From 607e7e241cf099510d54eacb872bc2227e7755d3 Mon Sep 17 00:00:00 2001 From: Bandie Date: Sun, 1 Apr 2018 16:45:09 +0200 Subject: [PATCH 1/4] Correcting and adding headers for future testing purposes. --- src/pam_panic/pam_panic.c | 2 +- src/pam_panic/pam_panic.h | 34 ++++++++++++++++++++++++++++ src/pam_panic/pam_panic_authdevice.h | 2 +- src/pam_panic/pam_panic_password.h | 12 +++++++--- src/pam_panic/pam_panic_reject.h | 3 +-- src/pam_panic_pw/pam_panic_pw.c | 2 +- src/pam_panic_pw/pam_panic_pw.h | 9 ++++++++ 7 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 src/pam_panic/pam_panic.h create mode 100644 src/pam_panic_pw/pam_panic_pw.h diff --git a/src/pam_panic/pam_panic.c b/src/pam_panic/pam_panic.c index 8e5c35f..948e9d1 100644 --- a/src/pam_panic/pam_panic.c +++ b/src/pam_panic/pam_panic.c @@ -6,7 +6,6 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ - #include #include #include @@ -21,6 +20,7 @@ LICENSE : GNU-GPLv3 #include "pam_panic_authdevice.h" #include "pam_panic_password.h" + #ifdef REBOOT #ifdef POWEROFF #ifdef CRYPTSETUP diff --git a/src/pam_panic/pam_panic.h b/src/pam_panic/pam_panic.h new file mode 100644 index 0000000..0ec8644 --- /dev/null +++ b/src/pam_panic/pam_panic.h @@ -0,0 +1,34 @@ +/* +FILENAME : pam_panic.c +DESCRIPTION : Header is made for testing purposes. +AUTHOR : Bandie +DATE : 2018-03-27T02:34:08+02:00 +LICENSE : GNU-GPLv3 +*/ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "pam_panic_reject.h" +#include "pam_panic_authdevice.h" +#include "pam_panic_password.h" + + +void argSplit(char **some_arg, char **some_temp, const char *arg); +void constrPath(char **dst, char **src); +PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]); + + +PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]); +PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]); diff --git a/src/pam_panic/pam_panic_authdevice.h b/src/pam_panic/pam_panic_authdevice.h index dfcfe19..53b8335 100644 --- a/src/pam_panic/pam_panic_authdevice.h +++ b/src/pam_panic/pam_panic_authdevice.h @@ -9,4 +9,4 @@ LICENSE : GNU-GPLv3 #define ASK "Please enter your secret key to decrypt the firewall and access the mainframe. " -#include "pam_panic_authdevice.c" +int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); diff --git a/src/pam_panic/pam_panic_password.h b/src/pam_panic/pam_panic_password.h index c25eb8f..6bca2bf 100644 --- a/src/pam_panic/pam_panic_password.h +++ b/src/pam_panic/pam_panic_password.h @@ -5,7 +5,13 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ - - #include -#include "pam_panic_password.c" + +#ifndef PPASSFILE + #error PPASSFILE must be declared! +#endif + +int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); + + + diff --git a/src/pam_panic/pam_panic_reject.h b/src/pam_panic/pam_panic_reject.h index 8aedf78..5c18236 100644 --- a/src/pam_panic/pam_panic_reject.h +++ b/src/pam_panic/pam_panic_reject.h @@ -5,5 +5,4 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ - -#include "pam_panic_reject.c" +int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); diff --git a/src/pam_panic_pw/pam_panic_pw.c b/src/pam_panic_pw/pam_panic_pw.c index 2ae872b..99cadbf 100644 --- a/src/pam_panic_pw/pam_panic_pw.c +++ b/src/pam_panic_pw/pam_panic_pw.c @@ -1,7 +1,7 @@ /* FILENAME : pam_panic_pw.c DESCRIPTION : Generates and saves password for pam_panic -AUTHOR : Bandie +AUTHOR : Bandie, some Author of the glibc manpage DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ diff --git a/src/pam_panic_pw/pam_panic_pw.h b/src/pam_panic_pw/pam_panic_pw.h new file mode 