diff --git a/bioauth/CMakeLists.txt b/bioauth/CMakeLists.txt index 076db39..97f287c 100644 --- a/bioauth/CMakeLists.txt +++ b/bioauth/CMakeLists.txt @@ -35,6 +35,7 @@ include_directories( ${Qt5Widgets_INCLUDE_DIRS} ${Qt5DBus_INCLUDE_DIRS} ${GLIB2_INCLUDE_DIRS} + ${GIOUNIX2_INCLUDE_DIRS} include ../common ) diff --git a/bioauth/src/giodbus.cpp b/bioauth/src/giodbus.cpp index 3ba8416..c30098b 100644 --- a/bioauth/src/giodbus.cpp +++ b/bioauth/src/giodbus.cpp @@ -17,7 +17,7 @@ **/ #include "giodbus.h" #include -#include +#include #include int get_server_gvariant_stdout (int drvid) diff --git a/pam-biometric/logger.c b/pam-biometric/logger.c index 78abd2a..47f70ce 100644 --- a/pam-biometric/logger.c +++ b/pam-biometric/logger.c @@ -24,12 +24,12 @@ #include #include -int enable_debug; -char *log_prefix; +int pam_enable_debug; +char *pam_log_prefix; -void logger(char *format, ...) +void pam_logger(char *format, ...) { - if(!enable_debug){ + if(!pam_enable_debug){ return; } @@ -39,7 +39,7 @@ void logger(char *format, ...) char timestr[32] = {0}; strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", localtime(&t)); //产生"YYYYMMDD hh:mm:ss"格式的字符串。 - fprintf(stderr, "[%s] %s - ", log_prefix, timestr); + fprintf(stderr, "[%s] %s - ", pam_log_prefix, timestr); va_start(args, format); /* 初始化 args */ vfprintf(stderr, format, args); } diff --git a/pam-biometric/pam_biometric.c b/pam-biometric/pam_biometric.c index 53897a2..68f6aab 100644 --- a/pam-biometric/pam_biometric.c +++ b/pam-biometric/pam_biometric.c @@ -37,9 +37,9 @@ #define USER_CONFIG_FILE "/home/%s/.biometric_auth/ukui_biometric.conf" /* Declare log function */ -extern int enable_debug; -extern char *log_prefix; -extern int logger(char *format, ...); +extern int pam_enable_debug; +extern char *pam_log_prefix; +extern int pam_logger(char *format, ...); static int ukui_biometric_lock = 0; int enable_biometric_authentication(pam_handle_t *pamh); @@ -52,7 +52,7 @@ static void signal_handler(int signo) { if (signo == SIGUSR1) child_alive = 0; /* GUI child process has terminated */ - logger("signal_handler is triggered\n"); + pam_logger("signal_handler is triggered\n"); } int enable_biometric_authentication_app() @@ -64,14 +64,14 @@ int enable_biometric_authentication_app() int is_enable = 0; if((file = fopen(conf_file, "r")) == NULL){ - logger("open configure file failed: %s\n", strerror(errno)); + pam_logger("open configure file failed: %s\n", strerror(errno)); return 1; } while(fgets(line, sizeof(line), file)) { i = sscanf(line, "EnableAuthApp=%d\n", &is_enable); if(i > 0) { - logger("EnableAuthApp=%d\n", is_enable); + pam_logger("EnableAuthApp=%d\n", is_enable); break; } } @@ -145,9 +145,9 @@ int call_conversation(pam_handle_t *pamh, int msg_style, char *msg, char *resp) message_tmp->msg_style = msg_style; message_tmp->msg = msg; message[0] = message_tmp; - logger("Call conv callback function\n"); + pam_logger("Call conv callback function\n"); status = conv_struct->conv(1, message, &response, conv_struct->appdata_ptr); - logger("Finish conv callback function\n"); + pam_logger("Finish conv callback function\n"); if (resp && response->resp) strcpy(resp, response->resp); @@ -163,7 +163,7 @@ int call_conversation(pam_handle_t *pamh, int msg_style, char *msg, char *resp) /* GUI child process */ void child(char *service, char *username, char *xdisp) { - logger("Child process will be replaced.\n"); + pam_logger("Child process will be replaced.