void CommandTerminal::parseParams() {
if(g_serialString.length() > 0) {
clearParams();
// Command strings will look like:
// x:3|y:0|r:255|g:255|b:128
// x:4|y:0|r:255|g:128|b:128
// x:5|y:0|r:234|g:188|b:164
// x:6|y:0|r:234|g:188|b:164
// First split by paramDelim
const int kMaxCommands = 16;
int pipeIndexex[kMaxCommands] = {};
int pipeIndex = -1;
for(int x = 0; x < 16; x++) {
pipeIndex = g_serialString.indexOf(paramDelim);
if (pipeIndex > -1) {
// get text left of index
String cmdSet = g_serialString.substring(0, pipeIndex);
appendParam(cmdSet, x);
// Remove cmdSet from g_serialString
String n = g_serialString.substring(pipeIndex+1);
g_serialString = n;
} else {
// Last command
appendParam(g_serialString, x);
g_serialString = "";
break;
}
}
}
}
void Dialog::hideView()
{
QWidget * w = asQWidget();
if (!w->isVisible())
return;
clearParams();
disconnect();
w->hide();
}
/** Loads the each parameter from the arguments gotten from the user .
* --ip
* --interface
* --requisition
* Each other argument will be considered like the pcap file from the information will be read.
**/
int loadParams(int argc, char **argv) {
int i;
clearParams();
if (argc < 1) {
return EXIT_FAILURE;
}
readingState = STATE_DEFAULT;
for (i = 0; i < argc; i++) {
if (checkIfState(argv[i]) == 1) {
continue;
}
treatParam(argv[i]);
}
return EXIT_SUCCESS;
}
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
int opt_in = 1, i;
struct passwd pwbuf, *findUser = &pwbuf;
const char *currentUser;
char randBufAscii[16] = {0};
uid_t oldUID;
gid_t oldGID;
char *CHAP, *RESP;
char line[275];
FILE *tfa_file = NULL;
char *tfa_filename = "";
struct stat tfa_stat;
for( i = 0; i < argc; ++i ){
if( strcmp("debug", argv[i]) == 0 )
debug = 1;
if( strcmp("noopt", argv[i]) == 0 )
opt_in = 0;
}
if(pam_get_user(pamh, ¤tUser, NULL) != PAM_SUCCESS ||
currentUser == NULL || strlen(currentUser) == 0)
{
pam_syslog(pamh, LOG_ERR, "Unable to determine target user.");
clearParams();
return PAM_SYSTEM_ERR;
}
if(debug) pam_syslog(pamh, LOG_DEBUG, "TwoFactor for %s", currentUser);
// gett pwentry
if( getPwEntryByName(currentUser, findUser) != 0 )
{
if( debug )
{
pam_syslog(pamh, LOG_DEBUG, "Error while using getpwent");
}
clearParams();
return PAM_SYSTEM_ERR;
}
/// now we have the correct user - allocate strlen pwdir, strlen tfa_config and 1 terminating null byte
tfa_filename = (char*)malloc(strlen(findUser->pw_dir)+strlen(TFA_CONFIG)+1);
if( !tfa_filename )
{
pam_syslog(pamh, LOG_ERR, "Unable to alloc memory");
clearParams();
return PAM_SYSTEM_ERR;
}
*tfa_filename = 0; // set first byte to nil for favorable str* fn interaction
// this should be okay, we used pw_dir to make the dest long
// HOWEVER, we should probably figure out a 'safe' mechanism
strcpy(tfa_filename, findUser->pw_dir);
strcat(tfa_filename, TFA_CONFIG);
///
if(0 != stat(tfa_filename, &tfa_stat) )
{
release_pwbuf_structs(findUser);
if( opt_in )
{
pam_syslog(pamh, LOG_WARNING, "User '%s' not opted in for file '%s', allowing",
currentUser, tfa_filename);
free(tfa_filename);
clearParams();
return PAM_SUCCESS;
}
//@todo: is it safe to print this name this way? I guess so since
// the root user would have set this up... still... shiver?
pam_syslog(pamh, LOG_ERR, "Unable to stat '%s'", tfa_filename);
free(tfa_filename);
clearParams();
return PAM_SYSTEM_ERR;
}
if( tfa_stat.st_mode & (S_IRWXG | S_IRWXO) )
{
pam_syslog(pamh, LOG_ERR, "G/O are allowed to manipulate the secret seed on '%s'.", tfa_filename);
request_random(pamh, PAM_ERROR_MSG, "G/O permissions on ~/.tfa_config are incorrect.");
free(tfa_filename);
// explicit denial here
clearParams();
return PAM_PERM_DENIED;
}
oldUID = setfsuid(findUser->pw_uid);
oldGID = setfsgid(findUser->pw_gid);
release_pwbuf_structs(findUser); // give it up!
