This commit is contained in:
parent
d6f6c7c218
commit
e524996693
GPG Key ID:
E81D8382DC2F971B
23
src/lib.rs
23
src/lib.rs
@ -15,6 +15,7 @@ use pamsm::PamLibExt;
|
|||||||
use pamsm::*;
|
use pamsm::*;
|
||||||
use std::collections::{HashMap, HashSet};
|
use std::collections::{HashMap, HashSet};
|
||||||
use std::ffi::CStr;
|
use std::ffi::CStr;
|
||||||
|
use std::path::Path;
|
||||||
use std::str::FromStr;
|
use std::str::FromStr;
|
||||||
|
|
||||||
pub mod cli_args;
|
pub mod cli_args;
|
||||||
@ -26,7 +27,7 @@ pub mod util;
|
|||||||
struct PamFido2Luks;
|
struct PamFido2Luks;
|
||||||
|
|
||||||
impl PamFido2Luks {
|
impl PamFido2Luks {
|
||||||
fn open(&self, password: String, args: Vec<String>) -> Fido2LuksResult<()> {
|
fn open(&self, user: String, password: String, args: Vec<String>) -> Fido2LuksResult<()> {
|
||||||
let args: HashMap<String, String> = args
|
let args: HashMap<String, String> = args
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.filter_map(|arg| {
|
.filter_map(|arg| {
|
||||||
@ -47,10 +48,18 @@ impl PamFido2Luks {
|
|||||||
})
|
})
|
||||||
.unwrap_or_default();
|
.unwrap_or_default();
|
||||||
let pin = args.get("pin");
|
let pin = args.get("pin");
|
||||||
let device = args.get("device");
|
let device = args
|
||||||
let name = args.get("name");
|
.get("device")
|
||||||
|
.map(|device| device.replace("%user%", user.as_str()));
|
||||||
|
let name = args
|
||||||
|
.get("name")
|
||||||
|
.map(|name| name.replace("%user%", user.as_str()));
|
||||||
|
|
||||||
if let (Some(device), Some(name)) = (device, name) {
|
if let (Some(device), Some(name)) = (device, name) {
|
||||||
|
if !Path::new(&device).exists() || Path::new(&format!("/dev/mapper/{}", name)).exists()
|
||||||
|
{
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
let mut device = LuksDevice::load(device)?;
|
let mut device = LuksDevice::load(device)?;
|
||||||
let mut additional_credentials: HashSet<String> = HashSet::new();
|
let mut additional_credentials: HashSet<String> = HashSet::new();
|
||||||
if device.is_luks2()? {
|
if device.is_luks2()? {
|
||||||
@ -90,12 +99,16 @@ impl PamFido2Luks {
|
|||||||
|
|
||||||
impl PamServiceModule for PamFido2Luks {
|
impl PamServiceModule for PamFido2Luks {
|
||||||
fn authenticate(pamh: Pam, flag: PamFlag, args: Vec<String>) -> PamError {
|
fn authenticate(pamh: Pam, flag: PamFlag, args: Vec<String>) -> PamError {
|
||||||
|
let user = match pamh.get_cached_user() {
|
||||||
|
Err(_) => return PamError::AUTH_ERR,
|
||||||
|
Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
|
||||||
|
};
|
||||||
let password = match pamh.get_authtok(None) {
|
let password = match pamh.get_authtok(None) {
|
||||||
Err(_) => return PamError::AUTH_ERR,
|
Err(_) => return PamError::AUTH_ERR,
|
||||||
Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
|
Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
|
||||||
};
|
};
|
||||||
if let Some(password) = password {
|
if let (Some(user), Some(password)) = (user, password) {
|
||||||
match PamFido2Luks.open(password, args) {
|
match PamFido2Luks.open(user, password, args) {
|
||||||
Ok(_) => PamError::SUCCESS,
|
Ok(_) => PamError::SUCCESS,
|
||||||
Err(e) => match e {
|
Err(e) => match e {
|
||||||
//TODO: output more detailed error
|
//TODO: output more detailed error
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user