Add the PAM module.
authorSteinar H. Gunderson <sesse@samfundet.no>
Tue, 14 May 2013 21:16:15 +0000 (23:16 +0200)
committerSteinar H. Gunderson <sesse@samfundet.no>
Tue, 14 May 2013 21:16:15 +0000 (23:16 +0200)
libpam-itkacl-0.4/Makefile [new file with mode: 0644]
libpam-itkacl-0.4/debian/changelog [new file with mode: 0644]
libpam-itkacl-0.4/debian/compat [new file with mode: 0644]
libpam-itkacl-0.4/debian/control [new file with mode: 0644]
libpam-itkacl-0.4/debian/copyright [new file with mode: 0644]
libpam-itkacl-0.4/debian/dirs [new file with mode: 0644]
libpam-itkacl-0.4/debian/libpam-itkacl.dirs [new file with mode: 0644]
libpam-itkacl-0.4/debian/libpam-itkacl.install [new file with mode: 0644]
libpam-itkacl-0.4/debian/rules [new file with mode: 0755]
libpam-itkacl-0.4/pam_itkacl.c [new file with mode: 0644]

diff --git a/libpam-itkacl-0.4/Makefile b/libpam-itkacl-0.4/Makefile
new file mode 100644 (file)
index 0000000..9cff69a
--- /dev/null
@@ -0,0 +1,18 @@
+CC=gcc
+CFLAGS += -fPIC
+LDLIBS=-litkacl
+
+all: pam_itkacl.so
+
+OBJS=pam_itkacl.o
+
+pam_itkacl.so: $(OBJS)
+       $(CC) -shared -o pam_itkacl.so $(OBJS) $(LDFLAGS) $(LDLIBS)
+
+clean:
+       $(RM) $(OBJS) pam_itkacl.so
+
+install:
+       install -m 0644 pam_itkacl.so $(DESTDIR)/lib/security/
+
+.PHONY: clean
diff --git a/libpam-itkacl-0.4/debian/changelog b/libpam-itkacl-0.4/debian/changelog
new file mode 100644 (file)
index 0000000..45f4f74
--- /dev/null
@@ -0,0 +1,40 @@
+libpam-itkacl (0.4) unstable; urgency=low
+
+  * Move to shared libitkacl (and add a Build-Dependency).
+  * Move to a native package for now.
+  * Move the install target to the "upstream" Makefile.
+  * Fix missing #include <syslog.h>.
+
+ -- Steinar H. Gunderson <sesse@samfundet.no>  Tue, 14 May 2013 23:09:01 +0200
+
+libpam-itkacl (0.3-1) unstable; urgency=low
+
+  * Move to new ITKACL client library.
+    * Remove build-dependency on libpq-dev.
+
+ -- Steinar H. Gunderson <sesse@debian.org>  Wed, 25 Feb 2009 23:14:01 +0100
+
+libpam-itkacl (0.2-1.1) unstable; urgency=low
+
+  * Build against libpq-dev and depend on libpq5 for Lenny
+
+ -- Berge Schwebs Bjorlo <berge@samfundet.no>  Wed, 18 Jun 2008 22:56:31 +0200
+
+libpam-itkacl (0.2-1) unstable; urgency=low
+
+  *  Allow root to log in no matter what.
+
+ -- Martin Sandsmark <sandsmark@samfundet.no>  Thu, 17 Apr 2008 20:38:42 +0200
+
+libpam-itkacl (0.1-2) unstable; urgency=low
+
+  * Actually link to -lpq.
+
+ -- Steinar H. Gunderson <itk@samfundet.no>  Sat, 22 Oct 2005 18:20:36 +0200
+
+libpam-itkacl (0.1-1) unstable; urgency=low
+
+  * Initial release.
+
+ -- Steinar H. Gunderson <itk@samfundet.no>  Thu, 20 Oct 2005 19:37:21 +0200
+
diff --git a/libpam-itkacl-0.4/debian/compat b/libpam-itkacl-0.4/debian/compat
new file mode 100644 (file)
index 0000000..7f8f011
--- /dev/null
@@ -0,0 +1 @@
+7
diff --git a/libpam-itkacl-0.4/debian/control b/libpam-itkacl-0.4/debian/control
new file mode 100644 (file)
index 0000000..d91834f
--- /dev/null
@@ -0,0 +1,13 @@
+Source: libpam-itkacl
+Priority: optional
+Maintainer: Steinar H. Gunderson <sesse@samfundet.no>
+Build-Depends: debhelper (>= 7.0.0), libpam0g-dev | libpam-dev, libitkacl-dev
+Standards-Version: 3.9.1
+Section: libs
+
+Package: libpam-itkacl
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: PAM module for ITKACL
+ PAM module that allows you to allow/deny users on the basis of an ITKACL.
