Logo Search packages:      
Sourcecode: libpam-usb version File versions  Download package

pam.c

/*
 * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
 *
 * This file is part of the pam_usb project. pam_usb is free software;
 * you can redistribute it and/or modify it under the terms of the GNU General
 * Public License version 2, as published by the Free Software Foundation.
 *
 * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place, Suite 330, Boston, MA  02111-1307  USA
 */

#define PAM_SM_AUTH
#include <security/pam_modules.h>
#include <security/_pam_macros.h>

#include "version.h"
#include "conf.h"
#include "log.h"
#include "local.h"
#include "device.h"

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
            int argc, const char **argv)
{
      t_pusb_options    opts;
      const char        *service;
      const char        *user;
      const char        *tty;
      char              *conf_file = PUSB_CONF_FILE;
      int                     retval;

      pusb_log_init(&opts);
      retval = pam_get_item(pamh, PAM_SERVICE,
                  (const void **)(const void *)&service);
      if (retval != PAM_SUCCESS)
      {
            log_error("Unable to retrieve the PAM service name.\n");
            return (PAM_AUTH_ERR);
      }

      if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
      {
            log_error("Unable to retrieve the PAM user name.\n");
            return (PAM_AUTH_ERR);
      }

      if (argc > 1)
            if (!strcmp(argv[0], "-c"))
                  conf_file = (char *)argv[1];
      if (!pusb_conf_init(&opts))
            return (PAM_AUTH_ERR);
      if (!pusb_conf_parse(conf_file, &opts, user, service))
            return (PAM_AUTH_ERR);

      if (!opts.enable)
      {
            log_debug("Not enabled, exiting...\n");
            return (PAM_IGNORE);
      }

      log_info("pam_usb v%s\n", PUSB_VERSION);
      log_info("Authentication request for user \"%s\" (%s)\n",
                  user, service);

      if (pam_get_item(pamh, PAM_TTY,
                        (const void **)(const void *)&tty) == PAM_SUCCESS)
      {
            if (tty && !strcmp(tty, "ssh"))
            {
                  log_debug("SSH Authentication, aborting.\n");
                  return (PAM_AUTH_ERR);
            }
      }
      if (!pusb_local_login(&opts, user))
      {
            log_error("Access denied.\n");
            return (PAM_AUTH_ERR);
      }
      if (pusb_device_check(&opts, user))
      {
            log_info("Access granted.\n");
            return (PAM_SUCCESS);
      }
      log_error("Access denied.\n");
      return (PAM_AUTH_ERR);
}

PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
            const char **argv)
{
      return (PAM_SUCCESS);
}

#ifdef PAM_STATIC

struct pam_module _pam_usb_modstruct = {
      "pam_usb",
      pam_sm_authenticate,
      pam_sm_setcred,
      NULL,
      NULL,
      NULL,
      NULL
};

#endif

Generated by  Doxygen 1.6.0   Back to index