search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Port pamusb-agent and pamusb-conf to UDisks.
[pam_usb.git] / src / pad.c
blob779bb93f105bf48ab6b5e1fd28983df1c4e52d42
1 /*
2 * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
3 *
4 * This file is part of the pam_usb project. pam_usb is free software;
5 * you can redistribute it and/or modify it under the terms of the GNU General
6 * Public License version 2, as published by the Free Software Foundation.
7 *
8 * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
9 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
10 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
11 * details.
12 *
13 * You should have received a copy of the GNU General Public License along with
14 * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
15 * Place, Suite 330, Boston, MA 02111-1307 USA
16 */
17
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <unistd.h>
22 #include <errno.h>
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <pwd.h>
26 #include <time.h>
27 #include <libhal-storage.h>
28 #include "conf.h"
29 #include "log.h"
30 #include "volume.h"
31 #include "pad.h"
32
33 static FILE *pusb_pad_open_device(t_pusb_options *opts,
34 LibHalVolume *volume,
35 const char *user,
36 const char *mode)
37 {
38 FILE *f;
39 char path[PATH_MAX];
40 const char *mnt_point;
41 struct stat sb;
42
43 mnt_point = (char *)libhal_volume_get_mount_point(volume);
44 if (!mnt_point)
45 return (NULL);
46 memset(path, 0x00, PATH_MAX);
47 snprintf(path, PATH_MAX, "%s/%s", mnt_point, opts->device_pad_directory);
48 if (stat(path, &sb) != 0)
49 {
50 log_debug("Directory %s does not exist, creating one.\n", path);
51 if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
52 {
53 log_debug("Unable to create directory %s: %s\n", path,
54 strerror(errno));
55 return (NULL);
56 }
57 memset(path, 0x00, PATH_MAX);
58 }
59 snprintf(path, PATH_MAX, "%s/%s/%s.%s.pad", mnt_point,
60 opts->device_pad_directory, user, opts->hostname);
61 f = fopen(path, mode);
62 if (!f)
63 {
64 log_debug("Cannot open device file: %s\n", strerror(errno));
65 return (NULL);
66 }
67 return (f);
68 }
69
70 static FILE *pusb_pad_open_system(t_pusb_options *opts,
71 const char *user,
72 const char *mode)
73 {
74 FILE *f;
75 char path[PATH_MAX];
76 struct passwd *user_ent = NULL;
77 struct stat sb;
78
79 if (!(user_ent = getpwnam(user)) || !(user_ent->pw_dir))
80 {
81 log_error("Unable to retrieve informations for user \"%s\": %s\n",
82 strerror(errno));
83 return (0);
84 }
85 memset(path, 0x00, PATH_MAX);
86 snprintf(path, PATH_MAX, "%s/%s", user_ent->pw_dir,
87 opts->system_pad_directory);
88 if (stat(path, &sb) != 0)
89 {
90 log_debug("Directory %s does not exist, creating one.\n", path);
91 if (mkdir(path, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
92 {
93 log_debug("Unable to create directory %s: %s\n", path,
94 strerror(errno));
95 return (NULL);
96 }
97 chown(path, user_ent->pw_uid, user_ent->pw_gid);
98 chmod(path, S_IRUSR | S_IWUSR | S_IXUSR);
99 }
100 memset(path, 0x00, PATH_MAX);
101 snprintf(path, PATH_MAX, "%s/%s/%s.pad", user_ent->pw_dir,
102 opts->system_pad_directory, opts->device.name);
103 f = fopen(path, mode);
104 if (!f)
105 {
106 log_debug("Cannot open system file: %s\n", strerror(errno));
107 return (NULL);
108 }
109 return (f);
110 }
111
112 static int pusb_pad_protect(const char *user, int fd)
113 {
114 struct passwd *user_ent = NULL;
115
116 log_debug("Protecting pad file...\n");
117 if (!(user_ent = getpwnam(user)))
118 {
119 log_error("Unable to retrieve informations for user \"%s\": %s\n",
120 strerror(errno));
121 return (0);
122 }
123 if (fchown(fd, user_ent->pw_uid, user_ent->pw_gid) == -1)
124 {
125 log_debug("Unable to change owner of the pad: %s\n",
