From 13cb6fc0bd0c6bf41bd4150e288c90f28e6b230f Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:08:40 +0200 Subject: [PATCH 01/46] Update changelog --- ChangeLog | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0e55ff5c..89109b7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,19 @@ +* 0.8.3 + [Enhancement] Install pam-auth-update config only on systems having it + [Feature] pamusb-conf now has a --reset-pads=username option + [Bugfix] Fix RHOST check triggering on empty value + [Packaging] Add make targets for Fedora/RPM builds + [Packaging] Add make targets for source distribution + [Packaging] Add make targets for Arch/ZST builds + [Packaging] Improve PKGBUILD for Arch (thx @IslandC0der) + [Makefile] make install no longer overwrites the config if it already exists + [Makefile] Add target to update doc/ textfiles from wiki + [Bugfix] Whitelist pamusb-agent for remoteness-check + [Bugfix] Fix "tty from displayserver" remoteness-check method + [CI/Tests] Many additions, fixes and automatic nighly builds + [CI/Tests] Add testcase ensuring pamusb-agent properly triggers + [Docs] Update manpages and text files + * 0.8.2 [Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11) [Bugfix] Whitelist "login" service name to prevent insta-logout on TTY shells (#115) From 119ff4f4e01e0277eb547e5f3319e14a7c8597b5 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:08:47 +0200 Subject: [PATCH 02/46] Update AUTHORS --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index a86d62b9..7e0115aa 100644 --- a/AUTHORS +++ b/AUTHORS @@ -9,6 +9,7 @@ Francisco Javier Tsao Santín Gabriel Owczarski Georg Hopp IGP +João Figueiredo Luka Novsak McDope Omar Mostafa <42312059+3omar-mostafa@users.noreply.github.com> From daeaadcb1287d35947ffe97fa2c3c508bda63403 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:09:50 +0200 Subject: [PATCH 03/46] Update version numbers --- arch_linux/PKGBUILD_stable | 2 +- fedora/SPECS/pam_usb.spec | 2 +- src/version.h | 2 +- tools/pamusb-conf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch_linux/PKGBUILD_stable b/arch_linux/PKGBUILD_stable index f1f907c9..1365af83 100644 --- a/arch_linux/PKGBUILD_stable +++ b/arch_linux/PKGBUILD_stable @@ -2,7 +2,7 @@ # Contributor: Pekka Helenius pkgname=pam_usb -pkgver=0.8.2 +pkgver=0.8.3 pkgrel=4 pkgdesc='Hardware authentication for Linux using ordinary flash media (USB & Card based).' arch=($CARCH) diff --git a/fedora/SPECS/pam_usb.spec b/fedora/SPECS/pam_usb.spec index 24e30ae9..80ce5ccc 100644 --- a/fedora/SPECS/pam_usb.spec +++ b/fedora/SPECS/pam_usb.spec @@ -1,7 +1,7 @@ %define _topdir /usr/local/src/pam_usb/fedora %define name pam_usb %define release 1 -%define version 0.8.2 +%define version 0.8.3 %define buildroot %{_topdir}/%{name}‑%{version}‑root BuildRoot: %{buildroot} diff --git a/src/version.h b/src/version.h index 34c7311d..6431a4c8 100644 --- a/src/version.h +++ b/src/version.h @@ -18,6 +18,6 @@ #ifndef PUSB_VERSION_H_ # define PUSB_VERSION_H_ -# define PUSB_VERSION "0.8.2" +# define PUSB_VERSION "0.8.3" #endif /* !PUSB_VERSION_H_ */ diff --git a/tools/pamusb-conf b/tools/pamusb-conf index 8664aa67..c50b88d2 100755 --- a/tools/pamusb-conf +++ b/tools/pamusb-conf @@ -378,7 +378,7 @@ def resetPads(): sys.exit(0) def usage(): - print('Version 0.8.2') + print('Version 0.8.3') print('Usage: %s [--help] [--verbose] [--yes] [--config=path] [--reset-pads=username] [--add-user=name | --add-device=name [[--device=number] [--volume=number]]' % os.path.basename(__file__)) sys.exit(1) From 92e5de2668c85f967698dedc6ec79b900199f893 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:11:57 +0200 Subject: [PATCH 04/46] Update fedora changelog --- fedora/SPECS/pam_usb.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fedora/SPECS/pam_usb.spec b/fedora/SPECS/pam_usb.spec index 80ce5ccc..b844b8b1 100644 --- a/fedora/SPECS/pam_usb.spec +++ b/fedora/SPECS/pam_usb.spec @@ -56,6 +56,14 @@ rm -rf %{buildroot}/usr/share/pam-configs %doc %attr(0644,root,root) /usr/share/doc/pam_usb/TROUBLESHOOTING %changelog +* Wed Aug 24 2022 McDope - 0.8.3-1 +- [Enhancement] Install pam-auth-update config only on systems having it +- [Feature] pamusb-conf now has a --reset-pads=username option +- [Bugfix] Fix RHOST check triggering on empty value +- [Bugfix] Whitelist pamusb-agent for remoteness-check +- [Bugfix] Fix "tty from displayserver" remoteness-check method +- [Docs] Update manpages and text files + * Sun May 22 2022 McDope - 0.8.2-1 - First version being packaged for RPM - [Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11) From 5a84cc5b7e15304288e497c90165d21dca5a8937 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:13:57 +0200 Subject: [PATCH 05/46] Update debian changelog --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 3f40046c..da239d36 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libpam-usb (0.8.3) unstable; urgency=medium + * [Feature] pamusb-conf now has a --reset-pads=username option + * [Bugfix] Fix RHOST check triggering on empty value + * [Bugfix] Whitelist pamusb-agent for remoteness-check + * [Bugfix] Fix "tty from displayserver" remoteness-check