From 0fc1c083ef4f3f3bdec9179df77c61898f9a09a6 Mon Sep 17 00:00:00 2001 From: Lqp1 Date: Wed, 4 Dec 2019 22:24:02 +0100 Subject: [PATCH 1/4] Fixed Makefile not working in Debian 11 (Bullseye) --- Makefile | 16 ++++++++++------ deluser.c | 3 +-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 6b12875..a50a15c 100644 --- a/Makefile +++ b/Makefile @@ -11,15 +11,19 @@ all: adduser deluser pam_duress pam_duress: pam_duress.c $(CC) $(CFLAGS) pam_duress.c - $(CC) $(LDFLAGS) -shared pam_duress.o -o pam_duress.so + $(CC) -shared pam_duress.o $(LDFLAGS) -o pam_duress.so -adduser: adduser.c +adduser.o: adduser.c $(CC) $(CFLAGS) adduser.c - $(CC) $(LDFLAGS) adduser.o -o adduser -deluser: deluser.c +adduser: adduser.o + $(CC) adduser.o $(LDFLAGS) -o adduser + +deluser.o: deluser.c $(CC) $(CFLAGS) deluser.c - $(CC) $(LDFLAGS) deluser.o -o deluser + +deluser: deluser.o + $(CC) deluser.o $(LDFLAGS) -o deluser install: pam_duress adduser deluser if [ -e "$(TARGET)/lib/x86_64-linux-gnu/security" ]; then \ @@ -54,4 +58,4 @@ remove: rm -vr $(TARGET)/share/duress clean: - rm -v pam_duress.o pam_duress.so adduser.o adduser + rm -v pam_duress.o pam_duress.so adduser.o adduser deluser.o deluser diff --git a/deluser.c b/deluser.c index 0c0218b..0742026 100644 --- a/deluser.c +++ b/deluser.c @@ -98,7 +98,6 @@ int main(int argc, char* argv[]) if(strcmp(givenhash, hashfromfile) == 0) { - // TODO : supprimer l'entrée sprintf(action_path, "%s%s", PATH_PREFIX, givenhash); unlink(action_path); fclose(hashes); @@ -119,7 +118,7 @@ int main(int argc, char* argv[]) printf("Successfuly removed %s\n", username); } else - { + { unlink(HASHES_PATH2); printf("User %s not found\n", username); } From cd7ed8e9e7cb9a492f8645afe14c50a76426906c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Lang=C3=A9?= Date: Wed, 14 Oct 2020 22:26:21 +0200 Subject: [PATCH 2/4] Allow PAM to request for pam_sm_setcret even if it's unused I'm not a PAM expert, so I'm not sure if this function is expected in all auth modules of if it's just some common config change that makes this module now used for pam_setcred. --- pam_duress.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pam_duress.c b/pam_duress.c index 5e1dcb2..d174964 100644 --- a/pam_duress.c +++ b/pam_duress.c @@ -171,6 +171,15 @@ readSalt(byte *salt, const char *path) fclose(in); } +/* `pam_sm_setcred` is used to set credentials from the module. Our module is not able to do it, + * as it can't even know which password it's supposed to set. But apparently recent pam versions need + * this to be exposed anyway so we just return SUCCESS */ +PAM_EXTERN int +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc __unused, const char **argv __unused) +{ + return PAM_SUCCESS; +} + PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char **argv) { From f4f2ad64587a037364dfdafa75ecc53434cbfd76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Lang=C3=A9?= Date: Wed, 14 Oct 2020 22:28:17 +0200 Subject: [PATCH 3/4] Fix mkstemps call --- pam_duress.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam_duress.c b/pam_duress.c index d174964..074e4f0 100644 --- a/pam_duress.c +++ b/pam_duress.c @@ -228,7 +228,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char appendHashToPath(hashin, path); readSalt(salt, path); - snprintf(dpath, sizeof dpath, "/tmp/action.XXXXX.%s", user); + snprintf(dpath, sizeof dpath, "/tmp/action.XXXXXX.%s", user); ofd = mkstemps(dpath, strlen(user) + 1); if (ofd == -1) { syslog(LOG_AUTH|LOG_ERR, "mkstemps failed for %s: %m", dpath); From 5723c543418bc43f25dad29a02a13923d39e1e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Lang=C3=A9?= Date: Wed, 14 Oct 2020 22:31:32 +0200 Subject: [PATCH 4/4] Give hint on what packages to install for module compilation --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 355fe07..244e98b 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,11 @@ Dependencies are: * OpenSSL runtime for the scripts * OpenSSL (>= 1.1) and PAM dev libraries +For Debian/Ubuntu: +``` +sudo apt install libssl-dev libpam-dev build-essential +``` + As usual (default PREFIX is /usr): ```bash PREFIX=/usr/local make