src/pam.c

   1 /*
   2  * Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>
   3  *
   4  * This file is part of the pam_usb project. pam_usb is free software;
   5  * you can redistribute it and/or modify it under the terms of the GNU General
   6  * Public License version 2, as published by the Free Software Foundation.
   7  *
   8  * pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY
   9  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  10  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  11  * details.
  12  *
  13  * You should have received a copy of the GNU General Public License along with
  14  * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
  15  * Place, Suite 330, Boston, MA  02111-1307  USA
  16  */
  17
  18 #define PAM_SM_AUTH
  19 #include <security/pam_modules.h>
  20 #include <security/_pam_macros.h>
  21
  22 #include "version.h"
  23 #include "conf.h"
  24 #include "log.h"
  25 #include "local.h"
  26 #include "device.h"
  27
  28 PAM_EXTERN
  29 int pam_sm_authenticate(pam_handle_t *pamh, int flags,
  30                 int argc, const char **argv)
  31 {
  32         t_pusb_options  opts;
  33         const char              *service;
  34         const char              *user;
  35         const char              *tty;
  36         char                    *conf_file = PUSB_CONF_FILE;
  37         int                             retval;
  38
  39         pusb_log_init(&opts);
  40         retval = pam_get_item(pamh, PAM_SERVICE,
  41                         (const void **)(const void *)&service);
  42         if (retval != PAM_SUCCESS)
  43         {
  44                 log_error("Unable to retrieve the PAM service name.\n");
  45                 return (PAM_AUTH_ERR);
  46         }
  47
  48         if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || !user || !*user)
  49         {
  50                 log_error("Unable to retrieve the PAM user name.\n");
  51                 return (PAM_AUTH_ERR);
  52         }
  53
  54         if (argc > 1)
  55                 if (!strcmp(argv[0], "-c"))
  56                         conf_file = (char *)argv[1];
  57         if (!pusb_conf_init(&opts))
  58                 return (PAM_AUTH_ERR);
  59         if (!pusb_conf_parse(conf_file, &opts, user, service))
  60                 return (PAM_AUTH_ERR);
  61
  62         if (!opts.enable)
  63         {
  64                 log_debug("Not enabled, exiting...\n");
  65                 return (PAM_IGNORE);
  66         }
  67
  68         log_info("pam_usb v%s\n", PUSB_VERSION);
  69         log_info("Authentication request for user \"%s\" (%s)\n",
  70                         user, service);
  71
  72         if (pam_get_item(pamh, PAM_TTY,
  73                                 (const void **)(const void *)&tty) == PAM_SUCCESS)
  74         {
  75                 if (tty && !strcmp(tty, "ssh"))
  76                 {
  77                         log_debug("SSH Authentication, aborting.\n");
  78                         return (PAM_AUTH_ERR);
  79                 }
  80         }
  81         if (!pusb_local_login(&opts, user))
  82         {
  83                 log_error("Access denied.\n");
  84                 return (PAM_AUTH_ERR);
  85         }
  86         if (pusb_device_check(&opts, user))
  87         {
  88                 log_info("Access granted.\n");
  89                 return (PAM_SUCCESS);
  90         }
  91         log_error("Access denied.\n");
  92         return (PAM_AUTH_ERR);
  93 }
  94
  95 PAM_EXTERN
  96 int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc,
  97                 const char **argv)
  98 {
  99         return (PAM_SUCCESS);
 100 }
 101
 102 #ifdef PAM_STATIC
 103
 104 struct pam_module _pam_usb_modstruct = {
 105         "pam_usb",
 106         pam_sm_authenticate,
 107         pam_sm_setcred,
 108         NULL,
 109         NULL,
 110         NULL,
 111         NULL
 112 };
 113
 114 #endif