summaryrefslogtreecommitdiff
path: root/pam/pam_mfa.c
blob: e3665106dc7b4cda1e2281a1302128398b06d9d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
#include <syslog.h>
#include <sys/types.h>

#include <security/pam_modutil.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>

#define PAMPY "python3 /usr/bin/openmfa/pam/pam.py"

int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** argv) {
	int retval;
	const char *user;
	const char *service;
	FILE *fp;

	// Get user and service
	if (pam_get_item(pamh, PAM_USER, (const void **) &user) != PAM_SUCCESS || user == NULL) {
			pam_syslog(pamh,LOG_ERR,"unable to get ruser");
			return PAM_AUTHINFO_UNAVAIL;
	}
	if (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) != PAM_SUCCESS || service == NULL)  {
			pam_syslog(pamh,LOG_ERR,"unable to get service");
			return PAM_AUTHINFO_UNAVAIL;
	}

	// Build command line
	int cmdsize = 256;
	char cmd[cmdsize];
	cmd[0] = '\0';
	strcat(cmd, PAMPY);
	strcat(cmd," --user ");
	strcat(cmd,user);
	strcat(cmd," --service ");
	strcat(cmd,service);
	pam_syslog(pamh,LOG_INFO,cmd);

	// Execute pam.py
	if ((fp = popen(cmd,"r")) == NULL) {
		pam_syslog(pamh,LOG_ERR,"Error opening pipe");
		return PAM_AUTH_ERR;
	}

	// Get output and return authentication status
	int size = 32;
	char result[size];
	fgets(result,size,fp);
	pam_syslog(pamh,LOG_INFO,result);
	pclose(fp);
	if (atoi(result) == 0) {
		pam_syslog(pamh,LOG_INFO,"auth success");
		return PAM_SUCCESS;
	} else {
		pam_syslog(pamh,LOG_ERR,"auth error");
		return PAM_AUTH_ERR;
	}
}

int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char** argv) {
	return PAM_SUCCESS;
}