\n"); int fd = open("/dev/null", O_WRONLY); dup2(fd, 2); @@ -171,7 +171,7 @@ void child(char *service, char *username, char *xdisp) "--service", service, "--user", username, // "--display", xdisp, - enable_debug ? "--debug" : "", + pam_enable_debug ? "--debug" : "", (char *)0); /* * execl almost always succeed as long as the GUI executable file exists. @@ -179,11 +179,11 @@ void child(char *service, char *username, char *xdisp) * process won't reach here. Therefore, the following code won't be * executed in general. */ - logger("Fatal error: execl(gui) failed in child process. " + pam_logger("Fatal error: execl(gui) failed in child process. " "This is an extremely rare condition. Please ensure that the " "biometric-authentication executable file exists.\n"); - logger("Use password as a fallback\n"); - logger("Child _exit with BIO_IGNORE\n"); + pam_logger("Use password as a fallback\n"); + pam_logger("Child _exit with BIO_IGNORE\n"); /* Child process exits */ _exit(BIO_IGNORE); } @@ -195,7 +195,7 @@ void handler() /* PAM parent process */ int parent(int pid, pam_handle_t *pamh, int need_call_conv) { - logger("Parent process continue running.\n"); + pam_logger("Parent process continue running.\n"); int child_status = -1; /* * 1. If calling conversation function is not needed, wait the child @@ -223,7 +223,7 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv) #endif if (signal(SIGUSR1, signal_handler) == SIG_ERR) - logger("Fatal Error. Can't catch SIGUSR1\n"); + pam_logger("Fatal Error. Can't catch SIGUSR1\n"); reinvoke: call_conversation(pamh, PAM_TEXT_INFO, msg1, NULL); call_conversation(pamh, PAM_PROMPT_ECHO_OFF, msg2, NULL); @@ -233,7 +233,7 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv) signal(SIGUSR1, SIG_DFL); waitpid(pid, &child_status, 0); } else { - logger("Waiting for the GUI child process to exit...\n"); + pam_logger("Waiting for the GUI child process to exit...\n"); //由于sudo命令在进入pam认证时,会阻塞来自终端的SIGINT以及SIGQUIT信号,导致使用 //pam认证时,按下Ctrl+C无反应,认证完成后,sudo会退出,这里为了简单,取消了阻塞 //信号,捕获信号但不做处理,在认证完成后,恢复原本阻塞状态 @@ -244,7 +244,7 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv) signal(SIGINT,handler); waitpid(pid, &child_status, 0); - logger("GUI child process has exited.\n"); + pam_logger("GUI child process has exited.\n"); sigprocmask(SIG_SETMASK,&mask,NULL); } @@ -256,23 +256,23 @@ int parent(int pid, pam_handle_t *pamh, int need_call_conv) if (WIFEXITED(child_status)) bio_result = WEXITSTATUS(child_status); else /* This may be because the GUI child process is invoked under console. */ - logger("The GUI-Child process terminate abnormally.\n"); + pam_logger("The GUI-Child process terminate abnormally.\n"); if (bio_result == BIO_SUCCESS) { if(!enable_biometric_authentication(pamh) && !enable_qrcode_authentication(pamh)) { - logger("disable biometric authentication.\n"); + pam_logger("disable biometric authentication.\n"); return PAM_SYSTEM_ERR; } - logger("pam_biometric.so return PAM_SUCCESS\n"); + pam_logger("pam_biometric.so return PAM_SUCCESS\n"); return PAM_SUCCESS; } else if (bio_result == BIO_IGNORE) { /* Override msg1 to empty the label. We are ready to enter the password module. */ call_conversation(pamh, PAM_TEXT_INFO, "", NULL); ukui_biometric_lock = 1; - logger("pam_biometric.so return PAM_IGNORE\n"); + pam_logger("pam_biometric.so return PAM_IGNORE\n"); return PAM_IGNORE; } else { - logger("pam_biometric.so return PAM_SYSTEM_ERR\n"); + pam_logger("pam_biometric.so return PAM_SYSTEM_ERR\n"); ukui_biometric_lock = 1; return PAM_SYSTEM_ERR; } @@ -295,10 +295,10 @@ void check_and_set_env(pam_handle_t *pamh, char **xdisp, char **xauth) *xdisp=getenv("DISPLAY"); *xauth=getenv("XAUTHORITY"); if (*xdisp == 0) - logger("Warning: DISPLAY env is still empty, " + pam_logger("Warning: DISPLAY env is still empty, " "this is not an error if you are using terminal\n"); if (*xauth == 0) - logger("Warning: XAUTHORITY env is still empty, " + pam_logger("Warning: XAUTHORITY env is still empty, " "this is not an error if you are using terminal\n"); } @@ -318,13 +318,13 @@ int biometric_auth_independent(pam_handle_t *pamh , char *service, int need_call unsigned int pid; pid = fork(); if (pid < 0) { - logger("Fork Error!