mirror of
https://github.com/Yubico/yubico-pam.git
synced 2025-02-27 06:54:15 +01:00
Debug: adding a dbg flag and macro so as to disable unwanted debug messages
This commit is contained in:
Romain Riviere
parent
9fd4b0295f
commit
1ec6d2df92
67
pam_yubico.c
67
pam_yubico.c
@ -87,17 +87,22 @@
|
|||||||
static int
|
static int
|
||||||
check_user_token (const char *authfile,
|
check_user_token (const char *authfile,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *otp_id)
|
const char *otp_id,
|
||||||
|
const int dbg)
|
||||||
{
|
{
|
||||||
char buf[1024];
|
char buf[1024];
|
||||||
char *s_user, *s_token;
|
char *s_user, *s_token;
|
||||||
int retval = 0;
|
int retval = 0;
|
||||||
FILE *opwfile;
|
FILE *opwfile;
|
||||||
|
#ifdef DBG
|
||||||
|
#undef DBG
|
||||||
|
#endif
|
||||||
|
#define DBG(x) if (dbg) { D(x); }
|
||||||
|
|
||||||
opwfile = fopen (authfile, "r");
|
opwfile = fopen (authfile, "r");
|
||||||
if (opwfile == NULL)
|
if (opwfile == NULL)
|
||||||
{
|
{
|
||||||
D (("Cannot open file: %s", authfile));
|
DBG (("Cannot open file: %s", authfile));
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,18 +110,18 @@ check_user_token (const char *authfile,
|
|||||||
{
|
{
|
||||||
if (buf[strlen (buf) - 1] == '\n')
|
if (buf[strlen (buf) - 1] == '\n')
|
||||||
buf[strlen (buf) - 1] = '\0';
|
buf[strlen (buf) - 1] = '\0';
|
||||||
D (("Authorization line: %s", buf));
|
DBG (("Authorization line: %s", buf));
|
||||||
s_user = strtok (buf, ":");
|
s_user = strtok (buf, ":");
|
||||||
if (s_user && strcmp (username, s_user) == 0)
|
if (s_user && strcmp (username, s_user) == 0)
|
||||||
{
|
{
|
||||||
D (("Matched user: %s", s_user));
|
DBG (("Matched user: %s", s_user));
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
s_token = strtok (NULL, ":");
|
s_token = strtok (NULL, ":");
|
||||||
D (("Authorization token: %s", s_token));
|
DBG (("Authorization token: %s", s_token));
|
||||||
if (s_token && strcmp (otp_id, s_token) == 0)
|
if (s_token && strcmp (otp_id, s_token) == 0)
|
||||||
{
|
{
|
||||||
D (("Match user/token as %s/%s", username, otp_id));
|
DBG (("Match user/token as %s/%s", username, otp_id));
|
||||||
fclose (opwfile);
|
fclose (opwfile);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -137,7 +142,8 @@ check_user_token (const char *authfile,
|
|||||||
static int
|
static int
|
||||||
authorize_user_token (const char *authfile,
|
authorize_user_token (const char *authfile,
|
||||||
const char *username,
|
const char *username,
|
||||||
const char *otp_id)
|
const char *otp_id,
|
||||||
|
const int dbg)
|
||||||
{
|
{
|
||||||
int retval;
|
int retval;
|
||||||
|
|
||||||
@ -146,7 +152,7 @@ authorize_user_token (const char *authfile,
|
|||||||
/* Administrator had configured the file and specified is name
|
/* Administrator had configured the file and specified is name
|
||||||
as an argument for this module.
|
as an argument for this module.