diff --git a/libpam-itkacl-0.4/debian/copyright b/libpam-itkacl-0.4/debian/copyright
new file mode 100644 (file)
index 0000000..547ad59
--- /dev/null
@@ -0,0 +1,2 @@
+pam_itkacl, Copyright 2004-2005 Steinar H. Gunderson
+License: GPLv2
diff --git a/libpam-itkacl-0.4/debian/dirs b/libpam-itkacl-0.4/debian/dirs
new file mode 100644 (file)
index 0000000..ca882bb
--- /dev/null
@@ -0,0 +1,2 @@
+usr/bin
+usr/sbin
diff --git a/libpam-itkacl-0.4/debian/libpam-itkacl.dirs b/libpam-itkacl-0.4/debian/libpam-itkacl.dirs
new file mode 100644 (file)
index 0000000..d1f6515
--- /dev/null
@@ -0,0 +1 @@
+lib/security
diff --git a/libpam-itkacl-0.4/debian/libpam-itkacl.install b/libpam-itkacl-0.4/debian/libpam-itkacl.install
new file mode 100644 (file)
index 0000000..704c46c
--- /dev/null
@@ -0,0 +1 @@
+lib/security/pam_itkacl.so
diff --git a/libpam-itkacl-0.4/debian/rules b/libpam-itkacl-0.4/debian/rules
new file mode 100755 (executable)
index 0000000..d6db1f9
--- /dev/null
@@ -0,0 +1,43 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE=1
+
+CFLAGS = -Wall -g -fPIC
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+       CFLAGS += -O0
+else
+       CFLAGS += -O2
+endif
+
+build:
+       dh_testdir
+       $(MAKE) CFLAGS="$(CFLAGS)"
+
+clean:
+       dh_testdir
+       dh_testroot
+       $(MAKE) clean
+       dh_clean 
+
+binary-indep: build
+binary-arch: build
+       dh_testdir
+       dh_testroot
+       dh_installdirs
+       dh_installdocs
+       
+       $(MAKE) install DESTDIR=debian/libpam-itkacl
+       
+       dh_installchangelogs
+       dh_strip
+       dh_compress
+       dh_fixperms
+       dh_installdeb
+       dh_shlibdeps
+       dh_gencontrol
+       dh_md5sums
+       dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary
diff --git a/libpam-itkacl-0.4/pam_itkacl.c b/libpam-itkacl-0.4/pam_itkacl.c
new file mode 100644 (file)
index 0000000..19044bc
--- /dev/null
@@ -0,0 +1,108 @@
+
+#define PAM_SM_ACCOUNT
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <string.h>
+#include <syslog.h>
+#include <security/pam_modules.h>
+
+#include "itkacl.h"
+
+/* --- authentication management functions --- */
+
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
+                                  int argc, const char **argv)
+{
+       return PAM_AUTH_ERR;
+}
+
+PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags, int argc,
+                             const char **argv)
+{
+
+       return PAM_CRED_UNAVAIL;
+}
+
+/* --- account management functions --- */
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc,
+                               const char **argv)
+{
+       char realm[256], errmsg[256];
+       const char *username;
+       int ret;
+
+       openlog("pam_itkacl", 0, LOG_AUTHPRIV);
+
+       /* We want and need exactly one argument: realm='whatever' */
+       if (argc != 1) {
+               syslog(LOG_CRIT, "wrong number of arguments: expected 1, got %d", argc);
+               return PAM_SERVICE_ERR;
+       }
+       if (sscanf(argv[0], "realm='%[^']'", realm) != 1) {
+               syslog(LOG_CRIT, "realm in bad format: got %s, expected realm='/foo/bar'", argv[0]);
+               return PAM_SERVICE_ERR;
+       }
+
+       /* Get the user name from PAM */
+       ret = pam_get_item(pamh, PAM_USER, (const void **)&username);
+       if (ret != PAM_SUCCESS || username == NULL) {
+               syslog(LOG_CRIT, "Couldn't get username from PAM");
+               return PAM_USER_UNKNOWN;
+       }
+
+       /* Root should always be able to log in */
+       if (strcmp(username, "root") == 0)
+               return PAM_SUCCESS;
+
+       ret = itkacl_check(realm, username, errmsg, 256);
+       if (ret == -1) {
+               syslog(LOG_ERR, "itkacl_check() returned an error: %s", errmsg);
+               return PAM_SERVICE_ERR;
+       }
+
+       if (ret == 0) {
+               return PAM_SUCCESS;
+       } else {
+               return PAM_ACCT_EXPIRED;
+       }
+}
+
+/* --- password management --- */
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc,
+                               const char **argv)
+{
+       return PAM_AUTHTOK_ERR;
+}
+
+/* --- session management --- */
+
+PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags,
+                                  int argc, const char **argv)
+{
+       return PAM_SYSTEM_ERR;
+}
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags,
+                                   int argc, const char **argv)
+{
+       return PAM_SYSTEM_ERR;
+}
+
+/* end of module definition */
+
+/* static module data */
+#ifdef PAM_STATIC
+struct pam_module _pam_itkacl_modstruct = {
+       "pam_itkacl",
+       pam_sm_authenticate,
+       pam_sm_setcred,
+       pam_sm_acct_mgmt,
+       pam_sm_open_session,
+       pam_sm_close_session,
+       pam_sm_chauthtok
+};
+#endif