\n"); + pam_logger("Fork Error!\n"); return PAM_SYSTEM_ERR; } else if (pid != 0) { return parent(pid, pamh, need_call_conv); } else { child(service, username, xdisp); - logger("Should never reach here.\n"); + pam_logger("Should never reach here.\n"); return PAM_SYSTEM_ERR; } } @@ -332,34 +332,34 @@ int biometric_auth_independent(pam_handle_t *pamh , char *service, int need_call /* Biometric processing function fot polkit-1 */ int biometric_auth_polkit() { - logger("Current service is polkit-1\n"); + pam_logger("Current service is polkit-1\n"); const char *fifo_name = "/tmp/bio.fifo"; if(access(fifo_name, F_OK) == -1) { int res = mkfifo(fifo_name, 0777); if(res != 0) { - logger("Can't create FIFO file\n"); + pam_logger("Can't create FIFO file\n"); return PAM_SYSTEM_ERR; } } int fifo_rd = open(fifo_name, O_RDONLY); if (fifo_rd == -1) return PAM_SYSTEM_ERR; - logger("Before reading FIFO\n"); + pam_logger("Before reading FIFO\n"); char buffer[8] = {0}; if(read(fifo_rd, buffer, 8) == -1) return PAM_SYSTEM_ERR; - logger("After reading FIFO\n"); + pam_logger("After reading FIFO\n"); int result_code; sscanf(buffer, "%d", &result_code); remove(fifo_name); if (result_code == BIO_SUCCESS) { - logger("pam_biometric.so return PAM_SUCCESS\n"); + pam_logger("pam_biometric.so return PAM_SUCCESS\n"); return PAM_SUCCESS; } else if (result_code == BIO_IGNORE) { - logger("pam_biometric.so return PAM_IGNORE\n"); + pam_logger("pam_biometric.so return PAM_IGNORE\n"); return PAM_IGNORE; } else { - logger("pam_biometric.so return PAM_SYSTEM_ERR\n"); + pam_logger("pam_biometric.so return PAM_SYSTEM_ERR\n"); return PAM_SYSTEM_ERR; } } @@ -384,7 +384,7 @@ int biometric_auth_embeded(pam_handle_t *pamh) return PAM_IGNORE; else if (strcmp(resp, BIOMETRIC_SUCCESS) == 0){ if(!enable_biometric_authentication(pamh) && !enable_qrcode_authentication(pamh)) { - logger("disable biometric authentication.\n"); + pam_logger("disable biometric authentication.\n"); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; @@ -481,15 +481,15 @@ int enable_by_polkit() char buf[1024]; if( (file = fopen(BIO_COM_FILE, "r")) == NULL) { - logger("open communication file failed: %s\n", strerror(errno)); + pam_logger("open communication file failed: %s\n", strerror(errno)); return 0; } memset(buf, 0, sizeof(buf)); fgets(buf, sizeof(buf), file); fclose(file); if(remove(BIO_COM_FILE) < 0) - logger("remove communication file failed: %s\n", strerror(errno)); - logger("%s\n", buf); + pam_logger("remove communication file failed: %s\n", strerror(errno)); + pam_logger("%s\n", buf); if(strcmp(buf, "polkit-ukui-authentication-agent-1") == 0) return 1; return 0; @@ -508,12 +508,12 @@ int enable_biometric_authentication(pam_handle_t *pamh) char line[1024], is_enable[16]; int i; if((file = fopen(conf_file_user, "r")) == NULL){ - logger("open configure file failed: %s\n", strerror(errno)); + pam_logger("open configure file failed: %s\n", strerror(errno)); } else { while(fgets(line, sizeof(line), file)) { i = sscanf(line, "EnableAuth=%15s\n", is_enable); if(i > 0) { - logger("EnableAuth=%s\n", is_enable); + pam_logger("EnableAuth=%s\n", is_enable); is_found = 1; break; } @@ -533,13 +533,13 @@ int enable_biometric_authentication(pam_handle_t *pamh) int i; if((file = fopen(conf_file, "r")) == NULL){ - logger("open configure file failed: %s\n", strerror(errno)); + pam_logger("open configure file failed: %s\n", strerror(errno)); return 