More fixes/improvements and make distcheck fixed #24

Closed
wants to merge 8 commits into
from
View
@@ -1,14 +1,7 @@
ACLOCAL_AMFLAGS = -I autotools
-noinst_LTLIBRARIES = libcommon.la
-
-libcommon_la_SOURCES = \
- lib/groupaccess.c lib/groupaccess.h \
- lib/match.c lib/match.h
-libcommon_la_LIBADD = @LTLIBOBJS@
-
-SUBDIRS = . lib login_duo
+SUBDIRS = compat lib login_duo
if PAM
SUBDIRS += pam_duo
View
@@ -0,0 +1,5 @@
+
+noinst_LTLIBRARIES = libcompat.la
+libcompat_la_SOURCES = groupaccess.c groupaccess.h match.c match.h
+libcompat_la_LIBADD = @LTLIBOBJS@
+
View
No changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
View
@@ -36,6 +36,7 @@ AC_PROG_CC
AM_PROG_CC_C_O
AC_USE_SYSTEM_EXTENSIONS
AC_PROG_INSTALL
+AC_PROG_MKDIR_P
LT_INIT
# Compiler options
@@ -99,12 +100,16 @@ AC_ARG_WITH(pam,
)
AM_CONDITIONAL([PAM], [ test "x$with_pam" != "xno" ])
-if test "x$with_pam" != "xno" ; then
+AS_IF([test "x$with_pam" != "xno"], [
+ save_LIBS=$LIBS
AC_CHECK_HEADERS([security/pam_appl.h], [],
[AC_MSG_ERROR([[PAM header files not found, install libpam-dev/pam-devel/etc.]])])
AC_CHECK_HEADERS([security/pam_modules.h security/pam_ext.h], [], [],
[#include <security/pam_appl.h>])
- AC_CHECK_LIB([pam], [main], [AC_SUBST([LIBPAM], ["-lpam"])], AC_MSG_FAILURE([libpam not found]))
+
+ AC_CHECK_LIB([pam], [main], [], AC_MSG_FAILURE([libpam not found]))
+ AC_SUBST([LIBPAM], ["-lpam"])
+
AS_IF([ test "x$with_pam" != "xno" ], [
case "${withval}" in
/*|\$*) PAMDIR="${withval}";;
@@ -113,8 +118,9 @@ if test "x$with_pam" != "xno" ; then
esac
AC_MSG_NOTICE([PAM installation path $PAMDIR])
])
- AC_SEARCH_LIBS(pam_vprompt, pam, [AC_DEFINE([HAVE_PAM_VPROMPT], [1], [Define if pam_vprompt exists])])
-fi
+ AC_CHECK_FUNCS([pam_vprompt])
+ LIBS=$save_LIBS
+])
AC_SUBST(PAMDIR, "$PAMDIR")
# Check for Duo privsep user
@@ -168,6 +174,6 @@ AC_REPLACE_FUNCS([asprintf getgrouplist strlcpy vsyslog])
AC_SEARCH_LIBS(inet_ntoa, nsl)
AC_SEARCH_LIBS(gethostbyname, resolv nsl)
-AC_CONFIG_FILES(Makefile lib/Makefile lib/libduo.pc login_duo/Makefile pam_duo/Makefile duo_unix.spec tests/Makefile)
+AC_CONFIG_FILES(Makefile compat/Makefile lib/Makefile lib/libduo.pc login_duo/Makefile pam_duo/Makefile duo_unix.spec tests/Makefile)
AC_OUTPUT
View
@@ -6,7 +6,7 @@ lib_LTLIBRARIES = libduo.la
libduo_la_SOURCES = bson.h bson.c cacert.h duo.c \
http_parser.h http_parser.c https.h https.c ini.h ini.c \
urlenc.h urlenc.c
-libduo_la_LIBADD = ../libcommon.la @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
+libduo_la_LIBADD = $(top_builddir)/compat/libcompat.la @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
# http://sourceware.org/autobook/autobook/autobook_91.html
libduo_la_LDFLAGS = -no-undefined -version-info 3:0:0 -export-symbols-regex '^duo_'
@@ -22,12 +22,12 @@ noinst_PROGRAMS = testduo
testduo_LDADD = libduo.la
-install-exec-hook:
+install-data-local:
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)
-@if [ ! -f $(DESTDIR)$(sysconfdir)/duo.crt ]; then \
- mkdir -p -m 755 $(DESTDIR)$(sysconfdir); \
cp duo.crt $(DESTDIR)$(sysconfdir)/duo.crt; \
echo "Created ${DESTDIR}$(sysconfdir)/duo.crt"; \
else \
- echo "Found existing ${DESTDIR}$(sysconfdir)/login_duo.conf - skipping"; \
+ echo "Found existing ${DESTDIR}$(sysconfdir)/duo.crt - skipping"; \
fi
@@ -4,15 +4,17 @@ AM_CPPFLAGS = -I$(top_srcdir)/compat -I$(top_srcdir)/lib @OPENSSL_INCLUDES@
sbin_PROGRAMS = login_duo
login_duo_SOURCES = login_duo.c
-login_duo_LDADD = $(top_builddir)/lib/libduo.la $(top_builddir)/libcommon.la @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
+login_duo_LDADD = $(top_builddir)/lib/libduo.la $(top_builddir)/compat/libcompat.la @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@
notrans_dist_man8_MANS = login_duo.8
install-exec-hook:
-chown root $(DESTDIR)$(sbindir)/login_duo && \
chmod 4755 $(DESTDIR)$(sbindir)/login_duo
+
+install-data-local:
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)
-@if [ ! -f $(DESTDIR)$(sysconfdir)/login_duo.conf ]; then \
- mkdir -p -m 755 $(DESTDIR)$(sysconfdir); \
cp login_duo.conf $(DESTDIR)$(sysconfdir)/login_duo.conf; \
echo "Created ${DESTDIR}$(sysconfdir)/login_duo.conf"; \
echo "Please edit it to add your Duo integration and secret keys"; \
View
@@ -5,13 +5,14 @@ pam_libdir = @PAMDIR@
pam_lib_LTLIBRARIES = pam_duo.la
pam_duo_la_DEFS = -DDEBUG_PAM -DPAM_DEBUG @DEFS@
-pam_duo_la_SOURCES = pam_duo.c pam_extra.h pam_extra.c
-pam_duo_la_LIBADD = $(top_builddir)/lib/libduo.la $(top_builddir)/libcommon.la @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@ -lpam
+pam_duo_la_SOURCES = pam_duo.c pam_extra.h pam_extra.c pam_get_pass.c
+pam_duo_la_LIBADD = $(top_builddir)/lib/libduo.la @OPENSSL_LDFLAGS@ @OPENSSL_LIBS@ -lpam
pam_duo_la_LDFLAGS = -module -no-undefined -avoid-version -shared -export-symbols-regex '^pam_sm_'
notrans_dist_man8_MANS = pam_duo.8
-install-exec-hook:
+install-data-local:
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)
-@if [ ! -f $(DESTDIR)$(sysconfdir)/pam_duo.conf ]; then \
cp pam_duo.conf $(DESTDIR)$(sysconfdir)/pam_duo.conf; \
echo "Created ${DESTDIR}$(sysconfdir)/pam_duo.conf"; \
View
@@ -58,6 +58,7 @@
#include "duo.h"
#include "groupaccess.h"
#include "pam_extra.h"
+#include "pam_duo_options.h"
#ifndef PAM_EXTERN
#define PAM_EXTERN
@@ -75,7 +76,7 @@ enum {
DUO_FAIL_SECURE,
};
-static int debug = 0;
+static int options = 0;
struct duo_config {
char *ikey;
@@ -96,7 +97,7 @@ _syslog(int priority, const char *fmt, ...)