100644 index 0000000..af9043c --- /dev/null +++ b/src/pam_panic_pw/pam_panic_pw.h @@ -0,0 +1,9 @@ +/* +FILENAME : pam_panic_pw.h +AUTHOR : Bandie +DATE : 2018-03-27T02:34:08+02:00 +LICENSE : GNU-GPLv3 +*/ + +int writePassword(char pw[][99]); +int main(); From aca16b9f2c7ba74181a0507fd8915a9fcc7223ef Mon Sep 17 00:00:00 2001 From: Bandie Date: Sun, 1 Apr 2018 16:48:06 +0200 Subject: [PATCH 2/4] correction --- src/pam_panic_pw/pam_panic_pw.h | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pam_panic_pw/pam_panic_pw.h b/src/pam_panic_pw/pam_panic_pw.h index af9043c..d75a6b3 100644 --- a/src/pam_panic_pw/pam_panic_pw.h +++ b/src/pam_panic_pw/pam_panic_pw.h @@ -6,4 +6,3 @@ LICENSE : GNU-GPLv3 */ int writePassword(char pw[][99]); -int main(); From dd78ce5b5bf8845a9444b7258dafc0a625fbdbec Mon Sep 17 00:00:00 2001 From: Bandie Date: Sun, 1 Apr 2018 21:32:15 +0200 Subject: [PATCH 3/4] Resolving linking errors --- Makefile | 7 ++++--- src/pam_panic/Makefile | 28 ++++++++++++++++++++++------ src/pam_panic/pam_panic.c | 18 +++++++++++++----- src/pam_panic/pam_panic_authdevice.c | 10 ++++++++++ src/pam_panic/pam_panic_authdevice.h | 1 - src/pam_panic/pam_panic_password.c | 12 +++++++++++- src/pam_panic/pam_panic_password.h | 2 -- src/pam_panic/pam_panic_reject.c | 5 +++++ 8 files changed, 65 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index 843d023..0fe5d8d 100644 --- a/Makefile +++ b/Makefile @@ -11,14 +11,15 @@ all: @which reboot >/dev/null @which poweroff >/dev/null @which cryptsetup >/dev/null - mkdir -p build obj + mkdir -p build make -C src -e "PPASSFILE = $(PPASSFILE)" @printf "Done!\n" + clean: rm build/pam_panic.so rm build/pam_panic_pw - rm obj/pam_panic.o - rmdir build obj + make -C src/pam_panic clean + rmdir build @printf "Done!\n" detect_pamdir: diff --git a/src/pam_panic/Makefile b/src/pam_panic/Makefile index 2e42014..b4ee796 100644 --- a/src/pam_panic/Makefile +++ b/src/pam_panic/Makefile @@ -1,9 +1,25 @@ -CFLAGS = --std=gnu11 -O2 -fPIC -DPOWEROFF=\"`which poweroff`\" -DREBOOT=\"`which reboot`\" -DCRYPTSETUP=\"`which cryptsetup`\" -DPPASSFILE=\"$(PPASSFILE)\" -LDFLAGS = -x --shared -lcrypt +CFLAGS = -Wall --std=gnu11 -O2 -fPIC -DPOWEROFF=\"`which poweroff`\" -DREBOOT=\"`which reboot`\" -DCRYPTSETUP=\"`which cryptsetup`\" -DPPASSFILE=\"$(PPASSFILE)\" +#LDFLAGS = -x -shared -lcrypt -lpam -lpam_misc +LDFLAGS = -shared -lcrypt -lpam -lpam_misc -all: - mkdir -p ../../obj + +OBJ = pam_panic_authdevice.o pam_panic_password.o pam_panic_reject.o + + +pam_panic: $(OBJ) + cc $(CFLAGS) $(LDFLAGS) -o ../../build/pam_panic.so pam_panic.c $(OBJ) +# ld $(LDFLAGS) -o ../../build/pam_panic.so $(OBJ) + +%.o: %.c + $(CC) $(CFLAGS) -c -o $@ $< + +all: mkdir -p ../../build - cc $(CFLAGS) -c pam_panic.c -o ../../obj/pam_panic.o - ld $(LDFLAGS) -o ../../build/pam_panic.so ../../obj/pam_panic.o + +clean: + rm *.o + + +# cc $(CFLAGS) -c pam_panic.c -o ../../obj/pam_panic.o +# ld $(LDFLAGS) -o ../../build/pam_panic.so ../../obj/pam_panic.o diff --git a/src/pam_panic/pam_panic.c b/src/pam_panic/pam_panic.c index 948e9d1..63f4756 100644 --- a/src/pam_panic/pam_panic.c +++ b/src/pam_panic/pam_panic.c @@ -25,6 +25,18 @@ LICENSE : GNU-GPLv3 #ifdef POWEROFF #ifdef CRYPTSETUP +int makeRegex(pam_handle_t *pamh, regex_t *regex){ + char *pattern = "^[A-Fa-f0-9]\\{8\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{12\\}$"; + + if(regcomp(regex, pattern, 0)){ + pam_syslog(pamh, LOG_CRIT, "ERROR: Problem with regcomp."); + return 1; + } + + return 0; + +} + void argSplit(char **some_arg, char **some_temp, const