/* FILENAME : pam_panic.c DESCRIPTION : The pam_panic PAM module shall protect people who have value data on their computer. It provides a panic function. AUTHOR : Bandie DATE : 2018-03-27T02:34:08+02:00 LICENSE : GNU-GPLv3 */ #include #include #include #include #include #include #include #include #include #include #ifdef REBOOT #ifdef POWEROFF #ifdef CRYPTSETUP #define ASK "Please enter your secret removable media to decrypt the firewall and access the mainframe. " PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { char *allowed_arg = malloc(128 * sizeof(char)); char *rejected_arg = malloc(128 * sizeof(char)); char *serious_arg = malloc(128 * sizeof(char)); char *allowed_temp = NULL; char *rejected_temp = NULL; char *serious_temp = NULL; char *allowed = malloc(60 * sizeof(char)); char *rejected = malloc(60 * sizeof(char)); char *serious_dev = malloc(60 * sizeof(char)); int8_t serious = 0; int8_t reboot = 0; int8_t poweroff = 0; // Regex for checking arguments char *resp; char *pattern = "^[A-Fa-f0-9]\\{8\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{4\\}\\-[A-Fa-f0-9]\\{12\\}$"; regex_t regex; if(regcomp(®ex, pattern, 0)){ pam_syslog(pamh, LOG_CRIT, "ERROR: Problem with regcomp."); return (PAM_IGNORE); } // Check number of arguments if(argc<2){ pam_syslog(pamh, LOG_ERR, "Missing arguments."); return (PAM_IGNORE); } // Argument handling for(int i=0; i= 3){ pam_syslog(pamh, LOG_NOTICE, "Couldn't identify removable media. 3 tries."); return (PAM_MAXTRIES); } } // Allowed removable media? OK! if(access(allowed, F_OK) != -1) return (PAM_SUCCESS); // Rejected removable media? PANIC!!1 if(access(rejected, F_OK) != -1){ if(serious){ int ser_stat; int yes[2]; pipe(yes); if(fork() == 0){ close(yes[1]); dup2(yes[0], 0); execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL); }else { close(yes[0]); write(yes[1], "YES\n", 4); close(yes[1]); wait(&ser_stat); } } if(reboot) execlp(REBOOT, REBOOT, NULL); if(poweroff) execlp(POWEROFF, POWEROFF, NULL); return (PAM_MAXTRIES); } return (PAM_MAXTRIES); } // Fuck all of this below. PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { return (PAM_SERVICE_ERR); } #endif #endif #endif