|
||||||
*/
|
*/
|
||||||
retval = check_user_token (authfile, username, otp_id);
|
retval = check_user_token (authfile, username, otp_id, dbg);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -158,7 +164,7 @@ authorize_user_token (const char *authfile,
|
|||||||
if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", username, &userfile))
|
if (! get_user_cfgfile_path (NULL, "authorized_yubikeys", username, &userfile))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
retval = check_user_token (userfile, username, otp_id);
|
retval = check_user_token (userfile, username, otp_id, dbg);
|
||||||
|
|
||||||
free (userfile);
|
free (userfile);
|
||||||
}
|
}
|
||||||
@ -188,10 +194,15 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
const char *user_attr,
|
const char *user_attr,
|
||||||
const char *yubi_attr,
|
const char *yubi_attr,
|
||||||
const char *user,
|
const char *user,
|
||||||
const char *token_id)
|
const char *token_id,
|
||||||
|
const int dbg)
|
||||||
{
|
{
|
||||||
|
#ifdef DBG
|
||||||
|
#undef DBG
|
||||||
|
#endif
|
||||||
|
#define DBG(x) if (dbg) { D(x); }
|
||||||
|
|
||||||
D(("called"));
|
DBG(("called"));
|
||||||
int retval = 0;
|
int retval = 0;
|
||||||
int protocol;
|
int protocol;
|
||||||
#ifdef HAVE_LIBLDAP
|
#ifdef HAVE_LIBLDAP
|
||||||
@ -207,15 +218,15 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
char *find = NULL, *sr = NULL;
|
char *find = NULL, *sr = NULL;
|
||||||
|
|
||||||
if (user_attr == NULL) {
|
if (user_attr == NULL) {
|
||||||
D (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!"));
|
DBG (("Trying to look up user to YubiKey mapping in LDAP, but user_attr not set!"));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (yubi_attr == NULL) {
|
if (yubi_attr == NULL) {
|
||||||
D (("Trying to look up user to YubiKey mapping in LDAP, but yubi_attr not set!"));
|
DBG (("Trying to look up user to YubiKey mapping in LDAP, but yubi_attr not set!"));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (ldapdn == NULL) {
|
if (ldapdn == NULL) {
|
||||||
D (("Trying to look up user to YubiKey mapping in LDAP, but ldapdn not set!"));
|
DBG (("Trying to look up user to YubiKey mapping in LDAP, but ldapdn not set!"));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -225,7 +236,7 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
rc = ldap_initialize (&ld,ldap_uri);
|
rc = ldap_initialize (&ld,ldap_uri);
|
||||||
if (rc != LDAP_SUCCESS)
|
if (rc != LDAP_SUCCESS)
|
||||||
{
|
{
|
||||||
D (("ldap_init: %s", ldap_err2string (rc)));
|
DBG (("ldap_init: %s", ldap_err2string (rc)));
|
||||||
retval = 0;
|
retval = 0;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -234,7 +245,7 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
{
|
{
|
||||||
if ((ld = ldap_init (ldapserver, PORT_NUMBER)) == NULL)
|
if ((ld = ldap_init (ldapserver, PORT_NUMBER)) == NULL)
|
||||||
{
|
{
|
||||||
D (("ldap_init"));
|
DBG (("ldap_init"));
|
||||||
retval = 0;
|
retval = 0;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -248,7 +259,7 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
rc = ldap_simple_bind_s (ld, NULL, NULL);
|
rc = ldap_simple_bind_s (ld, NULL, NULL);
|
||||||
if (rc != LDAP_SUCCESS)
|
if (rc != LDAP_SUCCESS)
|
||||||
{
|
{
|
||||||
D (("ldap_simple_bind_s: %s", ldap_err2string (rc)));
|
DBG (("ldap_simple_bind_s: %s", ldap_err2string (rc)));
|
||||||
retval = 0;
|
retval = 0;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -260,14 +271,14 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
|
|
||||||
