/* This software is licensed under GPL-3, as shown in the file LICENSE Author: Linux Gruppe IRB Copyright: Linux Gruppe IRB, 2024 */ #include #include #include #include #include #include #include #include "authorized_eid.h" #include "client.h" #include "auth.h" #include "pam_eid.h" int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl) { char *fileEntry = NULL; char *res = NULL; FILE *authorized_eid; gchar *hash; size_t n; int r; r = PAM_SUCCESS; if ((authorized_eid = auth_fopen(passwd, "rb")) == NULL) { pam_syslog(pamh, LOG_INFO, "User %s has no usable " "file with german eID card data", passwd->pw_name); r = PAM_AUTH_ERR; goto cleanup; } if (params.debug) pam_syslog(pamh, LOG_DEBUG, "Successfully opened file with " "german eID card data: %s/.eid/authorized_eid", passwd->pw_dir); port = 41325; if ((res = eidResponse(curl)) == NULL) { pam_syslog(pamh, LOG_ERR, "curl_easy_perform() failed: %s", errbuf); r = PAM_SERVICE_ERR; goto cleanup; } if (params.debug) { pam_syslog(pamh, LOG_DEBUG, "curl_easy_perform() succeeded"); pam_syslog(pamh, LOG_DEBUG, "The data read from web is: %s", res); } hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res)); if (params.debug) { pam_syslog(pamh, LOG_DEBUG, "The hash for the web data is: %s", hash); } errno = 0; while (getline(&fileEntry, &n, authorized_eid) != -1) { if (params.debug) { pam_syslog(pamh, LOG_DEBUG, "The current hash read from file is: %s", fileEntry); } if (strncmp(hash, fileEntry, strlen(hash)) == 0) { if (params.debug) { pam_syslog(pamh, LOG_DEBUG, "Found a match"); } r = PAM_SUCCESS; break; } else { if (params.debug) { pam_syslog(pamh, LOG_DEBUG, "Found no match"); } r = PAM_AUTH_ERR; } } if (errno != 0) pam_syslog(pamh, LOG_ERR, "getline() failed: %s", strerror(errno)); cleanup: if (authorized_eid != NULL) fclose(authorized_eid); if (res != NULL) free(res); if (fileEntry != NULL) free(fileEntry); return r; }