pam-eid/auth.c

/*      
	This software is licensed under GPL-3, as shown in the file LICENSE
	Author: Linux Gruppe IRB
	Copyright: Linux Gruppe IRB, 2024
*/

#include <glib.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include <security/pam_ext.h>

#include "authorized_eid.h"
#include "client.h"
#include "auth.h"
#include "pam_eid.h"

int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl)
{
	char *fileEntry = NULL;
	char *res       = NULL;
	FILE *authorized_eid;
	gchar *hash;
	size_t n;
	int r;

	r = PAM_SUCCESS;

	if ((authorized_eid = auth_fopen(passwd, "rb")) == NULL)
	{
		pam_syslog(pamh, LOG_INFO, "User %s has no usable "
			   "file with german eID card data",
			   passwd->pw_name);

		r = PAM_AUTH_ERR;
		goto cleanup;
	}

	if (params.debug)
		pam_syslog(pamh, LOG_DEBUG, "Successfully opened file with "
			   "german eID card data: %s/.eid/authorized_eid",
			   passwd->pw_dir);
	
	port = 41325;

	if ((res = eidResponse(curl)) == NULL)
	{
		pam_syslog(pamh, LOG_ERR, "curl_easy_perform() failed: %s", errbuf);
		r = PAM_SERVICE_ERR;
		goto cleanup;
	}

	if (params.debug)
	{
		pam_syslog(pamh, LOG_DEBUG, "curl_easy_perform() succeeded");
		pam_syslog(pamh, LOG_DEBUG, "The data read from web is: %s",
			   res);
	}

	hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res));

	if (params.debug)
	{
		pam_syslog(pamh, LOG_DEBUG, "The hash for the web data is: %s",
			   hash);
	}

	errno = 0;
	
	while (getline(&fileEntry, &n, authorized_eid) != -1)
        {
		if (params.debug)
		{
			pam_syslog(pamh,
				   LOG_DEBUG,
				   "The current hash read from file is: %s",
				   fileEntry);
		}

		if (strncmp(hash, fileEntry, strlen(hash)) == 0)
		{
			if (params.debug)
			{
				pam_syslog(pamh, LOG_DEBUG, "Found a match");
			}

			r = PAM_SUCCESS;
			break;
		}
		else
		{
			if (params.debug)
			{
				pam_syslog(pamh, LOG_DEBUG, "Found no match");
			}

			r = PAM_AUTH_ERR;
		}
	}

	if (errno != 0)
		pam_syslog(pamh, LOG_ERR, "getline() failed: %s", strerror(errno));

cleanup:
	if (authorized_eid != NULL)
		fclose(authorized_eid);

	if (res != NULL)
		free(res);

	if (fileEntry != NULL)
		free(fileEntry);

	return r;
}
Initial GIT version 2024-10-29 13:39:15 +01:00			`/*`
			`This software is licensed under GPL-3, as shown in the file LICENSE`
			`Author: Linux Gruppe IRB`
			`Copyright: Linux Gruppe IRB, 2024`
			`*/`

			`#include <glib.h>`
			`#include <errno.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <syslog.h>`
			`#include <unistd.h>`
			`#include <security/pam_ext.h>`

			`#include "authorized_eid.h"`
			`#include "client.h"`
			`#include "auth.h"`
			`#include "pam_eid.h"`

			`int auth(pam_handle_t pamh, struct passwd passwd, CURL *curl)`
			`{`
			`char *fileEntry = NULL;`
			`char *res = NULL;`
			`FILE *authorized_eid;`
			`gchar *hash;`
			`size_t n;`
			`int r;`

			`r = PAM_SUCCESS;`

			`if ((authorized_eid = auth_fopen(passwd, "rb")) == NULL)`
			`{`
			`pam_syslog(pamh, LOG_INFO, "User %s has no usable "`
			`"file with german eID card data",`
			`passwd->pw_name);`

			`r = PAM_AUTH_ERR;`
			`goto cleanup;`
			`}`

			`if (params.debug)`
			`pam_syslog(pamh, LOG_DEBUG, "Successfully opened file with "`
			`"german eID card data: %s/.eid/authorized_eid",`
			`passwd->pw_dir);`

			`port = 41325;`

			`if ((res = eidResponse(curl)) == NULL)`
			`{`
			`pam_syslog(pamh, LOG_ERR, "curl_easy_perform() failed: %s", errbuf);`
			`r = PAM_SERVICE_ERR;`
			`goto cleanup;`
			`}`

			`if (params.debug)`
			`{`
			`pam_syslog(pamh, LOG_DEBUG, "curl_easy_perform() succeeded");`
			`pam_syslog(pamh, LOG_DEBUG, "The data read from web is: %s",`
			`res);`
			`}`

			`hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res));`

			`if (params.debug)`
			`{`
			`pam_syslog(pamh, LOG_DEBUG, "The hash for the web data is: %s",`
			`hash);`
			`}`

			`errno = 0;`

			`while (getline(&fileEntry, &n, authorized_eid) != -1)`
			`{`
			`if (params.debug)`
			`{`
			`pam_syslog(pamh,`
			`LOG_DEBUG,`
			`"The current hash read from file is: %s",`
			`fileEntry);`
			`}`

			`if (strncmp(hash, fileEntry, strlen(hash)) == 0)`
			`{`
			`if (params.debug)`
			`{`
			`pam_syslog(pamh, LOG_DEBUG, "Found a match");`
			`}`

			`r = PAM_SUCCESS;`
			`break;`
			`}`
			`else`
			`{`
			`if (params.debug)`
			`{`
			`pam_syslog(pamh, LOG_DEBUG, "Found no match");`
			`}`

			`r = PAM_AUTH_ERR;`
			`}`
			`}`

			`if (errno != 0)`
			`pam_syslog(pamh, LOG_ERR, "getline() failed: %s", strerror(errno));`

			`cleanup:`
			`if (authorized_eid != NULL)`
			`fclose(authorized_eid);`

			`if (res != NULL)`
			`free(res);`

			`if (fileEntry != NULL)`
			`free(fileEntry);`

			`return r;`
			`}`