mirror of
https://github.com/boltgolt/howdy.git
synced 2024-09-19 09:51:19 +02:00
Made python3 absolute, added comments
This commit is contained in:
parent
2287bc14f8
commit
fce326d19a
1 changed files with 46 additions and 35 deletions
|
@ -39,29 +39,45 @@ using namespace std;
|
||||||
|
|
||||||
enum class Type { Howdy, Pam };
|
enum class Type { Howdy, Pam };
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Inspect the status code returned by the compare process
|
||||||
|
* @param code The status code
|
||||||
|
* @param conv_function The PAM conversation function
|
||||||
|
* @return A PAM return code
|
||||||
|
*/
|
||||||
int on_howdy_auth(int code, function<int(int, const char *)> conv_function) {
|
int on_howdy_auth(int code, function<int(int, const char *)> conv_function) {
|
||||||
if (WIFEXITED(code)) {
|
// If the process has exited
|
||||||
|
if (!WIFEXITED(code)) {
|
||||||
|
// Get the status code returned
|
||||||
code = WEXITSTATUS(code);
|
code = WEXITSTATUS(code);
|
||||||
|
|
||||||
switch (code) {
|
switch (code) {
|
||||||
case 10:
|
// Status 10 means we couldn't find any face models
|
||||||
conv_function(PAM_ERROR_MSG, "There is no face model known");
|
case 10:
|
||||||
syslog(LOG_NOTICE, "Failure, no face model known");
|
conv_function(PAM_ERROR_MSG, "There is no face model known");
|
||||||
break;
|
syslog(LOG_NOTICE, "Failure, no face model known");
|
||||||
case 11:
|
break;
|
||||||
syslog(LOG_INFO, "Failure, timeout reached");
|
// Status 11 means we exceded the maximum retry count
|
||||||
break;
|
case 11:
|
||||||
case 12:
|
syslog(LOG_INFO, "Failure, timeout reached");
|
||||||
syslog(LOG_INFO, "Failure, general abort");
|
break;
|
||||||
break;
|
// Status 12 means we aborted
|
||||||
case 13:
|
case 12:
|
||||||
syslog(LOG_INFO, "Failure, image too dark");
|
syslog(LOG_INFO, "Failure, general abort");
|
||||||
break;
|
break;
|
||||||
default:
|
// Status 13 means the image was too dark
|
||||||
conv_function(PAM_ERROR_MSG,
|
case 13:
|
||||||
string("Unknown error:" + to_string(code)).c_str());
|
conv_function(PAM_ERROR_MSG, "Face detection image too dark");
|
||||||
syslog(LOG_INFO, "Failure, unknown error %d", code);
|
syslog(LOG_INFO, "Failure, image too dark");
|
||||||
|
break;
|
||||||
|
// Otherwise, we can't discribe what happend but it wasn't successful
|
||||||
|
default:
|
||||||
|
conv_function(PAM_ERROR_MSG, string("Unknown error:" + to_string(code)).c_str());
|
||||||
|
syslog(LOG_INFO, "Failure, unknown error %d", code);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// As this function is only called for error status codes, signal an error to PAM
|
||||||
return PAM_AUTH_ERR;
|
return PAM_AUTH_ERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -155,10 +171,11 @@ int identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
|
||||||
posix_spawn_file_actions_init(&file_actions);
|
posix_spawn_file_actions_init(&file_actions);
|
||||||
posix_spawn_file_actions_addclose(&file_actions, STDOUT_FILENO);
|
posix_spawn_file_actions_addclose(&file_actions, STDOUT_FILENO);
|
||||||
posix_spawn_file_actions_addclose(&file_actions, STDERR_FILENO);
|
posix_spawn_file_actions_addclose(&file_actions, STDERR_FILENO);
|
||||||
const char *const args[] = {"python", "/lib/security/howdy/compare.py",
|
const char *const args[] = {"/usr/bin/python3", "/lib/security/howdy/compare.py",
|
||||||
user_ptr, nullptr};
|
user_ptr, nullptr};
|
||||||
pid_t child_pid;
|
pid_t child_pid;
|
||||||
if (posix_spawnp(&child_pid, "python", &file_actions, nullptr,
|
|
||||||
|
if (posix_spawnp(&child_pid, "/usr/bin/python3", &file_actions, nullptr,
|
||||||
(char *const *)args, nullptr) < 0) {
|
(char *const *)args, nullptr) < 0) {
|
||||||
syslog(LOG_ERR, "Can't spawn the howdy process: %s", strerror(errno));
|
syslog(LOG_ERR, "Can't spawn the howdy process: %s", strerror(errno));
|
||||||
return PAM_SYSTEM_ERR;
|
return PAM_SYSTEM_ERR;
|
||||||
|
@ -234,32 +251,26 @@ int identify(pam_handle_t *pamh, int flags, int argc, const char **argv,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
|
// Called by PAM when a user needs to be authenticated, for example by running the sudo command
|
||||||
const char **argv) {
|
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
|
||||||
return identify(pamh, flags, argc, argv, true);
|
return identify(pamh, flags, argc, argv, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
|
// Called by PAM when a session is started, such as by the su command
|
||||||
const char **argv) {
|
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
|
||||||
return identify(pamh, flags, argc, argv, false);
|
return identify(pamh, flags, argc, argv, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
|
// The functions below are required by PAM, but not needed in this module
|
||||||
const char **argv) {
|
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
|
||||||
return PAM_IGNORE;
|
return PAM_IGNORE;
|
||||||
}
|
}
|
||||||
|
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
|
||||||
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
|
|
||||||
const char **argv) {
|
|
||||||
return PAM_IGNORE;
|
return PAM_IGNORE;
|
||||||
}
|
}
|
||||||
|
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
|
||||||
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
|
|
||||||
const char **argv) {
|
|
||||||
return PAM_IGNORE;
|
return PAM_IGNORE;
|
||||||
}
|
}
|
||||||
|
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
|
||||||
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
|
|
||||||
const char **argv) {
|
|
||||||
return PAM_IGNORE;
|
return PAM_IGNORE;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue