summaryrefslogtreecommitdiffstats
path: root/pam_agl
diff options
context:
space:
mode:
Diffstat (limited to 'pam_agl')
-rw-r--r--pam_agl/CMakeLists.txt53
-rw-r--r--pam_agl/pam_agl_nfc.c152
-rw-r--r--pam_agl/pam_agl_usb.c186
3 files changed, 0 insertions, 391 deletions
diff --git a/pam_agl/CMakeLists.txt b/pam_agl/CMakeLists.txt
deleted file mode 100644
index 7cd39cc..0000000
--- a/pam_agl/CMakeLists.txt
+++ /dev/null
@@ -1,53 +0,0 @@
-###########################################################################
-# Copyright 2015, 2016, 2017 IoT.bzh
-#
-# author: Loïc Collignon <loic.collignon@iot.bzh>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###########################################################################
-
-cmake_minimum_required(VERSION 3.3)
-project(pam_agl)
-
-include(FindPkgConfig)
-
-# Require PAM but there is no find_package
-set(PAM_INCLUDE_DIR "/usr/include/")
-set(PAM_LIBRARY "/lib64/libpam.so.0")
-include_directories(${PAM_INCLUDE_DIR})
-if (NOT DEFINED CMAKE_INSTALL_LIBDIR)
- get_filename_component(CMAKE_INSTALL_LIBDIR ${PAM_LIBRARY} DIRECTORY)
-endif()
-
-# Find json-c
-pkg_check_modules(${JSON_C} REQUIRED json-c)
-include_directories(${${JSON_C}_INCLUDE_DIRS})
-add_compile_options(${${JSON_C}_CFLAGS})
-
-# Add the pam_agl_usb target
-add_library(pam_agl_usb SHARED pam_agl_usb.c)
-target_link_libraries(pam_agl_usb ${PAM_LIBRARY} ${${JSON_C}_LIBRARIES})
-set_property(TARGET pam_agl_usb PROPERTY POSITION_INDEPENDENT_CODE ON)
-set_property(TARGET pam_agl_usb PROPERTY PREFIX "")
-
-install(TARGETS pam_agl_usb
- LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}/security/")
-
-# Add the pam_agl_nfc target
-add_library(pam_agl_nfc SHARED pam_agl_nfc.c)
-target_link_libraries(pam_agl_nfc ${PAM_LIBRARY} ${${JSON_C}_LIBRARIES})
-set_property(TARGET pam_agl_nfc PROPERTY POSITION_INDEPENDENT_CODE ON)
-set_property(TARGET pam_agl_nfc PROPERTY PREFIX "")
-
-install(TARGETS pam_agl_nfc
- LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}/security/")
diff --git a/pam_agl/pam_agl_nfc.c b/pam_agl/pam_agl_nfc.c
deleted file mode 100644
index b25ba5c..0000000
--- a/pam_agl/pam_agl_nfc.c
+++ /dev/null
@@ -1,152 +0,0 @@
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <uuid/uuid.h>
-#include <json-c/json.h>
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-#include <security/pam_modules.h>
-#include <security/pam_appl.h>
-
-#include <security/pam_client.h>
-#include <security/pam_ext.h>
-#include <security/pam_filter.h>
-#include <security/pam_misc.h>
-#include <security/pam_modutil.h>
-
-#define DATABASE_FILE "/etc/agl/keys.json"
-
-int authenticate(pam_handle_t* pamh, const char* uid)
-{
- struct json_object* database;
- struct json_object* nfc;
- struct json_object* key;
-
- database = json_object_from_file(DATABASE_FILE);
- if (!database)
- {
- printf("[PAM DEBUG] Failed to parse the database\n");
- return PAM_SERVICE_ERR;
- }
-
- if (json_object_object_get_ex(database, "nfc", &nfc))
- {
- if (json_object_object_get_ex(nfc, uid, &key))
- {
- printf("[PAM] Key found!\n");
- printf("[PAM DEBUG] pam_set_item(\"%s\")\n", uid);
- pam_set_item(pamh, PAM_USER, uid);
-
- const char* pam_authtok;
- if (pam_get_item(pamh, PAM_AUTHTOK, (const void**)&pam_authtok) == PAM_SUCCESS && !pam_authtok)
- pam_set_item(pamh, PAM_AUTHTOK, uid);
-
- json_object_put(database);
- return PAM_SUCCESS;
- }
- }
-
- printf("[PAM] Key not found!\n");
