int writeToDB(char * __time,char * username,char * ip_address,char * byte){
long int my_stamp = atol(__time);
time_t my_stamp2 = (time_t)my_stamp;
thistime = localtime(&my_stamp2);
strftime(timestr,25,"%F %T",thistime);
int retval;
snprintf(TMP_QUERY,LINE_MAXLEN,
"INSERT DELAYED INTO %s(`date`,`user`,`ip_addr`,`bytes`) VALUES(\'%s\',\'%s\',\'%s\',\'%s\')",
TMP_TABLE,(char *) timestr,username,(char *)ip_address,(char *)byte);
if(EX_H == 1 && ( 0 == isExHost(ip_address) ) ){
state = mysql_real_query(&mysql,TMP_QUERY,strlen(TMP_QUERY));
}
//
if(state) {
snprintf(MYSQL_ERR,LINE_MAXLEN,"%s\n",(char *)mysql_error(&mysql));
/* log this */
_syslog(MYSQL_ERR);
return 1;
}
int affected = (int)mysql_affected_rows(&mysql);
if(affected > 0){
retval = 0;
}else{
snprintf(MYSQL_ERR,LINE_MAXLEN,"%s\n",(char *)mysql_error(&mysql));
/* log this */
_syslog(MYSQL_ERR);
retval = 1;
}
return retval;
}
static int
__ini_handler(void *u, const char *section, const char *name, const char *val)
{
struct duo_config *cfg = (struct duo_config *)u;
char *buf, *p;
if (strcmp(name, "ikey") == 0) {
cfg->ikey = strdup(val);
} else if (strcmp(name, "skey") == 0) {
cfg->skey = strdup(val);
} else if (strcmp(name, "host") == 0) {
cfg->host = strdup(val);
} else if (strcmp(name, "cafile") == 0) {
cfg->cafile = strdup(val);
} else if (strcmp(name, "http_proxy") == 0) {
cfg->http_proxy = strdup(val);
} else if (strcmp(name, "groups") == 0 || strcmp(name, "group") == 0) {
if ((buf = strdup(val)) == NULL) {
_syslog(LOG_ERR, "Out of memory parsing groups");
return (0);
}
for (p = strtok(buf, " "); p != NULL; p = strtok(NULL, " ")) {
if (cfg->groups_cnt >= MAX_GROUPS) {
_syslog(LOG_ERR, "Exceeded max %d groups",
MAX_GROUPS);
cfg->groups_cnt = 0;
free(buf);
return (0);
}
cfg->groups[cfg->groups_cnt++] = p;
}
} else if (strcmp(name, "failmode") == 0) {
if (strcmp(val, "secure") == 0) {
cfg->failmode = DUO_FAIL_SECURE;
} else if (strcmp(val, "safe") == 0) {
cfg->failmode = DUO_FAIL_SAFE;
} else {
_syslog(LOG_ERR, "Invalid failmode: '%s'", val);
return (0);
}
} else if (strcmp(name, "pushinfo") == 0) {
if (strcmp(val, "yes") == 0 || strcmp(val, "true") == 0 ||
strcmp(val, "on") == 0 || strcmp(val, "1") == 0) {
cfg->pushinfo = 1;
}
} else if (strcmp(name, "noverify") == 0) {
if (strcmp(val, "yes") == 0 || strcmp(val, "true") == 0 ||
strcmp(val, "on") == 0 || strcmp(val, "1") == 0) {
cfg->noverify = 1;
}
} else {
_syslog(LOG_ERR, "Invalid pam_duo option: '%s'", name);
return (0);
}
return (1);
}
string query_ident(object who)
{
string name, ipno, id;
mixed info;
if(!interactive(who)) return 0;
name = (string)who->query_real_name();
ipno = query_ip_number(who);
if(stringp(info=ident_info[id=name+"@"+ipno])) return info;
if(info + RETRY_TIME < time() && requests[id] < MAX_RETRIES)
{
reqno++;
info=reqno +" "+query_ip_port(who)+" "+ipno;
if((info=socket_write(sd, info, IDENTSERVER)) < 0)
{
_syslog("identd: socket_write failed: " + info);
return 0;
}
ident_info[id]=time();
requests[id]++;
requests[reqno]=id;
}
return 0;
}
void reset(int arg)
{
if(arg) return;
if((sd = socket_create(2, "read_call_back", "read_call_back")) < 0)
{
_syslog("identd: Couldn't create socket: " + sd);
destruct(this_object());
}
else if(socket_bind(sd, 0) < 0)
{
_syslog("identd: Couldn't bind local adress");
destruct(this_object());
}
move_object(this_object(),"/obj/daemon/daemonroom");
}
void get_ident(object ob)
{
if(!objectp(ob) || !interactive(ob))
return;
#ifdef DEBUG
_syslog("Looking up identity of " + (string) ob->query_real_name());
#endif
if(member_array(ob, queue) == -1)
queue += ({ ob });
int initShagaConnection(char *dbhost,char *dbuser,char *dbpwd,char *dbname,unsigned int dbport)
{
if ( db_connect(dbhost,dbuser,dbpwd,dbname,dbport) != 0)
{
snprintf(MYSQL_ERR,LINE_MAXLEN,"Cannot connect to database %s on %s\n",
dbname,dbhost);
/* log this*/
_syslog(MYSQL_ERR);
must_close_mhandle = 0;
return 1;
}
if(0 == getExcludeHosts()) { EX_H = 1; }
return 0;
}
static void
_log(int priority, const char *msg,
const char *user, const char *ip, const char *err)
{
char buf[512];
int i, n;
n = snprintf(buf, sizeof(buf), "%s", msg);
if (user != NULL &&
(i = snprintf(buf + n, sizeof(buf) - n, " for '%s'", user)) > 0) {
n += i;
}
if (ip != NULL &&
(i = snprintf(buf + n, sizeof(buf) - n, " from %s", ip)) > 0) {
n += i;
}
if (err != NULL &&
(i = snprintf(buf + n, sizeof(buf) - n, ": %s", err)) > 0) {
n += i;
}
_syslog(priority, "%s", buf);
}
PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int pam_flags,
int argc, const char *argv[])
{
struct duo_config cfg;
struct passwd *pw;
duo_t *duo;
duo_code_t code;
duopam_const char *config, *cmd, *ip, *p, *service, *user;
int i, flags, pam_err;
memset(&cfg, 0, sizeof(cfg));
cfg.failmode = DUO_FAIL_SAFE;
/* Parse configuration */
config = DUO_CONF;
for (i = 0; i < argc; i++) {
if (strncmp("conf=", argv[i], 5) == 0) {
config = argv[i] + 5;
} else if (strcmp("debug", argv[i]) == 0) {
options |= PAM_OPT_DEBUG;
} else if (strcmp("try_first_pass", argv[i]) == 0) {
options |= PAM_OPT_TRY_FIRST_PASS;
} else if (strcmp("use_first_pass", argv[i]) == 0) {
options |= PAM_OPT_USE_FIRST_PASS|PAM_OPT_TRY_FIRST_PASS;
} else if (strcmp("use_uid", argv[i]) == 0) {
options |= PAM_OPT_USE_UID;
} else if (strcmp("push", argv[i]) == 0) {
options |= PAM_OPT_PUSH;
} else {
_syslog(LOG_ERR, "Invalid pam_duo option: '%s'",
argv[i]);
return (PAM_SERVICE_ERR);
}
}
i = duo_parse_config(config, __ini_handler, &cfg);
if (i == -2) {
_syslog(LOG_ERR, "%s must be readable only by user 'root'",
config);
return (PAM_SERVICE_ERR);
} else if (i == -1) {
_syslog(LOG_ERR, "Couldn't open %s: %s",
config, strerror(errno));
return (PAM_SERVICE_ERR);
} else if (i > 0) {
_syslog(LOG_ERR, "Parse error in %s, line %d", config, i);
return (PAM_SERVICE_ERR);
} else if (!cfg.host || !cfg.host[0] ||
!cfg.skey || !cfg.skey[0] || !cfg.ikey || !cfg.ikey[0]) {
_syslog(LOG_ERR, "Missing host, ikey, or skey in %s", config);
return (PAM_SERVICE_ERR);
}
/* Check user */
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS ||
(pw = getpwnam(user)) == NULL) {
return (PAM_USER_UNKNOWN);
}
/* XXX - Service-specific behavior */
flags = 0;
cmd = NULL;
if (pam_get_item(pamh, PAM_SERVICE, (duopam_const void **)
(duopam_const void *)&service) != PAM_SUCCESS) {
return (PAM_SERVICE_ERR);
}
if (options & PAM_OPT_USE_UID) {
/* Check calling user for Duo auth, just like sudo */
if ((pw = getpwuid(getuid())) == NULL) {
return (PAM_USER_UNKNOWN);
}
user = pw->pw_name;
}
if (strcmp(service, "sshd") == 0) {
/*
* Disable incremental status reporting for sshd :-(
* OpenSSH accumulates PAM_TEXT_INFO from modules to send in
* an SSH_MSG_USERAUTH_BANNER post-auth, not real-time!
