2 changed files with 118 additions and 0 deletions
@ -0,0 +1,100 @@ |
|||
/**
|
|||
* @file pam_maintainance.cpp |
|||
* @author Ali Hatami Tajik (info@alihatamitajik.ir) |
|||
* @brief PAM Module for Sono Maintainance |
|||
* @version 0.1 |
|||
* @date 2023-05-06 |
|||
* |
|||
* @copyright Copyright (c) 2023 |
|||
* |
|||
*/ |
|||
|
|||
#define PAM_SM_AUTH |
|||
#include <security/pam_modules.h> |
|||
#include <security/_pam_macros.h> |
|||
#include <security/pam_ext.h> |
|||
|
|||
#include <syslog.h> |
|||
|
|||
#include "rules.h" |
|||
|
|||
bool |
|||
is_ssh(pam_handle_t *pamh) |
|||
{ |
|||
char *tty; |
|||
int result = pam_get_item(pamh, PAM_TTY, (const void **)&tty); |
|||
return result != PAM_SUCCESS || |
|||
(tty != NULL && strncmp(tty, "ssh", 3) == 0); |
|||
} |
|||
|
|||
bool |
|||
is_user_valid(pam_handle_t *pamh, const char **user) |
|||
{ |
|||
int result = pam_get_user(pamh, user, NULL); |
|||
return result == PAM_SUCCESS && |
|||
*user != NULL && |
|||
**user != '\0'; |
|||
} |
|||
|
|||
bool |
|||
validate_rsa() |
|||
{ |
|||
return false; |
|||
} |
|||
|
|||
bool |
|||
authenticate(const char *user) |
|||
{ |
|||
for (size_t i = 0; i < LEN(rules); i++) |
|||
{ |
|||
if (strcmp(rules[i].username, user) == 0) { |
|||
if (rules[i].auth == FREE) |
|||
return true; |
|||
else if (rules[i].auth == RSA) |
|||
return validate_rsa(); |
|||
else { |
|||
return false; |
|||
} |
|||
} |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
|
|||
PAM_EXTERN int |
|||
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) |
|||
{ |
|||
const char *user; |
|||
|
|||
pam_syslog(pamh, LOG_USER | LOG_DEBUG, |
|||
"PAM Maintainance: Auth Activated.\n"); |
|||
|
|||
if (is_ssh(pamh)) { |
|||
pam_syslog(pamh, LOG_USER | LOG_DEBUG, |
|||
"PAM Maintainance: FAILED, SSH call.\n"); |
|||
return PAM_AUTH_ERR; |
|||
} |
|||
|
|||
if (!is_user_valid(pamh, &user)) { |
|||
pam_syslog(pamh, LOG_USER | LOG_DEBUG, |
|||
"PAM Maintainance: FAILED, Unable to get user.\n"); |
|||
return PAM_AUTH_ERR; |
|||
} |
|||
|
|||
if (authenticate(user)) { |
|||
pam_syslog(pamh, LOG_USER | LOG_DEBUG, |
|||
"PAM Maintainance: Access Granted.\n"); |
|||
return PAM_SUCCESS; |
|||
} else { |
|||
pam_syslog(pamh, LOG_USER | LOG_USER, |
|||
"PAM Maintainance: FAILED, Matched no rule.\n"); |
|||
return PAM_AUTH_ERR; |
|||
} |
|||
} |
|||
|
|||
|
|||
PAM_EXTERN int |
|||
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) |
|||
{ |
|||
return PAM_SUCCESS; |
|||
} |
|||
@ -0,0 +1,18 @@ |
|||
|
|||
#define LEN(X) (sizeof X / sizeof X[0]) |
|||
#define _SIGNATURE_PLAIN "*******" |
|||
#define _PUBLIC_KEY_FILE "*******" |
|||
|
|||
typedef enum authentication {FREE, RSA} auth_t; |
|||
|
|||
typedef struct { |
|||
const char *username; |
|||
auth_t auth; |
|||
} rule, *rule_t; |
|||
|
|||
|
|||
static const rule rules[] = |
|||
{ |
|||
{"doctor", FREE}, |
|||
{"support", RSA} |
|||
}; |
|||
Loading…
Reference in new issue