Bandie/pam_panic
Bandie/pam_panic
1
0
Fork 0
Code Issues 5 Pull Requests Releases Wiki Activity

Hardening, fixes #46

Browse Source
This commit is contained in:
Bandie 2018-04-23 23:22:43 +02:00
parent 9e892f2cb1
commit 76389e4794
Signed by: Bandie
GPG Key ID: C1E133BC65A822DD
3 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/pam_panic/pam_panic.c
View File

@ -71,7 +71,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
// Regex for checking arguments // Regex for checking arguments
regex_t regex; regex_t regex;
if(makeRegex(pamh, &regex)) if(makeRegex(pamh, &regex))
return (PAM_IGNORE); return (PAM_ABORT);
// Argument handling // Argument handling
@ -108,7 +108,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|| (bSerious && serious_temp == NULL) || (bSerious && serious_temp == NULL)
) { ) {
pam_syslog(pamh, LOG_ERR, "Arguments invalid. Note that allow and reject must have a valid GPT UUID."); pam_syslog(pamh, LOG_ERR, "Arguments invalid. Note that allow and reject must have a valid GPT UUID.");
return (PAM_IGNORE); return (PAM_ABORT);
} }
// Poweroff wins. // Poweroff wins.
@ -144,7 +144,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
// Check if panic key exist // Check if panic key exist
if(bSerious && access(serious_dev, F_OK) == -1){ if(bSerious && access(serious_dev, F_OK) == -1){
pam_syslog(pamh, LOG_ALERT, "ALERT for argument \"serious\": Device doesn't exist."); pam_syslog(pamh, LOG_ALERT, "ALERT for argument \"serious\": Device doesn't exist.");
return (PAM_IGNORE); return (PAM_ABORT);
} }
@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff); return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff);
} }
return (PAM_IGNORE); return (PAM_ABORT);
} }

9
src/pam_panic/pam_panic_password.c
View File

@ -76,11 +76,16 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t
// Read passwords from file // Read passwords from file
char pw[2][99]; char pw[2][99];
if(readPassword(pamh, pw)) if(readPassword(pamh, pw))
return(PAM_IGNORE); return(PAM_ABORT);
pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, "Password:: "); pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, PWPROMPT);
// Is response null?
if(!response)
return(PAM_ABORT);
strcpy(resp, response); strcpy(resp, response);

1
src/pam_panic/pam_panic_password.h
View File

@ -10,6 +10,7 @@ LICENSE : GNU-GPLv3
#ifndef PPASSFILE #ifndef PPASSFILE
#error PPASSFILE must be declared! #error PPASSFILE must be declared!
#endif #endif
#define PWPROMPT "Password::"
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff);