From 5a4ae0a37159e6af798d19800681f78872fb65a0 Mon Sep 17 00:00:00 2001 From: "Steinar H. Gunderson" Date: Tue, 14 May 2013 23:16:15 +0200 Subject: [PATCH] Add the PAM module. --- libpam-itkacl-0.4/Makefile | 18 +++ libpam-itkacl-0.4/debian/changelog | 40 +++++++ libpam-itkacl-0.4/debian/compat | 1 + libpam-itkacl-0.4/debian/control | 13 +++ libpam-itkacl-0.4/debian/copyright | 2 + libpam-itkacl-0.4/debian/dirs | 2 + libpam-itkacl-0.4/debian/libpam-itkacl.dirs | 1 + .../debian/libpam-itkacl.install | 1 + libpam-itkacl-0.4/debian/rules | 43 +++++++ libpam-itkacl-0.4/pam_itkacl.c | 108 ++++++++++++++++++ 10 files changed, 229 insertions(+) create mode 100644 libpam-itkacl-0.4/Makefile create mode 100644 libpam-itkacl-0.4/debian/changelog create mode 100644 libpam-itkacl-0.4/debian/compat create mode 100644 libpam-itkacl-0.4/debian/control create mode 100644 libpam-itkacl-0.4/debian/copyright create mode 100644 libpam-itkacl-0.4/debian/dirs create mode 100644 libpam-itkacl-0.4/debian/libpam-itkacl.dirs create mode 100644 libpam-itkacl-0.4/debian/libpam-itkacl.install create mode 100755 libpam-itkacl-0.4/debian/rules create mode 100644 libpam-itkacl-0.4/pam_itkacl.c diff --git a/libpam-itkacl-0.4/Makefile b/libpam-itkacl-0.4/Makefile new file mode 100644 index 0000000..9cff69a --- /dev/null +++ b/libpam-itkacl-0.4/Makefile @@ -0,0 +1,18 @@ +CC=gcc +CFLAGS += -fPIC +LDLIBS=-litkacl + +all: pam_itkacl.so + +OBJS=pam_itkacl.o + +pam_itkacl.so: $(OBJS) + $(CC) -shared -o pam_itkacl.so $(OBJS) $(LDFLAGS) $(LDLIBS) + +clean: + $(RM) $(OBJS) pam_itkacl.so + +install: + install -m 0644 pam_itkacl.so $(DESTDIR)/lib/security/ + +.PHONY: clean diff --git a/libpam-itkacl-0.4/debian/changelog b/libpam-itkacl-0.4/debian/changelog new file mode 100644 index 0000000..45f4f74 --- /dev/null +++ b/libpam-itkacl-0.4/debian/changelog @@ -0,0 +1,40 @@ +libpam-itkacl (0.4) unstable; urgency=low + + * Move to shared libitkacl (and add a Build-Dependency). + * Move to a native package for now. + * Move the install target to the "upstream" Makefile. + * Fix missing #include . + + -- Steinar H. Gunderson Tue, 14 May 2013 23:09:01 +0200 + +libpam-itkacl (0.3-1) unstable; urgency=low + + * Move to new ITKACL client library. + * Remove build-dependency on libpq-dev. + + -- Steinar H. Gunderson Wed, 25 Feb 2009 23:14:01 +0100 + +libpam-itkacl (0.2-1.1) unstable; urgency=low + + * Build against libpq-dev and depend on libpq5 for Lenny + + -- Berge Schwebs Bjorlo Wed, 18 Jun 2008 22:56:31 +0200 + +libpam-itkacl (0.2-1) unstable; urgency=low + + * Allow root to log in no matter what. + + -- Martin Sandsmark Thu, 17 Apr 2008 20:38:42 +0200 + +libpam-itkacl (0.1-2) unstable; urgency=low + + * Actually link to -lpq. + + -- Steinar H. Gunderson Sat, 22 Oct 2005 18:20:36 +0200 + +libpam-itkacl (0.1-1) unstable; urgency=low + + * Initial release. + + -- Steinar H. Gunderson Thu, 20 Oct 2005 19:37:21 +0200 + diff --git a/libpam-itkacl-0.4/debian/compat b/libpam-itkacl-0.4/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/libpam-itkacl-0.4/debian/compat @@ -0,0 +1 @@ +7 diff --git a/libpam-itkacl-0.4/debian/control b/libpam-itkacl-0.4/debian/control new file mode 100644 index 0000000..d91834f --- /dev/null +++ b/libpam-itkacl-0.4/debian/control @@ -0,0 +1,13 @@ +Source: libpam-itkacl +Priority: optional +Maintainer: Steinar H. Gunderson +Build-Depends: debhelper (>= 7.0.0), libpam0g-dev | libpam-dev, libitkacl-dev +Standards-Version: 3.9.1 +Section: libs + +Package: libpam-itkacl +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: PAM module for ITKACL + PAM module that allows you to allow/deny users on the basis of an ITKACL. diff --git a/libpam-itkacl-0.4/debian/copyright b/libpam-itkacl-0.4/debian/copyright new file mode 100644 index 0000000..547ad59 --- /dev/null +++ b/libpam-itkacl-0.4/debian/copyright @@ -0,0 +1,2 @@ +pam_itkacl, Copyright 