*/
flags |= DUO_FLAG_SYNC;
} else if (strcmp(service, "sudo") == 0) {
cmd = getenv("SUDO_COMMAND");
}
/* Check group membership */
if (cfg.groups_cnt > 0) {
int matched = 0;
if (ga_init(pw->pw_name, pw->pw_gid) < 0) {
_log(LOG_ERR, "Couldn't get groups",
pw->pw_name, NULL, strerror(errno));
return (PAM_SERVICE_ERR);
}
for (i = 0; i < cfg.groups_cnt; i++) {
if (ga_match_pattern_list(cfg.groups[i])) {
matched = 1;
break;
}
}
ga_free();
/* User in configured groups for Duo auth? */
if (!matched)
return (PAM_SUCCESS);
}
ip = NULL;
pam_get_item(pamh, PAM_RHOST,
(duopam_const void **)(duopam_const void *)&ip);
/* Honor configured http_proxy */
if (cfg.http_proxy != NULL) {
setenv("http_proxy", cfg.http_proxy, 1);
}
/* Try Duo auth */
if ((duo = duo_open(cfg.host, cfg.ikey, cfg.skey,
"pam_duo/" PACKAGE_VERSION,
cfg.noverify ? "" : cfg.cafile)) == NULL) {
_log(LOG_ERR, "Couldn't open Duo API handle", user, ip, NULL);
return (PAM_SERVICE_ERR);
}
duo_set_conv_funcs(duo, __duo_prompt, __duo_status, pamh);
pam_err = PAM_SERVICE_ERR;
for (i = 0; i < MAX_RETRIES; i++) {
code = duo_login(duo, user, ip, flags,
cfg.pushinfo ? cmd : NULL);
if (code == DUO_FAIL) {
_log(LOG_WARNING, "Failed Duo login",
user, ip, duo_geterr(duo));
if ((flags & DUO_FLAG_SYNC) == 0) {
pam_info(pamh, "%s", "");
}
/* Keep going */
continue;
}
/* Terminal conditions */
if (code == DUO_OK) {
if ((p = duo_geterr(duo)) != NULL) {
_log(LOG_WARNING, "Skipped Duo login",
user, ip, p);
} else {
_log(LOG_INFO, "Successful Duo login",
user, ip, NULL);
}
pam_err = PAM_SUCCESS;
} else if (code == DUO_ABORT) {
_log(LOG_WARNING, "Aborted Duo login",
user, ip, duo_geterr(duo));
pam_err = PAM_ABORT;
} else if (cfg.failmode == DUO_FAIL_SAFE &&
(code == DUO_CONN_ERROR ||
code == DUO_CLIENT_ERROR || code == DUO_SERVER_ERROR)) {
_log(LOG_WARNING, "Failsafe Duo login",
user, ip, duo_geterr(duo));
pam_err = PAM_SUCCESS;
} else {
_log(LOG_ERR, "Error in Duo login",
user, ip, duo_geterr(duo));
pam_err = PAM_SERVICE_ERR;
}
break;
}
if (i == MAX_RETRIES) {
pam_err = PAM_MAXTRIES;
}
duo_close(duo);
return (pam_err);
}
