linux/howdy
0
0
Fork 0
mirror of https://github.com/boltgolt/howdy.git synced 2024-09-19 09:51:19 +02:00
Code Issues Projects Releases Wiki Activity

Made python3 absolute, added comments

Browse source
This commit is contained in:
boltgolt 2021-03-18 23:08:55 +01:00 committed by musikid
parent 2287bc14f8
commit fce326d19a
No known key found for this signature in database
GPG key ID: 7567D43648C6E2F4
1 changed files with 46 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
src/pam/main.cc
View file

@ -39,29 +39,45 @@ using namespace std;
enum class Type { Howdy, Pam }; enum class Type { Howdy, Pam };
/**
* Inspect the status code returned by the compare process
* @param code The status code
* @param conv_function The PAM conversation function
* @return A PAM return code
*/
int on_howdy_auth(int code, function<int(int, const char *)> conv_function) { int on_howdy_auth(int code, function<int(int, const char *)> conv_function) {
if (WIFEXITED(code)) { // If the process has exited
if (!WIFEXITED(code)) {
// Get the status code returned
code = WEXITSTATUS(code); code = WEXITSTATUS(code);
switch (code) { switch (code) {
case 10: // Status 10 means we couldn't find any face models
conv_function(PAM_ERROR_MSG, "There is no face model known"); case 10:
syslog(LOG_NOTICE, "Failure, no face model known"); conv_function(PAM_ERROR_MSG, "There is no face model known");
break; syslog(LOG_NOTICE, "Failure, no face model known");
case 11: break;
syslog(LOG_INFO, "Failure, timeout reached"); // Status 11 means we exceded the maximum retry count
break; case 11:
case 12: syslog(LOG_INFO, "Failure, timeout reached");
syslog(LOG_INFO, "Failure, general abort"); break;
break; // Status 12 means we aborted
case 13: case 12:
syslog(LOG_INFO, "Failure, image too dark"); syslog(LOG_INFO, "Failure, general abort");
break; break;
default: // Status 13 means the image was too dark
conv_function(PAM_ERROR_MSG, case 13:
string("Unknown error:" + to_string(code)).c_str()); conv_function(PAM_ERROR_MSG, "Face detection image too dark");
syslog(LOG_INFO, "Failure, unknown error %d", code); syslog(LOG_INFO, "Failure, image too dark");
break;
// Otherwise, we can't discribe what happend but it wasn't successful
default:
conv_function(PAM_ERROR_MSG, string("Unknown error:" + to_string(code)).c_str());
syslog(LOG_INFO, "Failure, unknown error %d", code);
} }
} }
// As this function is only called for error status codes, signal an error to PAM
return PAM_AUTH_ERR; return PAM_AUTH_ERR;
} }
@ -155,10 +171,11 @@ int identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
posix_spawn_file_actions_init(&file_actions); posix_spawn_file_actions_init(&file_actions);
posix_spawn_file_actions_addclose(&file_actions, STDOUT_FILENO); posix_spawn_file_actions_addclose(&file_actions, STDOUT_FILENO);
posix_spawn_file_actions_addclose(&file_actions, STDERR_FILENO); posix_spawn_file_actions_addclose(&file_actions, STDERR_FILENO);
const char *const args[] = {"python", "/lib/security/howdy/compare.py", const char *const args[] = {"/usr/bin/python3", "/lib/security/howdy/compare.py",
user_ptr, nullptr}; user_ptr, nullptr};
pid_t child_pid; pid_t child_pid;
if (posix_spawnp(&child_pid, "python", &file_actions, nullptr,
if (posix_spawnp(&child_pid, "/usr/bin/python3", &file_actions, nullptr,
(char *const *)args, nullptr) < 0) { (char *const *)args, nullptr) < 0) {
syslog(LOG_ERR, "Can't spawn the howdy process: %s", strerror(errno)); syslog(LOG_ERR, "Can't spawn the howdy process: %s", strerror(errno));
return PAM_SYSTEM_ERR; return PAM_SYSTEM_ERR;
@ -234,32 +251,26 @@ int identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
} }
} }
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, // Called by PAM when a user needs to be authenticated, for example by running the sudo command
const char **argv) { PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return identify(pamh, flags, argc, argv, true); return identify(pamh, flags, argc, argv, true);
} }
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, // Called by PAM when a session is started, such as by the su command
const char **argv) { PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return identify(pamh, flags, argc, argv, false); return identify(pamh, flags, argc, argv, false);
} }
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, // The functions below are required by PAM, but not needed in this module
const char **argv) { PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return PAM_IGNORE; return PAM_IGNORE;
} }
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
const char **argv) {
return PAM_IGNORE; return PAM_IGNORE;
} }
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv) {
return PAM_IGNORE; return PAM_IGNORE;
} }
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
const char **argv) {
return PAM_IGNORE; return PAM_IGNORE;
} }