- if (database) json_object_put(database);
- return PAM_AUTH_ERR;
-}
-
-int check_device(pam_handle_t* pamh, const char* device)
-{
- char* idkey;
- int ret;
-
- ret = read_device(device, &idkey);
- if (ret != PAM_SUCCESS) return ret;
-
- printf("[PAM DEBUG] Data read:\n%s\n", idkey);
-
- json_object* idkey_json = json_tokener_parse(idkey);
- if (!idkey_json)
- {
- free(idkey);
- printf("[PAM DEBUG] Failed to parse json data!\n");
- return PAM_SERVICE_ERR;
- }
-
- json_object* uuid_json;
- if(!json_object_object_get_ex(idkey_json, "uuid", &uuid_json))
- {
- free(idkey);
- printf("[PAM DEBUG] The json does not contains a valid uuid\n");
- return PAM_SERVICE_ERR;
- }
-
- const char* uuid = json_object_get_string(uuid_json);
- printf("[PAM DEBUG] uuid: %s\n", uuid);
-
- ret = authenticate(pamh, uuid);
- free(idkey);
- json_object_put(idkey_json);
- return ret;
-}
-
-void log_pam(const char* fname, int flags, int argc, const char** argv, const char* device)
-{
- printf("[PAM DEBUG] ---------- %s ----------\n", fname);
- printf("[PAM DEBUG] flags: %d\n", flags);
- for(int i = 0; i < argc; ++i)
- {
- printf("[PAM DEBUG] argv[%d]: %s\n", i, argv[i]);
- }
- printf("[PAM DEBUG] device: %s\n", device);
- printf("[PAM DEBUG] ----------------------------------------\n");
-}
-
-/*!
- @brief The pam_sm_authenticate function is the service module's implementation
- of the pam_authenticate(3) interface.
- This function performs the task of authenticating the user.
-
- @param[in] pamh Unknown.
- @param[in] flags PAM_SILENT and/or PAM_DISALLOW_NULL_AUTHTOK.
- @return PAM_SUCCESS if ok.
-*/
-PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- const char* uid = pam_getenv(pamh, "UID");
- log_pam("pam_sm_authenticate", flags, argc, argv, uid);
- return authenticate(pamh, uid);
-}
-
-PAM_EXTERN int pam_sm_setcred(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_setcred", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_acct_mgmt", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_open_session", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_close_session", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_chauthtok", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
diff --git a/pam_agl/pam_agl_usb.c b/pam_agl/pam_agl_usb.c
deleted file mode 100644
index 7afe73d..0000000
--- a/pam_agl/pam_agl_usb.c
+++ /dev/null
@@ -1,186 +0,0 @@
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <uuid/uuid.h>
-#include <json-c/json.h>
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-#include <security/pam_modules.h>
-#include <security/pam_appl.h>
-
-#define DATABASE_FILE "/etc/agl/keys.json"
-
-#define BLOCK_SIZE 4096
-typedef struct header_
-{
- char mn[4];
- size_t size;
-} header;
-
-int is_valid_mn(const char* v)
-{
- return v && v[0] == 'I' && v[1] == 'D' && v[2] == 'K' && v[3] == 'Y';
-}
-
-int read_device(const char* device, char** idkey)
-{
- int fd;
- ssize_t sz;
- header h;
-
- printf("[PAM DEBUG] check_device %s...\n", device);
- fd = open(device, O_RDONLY);
- if (fd == -1)
- {
- printf("[PAM DEBUG] Failed to open the device %s!\n", device);
- return PAM_SERVICE_ERR;
- }
-
- sz = read(fd, &h, sizeof(header));
- if (sz != sizeof(header) || !is_valid_mn(h.mn) || h.size < 1) { close(fd); printf("[PAM DEBUG]: bad header!\n"); return PAM_SERVICE_ERR; }
- printf("[PAM DEBUG]: data size=%lu\n", h.size);
-