0; } while(fgets(line, sizeof(line), file)) { i = sscanf(line, "EnableAuth=%15s\n", is_enable); if(i > 0) { - logger("EnableAuth=%s\n", is_enable); + pam_logger("EnableAuth=%s\n", is_enable); break; } } @@ -563,12 +563,12 @@ int enable_qrcode_authentication(pam_handle_t *pamh) char line[1024], is_enable[16]; int i; if((file = fopen(conf_file_user, "r")) == NULL){ - logger("open configure file failed: %s\n", strerror(errno)); + pam_logger("open configure file failed: %s\n", strerror(errno)); } else { while(fgets(line, sizeof(line), file)) { i = sscanf(line, "EnableQRCode=%15s\n", is_enable); if(i > 0) { - logger("EnableQRCode=%s\n", is_enable); + pam_logger("EnableQRCode=%s\n", is_enable); is_found = 1; break; } @@ -588,13 +588,13 @@ int enable_qrcode_authentication(pam_handle_t *pamh) int i; if((file = fopen(conf_file, "r")) == NULL){ - logger("open configure file failed: %s\n", strerror(errno)); + pam_logger("open configure file failed: %s\n", strerror(errno)); return 0; } while(fgets(line, sizeof(line), file)) { i = sscanf(line, "EnableQRCode=%15s\n", is_enable); if(i > 0) { - logger("EnableQRCode=%s\n", is_enable); + pam_logger("EnableQRCode=%s\n", is_enable); break; } } @@ -614,13 +614,13 @@ int enable_biometric_auth_double() if((file = fopen(conf_file, "r")) == NULL){ - logger("open configure file failed: %s\n", strerror(errno)); + pam_logger("open configure file failed: %s\n", strerror(errno)); return 0; } while(fgets(line, sizeof(line), file)) { i = sscanf(line, "DoubleAuth=%s\n", is_enable); if(i > 0) { - logger("DoubleAuth=%s\n", is_enable); + pam_logger("DoubleAuth=%s\n", is_enable); break; } } @@ -639,26 +639,26 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, { for(int i = 0; i < argc; i++) { if(strcmp(argv[i], "debug") == 0) { - enable_debug = 1; - log_prefix = "PAM_BIO"; + pam_enable_debug = 1; + pam_log_prefix = "PAM_BIO"; } } - logger("Invoke libpam_biometric.so module\n"); + pam_logger("Invoke libpam_biometric.so module\n"); char *service = 0; if((!enable_biometric_authentication(pamh) && !enable_qrcode_authentication(pamh)) || ukui_biometric_lock) { - logger("disable biometric authentication.\n"); + pam_logger("disable biometric authentication.\n"); return PAM_IGNORE; } - logger("enable biometric authentication.\n"); + pam_logger("enable biometric authentication.\n"); pam_get_item(pamh, PAM_SERVICE, (const void **)&service); /* Service filter */ if (!service_filter(service)){ - logger("Service <%s> should not use biometric-authentication\n", service); + pam_logger("Service <%s> should not use biometric-authentication\n", service); return PAM_IGNORE; } @@ -666,7 +666,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, if (strcmp(service, "lightdm") == 0) { char buf[128]; get_greeter_session(buf, sizeof(buf)); - logger("current greeter: %s\n", buf); + pam_logger("current greeter: %s\n", buf); if(strcmp(buf, "ukui-greeter") == 0 || strcmp(buf, "ukui-greeter-wayland") == 0) return biometric_auth_embeded(pamh); @@ -679,7 +679,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, if(enable_by_polkit()) return biometric_auth_embeded(pamh); else - logger("[PAM_BIOMETRIC]: It's not polkit-ukui-authentication-agent-1.\n"); + pam_logger("[PAM_BIOMETRIC]: It's not polkit-ukui-authentication-agent-1.\n"); } else if (strcmp(service, "sudo") == 0) return biometric_auth_independent(pamh, "sudo", 0); @@ -694,7 +694,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, return biometric_auth_independent(pamh, "biotest", 1); #endif else - logger("Service <%s> slip through the service filter\n", service); + pam_logger("Service <%s> slip through the service filter\n", service); return PAM_IGNORE; }