Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

180 lines (156 sloc) 5.178 kb
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <crypt.h>
#define LENG_STRING 200
#define PAM_SM_AUTH
#include <security/pam_modules.h>
#ifndef PAM_EXTERN
#define PAM_EXTERN
#endif
static char password_prompt[] = "Mot de passe : ";
static char password_file[] = "/README";
static char origin_salt[] = "adminsys"; // limité à 8 caractères pour md5
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flgs, int argc, const char **argv){
// variables
char temp[LENG_STRING]="";
int result = PAM_AUTH_ERR;
const char *username = NULL;
int retry, err;
struct pam_conv *conv;
struct pam_message msg;
const struct pam_message *msgp;
char *crypt_password, *password;
struct pam_response *resp;
struct passwd *pwd;
char salt[LENG_STRING] = "";
enum algos {
des,
md5,
sha256,
sha512
};
typedef enum algos algo; //utiliser l'enum algo au lieu de manipuler les valeurs ascii des chiffres 0 à 3 ?
// mise en place du salt suivant l'algo choisi dans la config de pam
int algo_choice = ((int)*argv[0]-48);
switch (algo_choice){
case 0:
strcat(salt,origin_salt);
syslog(LOG_INFO, "PAM_FILE module : DES : %s", salt);
break;
case 1:
strcat(salt, "$1$");
strcat(salt, origin_salt);
strcat(salt, "$");
syslog(LOG_INFO, "PAM_FILE module : MD5 : %s", salt);
break;
case 2:
strcat(salt, "$5$");
strcat(salt, origin_salt);
strcat(salt, "$");
syslog(LOG_INFO, "PAM_FILE module : SHA256 : %s", salt);
break;
case 3:
strcat(salt, "$6$");
strcat(salt, origin_salt);
strcat(salt, "$");
syslog(LOG_INFO, "PAM_FILE module : SHA512 : %s", salt);
break;
default:
strcat(salt, "$6$");
strcat(salt, origin_salt);
strcat(salt, "$");
syslog(LOG_INFO, "PAM_FILE module : DEFAULT : SHA512 : %s", salt);
break;
}
// on récupère le nom de l'utilisateur auquel on se connecte
if(pam_get_user(pamh, &username, NULL) != PAM_SUCCESS){
// cas où le nom de l'utilisateur n'est pas reconnu
syslog(LOG_ERR, "PAM_FILE module : Username %s is unknown", username);
return PAM_USER_UNKNOWN;
}
// récupération du mot de passe
err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
if (err != PAM_SUCCESS)
return (PAM_SYSTEM_ERR);
msg.msg_style = PAM_PROMPT_ECHO_OFF; // le mot de passe ne sera pas affiché à l'écran lors de sa saisie
msg.msg = password_prompt; // message de demande de mot de passe
msgp = &msg;
for (retry = 0; retry < 3; ++retry) {
resp = NULL;
err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
if (resp != NULL) {
if (err == PAM_SUCCESS)
password = resp->resp;
else
free(resp->resp);
free(resp);
}
if (err == PAM_SUCCESS)
break;
}
// fichier contenant les mots de passe hashés
FILE *testf = fopen(password_file, "r");
if (testf!=NULL){
while(fgets(temp, LENG_STRING, testf)){
char user_temp[LENG_STRING]="";
// récupération du nom de l'utilisateur (extraction de la premiere partie de la chaine : avant le ':')
int i=0;
for (i ; i < strlen(temp); i++){
if (temp[i]==58){ // ":"
break;
}
else{
user_temp[i]=temp[i];
}
}
// mot de passe chiffré avec salt
crypt_password = crypt(password, salt);
syslog(LOG_INFO, "PAM_FILE module : Password crypt : %s", crypt_password);
if (user_temp!=""){ // authentification
if (!strcmp(user_temp, username)){ // vérification du nom de l'utilisateur
syslog(LOG_INFO, "PAM_FILE module : Username %s is ok", username);
if(strncmp(strstr(temp, ":")+1, crypt_password, strlen(crypt_password))==0){ // vérification du mot de passe
syslog(LOG_INFO, "PAM_FILE module : Password for %s is ok", username);
//crypt_password = crypt(password, salt);
//syslog(LOG_INFO, "PAM_FILE module : Password crypt : %s", crypt_password);
//syslog(LOG_INFO, "PAM_FILE module : pwd->pw_passwd : %s", pwd->pw_passwd);
//syslog(LOG_INFO, "PAM_FILE module : temp: %s", strstr(temp, ":")+1);
//syslog(LOG_INFO, "PAM_FILE module : password: %s", password);
//syslog(LOG_INFO, "PAM_FILE module : len temp: %d", strlen(strstr(temp, ":")+1));
//syslog(LOG_INFO, "PAM_FILE module : len password: %d", strlen(password));
result = PAM_SUCCESS;
}
else{
syslog(LOG_ERR, "PAM_FILE module : Password error for %s", username);
result = PAM_AUTH_ERR;
}
}
}
}
}
else
syslog(LOG_ERR, "PAM_FILE module : Issues with password file");
return result;
}
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[])
{
return (PAM_SUCCESS);
}
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[])
{
return (PAM_SERVICE_ERR);
}
Jump to Line
Something went wrong with that request. Please try again.