Merge pull request #47 from Bandie/master

Hardening, fixes #46
This commit is contained in:
Bandie 2018-04-23 23:29:24 +02:00 committed by GitHub
commit 87de344f6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 6 deletions

View File

@ -71,7 +71,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
// Regex for checking arguments
regex_t regex;
if(makeRegex(pamh, &regex))
return (PAM_IGNORE);
return (PAM_ABORT);
// Argument handling
@ -108,7 +108,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
|| (bSerious && serious_temp == NULL)
) {
pam_syslog(pamh, LOG_ERR, "Arguments invalid. Note that allow and reject must have a valid GPT UUID.");
return (PAM_IGNORE);
return (PAM_ABORT);
}
// Poweroff wins.
@ -144,7 +144,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
// Check if panic key exist
if(bSerious && access(serious_dev, F_OK) == -1){
pam_syslog(pamh, LOG_ALERT, "ALERT for argument \"serious\": Device doesn't exist.");
return (PAM_IGNORE);
return (PAM_ABORT);
}
@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
return authPassword(pamh, serious_dev, bSerious, bReboot, bPoweroff);
}
return (PAM_IGNORE);
return (PAM_ABORT);
}

View File

@ -76,11 +76,16 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t
// Read passwords from file
char pw[2][99];
if(readPassword(pamh, pw))
return(PAM_IGNORE);
return(PAM_ABORT);
pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, "Password:: ");
pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, PWPROMPT);
// Is response null?
if(!response)
return(PAM_ABORT);
strcpy(resp, response);

View File

@ -10,6 +10,7 @@ LICENSE : GNU-GPLv3
#ifndef PPASSFILE
#error PPASSFILE must be declared!
#endif
#define PWPROMPT "Password::"
int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff);