2 files changed, 12 insertions, 27 deletions

diff --git a/pam/Makefile b/pam/Makefile
deleted file mode 100644
index 46c2cab..0000000
--- a/pam/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-all: pam_mfa
-
-pam_mfa:
-        gcc -fPIC -c pam_mfa.c
-        gcc -shared -o pam_mfa.so pam_mfa.o -lpam
-
-install: all
-        PAMDIR = /usr/lib/x86_64-linux-gnu/security/
-        cp -f pam_mfa.so ${PAMDIR}
-        chmod 755 ${PAMDIR}/pam_mfa.so
-
-clean:
-        rm pam_mfa.so
-        rm pam_mfa.o
diff --git a/server/mfad.py b/server/mfad.py
index cc5073b..169e186 100755
--- a/server/mfad.py
+++ b/server/mfad.py
@@ -72,9 +72,6 @@ def read_config(config):
 
 
 def eval_mfa(db, client_key, mfa_methods, client_response):
-    print("response: " + client_response)
-    print("length: " + str(len(client_response)))
-    print("methods: " + str(mfa_methods))
     # Evaluates MFA and decides if authenticated or denied
     # Returns 0 for authenticated on 1 for denied
     if "push" in mfa_methods and client_response == "allow":
@@ -97,8 +94,6 @@ def validate_totp(db, client_key, client_response):
         client = c.fetchone()
         secret = client[CLIENT_SECRET_INDEX]
     totp = pyotp.TOTP(secret)
-    print("Client Response: " + str(client_response))
-    print("Valid TOTP: " + str(totp.now()))
     if totp.verify(client_response):
         return AUTHED
     else:
@@ -112,8 +107,6 @@ def validate_totp(db, client_key, client_response):
 # connection for identification
 # Client key is used to identify client throughout communication process
 
-# //TODO RSA public/private key pairs for proper authentication
-
 def get_client_key(db, username,hostname,service):
     # Correlates a PAM request to a registered client
     # This is done by checking the PAM request against a preconfigured 
@@ -127,9 +120,8 @@ def get_client_key(db, username,hostname,service):
         c.execute("""SELECT * FROM applications WHERE username=? AND hostname=?
                      AND service=?""",(username,hostname,service))
         application = c.fetchone()
-        # Return None if no results found
         if application == None:
-            return application
+            return (None,None)
 
         alias = application[DB_ALIAS_INDEX]
         c.execute("SELECT * FROM clients WHERE alias=?",(alias,))
@@ -142,6 +134,7 @@ def get_client_key(db, username,hostname,service):
 
 
 def prompt_client(client_key, user, host, service, methods, timeout=10):
+    print(client_connections.keys())
     # Prompts client for MFA
     timer = 0
     while timer < timeout:
@@ -210,6 +203,10 @@ def handle_client(db, conn, addr):
         conn.send(ACK_MESSAGE.encode(FORMAT))
         client_connections[key] = (conn,addr)
         print("client connected with key " + key)
+        poll_time = 5
+        while True:
+            # Poll client
+            time.sleep(poll_time)
 
 
 def parse_pam_data(data):
@@ -229,15 +226,17 @@ def handle_pam(db, conn, addr):
 
     # Correlate request to client
     client_key,mfa_methods = get_client_key(db, user,host,service)
-    mfa_methods = mfa_methods.split(' ')
     if client_key == None:
-        print("No applications found for user="+user+" host="+host+" service="+service)
         conn.send(str(DENIED).encode(FORMAT))
-        return
+        die("No applications found for user="+user+" host="+host+" service="+service)
+    mfa_methods = mfa_methods.split(' ')
 
     # Prompt client
     response = prompt_client(client_key,user,host,service,mfa_methods)
-
+    if response == 0:
+        conn.send(str(DENIED).encode(FORMAT))
+        die("Did not receive response from client")
+        
     # Evaluate Response
     decision = eval_mfa(db, client_key, mfa_methods, response)