openkylin
/
ukui-biometric-auth
mirror of https://gitee.com/openkylin/ukui-biometric-auth.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

update changelog

This commit is contained in:
winnerym 2023-04-20 11:10:49 +08:00 committed by cckylin-cibot
parent 836c245e91
commit 2254d25a4b
3 changed files with 454 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
ukui-biometric-auth (3.22.0.0-ok6~0420) yangtze; urgency=medium
* BUG号
* 需求号:无
* 其他修改说明解决libpam-biometric与libkysdk-log库同时加载时程序崩溃问题
-- Yang Min <yangmin@kylinos.cn> Thu, 20 Apr 2023 11:09:41 +0800
ukui-biometric-auth (3.22.0.0-ok5~0417) yangtze; urgency=medium
* BUG号167371 【提权】A用户添加生物识别特征B用户登录使用A用户进行提权时没有生物识别选项

445
debian/patches/0004-update-changelog.patch vendored Normal file
View File

@ -0,0 +1,445 @@
From: winnerym <yangmin@kylinos.cn>
Date: Thu, 20 Apr 2023 11:10:49 +0800
Subject: update changelog
---
pam-biometric/logger.c | 10 ++--
pam-biometric/pam_biometric.c | 116 +++++++++++++++++++++---------------------
2 files changed, 63 insertions(+), 63 deletions(-)
diff --git a/pam-biometric/logger.c b/pam-biometric/logger.c
index 78abd2a..47f70ce 100644
--- a/pam-biometric/logger.c
+++ b/pam-biometric/logger.c
@@ -24,12 +24,12 @@
#include <unistd.h>
#include <sys/stat.h>
-int enable_debug;
-char *log_prefix;
+int pam_enable_debug;
+char *pam_log_prefix;
-void logger(char *format, ...)
+void pam_logger(char *format, ...)
{
- if(!enable_debug){
+ if(!pam_enable_debug){
return;
}
@@ -39,7 +39,7 @@ void logger(char *format, ...)
char timestr[32] = {0};
strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", localtime(&t)); //产生"YYYYMMDD hh:mm:ss"格式的字符串。
- fprintf(stderr, "[%s] %s - ", log_prefix, timestr);
+ fprintf(stderr, "[%s] %s - ", pam_log_prefix, timestr);
va_start(args, format); /* 初始化 args */
vfprintf(stderr, format, args);
}
diff --git a/pam-biometric/pam_biometric.c b/pam-biometric/pam_biometric.c
index 066d2ff..5d10c5a 100644
--- a/pam-biometric/pam_biometric.c
+++ b/pam-biometric/pam_biometric.c
@@ -35,9 +35,9 @@
#define USER_CONFIG_FILE "/home/%s/.biometric_auth/ukui_biometric.conf"
/* Declare log function */
-extern int enable_debug;
-extern char *log_prefix;
-extern int logger(char *format, ...);
+extern int pam_enable_debug;
+extern char *pam_log_prefix;
+extern int pam_logger(char *format, ...);
static int ukui_biometric_lock = 0;
int enable_biometric_authentication(pam_handle_t *pamh);
@@ -50,7 +50,7 @@ static void signal_handler(int signo)
{
if (signo == SIGUSR1)
child_alive = 0; /* GUI child process has terminated */
- logger("signal_handler is triggered\n");
+ pam_logger("signal_handler is triggered\n");
}
int enable_biometric_authentication_app()
@@ -62,14 +62,14 @@ int enable_biometric_authentication_app()
int is_enable = 0;
if((file = fopen(conf_file, "r")) == NULL){
- logger("open configure file failed: %s\n", strerror(errno));
+ pam_logger("open configure file failed: %s\n", strerror(errno));
return 1;
}
while(fgets(line, sizeof(line), file)) {
i = sscanf(line, "EnableAuthApp=%d\n", &is_enable);
if(i > 0) {
- logger("EnableAuthApp=%d\n", is_enable);
+ pam_logger("EnableAuthApp=%d\n", is_enable);
break;
}
}
