fixed realm, better logging

* realm setting is now properly used * improved logging, might be tuned in the future * added ssl and crypto flags to linker
privacyidea · Sep 22, 2023 · d78f8d2 · d78f8d2
1 parent 73a1917
commit d78f8d2
Show file tree

Hide file tree

Showing 6 changed files with 103 additions and 73 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 CC = g++
 CFLAGS = -g -Wall -fPIC -Iinclude
-LDFLAGS = -Wno-undef -lcurl --shared
+LDFLAGS = -Wno-undef -lcurl -lcrypto -lssl --shared
 
 # Determine which folder to use
 libdir.x86_64 = /lib64/security
@@ -10,7 +10,7 @@ MACHINE := $(shell uname -m)
 libdir = $(libdir.$(MACHINE))
 
 target = pam_privacyidea.so
-objects = src/pam_privacyidea.o src/PrivacyIDEA.o
+objects = src/pam_privacyidea.o src/privacyidea.o
 
 all: pam_privacyidea.so
 

diff --git a/include/config.h b/include/config.h
diff --git a/include/privacyIDEA.h → include/privacyidea.h b/include/privacyIDEA.h → include/privacyidea.h
@@ -7,7 +7,7 @@
 #include "response.h"
 #include "json.hpp"
 
-#define PAM_PRIVACYIDEA_USERAGENT           "privacyidea-pam/1.0.0"
+#define PAM_PRIVACYIDEA_USERAGENT           "PAM/1.0.0"
 
 #define OFFLINE_SUCCESS                     0
 #define OFFLINE_FAIL                        1
@@ -22,7 +22,7 @@
 class PrivacyIDEA
 {
 public:
-    PrivacyIDEA(pam_handle_t* pamh, std::string baseURL, bool sslVerify, std::string offlineFile, bool debug);
+    PrivacyIDEA(pam_handle_t* pamh, std::string baseURL, std::string realm, bool sslVerify, std::string offlineFile, bool debug);
 
     ~PrivacyIDEA();
 
@@ -45,6 +45,7 @@ class PrivacyIDEA
 
     std::string baseURL;
     bool sslVerify;
+    std::string realm;
 
     std::string offlineFile = "/etc/privacyidea/pam.txt";
     nlohmann::json offlineData;
@@ -54,6 +55,7 @@ class PrivacyIDEA
     std::string base64Encode(const unsigned char* data, size_t length);
 
     std::vector<unsigned char> base64Decode(const std::string& encoded_string);
+
     // Returns the outer right value of the passlib format and cuts it off the input string including the $
     std::string getNextValue(std::string& in);
 

diff --git a/include/response.h b/include/response.h
diff --git a/src/pam_privacyidea.cpp b/src/pam_privacyidea.cpp
@@ -12,7 +12,7 @@
 #include <unistd.h>
 #include <stdbool.h>
 #include <syslog.h>
-#include "privacyIDEA.h"
+#include "privacyidea.h"
 #include "config.h"
 #include "response.h"
 
@@ -54,49 +54,63 @@ static int pam_prompt(pam_handle_t *pamh, int msg_style, const char *prompt, std
     return retval;
 }
 
-void getConfig(int argc, const char **argv, Config &config)
+void getConfig(pam_handle_t *pamh, int argc, const char **argv, Config &config)
 {
     for (int i = 0; i < argc; i++)
     {
         char *pArg;
         memcpy(&pArg, &argv[i], sizeof(pArg));
         string tmp(pArg);
+        //pam_syslog(pamh, LOG_DEBUG, "Argument: %s\n", tmp.c_str());
 
         if (tmp.rfind("url=", 0) == 0)
         {
             config.url = tmp.substr(4);
+            pam_syslog(pamh, LOG_DEBUG, "Setting url=%s\n", config.url.c_str());
         }
         else if (tmp == "debug")
         {
             config.debug = true;
+            pam_syslog(pamh, LOG_DEBUG, "Setting debug=true\n");
         }
         else if (tmp == "nossl")
         {
             config.disableSSLVerify = true;
+            pam_syslog(pamh, LOG_DEBUG, "Setting nossl=true\n");
         }
         else if (tmp == "sendEmptyPass")
         {
             config.sendEmptyPass = true;
+            pam_syslog(pamh, LOG_DEBUG, "Setting sendEmptyPass=true\n");
         }
         else if (tmp == "sendPassword")
         {
             config.sendPassword = true;
+            pam_syslog(pamh, LOG_DEBUG, "Setting sendPassword=true\n");
         }
         else if (tmp.rfind("realm=", 0) == 0)
         {
             config.realm = tmp.substr(6);
+            pam_syslog(pamh, LOG_DEBUG, "Setting realm=%s\n", config.realm.c_str());
         }
         else if (tmp.rfind("offlineFile=", 0) == 0)
         {
             config.offlineFile = tmp.substr(12);
+            pam_syslog(pamh, LOG_DEBUG, "Setting offlineFile=%s\n", config.offlineFile.c_str());
         }
         else if (tmp.rfind("prompt=", 0) == 0)
         {
             config.promptText = tmp.substr(7);
+            pam_syslog(pamh, LOG_DEBUG, "Setting prompt=%s\n", config.promptText.c_str());
         }
         else if (tmp.rfind("pollTime=", 0) == 0)
         {
             config.pollTimeInSeconds = atoi(tmp.substr(9,11).c_str());
+            pam_syslog(pamh, LOG_DEBUG, "Setting pollTime=%i\n", config.pollTimeInSeconds);
+        }
+        else
+        {
+            pam_syslog(pamh, LOG_DEBUG, "Unknown Argument: %s\n", tmp.c_str());
         }
     }
 }
@@ -145,8 +159,8 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
     }
 
     Config config;
-    getConfig(argc, argv, config);
-    PrivacyIDEA privacyidea(pamh, config.url, !config.disableSSLVerify, config.offlineFile, config.debug);
+    getConfig(pamh, argc, argv, config);
+    PrivacyIDEA privacyidea(pamh, config.url, config.realm, !config.disableSSLVerify, config.offlineFile, config.debug);
 
     // Username
     int retval = PAM_SUCCESS;