- *idkey = (char*)malloc(h.size + 1);
- if (!*idkey) { close(fd); printf("[PAM DEBUG] Bad alloc!\n"); return PAM_SERVICE_ERR; }
-
- memset(*idkey, 0, h.size + 1);
- sz = read(fd, *idkey, h.size);
- close(fd);
- if (sz != h.size) { free(idkey); printf("[PAM DEBUG] Bad data read!\n"); return PAM_SERVICE_ERR; }
- return PAM_SUCCESS;
-}
-
-int authenticate(pam_handle_t* pamh, const char* uuid)
-{
- struct json_object* database;
- struct json_object* usb;
- struct json_object* key;
-
- database = json_object_from_file(DATABASE_FILE);
- if (!database)
- {
- printf("[PAM DEBUG] Failed to parse the database\n");
- return PAM_SERVICE_ERR;
- }
-
- if (json_object_object_get_ex(database, "usb", &usb))
- {
- if (json_object_object_get_ex(usb, uuid, &key))
- {
- printf("[PAM] Key found!\n");
- printf("[PAM DEBUG] pam_set_item(\"%s\")\n", uuid);
- pam_set_item(pamh, PAM_USER, uuid);
-
- const char* pam_authtok;
- if (pam_get_item(pamh, PAM_AUTHTOK, (const void**)&pam_authtok) == PAM_SUCCESS && !pam_authtok)
- pam_set_item(pamh, PAM_AUTHTOK, uuid);
-
- json_object_put(database);
- return PAM_SUCCESS;
- }
- }
-
- printf("[PAM] Key not found!\n");
- if (database) json_object_put(database);
- return PAM_AUTH_ERR;
-}
-
-int check_device(pam_handle_t* pamh, const char* device)
-{
- char* idkey;
- int ret;
-
- ret = read_device(device, &idkey);
- if (ret != PAM_SUCCESS) return ret;
-
- printf("[PAM DEBUG] Data read:\n%s\n", idkey);
-
- json_object* idkey_json = json_tokener_parse(idkey);
- if (!idkey_json)
- {
- free(idkey);
- printf("[PAM DEBUG] Failed to parse json data!\n");
- return PAM_SERVICE_ERR;
- }
-
- json_object* uuid_json;
- if(!json_object_object_get_ex(idkey_json, "uuid", &uuid_json))
- {
- free(idkey);
- printf("[PAM DEBUG] The json does not contains a valid uuid\n");
- return PAM_SERVICE_ERR;
- }
-
- const char* uuid = json_object_get_string(uuid_json);
- printf("[PAM DEBUG] uuid: %s\n", uuid);
-
- ret = authenticate(pamh, uuid);
- free(idkey);
- json_object_put(idkey_json);
- return ret;
-}
-
-void log_pam(const char* fname, int flags, int argc, const char** argv, const char* device)
-{
- printf("[PAM DEBUG] ---------- %s ----------\n", fname);
- printf("[PAM DEBUG] flags: %d\n", flags);
- for(int i = 0; i < argc; ++i)
- {
- printf("[PAM DEBUG] argv[%d]: %s\n", i, argv[i]);
- }
- printf("[PAM DEBUG] device: %s\n", device);
- printf("[PAM DEBUG] ----------------------------------------\n");
-}
-
-/*!
- @brief The pam_sm_authenticate function is the service module's implementation
- of the pam_authenticate(3) interface.
- This function performs the task of authenticating the user.
-
- @param[in] pamh Unknown.
- @param[in] flags PAM_SILENT and/or PAM_DISALLOW_NULL_AUTHTOK.
- @return PAM_SUCCESS if ok.
-*/
-PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- const char* device = pam_getenv(pamh, "DEVICE");
- log_pam("pam_sm_authenticate", flags, argc, argv, device);
- return check_device(pamh, device);
-}
-
-PAM_EXTERN int pam_sm_setcred(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_setcred", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_acct_mgmt", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_open_session", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_close_session", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- log_pam("pam_sm_chauthtok", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
- return PAM_SUCCESS;
-}