@@ -145,9 +145,9 @@ int call_conversation(pam_handle_t *pamh, int msg_style, char *msg, char *resp)
message_tmp->msg_style = msg_style;
message_tmp->msg = msg;
message[0] = message_tmp;
- logger("Call conv callback function\n");
+ pam_logger("Call conv callback function\n");
status = conv_struct->conv(1, message, &response, conv_struct->appdata_ptr);
- logger("Finish conv callback function\n");
+ pam_logger("Finish conv callback function\n");
if (resp && response->resp)
strcpy(resp, response->resp);
@@ -164,7 +164,7 @@ int call_conversation(pam_handle_t *pamh, int msg_style, char *msg, char *resp)
void child(char *service, char *username, char *xdisp)
{
char *gui = "/usr/bin/bioauth";
- logger("Child process will be replaced.\n");
+ pam_logger("Child process will be replaced.\n");
int fd = open("/dev/null", O_WRONLY);
dup2(fd, 2);
@@ -172,7 +172,7 @@ void child(char *service, char *username, char *xdisp)
"--service", service,
"--user", username,
// "--display", xdisp,
- enable_debug ? "--debug" : "",
+ pam_enable_debug ? "--debug" : "",
(char *)0);
/*
* execl almost always succeed as long as the GUI executable file exists.
@@ -180,11 +180,11 @@ void child(char *service, char *username, char *xdisp)
* process won't reach here. Therefore, the following code won't be
* executed in general.
*/
- logger("Fatal error: execl(gui) failed in child process. "
+ pam_logger("Fatal error: execl(gui) failed in child process. "
"This is an extremely rare condition. Please ensure that the "
"biometric-authentication executable file exists.\n");
- logger("Use password as a fallback\n");
- logger("Child _exit with BIO_IGNORE\n");
+ pam_logger("Use password as a fallback\n");
+ pam_logger("Child _exit with BIO_IGNORE\n");
/* Child process exits */
_exit(BIO_IGNORE);
}
@@ -196,7 +196,7 @@ void handler()
/* PAM parent process */
int parent(int pid, pam_handle_t *pamh, int need_call_conv)
{
- logger("Parent process continue running.\n");
+ pam_logger("Parent process continue running.\n");
int child_status = -1;
/*
* 1. If calling conversation function is not needed, wait the child
@@ -224,7 +224,7 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv)
#endif
if (signal(SIGUSR1, signal_handler) == SIG_ERR)
- logger("Fatal Error. Can't catch SIGUSR1\n");
+ pam_logger("Fatal Error. Can't catch SIGUSR1\n");
reinvoke:
call_conversation(pamh, PAM_TEXT_INFO, msg1, NULL);
call_conversation(pamh, PAM_PROMPT_ECHO_OFF, msg2, NULL);
@@ -234,7 +234,7 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv)
signal(SIGUSR1, SIG_DFL);
waitpid(pid, &child_status, 0);
} else {
- logger("Waiting for the GUI child process to exit...\n");
+ pam_logger("Waiting for the GUI child process to exit...\n");
//由于sudo命令在进入pam认证时会阻塞来自终端的SIGINT以及SIGQUIT信号导致使用
//pam认证时按下Ctrl+C无反应认证完成后sudo会退出这里为了简单取消了阻塞
//信号,捕获信号但不做处理,在认证完成后,恢复原本阻塞状态
@@ -245,7 +245,7 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv)
signal(SIGINT,handler);
waitpid(pid, &child_status, 0);
- logger("GUI child process has exited.\n");
+ pam_logger("GUI child process has exited.\n");
sigprocmask(SIG_SETMASK,&mask,NULL);
}
@@ -257,23 +257,23 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv)
if (WIFEXITED(child_status))
bio_result = WEXITSTATUS(child_status);