2004-2005 Steinar H. Gunderson +License: GPLv2 diff --git a/libpam-itkacl-0.4/debian/dirs b/libpam-itkacl-0.4/debian/dirs new file mode 100644 index 0000000..ca882bb --- /dev/null +++ b/libpam-itkacl-0.4/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/sbin diff --git a/libpam-itkacl-0.4/debian/libpam-itkacl.dirs b/libpam-itkacl-0.4/debian/libpam-itkacl.dirs new file mode 100644 index 0000000..d1f6515 --- /dev/null +++ b/libpam-itkacl-0.4/debian/libpam-itkacl.dirs @@ -0,0 +1 @@ +lib/security diff --git a/libpam-itkacl-0.4/debian/libpam-itkacl.install b/libpam-itkacl-0.4/debian/libpam-itkacl.install new file mode 100644 index 0000000..704c46c --- /dev/null +++ b/libpam-itkacl-0.4/debian/libpam-itkacl.install @@ -0,0 +1 @@ +lib/security/pam_itkacl.so diff --git a/libpam-itkacl-0.4/debian/rules b/libpam-itkacl-0.4/debian/rules new file mode 100755 index 0000000..d6db1f9 --- /dev/null +++ b/libpam-itkacl-0.4/debian/rules @@ -0,0 +1,43 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE=1 + +CFLAGS = -Wall -g -fPIC + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +build: + dh_testdir + $(MAKE) CFLAGS="$(CFLAGS)" + +clean: + dh_testdir + dh_testroot + $(MAKE) clean + dh_clean + +binary-indep: build +binary-arch: build + dh_testdir + dh_testroot + dh_installdirs + dh_installdocs + + $(MAKE) install DESTDIR=debian/libpam-itkacl + + dh_installchangelogs + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary diff --git a/libpam-itkacl-0.4/pam_itkacl.c b/libpam-itkacl-0.4/pam_itkacl.c new file mode 100644 index 0000000..19044bc --- /dev/null +++ b/libpam-itkacl-0.4/pam_itkacl.c @@ -0,0 +1,108 @@ + +#define PAM_SM_ACCOUNT + +#include +#include +#include +#include +#include +#include + +#include "itkacl.h" + +/* --- authentication management functions --- */ + +PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, + int argc, const char **argv) +{ + return PAM_AUTH_ERR; +} + +PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, + const char **argv) +{ + + return PAM_CRED_UNAVAIL; +} + +/* --- account management functions --- */ + +PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc, + const char **argv) +{ + char realm[256], errmsg[256]; + const char *username; + int ret; + + openlog("pam_itkacl", 0, LOG_AUTHPRIV); + + /* We want and need exactly one argument: realm='whatever' */ + if (argc != 1) { + syslog(LOG_CRIT, "wrong number of arguments: expected 1, got %d", argc); + return PAM_SERVICE_ERR; + } + if (sscanf(argv[0], "realm='%[^']'", realm) != 1) { + syslog(LOG_CRIT, "realm in bad format: got %s, expected realm='/foo/bar'", argv[0]); + return PAM_SERVICE_ERR; + } + + /* Get the user name from PAM */ + ret = pam_get_item(pamh, PAM_USER, (const void **)&username); + if (ret != PAM_SUCCESS || username == NULL) { + syslog(LOG_CRIT, "Couldn't get username from PAM"); + return PAM_USER_UNKNOWN; + } + + /* Root should always be able to log in */ + if (strcmp(username, "root") == 0) + return PAM_SUCCESS; + + ret = itkacl_check(realm, username, errmsg, 256); + if (ret == -1) { + syslog(LOG_ERR, "itkacl_check() returned an error: %s", errmsg); + return PAM_SERVICE_ERR; + } + + if (ret == 0) { + return PAM_SUCCESS; + } else { + return PAM_ACCT_EXPIRED; + } +} + +/* --- password management --- */ + +PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, + const char **argv) +{ + return PAM_AUTHTOK_ERR; +} + +/* --- session management --- */ + +PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, + int argc, const char **argv) +{ + return PAM_SYSTEM_ERR; +} + +PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, + int argc, const char **argv) +{ + return PAM_SYSTEM_ERR; +} + +/* end of module definition */ + +/* static module data */ +#ifdef PAM_STATIC +struct pam_module _pam_itkacl_modstruct = { + "pam_itkacl", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok +}; +#endif -- 2.39.5