Changeset 7745 for MashMyData


Ignore:
Timestamp:
24/11/10 10:37:38 (9 years ago)
Author:
pjkersha
Message:

Completed tested version.

  • Refactored Makefile
  • Added header file
  • Added support for PAM_SILENT in flags
Location:
MashMyData/trunk/pam_credential_translation
Files:
1 added
1 edited
2 moved

Legend:

Unmodified
Added
Removed
  • MashMyData/trunk/pam_credential_translation/Makefile

    r7744 r7745  
    1 CFLAGS =        -O2 -g -Wall -fmessage-length=0 
     1# 
     2# MashMyData Project 
     3# 
     4# Author: P J Kershaw 
     5# 
     6# Date: 24/11/10 
     7# 
     8# Description: Build PAM Service module for MyProxyCA Credential 
     9#              Translation Service 
     10# 
     11# Copyright: (C) 2010 STFC 
     12# 
     13# License: BSD - LICENSE file 
     14# 
     15# $Id$ 
     16OBJS =          pam_credential_translation.o 
     17SHARED =        $(OBJS:%.o=%.so) 
     18SHARED_LIB =    $(OBJS:%.o=%) 
    219 
    3 OBJS =          test_pam_cts.o 
    4 SHARED =        $(OBJS:.c=.so) 
     20TEST_OBJS =     test_pam_credential_translation.o 
     21TEST_TARGET =   $(TEST_OBJS:%.o=%) 
    522 
    6 LIBS = -L. -Wl,-R. -lpam_cts -lpam -lpam_misc -lssl 
    7 LD = gcc 
    8 LDFLAGS = -shared -fPIC 
    9 LIB=libpam_cts.so 
    10 TARGET =        test_pam_cts 
     23CFLAGS =        -O2 -g -Wall -fmessage-length=0  
     24LDFLAGS =       -shared -fPIC 
     25LIBS =          -L. -Wl,-R. $(SHARED) -lpam -lpam_misc -lssl 
    1126 
    12 $(TARGET):      libpam_cts.so $(OBJS) 
    13         $(CC) $(CFLAGS) $(LIBS) -o $@ $(OBJS) 
     27$(SHARED):      $(OBJS) 
     28        $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@ 
    1429 
    15 $(LIB): pam_cts.o 
    16         $(CC) $(CFLAGS) $(LDFLAGS) pam_cts.o -o $@ 
    17  
    18 all:    $(TARGET) 
     30$(TEST_TARGET): $(SHARED) $(TEST_OBJS) 
     31        $(CC) $(CFLAGS) $(LIBS) $(TEST_OBJS) -o $@ 
    1932 
    2033clean: 
    21         rm -f $(OBJS) $(TARGET) 
    22         rm -f $(LIB) 
    23         rm -f pam_cts.o 
     34        rm -f $(OBJS) $(SHARED) 
     35        rm -f $(TEST_OBJS) $(TEST_TARGET) 
  • MashMyData/trunk/pam_credential_translation/pam_credential_translation.c

    r7744 r7745  
    99#include <openssl/sha.h> 
    1010 
     11#include "pam_credential_translation.h" 
    1112 
    12 static void sha256(const char *string, char outputBuffer[65]) 
     13#define _SHA_BUF_LEN SHA256_DIGEST_LENGTH * 2 + 1 
     14 
     15static void sha256(const char *string, char outputBuffer[_SHA_BUF_LEN]) 
    1316{ 
    1417    unsigned char hash[SHA256_DIGEST_LENGTH]; 
     
    2225        sprintf(outputBuffer + (i * 2), "%02x", hash[i]); 
    2326    } 
    24     outputBuffer[64] = 0; 
     27    outputBuffer[_SHA_BUF_LEN - 1] = 0; 
    2528} 
    2629 
    2730 
    28 PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam_h, int flags, int argc, const char **argv) 
     31PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pam_h,  
     32                                   int flags,  
     33                                   int argc,  
     34                                   const char **argv) 
    2935{ 
    3036    const char *user = (char *)NULL; 
    3137    const char *passwd = (char *)NULL; 
    3238    char *expected_passwd_hash = (char *)NULL; 
    33     char passwd_hash[65]; 
     39    char passwd_hash[_SHA_BUF_LEN]; 
    3440    const char *service = (char *)NULL; 
    3541    int status = PAM_SUCCESS; 
    3642    int i=0; 
     43    int _log = ! (flags & PAM_SILENT); 
    3744     
    3845    status = pam_get_item(pam_h, PAM_SERVICE, (const void **)&service); 
    3946    if (status != PAM_SUCCESS) 
    4047    { 
    41         syslog(LOG_AUTH|LOG_DEBUG, "Error getting service name: %s", 
    42                pam_strerror(pam_h, status)); 
     48        if (_log) 
     49            syslog(LOG_AUTH|LOG_DEBUG, "Error getting service name: %s", 
     50                   pam_strerror(pam_h, status)); 
    4351        return PAM_AUTH_ERR; 
    4452    }    
    4553     
    4654    for (i=0; i < argc; i++) 
    47         if (strncmp(argv[i], "sha256passwd=", strlen("sha256passwd=")) == 0) 
     55        if (strncmp(argv[i],  
     56                    CREDENTIAL_TRANSLATION_PAM_SHA256PASSWD_FIELD, CREDENTIAL_TRANSLATION_PAM_SHA256PASSWD_FIELD_LEN) == 0) 
    4857        { 
    49             expected_passwd_hash = (char *)&argv[i][strlen("sha256passwd=")]; 
     58            expected_passwd_hash = (char *)&argv[i] 
     59                [strlen(CREDENTIAL_TRANSLATION_PAM_SHA256PASSWD_FIELD)]; 
    5060            break; 
    5161        } 
     
    5363    if (! expected_passwd_hash) 
    5464    { 
    55         syslog(LOG_AUTH|LOG_DEBUG,  
    56                "Expected \"sha256passwd=<sha256 hash of password>\" field in \"/etc/pam.d/%s\" file",  
    57                service); 
     65        if (_log) 
     66            syslog(LOG_AUTH|LOG_DEBUG,  
     67"Expected \"%s<sha256 hash of password>\" field in \"/etc/pam.d/%s\" file",  
     68                   CREDENTIAL_TRANSLATION_PAM_SHA256PASSWD_FIELD, 
     69                   service); 
    5870        return PAM_AUTH_ERR; 
    5971    } 
     
    6274    if (status != PAM_SUCCESS) 
    6375    { 
    64         syslog(LOG_AUTH|LOG_DEBUG, "%s: error getting username: %s", service, 
    65                pam_strerror(pam_h, status)); 
     76        if (_log) 
     77            syslog(LOG_AUTH|LOG_DEBUG, "%s: error getting username: %s",               service, 
     78                   pam_strerror(pam_h, status)); 
    6679        return PAM_AUTH_ERR; 
    6780    } 
     
    6982    if (! user)  
    7083    { 
    71         syslog(LOG_AUTH|LOG_DEBUG, "%s: no user set", service); 
     84        if (_log) 
     85            syslog(LOG_AUTH|LOG_DEBUG, "%s: no user set", service); 
    7286        return PAM_USER_UNKNOWN; 
    7387    } 
    7488     
    75     status = pam_get_authtok(pam_h, PAM_AUTHTOK, (const char **)&passwd, (const char *)NULL); 
     89    status = pam_get_authtok(pam_h,  
     90                             PAM_AUTHTOK,  
     91                             (const char **)&passwd,  
     92                             (const char *)NULL); 
    7693    if (! passwd)     
    7794    { 
    78         syslog(LOG_AUTH|LOG_DEBUG, "%s: no password set", service); 
     95        if (_log) 
     96            syslog(LOG_AUTH|LOG_DEBUG, "%s: no password set", service); 
    7997        return PAM_AUTH_ERR; 
    8098    } 
    81     /*syslog(LOG_AUTH|LOG_DEBUG, "Password = %s", passwd);*/ 
    8299     
    83100    /* 
     
    87104    if (strcmp(expected_passwd_hash, passwd_hash)) 
    88105    { 
    89         syslog(LOG_AUTH|LOG_DEBUG, "%s: invalid password set", service); 
     106        if (_log) 
     107            syslog(LOG_AUTH|LOG_DEBUG, "%s: invalid password set", service); 
    90108        return PAM_AUTH_ERR; 
    91109    } 
    92110         
    93     syslog(LOG_AUTH|LOG_DEBUG, "%s: user \"%s\" authenticated",  
    94            service, user); 
     111    if (_log) 
     112        syslog(LOG_AUTH|LOG_DEBUG, "%s: user \"%s\" authenticated",  
     113               service, user); 
    95114            
    96115    return PAM_SUCCESS; 
  • MashMyData/trunk/pam_credential_translation/test_pam_credential_translation.c

    r7744 r7745  
     1/* 
     2* MashMyData Project 
     3* 
     4* Description: test harness for PAM service module for use with MyProxyCA  
     5*              Credential Translation Service 
     6* 
     7* Author: P J Kershaw 
     8* 
     9* Date: 24/11/10 
     10* 
     11* Copyright: STFC 2010 
     12* 
     13* License: BSD 
     14* 
     15* Version: $Id$ 
     16*/ 
     17 
     18/* 
     19* _conv function is adapted from MyProxy auth_pam.c, itself adapted from... 
     20*/ 
     21/* COPYRIGHT 
     22 * Copyright (c) 2000 Fabian Knittel.  All rights reserved. 
     23 * 
     24 * Redistribution and use in source and binary forms, with or without 
     25 * modification, are permitted provided that the following conditions 
     26 * are met: 
     27 * 
     28 * 1. Redistributions of source code must retain any existing copyright 
     29 *    notice, and this entire permission notice in its entirety, 
     30 *    including the disclaimer of warranties. 
     31 * 
     32 * 2. Redistributions in binary form must reproduce the above copyright 
     33 *    notice, this list of conditions and the following disclaimer in 
     34 *    the documentation and/or other materials provided with the 
     35 *    distribution. 
     36 * 
     37 * 2. Redistributions in binary form must reproduce all prior and current 
     38 *    copyright notices, this list of conditions, and the following 
     39 *    disclaimer in the documentation and/or other materials provided 
     40 *    with the distribution. 
     41 * 
     42 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED 
     43 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
     44 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
     45 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 
     46 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 
     47 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 
     48 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
     49 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 
     50 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
     51 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 
     52 * DAMAGE. 
     53 * END COPYRIGHT */ 
     54 
    155#include <stdio.h> 
    256#include <stdlib.h> 
     
    458#include <string.h> 
    559#include <security/pam_appl.h> 
    6 /*#include <security/pam_misc.h>*/ 
    7  
     60 
     61#include "pam_credential_translation.h" 
    862 
    963typedef struct { 
     
    1367} pam_appdata; 
    1468 
    15  
    16 static int _conv(int num_msg, const struct pam_message **msg, 
    17                  struct pam_response **resp, void *appdata_ptr) 
     69/* 
     70* Freely adapted from MyProxy PAM module to ensure compatibility 
     71* See Copyright notice above 
     72*/ 
     73static int _conv(int num_msg, 
     74                 const struct pam_message **msg, 
     75                 struct pam_response **resp, 
     76                 void *appdata_ptr) 
    1877{ 
    1978    int i=0; 
     
    93152} 
    94153 
     154/* 
     155* Set to PAM_SILENT to stop log messages 
     156*/ 
     157/*#define _PAM_SM_AUTHENTICATE_FLAGS PAM_SILENT*/ 
     158#define _PAM_SM_AUTHENTICATE_FLAGS 0x0 
     159 
    95160 
    96161int main(int argc, char *argv[])  
    97162{ 
    98163    pam_handle_t        *pam_h = (pam_handle_t *)NULL; 
    99     int                 flags = 0; 
     164    int                 flags = _PAM_SM_AUTHENTICATE_FLAGS; 
    100165    int                 status = PAM_AUTH_ERR; 
    101     const char *service_name = "credential-translation-service"; 
     166    const char *service_name = CREDENTIAL_TRANSLATION_PAM_ID; 
    102167    const char *user = "pjkersha"; 
    103168    char *passwd = "testpassword"; 
     
    135200    } 
    136201     
     202    fprintf(stderr, "Authentication succeeded.\n"); 
    137203    exit(EXIT_SUCCESS); 
    138204} 
Note: See TracChangeset for help on using the changeset viewer.