else /* This may be because the GUI child process is invoked under console. */
- logger("The GUI-Child process terminate abnormally.\n");
+ pam_logger("The GUI-Child process terminate abnormally.\n");
if (bio_result == BIO_SUCCESS) {
if(!enable_biometric_authentication(pamh) && !enable_qrcode_authentication(pamh)) {
- logger("disable biometric authentication.\n");
+ pam_logger("disable biometric authentication.\n");
return PAM_SYSTEM_ERR;
}
- logger("pam_biometric.so return PAM_SUCCESS\n");
+ pam_logger("pam_biometric.so return PAM_SUCCESS\n");
return PAM_SUCCESS;
} else if (bio_result == BIO_IGNORE) {
/* Override msg1 to empty the label. We are ready to enter the password module. */
call_conversation(pamh, PAM_TEXT_INFO, "", NULL);
ukui_biometric_lock = 1;
- logger("pam_biometric.so return PAM_IGNORE\n");
+ pam_logger("pam_biometric.so return PAM_IGNORE\n");
return PAM_IGNORE;
} else {
- logger("pam_biometric.so return PAM_SYSTEM_ERR\n");
+ pam_logger("pam_biometric.so return PAM_SYSTEM_ERR\n");
ukui_biometric_lock = 1;
return PAM_SYSTEM_ERR;
}
@@ -296,10 +296,10 @@ void check_and_set_env(pam_handle_t *pamh, char **xdisp, char **xauth)
*xdisp=getenv("DISPLAY");
*xauth=getenv("XAUTHORITY");
if (*xdisp == 0)
- logger("Warning: DISPLAY env is still empty, "
+ pam_logger("Warning: DISPLAY env is still empty, "
"this is not an error if you are using terminal\n");
if (*xauth == 0)
- logger("Warning: XAUTHORITY env is still empty, "
+ pam_logger("Warning: XAUTHORITY env is still empty, "
"this is not an error if you are using terminal\n");
}
@@ -320,12 +320,12 @@ int biometric_auth_independent(pam_handle_t *pamh , char *service, int need_call
pid = fork();
if (pid == 0 ) {
child(service, username, xdisp);
- logger("Should never reach here.\n");
+ pam_logger("Should never reach here.\n");
return PAM_SYSTEM_ERR;
} else if (pid > 0) {
return parent(pid, pamh, need_call_conv);
} else {
- logger("Fork Error!\n");
+ pam_logger("Fork Error!\n");
return PAM_SYSTEM_ERR;
}
}
@@ -333,34 +333,34 @@ int biometric_auth_independent(pam_handle_t *pamh , char *service, int need_call
/* Biometric processing function fot polkit-1 */
int biometric_auth_polkit()
{
- logger("Current service is polkit-1\n");
+ pam_logger("Current service is polkit-1\n");
const char *fifo_name = "/tmp/bio.fifo";
if(access(fifo_name, F_OK) == -1) {
int res = mkfifo(fifo_name, 0777);
if(res != 0) {
- logger("Can't create FIFO file\n");
+ pam_logger("Can't create FIFO file\n");
return PAM_SYSTEM_ERR;
}
}
int fifo_rd = open(fifo_name, O_RDONLY);
if (fifo_rd == -1)
return PAM_SYSTEM_ERR;
- logger("Before reading FIFO\n");
+ pam_logger("Before reading FIFO\n");
char buffer[8] = {0};
if(read(fifo_rd, buffer, 8) == -1)
return PAM_SYSTEM_ERR;
- logger("After reading FIFO\n");
+ pam_logger("After reading FIFO\n");
int result_code;
sscanf(buffer, "%d", &result_code);
remove(fifo_name);
if (result_code == BIO_SUCCESS) {
- logger("pam_biometric.so return PAM_SUCCESS\n");
+ pam_logger("pam_biometric.so return PAM_SUCCESS\n");
return PAM_SUCCESS;
} else if (result_code == BIO_IGNORE) {
- logger("pam_biometric.so return PAM_IGNORE\n");
+ pam_logger("pam_biometric.so return PAM_IGNORE\n");
return PAM_IGNORE;
