAdded),
+ ('DeviceRemoved', self.__deviceRemoved)):
+ halManager.connect_to_signal(signal, callback)
+
+ def __deviceAdded(self, udi):
+ if self.__udi is not None:
+ return
+ deviceObj = self.__bus.get_object('org.freedesktop.UDisks',
+ udi)
+ deviceProperties = dbus.Interface(deviceObj, dbus.PROPERTIES_IFACE)
+ if deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveSerial') != self.__serial:
+ return
+ self.__udi = udi
+ if self.__running:
+ [ cb('added') for cb in self.__callbacks ]
+
+ def __deviceRemoved(self, udi):
+ if self.__udi is None:
+ return
+ if self.__udi != udi:
+ return
+ self.__udi = None
+ if self.__running:
+ [ cb('removed') for cb in self.__callbacks ]
+
+class Log:
+ def __init__(self):
+ syslog.openlog('pamusb-agent', syslog.LOG_PID | syslog.LOG_PERROR,
+ syslog.LOG_AUTH)
+
+ def info(self, message):
+ self.__logMessage(syslog.LOG_NOTICE, message)
+
+ def error(self, message):
+ self.__logMessage(syslog.LOG_ERR, message)
+
+ def __logMessage(self, priority, message):
+ syslog.syslog(priority, message)
+
+def usage():
+ print 'Usage: %s [--help] [--config=path] [--daemon] [--check=path]' % \
+ os.path.basename(__file__)
+ sys.exit(1)
+
+import getopt
+
+try:
+ opts, args = getopt.getopt(sys.argv[1:], "hc:dc:",
+ ["help", "config=", "daemon", "check="])
+except getopt.GetoptError:
+ usage()
+
+options = {'configFile' : '/etc/pamusb.conf',
+ 'daemon' : False,
+ 'check' : '/usr/bin/pamusb-check'}
+
+if len(args) != 0:
+ usage()
+
+for o, a in opts:
+ if o in ('-h', '--help'):
+ usage()
+ if o in ('-c', '--config'):
+ options['configFile'] = a
+ if o in ('-d', '--daemon'):
+ options['daemon'] = True
+ if o in ('-c', '--check'):
+ options['check'] = a
+
+
+if not os.path.exists(options['check']):
+ print '%s not found.' % options['check']
+ print "You might specify manually pamusb-check's location using --check."
+ usage()
+
+username = pwd.getpwuid(os.getuid())[0]
+
+logger = Log()
+
+doc = et.parse(options['configFile'])
+users = doc.findall('users/user')
+for user in users:
+ if user.get('id') == username:
+ break
+else:
+ logger.error('User %s not found in configuration file' % username)
+ sys.exit(1)
+
+events = {
+ 'lock' : [],
+ 'unlock' : []
+ }
+
+for hotplug in user.findall('agent'):
+ events[hotplug.get('event')].append(hotplug.text)
+
+deviceName = user.find('device').text.strip()
+
+devices = doc.findall("devices/device")
+for device in devices:
+ if device.get('id') == deviceName:
+ break
+else:
+ logger.error('Device %s not found in configurtion file' % deviceName)
+ sys.exit(1)
+
+serial = device.find('serial').text.strip()
+
+def authChangeCallback(event):
+ if event == 'removed':
+ logger.info('Device "%s" has been removed, ' \
+ 'locking down user "%s"...' % (deviceName, username))
+ for cmd in events['lock']:
+ logger.info('Running "%s"' % cmd)
+ os.system(cmd)
+ logger.info('Locked.')
+ return
+
+ logger.info('Device "%s" has been inserted. ' \
+ 'Performing verification...' % deviceName)
+ cmdLine = "%s --quiet --config=%s --service=pamusb-agent %s" % (
+ options['check'], options['configFile'], username)
+ logger.info('Executing "%s"' % cmdLine)
+ if not os.system(cmdLine):
+ logger.info('Authentication succeeded. ' \
+ 'Unlocking user "%s"...' % username)
+ for cmd in events['unlock']:
+ logger.info('Running "%s"' % cmd)
+ os.system(cmd)
+ logger.info('Unlocked.')
+ else:
+ logger.info('Authentication failed for device %s. ' \
+ 'Keeping user "%s" locked down.' % (deviceName, username))
+
+hpDev = HotPlugDevice(serial)
+hpDev.addCallback(authChangeCallback)
+
+if options['daemon'] and os.fork():
+ sys.exit(0)
+
+logger.info('pamusb-agent up and running.')
+logger.info('Watching device "%s" for user "%s"' % (deviceName, username))
+
+try:
+ hpDev.run()
+except KeyboardInterrupt:
+ logger.error('Caught keyboard interruption, exiting...')
|
|
[-]
[+]
|
Added |
pam_usb-0.5.0.tar.bz2/tools/pamusb-conf
^
|
| @@ -0,0 +1,264 @@
+#!/usr/bin/env python
+#
+# Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
+#
+# This file is part of the pam_usb project. pam_usb is free software;
+# you can redistribute it and/or modify it under the terms of the GNU General
+# Public License version 2, as published by the Free Software Foundation.
+#
+# pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+# details.
+#
+# You should have received a copy of the GNU General Public License along with
+# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+# Place, Suite 330, Boston, MA 02111-1307 USA
+
+
+import dbus
+import sys
+import os
+from xml.dom import minidom
+
+class Device:
+ def __init__(self, udi):
+ self.__udi = udi
+ deviceObj = bus.get_object('org.freedesktop.UDisks',
+ udi)
+ deviceProperties = dbus.Interface(deviceObj, dbus.PROPERTIES_IFACE)
+ if deviceProperties.Get('org.freedesktop.UDisks.Device', 'DeviceIsRemovable') != 1:
+ raise Exception, 'Not a removable device'
+ self.vendor = deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveVendor')
+ self.product = deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveModel')
+ self.serialNumber = deviceProperties.Get('org.freedesktop.UDisks.Device', 'DriveSerial')
+ if len(self.volumes()) < 1:
+ raise Exception, 'Device does not contain any volume'
+
+ def volumes(self):
+ vols = []
+ for udi in halManager.get_dbus_method('EnumerateDevices')():
+ deviceObj = bus.get_object('org.freedesktop.UDisks',
+ udi)
+ deviceProperties = dbus.Interface(deviceObj, dbus.PROPERTIES_IFACE)
+ if deviceProperties.Get('org.freedesktop.UDisks.Device', 'DeviceIsPartition') != 1:
+ continue
+ if deviceProperties.Get('org.freedesktop.UDisks.Device', 'PartitionSlave') != self.__udi:
+ continue
+ vols.append({'uuid' : deviceProperties.Get('org.freedesktop.UDisks.Device', 'IdUuid'),
+ 'device' : deviceProperties.Get('org.freedesktop.UDisks.Device', 'DeviceFile')})
+ return vols
+
+ def __repr__(self):
+ if self.product is not None:
+ return "%s %s (%s)" % (self.vendor, self.product, self.serialNumber)
+ return self.serialNumber
+
+def listOptions(question, options, autodetect = True):
+ if autodetect == True and len(options) == 1:
+ print question
+ print "* Using \"%s\" (only option)" % options[0]
+ print
+ return 0
+
+ while True:
+ try:
+ print question
+ for i in range(len(options)):
+ print "%d) %s" % (i, options[i])
+ print
+ sys.stdout.write('[%s-%s]: ' % (0, len(options) - 1))
+ optionId = int(sys.stdin.readline())
+ print
+ if optionId not in range(len(options)):
+ raise Exception
+ return optionId
+ except KeyboardInterrupt: sys.exit()
+ except Exception: pass
+ else: break
+
+def writeConf(options, doc):
+ try:
+ f = open(options['configFile'], 'w')
+ doc.writexml(f)
+ f.close()
+ except Exception, err:
+ print 'Unable to save %s: %s' % (options['configFile'], err)
+ sys.exit(1)
+ else:
+ print 'Done.'
+
+def shouldSave(options, items):
+ print "\n".join(["%s\t\t: %s" % item for item in items])
+ print
+ print 'Save to %s ?' % options['configFile']
+ sys.stdout.write('[Y/n] ')
+ response = sys.stdin.readline().strip()
+ if len(response) > 0 and response.lower() != 'y':
+ sys.exit(1)
+
+def prettifyElement(element):
+ tmp = minidom.parseString(element.toprettyxml())
+ return tmp.lastChild
+
+def addUser(options):
+ try:
+ doc = minidom.parse(options['configFile'])
+ except Exception, err:
+ print 'Unable to read %s: %s' % (options['configFile'], err)
+ sys.exit(1)
+ devSection = doc.getElementsByTagName('devices')
+ if len(devSection) == 0:
+ print 'Malformed configuration file: No <devices> section found.'
+ sys.exit(1)
+ devicesObj = devSection[0].getElementsByTagName('device')
+ if len(devicesObj) == 0:
+ print 'No devices found.'
