-
Notifications
You must be signed in to change notification settings - Fork 7
/
nfcauth_backend_config.c
106 lines (79 loc) · 2.06 KB
/
nfcauth_backend_config.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#if defined(PAM_NFC_BACKEND_CONFIG)
#include <sys/types.h>
#include <sys/stat.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#if defined(HAVE_CRYPT_H)
#include <crypt.h>
#endif /* HAVE_CRYPT_H */
#include "nfcauth.h"
#if !defined(SYSCONFDIR)
# define SYSCONFDIR "/etc"
#endif /* !SYSCONFDIR */
#if !defined(PAM_NFC_FILE)
# define PAM_NFC_FILE SYSCONFDIR "/pam_nfc.conf"
#endif /* !PAM_NFC_FILE */
#define CRED_FORMAT "%s %s\n"
#if !defined(CRYPT_SALT)
# define CRYPT_SALT "RC"
#endif
int nfcauth_is_authorized (const char *user, char *target);
int
nfcauth_check (void)
{
struct stat conffile_fileinfo;
if (stat (PAM_NFC_FILE, &conffile_fileinfo)) {
return 0;
}
if ( ( conffile_fileinfo.st_mode & S_IWOTH )
|| !S_ISREG ( conffile_fileinfo.st_mode ) )
{
/* If the file is world writable or is not a normal file, return error */
return 0;
}
return 1;
}
int
nfcauth_add_authorization (char *user, char *target)
{
int ret;
FILE *config;
/*
* If the config file exists it is supposed to be read-only.
* In such a situation, chmod it so that we can write to it.
*/
if ((config = fopen (PAM_NFC_FILE, "r"))) {
fclose (config);
chmod (PAM_NFC_FILE, 0600);
}
/* If no file exists, avoid race condition. */
umask (0077);
if (!(config = fopen (PAM_NFC_FILE, "a")))
return 0;
ret = (fprintf (config, CRED_FORMAT, user, crypt(target, CRYPT_SALT)) > 0);
if (fclose (config) != 0)
return 0;
/* Protect teh configuration file setting it read-only. */
chmod (PAM_NFC_FILE, 0400);
return ret;
}
int
nfcauth_is_authorized (const char *user, char *target)
{
int found = 0;
FILE *config;
char needle[BUFSIZ];
snprintf (needle, BUFSIZ, CRED_FORMAT, user, crypt(target, CRYPT_SALT));
if ((config = fopen(PAM_NFC_FILE, "r"))) {
char buffer[BUFSIZ];
while (!found && fgets (buffer, BUFSIZ, config)) {
if (strcmp (buffer, needle) == 0)
found = 1;
}
fclose (config);
}
return found;
}
#endif /* PAM_NFC_BACKEND_CONFIG */