} else {
- logger("pam_biometric.so return PAM_SYSTEM_ERR\n");
+ pam_logger("pam_biometric.so return PAM_SYSTEM_ERR\n");
return PAM_SYSTEM_ERR;
}
}
@@ -385,7 +385,7 @@ int biometric_auth_embeded(pam_handle_t *pamh)
return PAM_IGNORE;
else if (strcmp(resp, BIOMETRIC_SUCCESS) == 0){
if(!enable_biometric_authentication(pamh) && !enable_qrcode_authentication(pamh)) {
- logger("disable biometric authentication.\n");
+ pam_logger("disable biometric authentication.\n");
return PAM_SYSTEM_ERR;
}
return PAM_SUCCESS;
@@ -403,14 +403,14 @@ void get_greeter_session(char buf[], int len)
memset(buf, 0, len);
stream = popen(cmd, "r");
if(fgets(buf, len, stream) == NULL)
- logger("get greeter session error: %d\n", errno);
+ pam_logger("get greeter session error: %d\n", errno);
buf[strlen(buf)-1] = '\0';
if(strlen(buf) == 0) {
char cmd1[] = "ps aux | grep ukui-greeter | grep -v grep | wc -l";
pclose(stream);
stream = popen(cmd1, "r");
if(fgets(buf, len, stream) == NULL)
- logger("get greeter session error: %d\n", errno);
+ pam_logger("get greeter session error: %d\n", errno);
int i = atoi(buf);
if(i > 0)
strcpy(buf, "ukui-greeter");
@@ -424,15 +424,15 @@ int enable_by_polkit()
char buf[1024];
if( (file = fopen(BIO_COM_FILE, "r")) == NULL) {
- logger("open communication file failed: %s\n", strerror(errno));
+ pam_logger("open communication file failed: %s\n", strerror(errno));
return 0;
}
memset(buf, 0, sizeof(buf));
fgets(buf, sizeof(buf), file);
fclose(file);
if(remove(BIO_COM_FILE) < 0)
- logger("remove communication file failed: %s\n", strerror(errno));
- logger("%s\n", buf);
+ pam_logger("remove communication file failed: %s\n", strerror(errno));
+ pam_logger("%s\n", buf);
if(strcmp(buf, "polkit-ukui-authentication-agent-1") == 0)
return 1;
return 0;
@@ -451,12 +451,12 @@ int enable_biometric_authentication(pam_handle_t *pamh)
char line[1024], is_enable[16];
int i;
if((file = fopen(conf_file_user, "r")) == NULL){
- logger("open configure file failed: %s\n", strerror(errno));
+ pam_logger("open configure file failed: %s\n", strerror(errno));
} else {
while(fgets(line, sizeof(line), file)) {
i = sscanf(line, "EnableAuth=%15s\n", is_enable);
if(i > 0) {
- logger("EnableAuth=%s\n", is_enable);
+ pam_logger("EnableAuth=%s\n", is_enable);
is_found = 1;
break;
}
@@ -476,13 +476,13 @@ int enable_biometric_authentication(pam_handle_t *pamh)
int i;
if((file = fopen(conf_file, "r")) == NULL){
- logger("open configure file failed: %s\n", strerror(errno));
+ pam_logger("open configure file failed: %s\n", strerror(errno));
return 0;
}
while(fgets(line, sizeof(line), file)) {
i = sscanf(line, "EnableAuth=%15s\n", is_enable);
if(i > 0) {
- logger("EnableAuth=%s\n", is_enable);
+ pam_logger("EnableAuth=%s\n", is_enable);
break;
}
}
@@ -506,12 +506,12 @@ int enable_qrcode_authentication(pam_handle_t *pamh)
char line[1024], is_enable[16];
int i;
if((file = fopen(conf_file_user, "r")) == NULL){
- logger("open configure file failed: %s\n", strerror(errno));
+ pam_logger("open configure file failed: %s\n", strerror(errno));
} else {
while(fgets(line, sizeof(line), file)) {
i = sscanf(line, "EnableQRCode=%15s\n", is_enable);
if(i > 0) {
- logger("EnableQRCode=%s\n", is_enable);
