shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

add
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
shimun 2020-09-25 00:51:42 +02:00
parent d6f6c7c218
commit e524996693
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
1 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/lib.rs
View File

@ -15,6 +15,7 @@ use pamsm::PamLibExt;
use pamsm::*;
use std::collections::{HashMap, HashSet};
use std::ffi::CStr;
use std::path::Path;
use std::str::FromStr;
pub mod cli_args;
@ -26,7 +27,7 @@ pub mod util;
struct PamFido2Luks;
impl PamFido2Luks {
fn open(&self, password: String, args: Vec<String>) -> Fido2LuksResult<()> {
fn open(&self, user: String, password: String, args: Vec<String>) -> Fido2LuksResult<()> {
let args: HashMap<String, String> = args
.into_iter()
.filter_map(|arg| {
@ -47,10 +48,18 @@ impl PamFido2Luks {
})
.unwrap_or_default();
let pin = args.get("pin");
let device = args.get("device");
let name = args.get("name");
let device = args
.get("device")
.map(|device| device.replace("%user%", user.as_str()));
let name = args
.get("name")
.map(|name| name.replace("%user%", user.as_str()));
if let (Some(device), Some(name)) = (device, name) {
if !Path::new(&device).exists() || Path::new(&format!("/dev/mapper/{}", name)).exists()
{
return Ok(());
}
let mut device = LuksDevice::load(device)?;
let mut additional_credentials: HashSet<String> = HashSet::new();
if device.is_luks2()? {
@ -90,12 +99,16 @@ impl PamFido2Luks {
impl PamServiceModule for PamFido2Luks {
fn authenticate(pamh: Pam, flag: PamFlag, args: Vec<String>) -> PamError {
let user = match pamh.get_cached_user() {
Err(_) => return PamError::AUTH_ERR,
Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
};
let password = match pamh.get_authtok(None) {
Err(_) => return PamError::AUTH_ERR,
Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
};
if let Some(password) = password {
match PamFido2Luks.open(password, args) {
if let (Some(user), Some(password)) = (user, password) {
match PamFido2Luks.open(user, password, args) {
Ok(_) => PamError::SUCCESS,
Err(e) => match e {
//TODO: output more detailed error