char *arg){ strncpy(*some_arg, arg, 128); *some_temp = strtok(*some_arg, "="); @@ -56,13 +68,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons // Regex for checking arguments - char *pattern = "^[A-Fa-f0-9]\\{8\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{12\\}$"; regex_t regex; - - if(regcomp(®ex, pattern, 0)){ - pam_syslog(pamh, LOG_CRIT, "ERROR: Problem with regcomp."); + if(makeRegex(pamh, ®ex)) return (PAM_IGNORE); - } // Argument handling diff --git a/src/pam_panic/pam_panic_authdevice.c b/src/pam_panic/pam_panic_authdevice.c index 93411bf..2cd3abb 100644 --- a/src/pam_panic/pam_panic_authdevice.c +++ b/src/pam_panic/pam_panic_authdevice.c @@ -6,6 +6,14 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#include +#include +#include +#include +#include +#include "pam_panic_reject.h" + +#include "pam_panic_authdevice.h" int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ @@ -23,4 +31,6 @@ int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_ if(access(rejected, F_OK) != -1) return reject(serious_dev, bSerious, bReboot, bPoweroff); + return (PAM_MAXTRIES); + } diff --git a/src/pam_panic/pam_panic_authdevice.h b/src/pam_panic/pam_panic_authdevice.h index 53b8335..7a0affe 100644 --- a/src/pam_panic/pam_panic_authdevice.h +++ b/src/pam_panic/pam_panic_authdevice.h @@ -6,7 +6,6 @@ LICENSE : GNU-GPLv3 */ - #define ASK "Please enter your secret key to decrypt the firewall and access the mainframe. " int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff); diff --git a/src/pam_panic/pam_panic_password.c b/src/pam_panic/pam_panic_password.c index 5c8f7c1..4af21e4 100644 --- a/src/pam_panic/pam_panic_password.c +++ b/src/pam_panic/pam_panic_password.c @@ -6,6 +6,17 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "pam_panic_password.h" +#include "pam_panic_reject.h" int readPassword(pam_handle_t *pamh, char pw[2][99]){ @@ -24,7 +35,6 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){ // Get file contents size_t nread; char filecontent[198]; - char chr; nread = fread(filecontent, sizeof(char), 198, f); fclose(f); diff --git a/src/pam_panic/pam_panic_password.h b/src/pam_panic/pam_panic_password.h index 6bca2bf..886520c 100644 --- a/src/pam_panic/pam_panic_password.h +++ b/src/pam_panic/pam_panic_password.h @@ -5,8 +5,6 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ -#include - #ifndef PPASSFILE #error PPASSFILE must be declared! #endif diff --git a/src/pam_panic/pam_panic_reject.c b/src/pam_panic/pam_panic_reject.c index c4580f8..8298b0d 100644 --- a/src/pam_panic/pam_panic_reject.c +++ b/src/pam_panic/pam_panic_reject.c @@ -6,6 +6,11 @@ DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ +#include +#include +#include +#include +#include "pam_panic_reject.h" int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ if(bSerious){ From 4e6260f547ad2d3e63f812260160d4739df8535f Mon Sep 17 00:00:00 2001 From: Bandie Date: Sun, 1 Apr 2018 21:46:39 +0200 Subject: [PATCH 4/4] CF removed due to impossibility. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 887b640..4d6d644 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# pam\_panic [![Build Status](https://travis-ci.org/pampanic/pam_panic.svg?branch=master)](https://travis-ci.org/pampanic/pam_panic) [![CodeFactor](https://www.codefactor.io/repository/github/pampanic/pam_panic/badge)](https://www.codefactor.io/repository/github/pampanic/pam_panic) +# pam\_panic [![Build Status](https://travis-ci.org/pampanic/pam_panic.svg?branch=master)](https://travis-ci.org/pampanic/pam_panic) ## Purpose