+ pam_logger("EnableQRCode=%s\n", is_enable);
is_found = 1;
break;
}
@@ -531,13 +531,13 @@ int enable_qrcode_authentication(pam_handle_t *pamh)
int i;
if((file = fopen(conf_file, "r")) == NULL){
- logger("open configure file failed: %s\n", strerror(errno));
+ pam_logger("open configure file failed: %s\n", strerror(errno));
return 0;
}
while(fgets(line, sizeof(line), file)) {
i = sscanf(line, "EnableQRCode=%15s\n", is_enable);
if(i > 0) {
- logger("EnableQRCode=%s\n", is_enable);
+ pam_logger("EnableQRCode=%s\n", is_enable);
break;
}
}
@@ -557,13 +557,13 @@ int enable_biometric_auth_double()
if((file = fopen(conf_file, "r")) == NULL){
- logger("open configure file failed: %s\n", strerror(errno));
+ pam_logger("open configure file failed: %s\n", strerror(errno));
return 0;
}
while(fgets(line, sizeof(line), file)) {
i = sscanf(line, "DoubleAuth=%s\n", is_enable);
if(i > 0) {
- logger("DoubleAuth=%s\n", is_enable);
+ pam_logger("DoubleAuth=%s\n", is_enable);
break;
}
}
@@ -582,26 +582,26 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
{
for(int i = 0; i < argc; i++) {
if(strcmp(argv[i], "debug") == 0) {
- enable_debug = 1;
- log_prefix = "PAM_BIO";
+ pam_enable_debug = 1;
+ pam_log_prefix = "PAM_BIO";
}
}
- logger("Invoke libpam_biometric.so module\n");
+ pam_logger("Invoke libpam_biometric.so module\n");
char *service = 0;
if((!enable_biometric_authentication(pamh) && !enable_qrcode_authentication(pamh)) || ukui_biometric_lock) {
- logger("disable biometric authentication.\n");
+ pam_logger("disable biometric authentication.\n");
return PAM_IGNORE;
}
- logger("enable biometric authentication.\n");
+ pam_logger("enable biometric authentication.\n");
pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
/* Service filter */
if (!service_filter(service)){
- logger("Service <%s> should not use biometric-authentication\n", service);
+ pam_logger("Service <%s> should not use biometric-authentication\n", service);
return PAM_IGNORE;
}
@@ -609,7 +609,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
if (strcmp(service, "lightdm") == 0) {
char buf[128];
get_greeter_session(buf, sizeof(buf));
- logger("current greeter: %s\n", buf);
+ pam_logger("current greeter: %s\n", buf);
if(strcmp(buf, "ukui-greeter") == 0 || strcmp(buf, "ukui-greeter-wayland") == 0)
return biometric_auth_embeded(pamh);
@@ -622,7 +622,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
if(enable_by_polkit())
return biometric_auth_embeded(pamh);
else
- logger("[PAM_BIOMETRIC]: It's not polkit-ukui-authentication-agent-1.\n");
+ pam_logger("[PAM_BIOMETRIC]: It's not polkit-ukui-authentication-agent-1.\n");
}
else if (strcmp(service, "sudo") == 0)
return biometric_auth_independent(pamh, "sudo", 0);
@@ -637,7 +637,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
return biometric_auth_independent(pamh, "biotest", 1);
#endif
else
- logger("Service <%s> slip through the service filter\n", service);
+ pam_logger("Service <%s> slip through the service filter\n", service);
return PAM_IGNORE;
}

1
debian/patches/series vendored
View File

@ -1,3 +1,4 @@
0001-merge-upstream-3.22.0.0.patch
0002-update-changelog.patch
0003-update-changelog.patch
0004-update-changelog.patch