From 544ccb4b2aa4ce4f6a551964fc88b3ce29b224e3 Mon Sep 17 00:00:00 2001 From: FeliiiciaWen Date: Tue, 26 Jul 2022 03:04:38 +0800 Subject: [PATCH 1/4] Fix config.getboolean --- howdy/src/pam.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/howdy/src/pam.py b/howdy/src/pam.py index 262b24c..5197fa0 100644 --- a/howdy/src/pam.py +++ b/howdy/src/pam.py @@ -19,24 +19,24 @@ def doAuth(pamh): # Abort if Howdy is disabled if config.getboolean("core", "disabled"): + pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Howdy is disabled.")) return pamh.PAM_AUTHINFO_UNAVAIL - # Abort if we're in a remote SSH env - if config.getboolean("core", "ignore_ssh"): + if config.getboolean("core", "abort_if_ssh"): if "SSH_CONNECTION" in os.environ or "SSH_CLIENT" in os.environ or "SSHD_OPTS" in os.environ: + pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Howdy is disabled in ssh.")) return pamh.PAM_AUTHINFO_UNAVAIL - # Abort if lid is closed - if config.getboolean("core", "ignore_closed_lid"): + if config.getboolean("core", "abort_if_lid_closed"): if any("closed" in open(f).read() for f in glob.glob("/proc/acpi/button/lid/*/state")): + pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "LID is closed.")) return pamh.PAM_AUTHINFO_UNAVAIL - # Abort if the video device does not exist if not os.path.exists(config.get("video", "device_path")): if config.getboolean("video", "warn_no_device"): - print("Camera path is not configured correctly, please edit the 'device_path' config value.") + pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Camera path is not configured correctly, please edit the 'device_path' config value.")) return pamh.PAM_AUTHINFO_UNAVAIL - + # Set up syslog syslog.openlog("[HOWDY]", 0, syslog.LOG_AUTH) From 2bd8834b8c75b337ba9ee749e2f64705cea42536 Mon Sep 17 00:00:00 2001 From: Mika Cousin Date: Mon, 31 Oct 2022 16:35:21 +0100 Subject: [PATCH 2/4] Add python3 pam-python support --- src/pam.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/pam.py b/src/pam.py index 5dd3c5d..6dd46a6 100644 --- a/src/pam.py +++ b/src/pam.py @@ -4,13 +4,17 @@ import subprocess import os import glob +import sys import syslog -# pam-python is running python 2, so we use the old module here -import ConfigParser +if sys.version_info.major < 3: + import ConfigParser + config = ConfigParser.ConfigParser() +else: + import configparser + config = configparser.ConfigParser() # Read config from disk -config = ConfigParser.ConfigParser() config.read(os.path.dirname(os.path.abspath(__file__)) + "/config.ini") From 0803465cd92ffd3bbcf20139d2f06f979f302a52 Mon Sep 17 00:00:00 2001 From: jEzEk Date: Wed, 23 Nov 2022 00:36:16 +0100 Subject: [PATCH 3/4] Use new config variable names in all scripts Changed: capture_failed -> save_failed capture_successful -> save_successful ignore_ssh -> abort_if_ssh ignore_closed_lid -> abort_if_lid_closed --- howdy/debian/postinst | 4 ++++ howdy/src/compare.py | 10 +++++----- howdy/src/pam.py | 2 +- howdy/src/pam/main.cc | 4 ++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/howdy/debian/postinst b/howdy/debian/postinst index 579081e..b8090e1 100755 --- a/howdy/debian/postinst +++ b/howdy/debian/postinst @@ -88,6 +88,10 @@ if "upgrade" in sys.argv: key = "abort_if_ssh" if key == "ignore_closed_lid": key = "abort_if_lid_closed" + if key == "capture_failed": + key = "save_failed" + if key == "capture_successful": + key = "save_successful" try: newConf.set(section, key, value) diff --git a/howdy/src/compare.py b/howdy/src/compare.py index 9d07dd7..7efa64a 100644 --- a/howdy/src/compare.py +++ b/howdy/src/compare.py @@ -146,8 +146,8 @@ timeout = config.getint("video", "timeout", fallback=5) dark_threshold = config.getfloat("video", "dark_threshold", fallback=50.0) video_certainty = config.getfloat("video", "certainty", fallback=3.5) / 10 end_report = config.getboolean("debug", "end_report", fallback=False) -capture_failed = config.getboolean("snapshots", "capture_failed", fallback=False) -capture_successful = config.getboolean("snapshots", "capture_successful", fallback=False) +save_failed = config.getboolean("snapshots", "save_failed", fallback=False) +save_successful = config.getboolean("snapshots", "save_successful", fallback=False) gtk_stdout = config.getboolean("debug", "gtk_stdout", fallback=False) rotate = config.getint("video", "rotate", fallback=0) @@ -232,7 +232,7 @@ while True: # Stop if we've exceded the time limit if time.time() - timings["fr"] > timeout: # Create a timeout snapshot if enabled - if capture_failed: + if save_failed: make_snapshot(_("FAILED")) if dark_tries == valid_frames: @@ -247,7 +247,7 @@ while True: gsframe = clahe.apply(gsframe) # If snapshots have been turned on - if capture_failed or capture_successful: + if save_failed or save_successful: # Start capturing frames for the snapshot if len(snapframes) < 3: snapframes.append(frame) @@ -354,7 +354,7 @@ while True: print(_("Winning model: %d (\"%s\")") % (match_index, models[match_index]["label"])) # Make snapshot if enabled - if capture_successful: + if save_successful: make_snapshot(_("SUCCESSFUL")) # Run rubberstamps if enabled diff --git a/howdy/src/pam.py b/howdy/src/pam.py index 952768a..14aa9e1 100644 --- a/howdy/src/pam.py +++ b/howdy/src/pam.py @@ -40,7 +40,7 @@ def doAuth(pamh): if config.getboolean("video", "warn_no_device"): pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Camera path is not configured correctly, please edit the 'device_path' config value.")) return pamh.PAM_AUTHINFO_UNAVAIL - + # Set up syslog syslog.openlog("[HOWDY]", 0, syslog.LOG_AUTH) diff --git a/howdy/src/pam/main.cc b/howdy/src/pam/main.cc index 530d5c8..135ea03 100644 --- a/howdy/src/pam/main.cc +++ b/howdy/src/pam/main.cc @@ -141,7 +141,7 @@ auto check_enabled(const INIReader &config) -> int { } // Stop if we're in a remote shell and configured to exit - if (config.GetBoolean("core", "ignore_ssh", true)) { + if (config.GetBoolean("core", "abort_if_ssh", true)) { if (getenv("SSH_CONNECTION") != nullptr || getenv("SSH_CLIENT") != nullptr || getenv("SSHD_OPTS") != nullptr) { syslog(LOG_INFO, "Skipped authentication, SSH session detected"); @@ -150,7 +150,7 @@ auto check_enabled(const INIReader &config) -> int { } // Try to detect the laptop lid state and stop if it's closed - if (config.GetBoolean("core", "ignore_closed_lid", true)) { + if (config.GetBoolean("core", "abort_if_lid_closed", true)) { glob_t glob_result; // Get any files containing lid state From b89d11dd48bb6ca76a985798a5f89714fc85b69d Mon Sep 17 00:00:00 2001 From: boltgolt Date: Sat, 18 Feb 2023 21:48:40 +0100 Subject: [PATCH 4/4] Remove pam.py from PR --- howdy/src/pam.py | 134 ----------------------------------------------- 1 file changed, 134 deletions(-) delete mode 100644 howdy/src/pam.py diff --git a/howdy/src/pam.py b/howdy/src/pam.py deleted file mode 100644 index 14aa9e1..0000000 --- a/howdy/src/pam.py +++ /dev/null @@ -1,134 +0,0 @@ -# PAM interface in python, launches compare.py - -# Import required modules -import subprocess -import os -import glob -import sys -import syslog - -if sys.version_info.major < 3: - import ConfigParser - config = ConfigParser.ConfigParser() -else: - import configparser - config = configparser.ConfigParser() - -# Read config from disk -config.read(os.path.dirname(os.path.abspath(__file__)) + "/config.ini") - - -def doAuth(pamh): - """Starts authentication in a separate process""" - - # Abort if Howdy is disabled - if config.getboolean("core", "disabled"): - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Howdy is disabled.")) - return pamh.PAM_AUTHINFO_UNAVAIL - # Abort if we're in a remote SSH env - if config.getboolean("core", "abort_if_ssh"): - if "SSH_CONNECTION" in os.environ or "SSH_CLIENT" in os.environ or "SSHD_OPTS" in os.environ: - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Howdy is disabled in ssh.")) - return pamh.PAM_AUTHINFO_UNAVAIL - # Abort if lid is closed - if