attrs[0] = (char *) yubi_attr;
|
attrs[0] = (char *) yubi_attr;
|
||||||
|
|
||||||
D(("LDAP : look up object '%s', ask for attribute '%s'", find, yubi_attr));
|
DBG(("LDAP : look up object '%s', ask for attribute '%s'", find, yubi_attr));
|
||||||
|
|
||||||
/* Search for the entry. */
|
/* Search for the entry. */
|
||||||
if ((rc = ldap_search_ext_s (ld, find, LDAP_SCOPE_BASE,
|
if ((rc = ldap_search_ext_s (ld, find, LDAP_SCOPE_BASE,
|
||||||
NULL, attrs, 0, NULL, NULL, LDAP_NO_LIMIT,
|
NULL, attrs, 0, NULL, NULL, LDAP_NO_LIMIT,
|
||||||
LDAP_NO_LIMIT, &result)) != LDAP_SUCCESS)
|
LDAP_NO_LIMIT, &result)) != LDAP_SUCCESS)
|
||||||
{
|
{
|
||||||
D (("ldap_search_ext_s: %s", ldap_err2string (rc)));
|
DBG (("ldap_search_ext_s: %s", ldap_err2string (rc)));
|
||||||
|
|
||||||
retval = 0;
|
retval = 0;
|
||||||
goto done;
|
goto done;
|
||||||
@ -276,7 +287,7 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
e = ldap_first_entry (ld, result);
|
e = ldap_first_entry (ld, result);
|
||||||
if (e == NULL)
|
if (e == NULL)
|
||||||
{
|
{
|
||||||
D (("No result from LDAP search"));
|
DBG (("No result from LDAP search"));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -291,12 +302,12 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
{
|
{
|
||||||
if (!strncmp (token_id, vals[i]->bv_val, strlen (token_id)))
|
if (!strncmp (token_id, vals[i]->bv_val, strlen (token_id)))
|
||||||
{
|
{
|
||||||
D (("Token Found :: %s", vals[i]->bv_val));
|
DBG (("Token Found :: %s", vals[i]->bv_val));
|
||||||
retval = 1;
|
retval = 1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
D (("No match : (%s) %s != %s", a, vals[i]->bv_val, token_id));
|
DBG (("No match : (%s) %s != %s", a, vals[i]->bv_val, token_id));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ldap_value_free_len (vals);
|
ldap_value_free_len (vals);
|
||||||
@ -320,8 +331,8 @@ authorize_user_token_ldap (const char *ldap_uri,
|
|||||||
free(sr);
|
free(sr);
|
||||||
|
|
||||||
#else
|
#else
|
||||||
D (("Trying to use LDAP, but this function is not compiled in pam_yubico!!"));
|
DBG (("Trying to use LDAP, but this function is not compiled in pam_yubico!!"));
|
||||||
D (("Install libldap-dev and then recompile pam_yubico."));
|
DBG (("Install libldap-dev and then recompile pam_yubico."));
|
||||||
#endif
|
#endif
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
@ -626,7 +637,9 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
|
|||||||
D (("chalresp_path=%d", cfg->chalresp_path));
|
D (("chalresp_path=%d", cfg->chalresp_path));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef DBG
|
||||||
|
#undef DBG
|
||||||
|
#endif
|
||||||
#define DBG(x) if (cfg.debug) { D(x); }
|
#define DBG(x) if (cfg.debug) { D(x); }
|
||||||
|
|
||||||
PAM_EXTERN int
|
PAM_EXTERN int
|
||||||
@ -825,9 +838,9 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|||||||
if (cfg.ldapserver != NULL || cfg.ldap_uri != NULL)
|
if (cfg.ldapserver != NULL || cfg.ldap_uri != NULL)
|
||||||
valid_token = authorize_user_token_ldap (cfg.ldap_uri, cfg.ldapserver,
|
valid_token = authorize_user_token_ldap (cfg.ldap_uri, cfg.ldapserver,
|
||||||
cfg.ldapdn, cfg.user_attr,
|
cfg.ldapdn, cfg.user_attr,
|
||||||
cfg.yubi_attr, user, otp_id);
|
cfg.yubi_attr, user, otp_id, cfg.debug);
|
||||||
else
|
else
|
||||||
valid_token = authorize_user_token (cfg.auth_file, user, otp_id);
|
valid_token = authorize_user_token (cfg.auth_file, user, otp_id, cfg.debug);
|
||||||
|
|
||||||
if (valid_token == 0)
|
if (valid_token == 0)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user