geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

merge login_capture and LoginCapture -continue

Browse Source
This commit is contained in:
soochoi
2006-06-07 16:25:16 +00:00
parent 05f43c41af
commit 5c75241b4b
13 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
LoginCapture/linux/PAM/Makefile.am Normal file
View File

@@ -0,0 +1,34 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
#
#######################################################################
SUBDIRS = $(TARGET_OS)
DIST_SUBDIRS = linux
EXTRA_DIST = *.h *.c
.PHONY: package package-clean package-install package-uninstall
package package-clean package-install package-uninstall:
$(MAKE) -C $(TARGET_OS) $@
maintainer-clean-local:
rm -f Makefile.in

112
LoginCapture/linux/PAM/linux/Makefile.am Normal file
View File

@@ -0,0 +1,112 @@
#######################################################################
#
# Copyright (C) 2006 Novell, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
#
#######################################################################
if DEBUG
TARGET_CFG = Debug
CFLAGS += -v -w
else
TARGET_CFG = Release
endif
SUBDIRS =
DIST_SUBDIRS =
EXTRA_DIST = *.exp
CASAROOT = ../../..
CASALIBDIR = $(CASAROOT)/$(LIB)
# handle Mono secondary dependencies
export MONO_PATH := $(MONO_PATH)
PLATFORMINDEPENDENTSOURCEDIR = ..
PLATFORMDEPENDENTSOURCEDIR = .
MODULE_NAME = pam_micasa
MODULE_EXT = so
CFILES = ../pam_sscs_utils.c \
../pam_sscs.c
CSFILES_CSC :=
INCLUDES = -I. -I$(CASAROOT)/include -I/opt/gnome/include/gnome-keyring-1
RESOURCES =
DEFINES= -fno-strict-aliasing
CFLAGS += $(INCLUDES) $(DEFINES)
LIBS =
LDFLAGS = -Wl,-Bsymbolic -shared -Wl,--version-script=pam_micasa_lux.exp \
-lpthread -ldl \
-lpam -Wl,-soname -Wl,pam_micasa.so
OBJDIR = ./$(TARGET_CFG)/$(LIB)
OBJS = $(addprefix $(OBJDIR)/, $(CFILES:%.c=%.o))
CUR_DIR := $(shell pwd)
all: $(OBJDIR)/$(MODULE_NAME).$(MODULE_EXT)
#
# Pattern based rules.
#
vpath %.c $(PLATFORMDEPENDENTSOURCEDIR) $(PLATFORMINDEPENDENTSOURCEDIR)
vpath %.cpp $(PLATFORMDEPENDENTSOURCEDIR) $(PLATFORMINDEPENDENTSOURCEDIR)
$(OBJDIR)/%.o: %.c
$(CC) -c $(CFLAGS) -o $@ $<
$(OBJDIR)/%.o: %.cpp
$(CC) -c $(CFLAGS) -o $@ $<
$(OBJDIR)/$(MODULE_NAME).$(MODULE_EXT): $(OBJDIR) $(OBJS)
@echo [======== Linking $@ ========]
cc -o $@ $(LDFLAGS) $(OBJS) $(LIBS)
cp -f $(OBJDIR)/$(MODULE_NAME).$(MODULE_EXT) $(CASALIBDIR)/$(TARGET_CFG)/$(MODULE_NAME).$(MODULE_EXT)
$(OBJDIR):
[ -d $(OBJDIR) ] || mkdir -p $(OBJDIR)
[ -d $(CASALIBDIR) ] || mkdir -p $(CASALIBDIR)
[ -d $(CASALIBDIR)/$(TARGET_CFG) ] || mkdir -p $(CASALIBDIR)/$(TARGET_CFG)
install-exec-local: $(OBJDIR)/$(MODULE_NAME).$(MODULE_EXT)
$(mkinstalldirs) $(DESTDIR)$(libdir)
$(INSTALL_PROGRAM) $(OBJDIR)/$(MODULE_NAME).$(MODULE_EXT) $(DESTDIR)$(libdir)/
uninstall-local:
cd $(DESTDIR)$(libdir); rm -f $(OBJDIR)/$(MODULE_NAME).$(MODULE_EXT)
rmdir $(DESTDIR)$(libdir)
#installcheck-local: install
# $(mkinstalldirs) $(DESTDIR)$(libdir)
# $(INSTALL_PROGRAM) $(DESTDIR)$(libdir)
# cd $(DESTDIR)$(libdir); $(MONO)
clean-local:
#cd $(TARGET_CFG); rm -rf *.dbg *.exe *.dll *.o *.so; cd ..; rmdir $(OBJDIR)
rm -rf $(TARGET_CFG)
distclean-local:
maintainer-clean-local:
rm -f Makefile.in