tfa_file = fopen(tfa_filename, "r");
if( tfa_file == NULL )
{
pam_syslog(pamh, LOG_ERR, "Unable to open '%s'", tfa_filename);
free(tfa_filename);
setfsgid(oldGID); setfsuid(oldUID);
clearParams();
if( !opt_in )
return PAM_PERM_DENIED; // if we can stat but can't open for reading
// there is some kind of hack afoot - explicit deny
return PAM_SUCCESS;
}
if( debug ) pam_syslog(pamh, LOG_DEBUG, "Opened '%s' for reading.", tfa_filename);
free(tfa_filename);
while(fgets(line, sizeof(line), tfa_file) != NULL)
{
int iws = 0, iparam, found=0;;
while(iws < sizeof(line) && (line[iws] == ' ' || line[iws] == '\r' || line[iws] == '\t')) ++iws;
if( iws == sizeof(line) ) continue;
if ( line[iws] == '#' || line[iws] == '\n' ) continue;
for(iparam = 0; iparam < sizeof(file_params) / sizeof(file_params[0]); ++iparam)
{
if( strncmp(file_params[iparam].param_name, line+iws, strlen(file_params[iparam].param_name)) ) continue;
found = 1;
// skip more ws until =
iws += strlen(file_params[iparam].param_name);
while(line[iws] == ' ' || line[iws] == '\t') ++iws;
if(iws == sizeof(line) || line[iws] != '=')
{
pam_syslog(pamh, LOG_ERR, "Invalid format for '%s'",
file_params[iparam].param_name);
fclose(tfa_file);
setfsgid(oldGID); setfsuid(oldUID);
clearParams();
return PAM_SYSTEM_ERR;
}
++iws;
while(line[iws] == ' ' || line[iws] == '\t') ++iws;
if(iws == sizeof(line))
{
pam_syslog(pamh, LOG_ERR, "Invalid format for '%s'",
file_params[iparam].param_name);
fclose(tfa_file);
setfsgid(oldGID); setfsuid(oldUID);
clearParams();
return PAM_SYSTEM_ERR;
}
strncpy(file_params[iparam].output_variable,
line+iws, MIN(file_params[iparam].length_of_output,
sizeof(line)-(iws)));
file_params[iparam].output_variable[file_params[iparam].length_of_output-1] = 0;
iws = 0;
while( file_params[iparam].output_variable[iws] != ' ' &&
file_params[iparam].output_variable[iws] != '\t' &&
file_params[iparam].output_variable[iws] != '\r' &&
file_params[iparam].output_variable[iws] != '\n' ) iws++;
file_params[iparam].output_variable[iws] = 0; // nuke any
// trailing whitespace
}
if(!found)
{
pam_syslog(pamh, LOG_WARNING, "Unknown element '%s' is being ignored.", line+iws);
}
}
fclose(tfa_file); // later
memset(line, 0, sizeof(line));
if( debug )
{
pam_syslog(pamh, LOG_DEBUG, "Email to: %s", emailToAddr);
pam_syslog(pamh, LOG_DEBUG, "Email from: %s", emailFromAddr);
pam_syslog(pamh, LOG_DEBUG, "Email server: %s", emailServer);
pam_syslog(pamh, LOG_DEBUG, "Email port: %s", emailPort);
pam_syslog(pamh, LOG_DEBUG, "Email username: %s", emailUser);
}
// get the random data as acii
snprintf(randBufAscii, sizeof(randBufAscii), "%08x", getRandomInt32(pamh));
CHAP = base64_encode(randBufAscii, strlen(randBufAscii));
*(CHAP+8) = 0;
if( publish_email(pamh, currentUser, CHAP) < 0 )
{
pam_syslog(pamh, LOG_ERR, "Unable to send email!!");
free(CHAP);
setfsgid(oldGID); setfsuid(oldUID);
if( !strcmp(failPolicy, "pass") )
{
clearParams();
return PAM_SUCCESS;
}
clearParams();
return PAM_PERM_DENIED;
}
if(debug) pam_syslog(pamh, LOG_DEBUG, "Sent email... awaiting response");
//
RESP = request_random(pamh, PAM_PROMPT_ECHO_ON, "Challenge: ");
if(debug) pam_syslog(pamh, LOG_DEBUG, "Response '%s' received, comparing with '%s'", RESP, CHAP);
i = strcmp(RESP, CHAP);
free(CHAP);
free(RESP);
setfsgid(oldGID); setfsuid(oldUID);
clearParams();
if( i )
{
//fputs("Failed - try again.", stdout);
return PAM_PERM_DENIED;
}
return PAM_SUCCESS;
}
LocalParams::LocalParams() {
clearParams();
}
