From 01b4a1bbed4630f87318fabfd16d3609891d3907 Mon Sep 17 00:00:00 2001 From: Bandie Date: Wed, 14 Nov 2018 17:00:39 +0100 Subject: [PATCH] Switch: Strict mode. Lock out if config is broken or not. --- src/pam_panic/pam_panic.c | 18 ++++++++++++++---- src/pam_panic/pam_panic_password.c | 7 +++++-- src/pam_panic/pam_panic_password.h | 2 +- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/src/pam_panic/pam_panic.c b/src/pam_panic/pam_panic.c index 5ef5d5d..6383c91 100644 --- a/src/pam_panic/pam_panic.c +++ b/src/pam_panic/pam_panic.c @@ -93,6 +93,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons int8_t bReboot = 0; int8_t bPoweroff = 0; int8_t bPassword = 0; + int8_t bStrict = 0; // gettext setlocale(LC_ALL, ""); @@ -122,6 +123,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons if(strstr(argv[i], "password") != NULL){ bPassword = 1; } + if(strstr(argv[i], "strict") != NULL){ + bStrict = 1; + } if(strstr(argv[i], "serious") != NULL){ argSplit(&serious_arg, &serious_temp, argv[i]); @@ -139,7 +143,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons || (bSerious && serious_temp == NULL) ) { pam_syslog(pamh, LOG_ERR, _("ERROR: Arguments invalid. Note that \"allow\" and \"reject\" must have a valid GPT UUID.")); - return (PAM_ABORT); + if(bStrict) + return (PAM_ABORT); + else + return (PAM_IGNORE); } // Poweroff wins. @@ -175,7 +182,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons // Check if panic key exist if(bSerious && access(serious_dev, F_OK) == -1){ pam_syslog(pamh, LOG_ALERT, _("ALERT for argument \"serious\": Device doesn't exist.")); - return (PAM_ABORT); + if(bStrict) + return (PAM_ABORT); + else + return (PAM_IGNORE); } @@ -187,10 +197,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons } // Prompt for password else if(bPassword){ - return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff); + return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff, bStrict); } - return (PAM_ABORT); + return (PAM_ABORT); } diff --git a/src/pam_panic/pam_panic_password.c b/src/pam_panic/pam_panic_password.c index e1525ee..f303612 100644 --- a/src/pam_panic/pam_panic_password.c +++ b/src/pam_panic/pam_panic_password.c @@ -62,7 +62,7 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){ } -int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ +int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff, int8_t bStrict){ // gettext setlocale (LC_ALL, ""); @@ -84,7 +84,10 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t // Read passwords from file char pw[2][99]; if(readPassword(pamh, pw)) - return(PAM_ABORT); + if(bStrict) + return(PAM_ABORT); + else + return(PAM_IGNORE); for(int i=0; i<3; i++){ diff --git a/src/pam_panic/pam_panic_password.h b/src/pam_panic/pam_panic_password.h index d81ada7..4c53118 100644 --- a/src/pam_panic/pam_panic_password.h +++ b/src/pam_panic/pam_panic_password.h @@ -18,7 +18,7 @@ LICENSE : GNU-GPLv3 #error PPASSFILE must be declared! #endif -int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); +int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff, int8_t bStrict); #endif