10
LoginCapture/linux/PAM/linux/link.lux Normal file
View File

@@ -0,0 +1,10 @@
LINK = $(CC) \
-Wl,-Bsymbolic \
-shared \
-Wl,--version-script=$(TARGET)_$(PLAT).exp \
-Wl,-rpath -Wl,/usr/lib$(ARC) \
-L/usr/lib$(ARC) -lpthread -lc -ldl -lpam \
-Wl,-soname -Wl,$(TARGET).so \
-o $(LIBDIR)$(XTRA)/$(TARGET).so \
-L$(LIBDIR)$(XTRA) \
$(OBJDIR)*.$(O)

3
LoginCapture/linux/PAM/linux/objs.lux Normal file
View File

@@ -0,0 +1,3 @@
OBJS=\
pam_sscs_utils.$(O) \
pam_sscs.$(O)

11
LoginCapture/linux/PAM/linux/pam_csss_lux.exp Normal file
View File

@@ -0,0 +1,11 @@
VER_1.0
{
global:
pam_sm_authenticate;
pam_sm_setcred;
pam_sm_acct_mgmt;
pam_sm_open_session;
pam_sm_close_session;
local:
*;
};

11
LoginCapture/linux/PAM/linux/pam_micasa_lux.exp Normal file
View File

@@ -0,0 +1,11 @@
VER_1.0
{
global:
pam_sm_authenticate;
pam_sm_setcred;
pam_sm_acct_mgmt;
pam_sm_open_session;
pam_sm_close_session;
local:
*;
};

198
LoginCapture/linux/PAM/pam_sscs.c Normal file
View File

@@ -0,0 +1,198 @@
/***********************************************************************
*
* Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
***********************************************************************/
/* miCASAd PAM module
*
* This is a PAM module which is used to capture the workstation
* user/password and store the same in miCASAd .
* This would be placed in login/xdm/gdm/kdm/sshd PAM configuration files.
*
* This module needs to be present before any other PAM module which
* requires the services of miCASAd. It needs to be present
* the auth stacks of the PAM configuration files.
*
* In the auth stack, the functionality of the module is to store
* the workstation user/password in micasad.
*
*/
#include "pam_sscs.h"
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
#define PAM_SM_SESSION
#include <sys/syslog.h>
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc,
const char **argv)
{
int retVal = 0;
const char *user = NULL;
const char *wkstnPasswd = NULL;
uid_t saved_uid = geteuid();
struct passwd *passwdEntry = NULL;
/*
* Get the username first.
*/
retVal = pam_get_user(pamh, &user, NULL);
if ( PAM_SUCCESS != retVal )
{
pam_sscs_log( LOG_ERR, "pam_get_user returned error: %d - %s\n",retVal,pam_strerror(pamh,retVal));
return PAM_SUCCESS;
}
pam_get_item(pamh,PAM_AUTHTOK,(const void**)&wkstnPasswd);
passwdEntry = getpwnam(user);
/* CASA determines the client uid using the SO_PEERCRED socket option.
* Hence the euid is temporarily modified to that of the user logging in.
*/
if(passwdEntry)
{
seteuid( passwdEntry->pw_uid );
do
{
char *error = NULL;
SSCS_SECRET_ID_T secretID = {0};
SSCS_BASIC_CREDENTIAL basicCredential;
int credType;
void *nsscsIdkHandle = dlopen(NSSCSIDK_LIB,RTLD_NOW);
if( NULL == nsscsIdkHandle )
{
pam_sscs_log(LOG_ERR,"Unable to open %s\n",NSSCSIDK_LIB);
break;
}
pNSSCSSetCredential = dlsym( nsscsIdkHandle,
"miCASASetCredential");
if( (error = dlerror()) != NULL )
{
pam_sscs_log(LOG_ERR,"Unable to find miCASASetCredential symbol.- %s\n",error);
break;
}
secretID.len = strlen(WORKSTATION_SECRET_ID) + 1;
strcpy(secretID.id,WORKSTATION_SECRET_ID);
memset(&basicCredential,0,sizeof(basicCredential));
if (user && wkstnPasswd)
{
basicCredential.unFlags = 0;
// don't copy a username longer than we can handle
if ((strlen(user) + 1) > NSSCS_MAX_USERID_LEN)
{
pam_sscs_log( LOG_ERR,"Username is longer than allowed\n");
break;
}
strcpy(basicCredential.username,user);
basicCredential.unLen = strlen(user) + 1;
// don't copy a password longer than we can handle
if ((strlen(wkstnPasswd) + 1) > NSSCS_MAX_PWORD_LEN)
{
pam_sscs_log( LOG_ERR,"Password is longer than allowed\n");
break;
}
strcpy(basicCredential.password,wkstnPasswd);
basicCredential.pwordLen = strlen(wkstnPasswd) + 1;
retVal = (*pNSSCSSetCredential) (0,
&secretID,
NULL,
SSCS_CRED_TYPE_BASIC_F,
&basicCredential,
NULL);
if( retVal != 0)
{
pam_sscs_log( LOG_ERR,"Setting the default credential failed.Errcode = %d\n",retVal);
break;
}
}
}while(0);
seteuid(saved_uid);
}
return PAM_SUCCESS;
}
PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
return PAM_SUCCESS;
}
/* --- account management functions --- */
PAM_EXTERN
int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
return PAM_SUCCESS;
}
/* end of module definition */
#ifdef PAM_STATIC
/* static module data */
struct pam_module _pam_passphrase_modstruct = {
"pam_sscs",
pam_sm_authenticate,
pam_sm_setcred,
NULL,
NULL,
NULL
pam_sm_acct_mgmt,
pam_sm_open_session,
pam_sm_close_session,
#if 0
pam_sm_chauthtok
#endif
};
#endif