126 strerror(errno));
127 return (0);
128 }
129 if (fchmod(fd, S_IRUSR | S_IWUSR) == -1)
130 {
131 log_debug("Unable to change mode of the pad: %s\n",
132 strerror(errno));
133 return (0);
134 }
135 return (1);
136 }
137
138 static int pusb_pad_should_update(t_pusb_options *opts, const char *user)
139 {
140 FILE *f_system = NULL;
141 struct stat st;
142 time_t now;
143 time_t delta;
144
145 log_debug("Checking whether pads are expired or not...\n");
146 if (!(f_system = pusb_pad_open_system(opts, user, "r")))
147 {
148 log_debug("Unable to open system pad, pads must be generated.\n");
149 return (1);
150 }
151 if (fstat(fileno(f_system), &st) == -1)
152 {
153 fclose(f_system);
154 return (1);
155 }
156 fclose(f_system);
157
158 if (time(&now) == ((time_t)-1))
159 {
160 log_error("Unable to fetch current time.\n");
161 return (1);
162 }
163
164 delta = now - st.st_mtime;
165
166 if (delta > opts->pad_expiration)
167 {
168 log_debug("Pads expired %u seconds ago, updating...\n",
169 delta - opts->pad_expiration);
170 return (1);
171 }
172 else
173 {
174 log_debug("Pads were generated %u seconds ago, not updating.\n",
175 delta);
176 return (0);
177 }
178 return (1);
179 }
180
181 static void pusb_pad_update(t_pusb_options *opts,
182 LibHalVolume *volume,
183 const char *user)
184 {
185 FILE *f_device = NULL;
186 FILE *f_system = NULL;
187 char magic[1024];
188 int i;
189
190 if (!pusb_pad_should_update(opts, user))
191 return ;
192 log_info("Regenerating new pads...\n");
193 if (!(f_device = pusb_pad_open_device(opts, volume, user, "w+")))
194 {
195 log_error("Unable to update pads.\n");
196 return ;
197 }
198 pusb_pad_protect(user, fileno(f_device));
199
200 if (!(f_system = pusb_pad_open_system(opts, user, "w+")))
201 {
202 log_error("Unable to update pads.\n");
203 fclose(f_device);
204 return ;
205 }
206 pusb_pad_protect(user, fileno(f_system));
207
208 log_debug("Generating %d bytes unique pad...\n", sizeof(magic));
209 srand(getpid() * time(NULL));
210 for (i = 0; i < sizeof(magic); ++i)
211 magic[i] = (char)rand();
212 log_debug("Writing pad to the device...\n");
213 fwrite(magic, sizeof(char), sizeof(magic), f_system);
214 log_debug("Writing pad to the system...\n");
215 fwrite(magic, sizeof(char), sizeof(magic), f_device);
216 log_debug("Synchronizing filesystems...\n");
217 fclose(f_system);
218 fclose(f_device);
219 sync();
220 log_debug("One time pads updated.\n");
221 }
222
223 static int pusb_pad_compare(t_pusb_options *opts, LibHalVolume *volume,
224 const char *user)
225 {
226 FILE *f_device = NULL;
227 FILE *f_system = NULL;
228 char magic_device[1024];
229 char magic_system[1024];
230 int retval;
231
232 if (!(f_system = pusb_pad_open_system(opts, user, "r")))
233 return (1);
234 if (!(f_device = pusb_pad_open_device(opts, volume, user, "r")))
235 {
236 fclose(f_system);
237 return (0);
238 }
239 log_debug("Loading device pad...\n");
240 fread(magic_device, sizeof(char), sizeof(magic_device), f_device);
241 log_debug("Loading system pad...\n");
242 fread(magic_system, sizeof(char), sizeof(magic_system), f_system);
243 retval = memcmp(magic_system, magic_device, sizeof(magic_system));
244 fclose(f_system);
245 fclose(f_device);
246 if (!retval)
247 log_debug("Pad match.\n");
248 return (retval == 0);
249 }
250
251 int pusb_pad_check(t_pusb_options *opts, LibHalContext *ctx,
252 const char *user)
253 {
254 LibHalVolume *volume = NULL;
255 int retval;
256
257 volume = pusb_volume_get(opts, ctx);
258 if (!volume)
259 return (0);
260 retval = pusb_pad_compare(opts, volume, user);
261 if (retval)
262 pusb_pad_update(opts, volume, user);
263 else
264 log_error("Pad checking failed !\n");
265 pusb_volume_destroy(volume);
266 return (retval);
267 }
pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives.