diff --git a/Makefile b/Makefile index 843d023..0fe5d8d 100644 --- a/Makefile +++ b/Makefile @@ -11,14 +11,15 @@ all: @which reboot >/dev/null @which poweroff >/dev/null @which cryptsetup >/dev/null - mkdir -p build obj + mkdir -p build make -C src -e "PPASSFILE = $(PPASSFILE)" @printf "Done!\n" + clean: rm build/pam_panic.so rm build/pam_panic_pw - rm obj/pam_panic.o - rmdir build obj + make -C src/pam_panic clean + rmdir build @printf "Done!\n" detect_pamdir: diff --git a/README.md b/README.md index 887b640..4d6d644 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# pam\_panic [![Build Status](https://travis-ci.org/pampanic/pam_panic.svg?branch=master)](https://travis-ci.org/pampanic/pam_panic) [![CodeFactor](https://www.codefactor.io/repository/github/pampanic/pam_panic/badge)](https://www.codefactor.io/repository/github/pampanic/pam_panic) +# pam\_panic [![Build Status](https://travis-ci.org/pampanic/pam_panic.svg?branch=master)](https://travis-ci.org/pampanic/pam_panic) ## Purpose diff --git a/src/pam_panic/Makefile b/src/pam_panic/Makefile index 2e42014..b4ee796 100644 --- a/src/pam_panic/Makefile +++ b/src/pam_panic/Makefile @@ -1,9 +1,25 @@ -CFLAGS = --std=gnu11 -O2 -fPIC -DPOWEROFF=\"`which poweroff`\" -DREBOOT=\"`which reboot`\" -DCRYPTSETUP=\"`which cryptsetup`\" -DPPASSFILE=\"$(PPASSFILE)\" -LDFLAGS = -x --shared -lcrypt +CFLAGS = -Wall --std=gnu11 -O2 -fPIC -DPOWEROFF=\"`which poweroff`\" -DREBOOT=\"`which reboot`\" -DCRYPTSETUP=\"`which cryptsetup`\" -DPPASSFILE=\"$(PPASSFILE)\" +#LDFLAGS = -x -shared -lcrypt -lpam -lpam_misc +LDFLAGS = -shared -lcrypt -lpam -lpam_misc -all: - mkdir -p ../../obj + +OBJ = pam_panic_authdevice.o pam_panic_password.o pam_panic_reject.o + + +pam_panic: $(OBJ) + cc $(CFLAGS) $(LDFLAGS) -o ../../build/pam_panic.so pam_panic.c $(OBJ) +# ld $(LDFLAGS) -o ../../build/pam_panic.so $(OBJ) + +%.o: %.c + $(CC) $(CFLAGS) -c -o $@ $< + +all: mkdir -p ../../build - cc $(CFLAGS) -c pam_panic.c -o ../../obj/pam_panic.o - ld $(LDFLAGS) -o ../../build/pam_panic.so ../../obj/pam_panic.o + +clean: + rm *.o + + +# cc $(CFLAGS) -c pam_panic.c -o ../../obj/pam_panic.o +# ld $(LDFLAGS) -o ../../build/pam_panic.so ../../obj/pam_panic.o diff --git a/src/pam_panic/pam_panic.c b/src/pam_panic/pam_panic.c index 8e5c35f..63f4756 100644 --- a/src/pam_panic/pam_panic.c +++ b/src/pam_panic/pam_panic.c @@ -6,7 +6,6 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ - #include #include #include @@ -21,10 +20,23 @@ LICENSE : GNU-GPLv3 #include "pam_panic_authdevice.h" #include "pam_panic_password.h" + #ifdef REBOOT #ifdef POWEROFF #ifdef CRYPTSETUP +int makeRegex(pam_handle_t *pamh, regex_t *regex){ + char *pattern = "^[A-Fa-f0-9]\\{8\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{12\\}$"; + + if(regcomp(regex, pattern, 0)){ + pam_syslog(pamh, LOG_CRIT, "ERROR: Problem with regcomp."); + return 1; + } + + return 0; + +} + void argSplit(char **some_arg, char **some_temp, const char *arg){ strncpy(*some_arg, arg, 128); *some_temp = strtok(*some_arg, "="); @@ -56,13 +68,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons // Regex for checking arguments - char *pattern = "^[A-Fa-f0-9]\\{8\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{12\\}$"; regex_t regex; - - if(regcomp(®ex, pattern, 0)){ - pam_syslog(pamh, LOG_CRIT, "ERROR: Problem with regcomp."); + if(makeRegex(pamh, ®ex)) return (PAM_IGNORE); - } // Argument handling diff --git a/src/pam_panic/pam_panic.h b/src/pam_panic/pam_panic.h new file mode 100644 index 0000000..0ec8644 --- /dev/null +++ b/src/pam_panic/pam_panic.h @@ -0,0 +1,34 @@ +/* +FILENAME : pam_panic.c +DESCRIPTION : Header is made for testing purposes. +AUTHOR : Bandie +DATE : 2018-03-27T02:34:08+02:00 +LICENSE : GNU-GPLv3 +*/ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "pam_panic_reject.h" +#include "pam_panic_authdevice.h" +#include "pam_panic_password.h" + + +void argSplit(char **some_arg, char **some_temp, const char *arg); +void constrPath(char **dst, char **src); +PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]); + + +PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]); diff --git a/src/pam_panic/pam_panic_authdevice.c b/src/pam_panic/pam_panic_authdevice.c index 93411bf..2cd3abb 100644 --- a/src/pam_panic/pam_panic_authdevice.c +++ b/src/pam_panic/pam_panic_authdevice.c @@ -6,6 +6,14 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#include +#include +#include +#include +#include +#include "pam_panic_reject.h" + +#include "pam_panic_authdevice.h" int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ @@ -23,4 +31,6 @@ int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_ if(access(rejected, F_OK) != -1) return reject(serious_dev, bSerious, bReboot, bPoweroff); + return (PAM_MAXTRIES); + } diff --git a/src/pam_panic/pam_panic_authdevice.h b/src/pam_panic/pam_panic_authdevice.h index dfcfe19..7a0affe 100644 --- a/src/pam_panic/pam_panic_authdevice.h +++ b/src/pam_panic/pam_panic_authdevice.h @@ -6,7 +6,6 @@ LICENSE : GNU-GPLv3 */ - #define ASK "Please enter your secret key to decrypt the firewall and access the mainframe. " -#include "pam_panic_authdevice.c" +int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); diff --git a/src/pam_panic/pam_panic_password.c b/src/pam_panic/pam_panic_password.c index 5c8f7c1..4af21e4 100644 --- a/src/pam_panic/pam_panic_password.c +++ b/src/pam_panic/pam_panic_password.c @@ -6,6 +6,17 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "pam_panic_password.h" +#include "pam_panic_reject.h" int readPassword(pam_handle_t *pamh, char pw[2][99]){ @@ -24,7 +35,6 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){ // Get file contents size_t nread; char filecontent[198]; - char chr; nread = fread(filecontent, sizeof(char), 198, f); fclose(f); diff --git a/src/pam_panic/pam_panic_password.h b/src/pam_panic/pam_panic_password.h index c25eb8f..886520c 100644 --- a/src/pam_panic/pam_panic_password.h +++ b/src/pam_panic/pam_panic_password.h @@ -5,7 +5,11 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#ifndef PPASSFILE + #error PPASSFILE must be declared! +#endif + +int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); + -#include -#include "pam_panic_password.c" diff --git a/src/pam_panic/pam_panic_reject.c b/src/pam_panic/pam_panic_reject.c index c4580f8..8298b0d 100644 --- a/src/pam_panic/pam_panic_reject.c +++ b/src/pam_panic/pam_panic_reject.c @@ -6,6 +6,11 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#include +#include +#include +#include +#include "pam_panic_reject.h" int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ if(bSerious){ diff --git a/src/pam_panic/pam_panic_reject.h b/src/pam_panic/pam_panic_reject.h index 8aedf78..5c18236 100644 --- a/src/pam_panic/pam_panic_reject.h +++ b/src/pam_panic/pam_panic_reject.h @@ -5,5 +5,4 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ - -#include "pam_panic_reject.c" +int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); diff --git a/src/pam_panic_pw/pam_panic_pw.c b/src/pam_panic_pw/pam_panic_pw.c index 2ae872b..99cadbf 100644 --- a/src/pam_panic_pw/pam_panic_pw.c +++ b/src/pam_panic_pw/pam_panic_pw.c @@ -1,7 +1,7 @@ /* FILENAME : pam_panic_pw.c DESCRIPTION : Generates and saves password for pam_panic -AUTHOR : Bandie +AUTHOR : Bandie, some Author of the glibc manpage DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ diff --git a/src/pam_panic_pw/pam_panic_pw.h b/src/pam_panic_pw/pam_panic_pw.h new file mode 100644 index 0000000..d75a6b3 --- /dev/null +++ b/src/pam_panic_pw/pam_panic_pw.h @@ -0,0 +1,8 @@ +/* +FILENAME : pam_panic_pw.h +AUTHOR : Bandie +DATE : 2018-03-27T02:34:08+02:00 +LICENSE : GNU-GPLv3 +*/ + +int writePassword(char pw[][99]);