Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed Makefile not working in Debian 11 & Fix pam_sm_setcred issue on Ubuntu 20.04 #12

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fixed Makefile not working in Debian 11 & Fix pam_sm_setcred issue on Ubuntu 20.04 #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0fc1c08
Fixed Makefile not working in Debian 11 (Bullseye)
Lqp1 Dec 4, 2019
cd7ed8e
Allow PAM to request for pam_sm_setcret even if it's unused
Lqp1 Oct 14, 2020
f4f2ad6
Fix mkstemps call
Lqp1 Oct 14, 2020
5723c54
Give hint on what packages to install for module compilation
Lqp1 Oct 14, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,19 @@ all: adduser deluser pam_duress

pam_duress: pam_duress.c
$(CC) $(CFLAGS) pam_duress.c
$(CC) $(LDFLAGS) -shared pam_duress.o -o pam_duress.so
$(CC) -shared pam_duress.o $(LDFLAGS) -o pam_duress.so

adduser: adduser.c
adduser.o: adduser.c
$(CC) $(CFLAGS) adduser.c
$(CC) $(LDFLAGS) adduser.o -o adduser

deluser: deluser.c
adduser: adduser.o
$(CC) adduser.o $(LDFLAGS) -o adduser

deluser.o: deluser.c
$(CC) $(CFLAGS) deluser.c
$(CC) $(LDFLAGS) deluser.o -o deluser

deluser: deluser.o
$(CC) deluser.o $(LDFLAGS) -o deluser

install: pam_duress adduser deluser
if [ -e "$(TARGET)/lib/x86_64-linux-gnu/security" ]; then \
Expand Down Expand Up @@ -54,4 +58,4 @@ remove:
rm -vr $(TARGET)/share/duress

clean:
rm -v pam_duress.o pam_duress.so adduser.o adduser
rm -v pam_duress.o pam_duress.so adduser.o adduser deluser.o deluser
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,11 @@ Dependencies are:
* OpenSSL runtime for the scripts
* OpenSSL (>= 1.1) and PAM dev libraries

For Debian/Ubuntu:
```
sudo apt install libssl-dev libpam-dev build-essential
```

As usual (default PREFIX is /usr):
```bash
PREFIX=/usr/local make
Expand Down
3 changes: 1 addition & 2 deletions deluser.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,6 @@ int main(int argc, char* argv[])

if(strcmp(givenhash, hashfromfile) == 0)
{
// TODO : supprimer l'entrée
sprintf(action_path, "%s%s", PATH_PREFIX, givenhash);
unlink(action_path);
fclose(hashes);
Expand All @@ -119,7 +118,7 @@ int main(int argc, char* argv[])
printf("Successfuly removed %s\n", username);
}
else
{
{
unlink(HASHES_PATH2);
printf("User %s not found\n", username);
}
Expand Down
11 changes: 10 additions & 1 deletion pam_duress.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,15 @@ readSalt(byte *salt, const char *path)
fclose(in);
}

/* `pam_sm_setcred` is used to set credentials from the module. Our module is not able to do it,
* as it can't even know which password it's supposed to set. But apparently recent pam versions need
* this to be exposed anyway so we just return SUCCESS */
PAM_EXTERN int
pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc __unused, const char **argv __unused)
{
return PAM_SUCCESS;
}

PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char **argv)
{
Expand Down Expand Up @@ -219,7 +228,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char
appendHashToPath(hashin, path);
readSalt(salt, path);

snprintf(dpath, sizeof dpath, "/tmp/action.XXXXX.%s", user);
snprintf(dpath, sizeof dpath, "/tmp/action.XXXXXX.%s", user);
ofd = mkstemps(dpath, strlen(user) + 1);
if (ofd == -1) {
syslog(LOG_AUTH|LOG_ERR, "mkstemps failed for %s: %m", dpath);
Expand Down