1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
#include <string.h>
#include <stdio.h>
#include <stdbool.h>
#include <syslog.h>
#include <sys/types.h>
#include <security/pam_modutil.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
#define PAMPY "python3 /usr/bin/openmfa/pam/pam.py"
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** argv) {
int retval;
const char *user;
const char *service;
FILE *fp;
// Get user and service
if (pam_get_item(pamh, PAM_USER, (const void **) &user) != PAM_SUCCESS || user == NULL) {
pam_syslog(pamh,LOG_ERR,"unable to get ruser");
return PAM_AUTHINFO_UNAVAIL;
}
if (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) != PAM_SUCCESS || service == NULL) {
pam_syslog(pamh,LOG_ERR,"unable to get service");
return PAM_AUTHINFO_UNAVAIL;
}
// Build command line
int cmdsize = 256;
char cmd[cmdsize];
cmd[0] = '\0';
strcat(cmd, PAMPY);
strcat(cmd," --user ");
strcat(cmd,user);
strcat(cmd," --service ");
strcat(cmd,service);
pam_syslog(pamh,LOG_INFO,cmd);
// Execute pam.py
if ((fp = popen(cmd,"r")) == NULL) {
pam_syslog(pamh,LOG_ERR,"Error opening pipe");
return PAM_AUTH_ERR;
}
// Get output and return authentication status
int size = 32;
char result[size];
fgets(result,size,fp);
pam_syslog(pamh,LOG_INFO,result);
pclose(fp);
if (atoi(result) == 0) {
pam_syslog(pamh,LOG_INFO,"auth success");
return PAM_SUCCESS;
} else {
pam_syslog(pamh,LOG_ERR,"auth error");
return PAM_AUTH_ERR;
}
}
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char** argv) {
return PAM_SUCCESS;
}
|