76
LoginCapture/linux/PAM/pam_sscs.h Normal file
View File

@@ -0,0 +1,76 @@
/***********************************************************************
*
* Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
***********************************************************************/
/*
pam_sscs.h
*/
#ifndef _PAM_SSCS_H
#define _PAM_SSCS_H
#include <dlfcn.h>
#include <security/_pam_types.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <errno.h>
#include <linux/socket.h>
#include <unistd.h>
#include <pwd.h>
#include <micasa.h>
extern void pam_sscs_log(int priority, const char *format,...);
#define WORKSTATION_SECRET_ID "Desktop"
#define WORKSTATION_SHARED_SECRET_ID "DefaultSharedSecret"
#define NSSCSIDK_LIB "libmicasa.so"
#define NOVELL_CSSS_CONTEXT "NOVELL_CSSS_CONTEXT"
#ifdef DEBUG
#define PRINT_FN_NAME pam_sscs_log(LOG_DEBUG,"In function : %s\n",__func__);
#else
#define PRINT_FN_NAME
#endif
void* (*pNSSCSOpenSecretStoreCache) ( SSCS_SECRETSTORE_T* ssid,
unsigned long ssFlags,
SSCS_EXT_T *ext);
int (*pNSSCSCloseSecretStoreCache) ( void *context,
unsigned long ssFlags,
SSCS_EXT_T *ext);
int (*pNSSCSSetCredential) ( unsigned long ssFlags,
SSCS_SECRET_ID_T *appSecretID,
SSCS_SECRET_ID_T *sharedSecretID,
int credentialType,
void *credential,
SSCS_EXT_T *ext);
/* The structure to hold all the possible options
* for this PAM module.
*/
typedef struct options_t
{
unsigned int debug;
}Options;
#endif

46
LoginCapture/linux/PAM/pam_sscs_utils.c Normal file
View File

@@ -0,0 +1,46 @@
/***********************************************************************
*
* Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
***********************************************************************/
/* Secret Store Client Service
* pam_sscs_utils.c
*/
#include <stdio.h>
#include <syslog.h>
#include <stdarg.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include "pam_sscs.h"
void pam_sscs_log(int priority, const char *format,...)
{
va_list args;
char *mesg = NULL;
va_start( args,format );
if( vasprintf( &mesg, format, args ) < 0 )
return;
syslog( priority,"pam_micasa: %s",mesg );
va_end( args );
}