rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-22 18:54:37 +01:00
Code Issues Projects Releases Wiki Activity

move check_user_token() to util

Browse Source 
for testability..
This commit is contained in:
Klas Lindfors 2014-08-27 10:45:42 +02:00
parent 666d717b1d
commit d9780eacd9
3 changed files with 90 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
pam_yubico.c
View File

@ -127,84 +127,6 @@ struct cfg
#endif #endif
#define DBG(x) if (cfg->debug) { D(x); } #define DBG(x) if (cfg->debug) { D(x); }
/*
* This function will look for users name with valid user token id. It
* will returns -2 if the user is unknown, -1 if the token do not match the user line, 0 for internal failure and 1 for success.
*
* File format is as follows:
* <user-name>:<token_id>:<token_id>
* <user-name>:<token_id>
*
*/
static int
check_user_token (struct cfg *cfg,
const char *authfile,
const char *username,
const char *otp_id)
{
char buf[1024];
char *s_user, *s_token;
int retval = 0;
int fd;
struct stat st;
FILE *opwfile;
fd = open(authfile, O_RDONLY, 0);
if (fd < 0) {
DBG (("Cannot open file: %s (%s)", authfile, strerror(errno)));
return retval;
}
if (fstat(fd, &st) < 0) {
DBG (("Cannot stat file: %s (%s)", authfile, strerror(errno)));
close(fd);
return retval;
}
if (!S_ISREG(st.st_mode)) {
DBG (("%s is not a regular file", authfile));
close(fd);
return retval;
}
opwfile = fdopen(fd, "r");
if (opwfile == NULL) {
DBG (("fdopen: %s", strerror(errno)));
close(fd);
return retval;
}
retval = -2;
while (fgets (buf, 1024, opwfile))
{
if (buf[strlen (buf) - 1] == '\n')
buf[strlen (buf) - 1] = '\0';
DBG (("Authorization line: %s", buf));
s_user = strtok (buf, ":");
if (s_user && strcmp (username, s_user) == 0)
{
DBG (("Matched user: %s", s_user));
retval = -1; //We found at least one line for the user
do
{
s_token = strtok (NULL, ":");
DBG (("Authorization token: %s", s_token));
if (s_token && strcmp (otp_id, s_token) == 0)
{
DBG (("Match user/token as %s/%s", username, otp_id));
fclose (opwfile);
return 1;
}
}
while (s_token != NULL);
}
}
fclose (opwfile);
return retval;
}
/* /*
* Authorize authenticated OTP_ID for login as USERNAME using * Authorize authenticated OTP_ID for login as USERNAME using
* AUTHFILE. Return -2 if the user is unknown, -1 if the OTP_ID does not match, 0 on internal failures, otherwise success. * AUTHFILE. Return -2 if the user is unknown, -1 if the OTP_ID does not match, 0 on internal failures, otherwise success.
@ -223,7 +145,7 @@ authorize_user_token (struct cfg *cfg,
as an argument for this module. as an argument for this module.
*/ */
DBG (("Using system-wide auth_file %s", cfg->auth_file)); DBG (("Using system-wide auth_file %s", cfg->auth_file));
retval = check_user_token (cfg, cfg->auth_file, username, otp_id); retval = check_user_token (cfg->auth_file, username, otp_id, cfg->debug);
} }
else else
{ {
@ -252,7 +174,7 @@ authorize_user_token (struct cfg *cfg,
goto free_out; goto free_out;
} }
retval = check_user_token (cfg, userfile, username, otp_id); retval = check_user_token (userfile, username, otp_id, cfg->debug);
if(pam_modutil_regain_priv(pamh, &privs)) { if(pam_modutil_regain_priv(pamh, &privs)) {
DBG (("could not restore privileges")); DBG (("could not restore privileges"));

87
util.c
View File

@ -86,6 +86,93 @@ get_user_cfgfile_path(const char *common_path, const char *filename, const char
return 1; return 1;
} }
/*
* This function will look for users name with valid user token id. It
* will returns -2 if the user is unknown, -1 if the token do not match the user line, 0 for internal failure and 1 for success.
*
* File format is as follows:
* <user-name>:<token_id>:<token_id>
* <user-name>:<token_id>
*
*/
int
check_user_token (const char *authfile,
const char *username,
const char *otp_id,
int verbose)
{
char buf[1024];
char *s_user, *s_token;
int retval = 0;
int fd;
struct stat st;
FILE *opwfile;
fd = open(authfile, O_RDONLY, 0);
if (fd < 0) {
if(verbose)
D (("Cannot open file: %s (%s)", authfile, strerror(errno)));
return retval;
}
if (fstat(fd, &st) < 0) {
if(verbose)
D (("Cannot stat file: %s (%s)", authfile, strerror(errno)));
close(fd);
return retval;
}
if (!S_ISREG(st.st_mode)) {
if(verbose)
D (("%s is not a regular file", authfile));
close(fd);
return retval;
}
opwfile = fdopen(fd, "r");
if (opwfile == NULL) {
if(verbose)
D (("fdopen: %s", strerror(errno)));
close(fd);
return retval;
}
retval = -2;
while (fgets (buf, 1024, opwfile))
{
if (buf[strlen (buf) - 1] == '\n')
buf[strlen (buf) - 1] = '\0';
if(verbose)
D (("Authorization line: %s", buf));
s_user = strtok (buf, ":");
if (s_user && strcmp (username, s_user) == 0)
{
if(verbose)
D (("Matched user: %s", s_user));
retval = -1; //We found at least one line for the user
do
{
s_token = strtok (NULL, ":");
if(verbose)
D (("Authorization token: %s", s_token));
if (s_token && strcmp (otp_id, s_token) == 0)
{
if(verbose)
D (("Match user/token as %s/%s", username, otp_id));
fclose (opwfile);
return 1;
}
}
while (s_token != NULL);
}
}
fclose (opwfile);
return retval;
}
#if HAVE_CR #if HAVE_CR
/* Fill buf with len bytes of random data */ /* Fill buf with len bytes of random data */
int generate_random(void *buf, int len) int generate_random(void *buf, int len)

1
util.h
View File

@ -53,6 +53,7 @@
#endif /* DEBUG_PAM */ #endif /* DEBUG_PAM */
int get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn); int get_user_cfgfile_path(const char *common_path, const char *filename, const char *username, char **fn);
int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose);
#if HAVE_CR #if HAVE_CR
#include <ykcore.h> #include <ykcore.h>