va_list ap;
va_start(ap, fmt);
- if (debug) {
+ if (options & PAM_OPT_DEBUG) {
fprintf(stderr, "[%d] ", priority);
vfprintf(stderr, fmt, ap);
fputs("\n", stderr);
@@ -172,14 +173,17 @@ __duo_status(void *arg, const char *msg)
static char *
__duo_prompt(void *arg, const char *prompt, char *buf, size_t bufsz)
{
- char *p;
-
- if (pam_prompt((pam_handle_t *)arg, PAM_PROMPT_ECHO_ON, &p,
- "%s", prompt) != PAM_SUCCESS) {
+ pam_handle_t *pamh = (pam_handle_t *)arg;
+ const char *p;
+ int rc;
+
+ if (options & PAM_OPT_PUSH)
+ strlcpy(buf, "push", bufsz);
+ else if ((rc = pam_get_pass(pamh, PAM_AUTHTOK, &p, prompt, options)) == PAM_SUCCESS)
+ strlcpy(buf, p, bufsz);
+ else
return (NULL);
- }
- strlcpy(buf, p, bufsz);
- free(p);
+
return (buf);
}
@@ -227,7 +231,15 @@ pam_sm_authenticate(pam_handle_t *pamh, int pam_flags,
if (strncmp("conf=", argv[i], 5) == 0) {
config = argv[i] + 5;
} else if (strcmp("debug", argv[i]) == 0) {
- debug = 1;
+ options |= PAM_OPT_DEBUG;
+ } else if (strcmp("try_first_pass", argv[i]) == 0) {
+ options |= PAM_OPT_TRY_FIRST_PASS;
+ } else if (strcmp("use_first_pass", argv[i]) == 0) {
+ options |= PAM_OPT_USE_FIRST_PASS|PAM_OPT_TRY_FIRST_PASS;
+ } else if (strcmp("use_uid", argv[i]) == 0) {
+ options |= PAM_OPT_USE_UID;
+ } else if (strcmp("push", argv[i]) == 0) {
+ options |= PAM_OPT_PUSH;
} else {
_syslog(LOG_ERR, "Invalid pam_duo option: '%s'",
argv[i]);
@@ -264,6 +276,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int pam_flags,
(duopam_const void *)&service) != PAM_SUCCESS) {
return (PAM_SERVICE_ERR);
}
+ if (options & PAM_OPT_USE_UID) {
+ /* Check calling user for Duo auth, just like sudo */
+ if ((pw = getpwuid(getuid())) == NULL) {
+ return (PAM_USER_UNKNOWN);
+ }
+ user = pw->pw_name;
+ }
+
if (strcmp(service, "sshd") == 0) {
/*
* Disable incremental status reporting for sshd :-(
@@ -273,12 +293,6 @@ pam_sm_authenticate(pam_handle_t *pamh, int pam_flags,
flags |= DUO_FLAG_SYNC;
} else if (strcmp(service, "sudo") == 0) {
cmd = getenv("SUDO_COMMAND");
- } else if (strcmp(service, "su") == 0) {
- /* Check calling user for Duo auth, just like sudo */
- if ((pw = getpwuid(getuid())) == NULL) {
- return (PAM_USER_UNKNOWN);
- }
- user = pw->pw_name;
}
/* Check group membership */
if (cfg.groups_cnt > 0) {
@@ -0,0 +1,20 @@
+/*
+ * pam_duo_options.h
+ *
+ * Copyright (c) 2012 Diego Elio Pettenò
+ * All rights reserved, all wrongs reversed.
+ */
+
+#ifndef PAM_DUO_OPTIONS_H__
+#define PAM_DUO_OPTIONS_H__
+
+#define PAM_OPT_DEBUG 0x01
+#define PAM_OPT_TRY_FIRST_PASS 0x02
+#define PAM_OPT_USE_FIRST_PASS 0x04
+#define PAM_OPT_ECHO_PASS 0x08
+#define PAM_OPT_USE_UID 0x10
+#define PAM_OPT_PUSH 0x20
+
+int pam_get_pass(pam_handle_t *, int, const char **, const char *, int);
+
+#endif
Oops, something went wrong.