config.getboolean("core", "abort_if_lid_closed"): - if any("closed" in open(f).read() for f in glob.glob("/proc/acpi/button/lid/*/state")): - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "LID is closed.")) - return pamh.PAM_AUTHINFO_UNAVAIL - # Abort if the video device does not exist - if not os.path.exists(config.get("video", "device_path")): - if config.getboolean("video", "warn_no_device"): - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Camera path is not configured correctly, please edit the 'device_path' config value.")) - return pamh.PAM_AUTHINFO_UNAVAIL - - # Set up syslog - syslog.openlog("[HOWDY]", 0, syslog.LOG_AUTH) - - # Alert the user that we are doing face detection - if config.getboolean("core", "detection_notice"): - pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Attempting face detection")) - - syslog.syslog(syslog.LOG_INFO, "Attempting facial authentication for user " + pamh.get_user()) - - # Run compare as python3 subprocess to circumvent python version and import issues - status = subprocess.call(["/usr/bin/python3", os.path.dirname(os.path.abspath(__file__)) + "/compare.py", pamh.get_user()]) - - # Status 10 means we couldn't find any face models - if status == 10: - if not config.getboolean("core", "suppress_unknown"): - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "No face model known")) - - syslog.syslog(syslog.LOG_NOTICE, "Failure, no face model known") - syslog.closelog() - return pamh.PAM_USER_UNKNOWN - - # Status 11 means we exceded the maximum retry count - elif status == 11: - if config.getboolean("core", "timeout_notice"): - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Face detection timeout reached")) - syslog.syslog(syslog.LOG_INFO, "Failure, timeout reached") - syslog.closelog() - return pamh.PAM_AUTH_ERR - - # Status 12 means we aborted - elif status == 12: - syslog.syslog(syslog.LOG_INFO, "Failure, general abort") - syslog.closelog() - return pamh.PAM_AUTH_ERR - - # Status 13 means the image was too dark - elif status == 13: - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Face detection image too dark")) - syslog.syslog(syslog.LOG_INFO, "Failure, image too dark") - syslog.closelog() - return pamh.PAM_AUTH_ERR - - # Status 14 means a rubberstamp could not be given - elif status == 14: - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Rubberstamp denied")) - syslog.syslog(syslog.LOG_INFO, "Failure, rubberstamp did not succeed") - syslog.closelog() - return pamh.PAM_AUTH_ERR - - # Status 1 is probably a python crash - elif status == 1: - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Howdy encountered error, check stderr")) - syslog.syslog(syslog.LOG_INFO, "Failure, process crashed while authenticating") - syslog.closelog() - return pamh.PAM_SYSTEM_ERR - - # Status 0 is a successful exit - elif status == 0: - # Show the success message if it isn't suppressed - if not config.getboolean("core", "no_confirmation"): - pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Identified face as " + pamh.get_user())) - - syslog.syslog(syslog.LOG_INFO, "Login approved") - syslog.closelog() - return pamh.PAM_SUCCESS - - # Otherwise, we can't describe what happened but it wasn't successful - pamh.conversation(pamh.Message(pamh.PAM_ERROR_MSG, "Unknown error: " + str(status))) - syslog.syslog(syslog.LOG_INFO, "Failure, unknown error" + str(status)) - syslog.closelog() - return pamh.PAM_SYSTEM_ERR - - -def pam_sm_authenticate(pamh, flags, args): - """Called by PAM when the user wants to authenticate, in sudo for example""" - return doAuth(pamh) - - -def pam_sm_open_session(pamh, flags, args): - """Called when starting a session, such as su""" - return doAuth(pamh) - - -def pam_sm_close_session(pamh, flags, argv): - """We don't need to clean anyting up at the end of a session, so returns true""" - return pamh.PAM_SUCCESS - - -def pam_sm_setcred(pamh, flags, argv): - """We don't need set any credentials, so returns true""" - return pamh.PAM_SUCCESS