+ print 'You must add a device (--add-device) before adding users'
+ sys.exit(1)
+
+ devices = []
+ for device in devicesObj:
+ devices.append(device.getAttribute('id'))
+ device = devices[listOptions("Which device would you like to use for authentication ?",
+ devices)]
+
+ shouldSave(options, [
+ ('User', options['userName']),
+ ('Device', device)
+ ])
+
+ users = doc.getElementsByTagName('users')
+ user = doc.createElement('user')
+ user.attributes['id'] = options['userName']
+ e = doc.createElement('device')
+ t = doc.createTextNode(device)
+ e.appendChild(t)
+ user.appendChild(e)
+ users[0].appendChild(prettifyElement(user))
+ writeConf(options, doc)
+
+def addDevice(options):
+ devices = []
+
+ for udi in halManager.get_dbus_method('EnumerateDevices')():
+ try:
+ if options['verbose']:
+ print 'Inspecting %s' % udi
+ devices.append(Device(udi))
+ except Exception, ex:
+ if options['verbose']:
+ print "\tInvalid: %s" % ex
+ pass
+ else:
+ if options['verbose']:
+ print "\tValid"
+
+ if len(devices) == 0:
+ print 'No devices detected. Try running in verbose (-v) mode to see what\'s going on.'
+ sys.exit()
+ device = devices[listOptions("Please select the device you wish to add.", devices)]
+
+ volumes = device.volumes()
+ volume = volumes[listOptions("Which volume would you like to use for " \
+ "storing data ?",
+ ["%s (UUID: %s)" % (volume['device'],
+ volume['uuid'] or "<UNDEFINED>")
+ for volume in volumes]
+ )]
+
+ if volume['uuid'] == '':
+ print 'WARNING: No UUID detected for device %s. One time pads will be disabled.' % volume['device']
+
+ shouldSave(options,[
+ ('Name', options['deviceName']),
+ ('Vendor', device.vendor or "Unknown"),
+ ('Model', device.product or "Unknown"),
+ ('Serial', device.serialNumber),
+ ('UUID', volume['uuid'] or "Unknown")
+ ])
+
+ try:
+ doc = minidom.parse(options['configFile'])
+ except Exception, err:
+ print 'Unable to read %s: %s' % (options['configFile'], err)
+ sys.exit(1)
+
+ devs = doc.getElementsByTagName('devices')
+ dev = doc.createElement('device')
+ dev.attributes['id'] = options['deviceName']
+
+ for name, value in (('vendor', device.vendor),
+ ('model', device.product),
+ ('serial', device.serialNumber),
+ ('volume_uuid', volume['uuid'])):
+ if value is None or value == '':
+ continue
+ e = doc.createElement(name)
+ t = doc.createTextNode(value)
+ e.appendChild(t)
+ dev.appendChild(e)
+
+ # Disable one time pads if there's no device UUID
+ if volume['uuid'] == '':
+ e = doc.createElement('option')
+ e.setAttribute('name', 'one_time_pad')
+ e.appendChild(doc.createTextNode('false'))
+ dev.appendChild(e)
+
+ devs[0].appendChild(prettifyElement(dev))
+ writeConf(options, doc)
+
+def usage():
+ print 'Usage: %s [--help] [--verbose] [--config=path] [--add-user=name | --add-device=name]' % os.path.basename(__file__)
+ sys.exit(1)
+
+import getopt
+
+try:
+ opts, args = getopt.getopt(sys.argv[1:], "hvd:nu:c:",
+ ["help", "verbose", "add-device=", "add-user=", "config="])
+except getopt.GetoptError:
+ usage()
+
+if len(args) != 0:
+ usage()
+
+options = { 'deviceName' : None, 'userName' : None,
+ 'configFile' : '/etc/pamusb.conf', 'verbose' : False }
+
+for o, a in opts:
+ if o in ("-h", "--help"):
+ usage()
+ if o in ("-v", "--verbose"):
+ options['verbose'] = True
+ if o in ("-d", "--add-device"):
+ options['deviceName'] = a
+ if o in ("-u", "--add-user"):
+ options['userName'] = a
+ if o in ("-c", "--config"):
+ options['configFile'] = a
+
+if options['deviceName'] is not None and options['userName'] is not None:
+ print 'You cannot use both --add-user and --add-device'
+ usage()
+
+if options['deviceName'] is None and options['userName'] is None:
+ usage()
+
+if options['deviceName'] is not None:
+ bus = dbus.SystemBus()
+ halService = bus.get_object('org.freedesktop.UDisks',
+ '/org/freedesktop/UDisks')
+ halManager = dbus.Interface(halService, 'org.freedesktop.UDisks')
+ try:
+ addDevice(options)
+ except KeyboardInterrupt:
+ sys.exit(1)
+
+if options['userName'] is not None:
+ try:
+ addUser(options)
+ except KeyboardInterrupt:
+ sys.exit(1)
+
|
