2018-02-10 12:40:26 +01:00
|
|
|
# PAM interface in python, launches compare.py
|
2018-01-05 16:37:00 +01:00
|
|
|
|
|
|
|
# Import required modules
|
2018-01-05 01:59:44 +01:00
|
|
|
import subprocess
|
|
|
|
import sys
|
|
|
|
import os
|
2019-03-11 00:32:15 +01:00
|
|
|
import glob
|
2018-01-05 01:59:44 +01:00
|
|
|
|
2018-01-17 21:28:10 +01:00
|
|
|
# pam-python is running python 2, so we use the old module here
|
|
|
|
import ConfigParser
|
|
|
|
|
|
|
|
# Read config from disk
|
|
|
|
config = ConfigParser.ConfigParser()
|
2018-02-01 16:01:17 +01:00
|
|
|
config.read(os.path.dirname(os.path.abspath(__file__)) + "/config.ini")
|
2018-01-17 21:28:10 +01:00
|
|
|
|
2018-12-13 20:53:18 +01:00
|
|
|
|
2018-01-05 02:41:56 +01:00
|
|
|
def doAuth(pamh):
|
2018-11-09 11:49:03 +01:00
|
|
|
"""Starts authentication in a seperate process"""
|
2018-01-05 16:37:00 +01:00
|
|
|
|
2018-04-13 21:19:28 +02:00
|
|
|
# Abort is Howdy is disabled
|
2019-03-14 15:53:48 +01:00
|
|
|
if config.getboolean("core", "disabled", fallback=False):
|
2018-04-13 21:19:28 +02:00
|
|
|
sys.exit(0)
|
|
|
|
|
2018-09-24 18:05:15 +02:00
|
|
|
# Abort if we're in a remote SSH env
|
2019-03-14 15:53:48 +01:00
|
|
|
if config.getboolean("core", "ignore_ssh", fallback=True):
|
2018-09-24 18:05:15 +02:00
|
|
|
if "SSH_CONNECTION" in os.environ or "SSH_CLIENT" in os.environ or "SSHD_OPTS" in os.environ:
|
|
|
|
sys.exit(0)
|
|
|
|
|
2019-03-11 00:32:15 +01:00
|
|
|
# Abort if lid is closed
|
2019-03-14 15:53:48 +01:00
|
|
|
if config.getboolean("core", "ignore_closed_lid", fallback=True):
|
|
|
|
if any("closed" in open(f).read() for f in glob.glob("/proc/acpi/button/lid/*/state")):
|
2019-03-11 00:32:15 +01:00
|
|
|
sys.exit(0)
|
|
|
|
|
2019-01-04 21:26:38 +01:00
|
|
|
# Alert the user that we are doing face detection
|
2019-03-14 15:53:48 +01:00
|
|
|
if config.getboolean("core", "detection_notice", fallback=False):
|
2019-01-04 21:26:38 +01:00
|
|
|
pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Attempting face detection"))
|
2019-01-02 19:56:02 +01:00
|
|
|
|
2018-02-10 12:40:26 +01:00
|
|
|
# Run compare as python3 subprocess to circumvent python version and import issues
|
2018-11-09 11:49:03 +01:00
|
|
|
status = subprocess.call(["/usr/bin/python3", os.path.dirname(os.path.abspath(__file__)) + "/compare.py", pamh.get_user()])
|
2018-01-05 01:59:44 +01:00
|
|
|
|
2018-01-05 16:37:00 +01:00
|
|
|
# Status 10 means we couldn't find any face models
|
2018-01-05 02:41:56 +01:00
|
|
|
if status == 10:
|
2019-03-14 15:53:48 +01:00
|
|
|
if not config.getboolean("core", "suppress_unknown", fallback=False):
|
2018-01-17 21:28:10 +01:00
|
|
|
pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "No face model known"))
|
|
|
|
return pamh.PAM_USER_UNKNOWN
|
2018-01-05 16:37:00 +01:00
|
|
|
# Status 11 means we exceded the maximum retry count
|
2018-12-13 20:10:08 +01:00
|
|
|
elif status == 11:
|
2018-01-17 21:28:10 +01:00
|
|
|
pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Face detection timeout reached"))
|
|
|
|
return pamh.PAM_AUTH_ERR
|
2018-12-13 20:10:08 +01:00
|
|
|
# Status 12 means we aborted
|
|
|
|
elif status == 12:
|
|
|
|
return pamh.PAM_AUTH_ERR
|
2018-01-05 16:37:00 +01:00
|
|
|
# Status 0 is a successful exit
|
2018-12-13 20:10:08 +01:00
|
|
|
elif status == 0:
|
2018-03-13 21:17:49 +01:00
|
|
|
# Show the success message if it isn't suppressed
|
2019-03-14 15:53:48 +01:00
|
|
|
if not config.getboolean("core", "no_confirmation", fallback=False):
|
2018-01-17 21:28:10 +01:00
|
|
|
pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Identified face as " + pamh.get_user()))
|
2018-03-13 21:17:49 +01:00
|
|
|
|
2018-01-05 01:59:44 +01:00
|
|
|
return pamh.PAM_SUCCESS
|
|
|
|
|
2018-01-05 16:37:00 +01:00
|
|
|
# Otherwise, we can't discribe what happend but it wasn't successful
|
2018-01-17 21:28:10 +01:00
|
|
|
pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Unknown error: " + str(status)))
|
2018-01-05 01:59:44 +01:00
|
|
|
return pamh.PAM_SYSTEM_ERR
|
2018-01-05 02:41:56 +01:00
|
|
|
|
2018-12-13 20:53:18 +01:00
|
|
|
|
2018-01-05 02:41:56 +01:00
|
|
|
def pam_sm_authenticate(pamh, flags, args):
|
2018-01-05 16:37:00 +01:00
|
|
|
"""Called by PAM when the user wants to authenticate, in sudo for example"""
|
2018-01-05 02:41:56 +01:00
|
|
|
return doAuth(pamh)
|
|
|
|
|
2018-12-13 20:53:18 +01:00
|
|
|
|
2018-01-05 02:41:56 +01:00
|
|
|
def pam_sm_open_session(pamh, flags, args):
|
2018-01-05 16:37:00 +01:00
|
|
|
"""Called when starting a session, such as su"""
|
2018-01-05 02:41:56 +01:00
|
|
|
return doAuth(pamh)
|
|
|
|
|
2018-12-13 20:53:18 +01:00
|
|
|
|
2018-01-05 02:41:56 +01:00
|
|
|
def pam_sm_close_session(pamh, flags, argv):
|
2018-11-09 11:49:03 +01:00
|
|
|
"""We don't need to clean anyting up at the end of a session, so returns true"""
|
2018-01-05 02:41:56 +01:00
|
|
|
return pamh.PAM_SUCCESS
|
|
|
|
|
2018-12-13 20:53:18 +01:00
|
|
|
|
2018-01-05 02:41:56 +01:00
|
|
|
def pam_sm_setcred(pamh, flags, argv):
|
2018-11-09 11:49:03 +01:00
|
|
|
"""We don't need set any credentials, so returns true"""
|
2018-01-05 02:41:56 +01:00
|
|
|
return pamh.PAM_SUCCESS
|