Bandie/pam_panic
Bandie/pam_panic
1
0
Fork 0
Code Issues 5 Pull Requests Releases Wiki Activity

Switch: Strict mode. Lock out if config is broken or not.

Browse Source
This commit is contained in:
Bandie 2018-11-14 17:00:39 +01:00
parent 90714490d1
commit 01b4a1bbed
Signed by: Bandie
GPG Key ID: C1E133BC65A822DD
3 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/pam_panic/pam_panic.c
View File

@ -93,6 +93,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
int8_t bReboot = 0;
int8_t bPoweroff = 0;
int8_t bPassword = 0;
int8_t bStrict = 0;
// gettext
setlocale(LC_ALL, "");
@ -122,6 +123,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
if(strstr(argv[i], "password") != NULL){
bPassword = 1;
}
if(strstr(argv[i], "strict") != NULL){
bStrict = 1;
}
if(strstr(argv[i], "serious") != NULL){
argSplit(&serious_arg, &serious_temp, argv[i]);
@ -139,7 +143,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|| (bSerious && serious_temp == NULL)
) {
pam_syslog(pamh, LOG_ERR, _("ERROR: Arguments invalid. Note that \"allow\" and \"reject\" must have a valid GPT UUID."));
if(bStrict)
return (PAM_ABORT);
else
return (PAM_IGNORE);
}
// Poweroff wins.
@ -175,7 +182,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
// Check if panic key exist
if(bSerious && access(serious_dev, F_OK) == -1){
pam_syslog(pamh, LOG_ALERT, _("ALERT for argument \"serious\": Device doesn't exist."));
if(bStrict)
return (PAM_ABORT);
else
return (PAM_IGNORE);
}
@ -187,7 +197,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
}
// Prompt for password
else if(bPassword){
return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff);
return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff, bStrict);
}
return (PAM_ABORT);

5
src/pam_panic/pam_panic_password.c
View File

@ -62,7 +62,7 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){
}
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff, int8_t bStrict){
// gettext
setlocale (LC_ALL, "");
@ -84,7 +84,10 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t
// Read passwords from file
char pw[2][99];
if(readPassword(pamh, pw))
if(bStrict)
return(PAM_ABORT);
else
return(PAM_IGNORE);
for(int i=0; i<3; i++){

2
src/pam_panic/pam_panic_password.h
View File

@ -18,7 +18,7 @@ LICENSE : GNU-GPLv3
#error PPASSFILE must be declared!
#endif
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff);
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff, int8_t bStrict);
#endif