method + * [Docs] Update manpages and text files + libpam-usb (0.8.2) unstable; urgency=medium * [Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11) From a9d08e5227dd388bfd6cd12f357d9c35465a1350 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:22:59 +0200 Subject: [PATCH 06/46] Fix debian changelog --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index da239d36..9976a210 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ libpam-usb (0.8.3) unstable; urgency=medium * [Bugfix] Fix "tty from displayserver" remoteness-check method * [Docs] Update manpages and text files + -- Tobias Bäumer Wed, 24 Aug 2022 21:00:00 +0200 + libpam-usb (0.8.2) unstable; urgency=medium * [Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11) From 50e44a420ea32cdbaff08c5a03febaf1f9e23e2a Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:25:27 +0200 Subject: [PATCH 07/46] Update debian/source/option --- debian/source/options | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/source/options b/debian/source/options index 8b6579cd..7a75461e 100644 --- a/debian/source/options +++ b/debian/source/options @@ -1,4 +1,6 @@ tar-ignore = .idea tar-ignore = .vscode tar-ignore = arch_linux -tar-ignore = .github \ No newline at end of file +tar-ignore = fedora +tar-ignore = .github +tar-ignore = .build From 940f19ad3da7867a1d2114656b5207d368bd3f1d Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 19:37:50 +0200 Subject: [PATCH 08/46] Use same name in fedora changes then for debian / realname everywhere --- fedora/SPECS/pam_usb.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fedora/SPECS/pam_usb.spec b/fedora/SPECS/pam_usb.spec index b844b8b1..69f64606 100644 --- a/fedora/SPECS/pam_usb.spec +++ b/fedora/SPECS/pam_usb.spec @@ -56,7 +56,7 @@ rm -rf %{buildroot}/usr/share/pam-configs %doc %attr(0644,root,root) /usr/share/doc/pam_usb/TROUBLESHOOTING %changelog -* Wed Aug 24 2022 McDope - 0.8.3-1 +* Wed Aug 24 2022 Tobias Bäumer - 0.8.3-1 - [Enhancement] Install pam-auth-update config only on systems having it - [Feature] pamusb-conf now has a --reset-pads=username option - [Bugfix] Fix RHOST check triggering on empty value @@ -64,7 +64,7 @@ rm -rf %{buildroot}/usr/share/pam-configs - [Bugfix] Fix "tty from displayserver" remoteness-check method - [Docs] Update manpages and text files -* Sun May 22 2022 McDope - 0.8.2-1 +* Sun May 22 2022 Tobias Bäumer - 0.8.2-1 - First version being packaged for RPM - [Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11) - [Bugfix] Whitelist "login" service name to prevent insta-logout on TTY shells (#115) From 5515521c274ca8472b663163803f7a86e8264bc1 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 23 Aug 2022 20:23:44 +0200 Subject: [PATCH 09/46] Update README.md --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c76cd39f..d34aa618 100644 --- a/README.md +++ b/README.md @@ -4,16 +4,16 @@ pam\_usb ======== -pam\_usb provides hardware authentication for Linux using ordinary USB Flash Drives. +pam\_usb provides hardware authentication for Linux using ordinary removable media. Tested are flash sticks and storage cards, but it should work with harddrives, SSDs and even floppies (at least USB based) too. It works with any application supporting PAM, such as _su_ and login managers (_GDM_, _KDM_). Features -------- -* `Password-less authentication.` Use your USB stick for authentication, don't type passwords anymore. +* `Password-less authentication.` Use your removable media for authentication, don't type passwords anymore (or add a second factor). * `Device auto probing.` You don't need to mount the device, or even to configure the device location (_sda1_, _sdb1_, etc). pam\_usb.so will automatically locate the device using `UDisks` and access its data by itself. -* `Two-factor authentication.` Achieve greater security by requiring both the USB stick and the password to authenticate the user. +* `Two-factor authentication.` Archive greater security by requiring both the removable media and the password to authenticate the user. * `Non-intrusive.` pam\_usb doesn't require any modifications of the USB storage device to work (no additional partitions required). * USB Serial number, model and vendor verification. * Support for **One Time Pads** authentication. @@ -53,5 +53,5 @@ This repo is mainly based on community improvements from See the commit history for details. You can find a list of all contributors in the `AUTHORS` file. The last official release was 0.5.0 btw, some private packages used 0.6.0 to override the upstream provided -version but those varied in changes from 0.5.0. This repo will be released starting from 0.7.0 when ready -and includes all updates I'm aware of (Python3 port, UDisks2 support, other smaller ones) or did myself. +version but those varied in changes from 0.5.0. This repo started at 0.7.0 and includes all contributions up +to this point I'm aware of (Python3 port, UDisks2 support, other smaller ones) or did myself. From 50cdf61dc875c146b7124cc9bae509896d1d70b9 Mon Sep 17 00:00:00 2001 From: make update-other-docs Date: Wed, 24 Aug 2022 15:40:50 +0200 Subject: [PATCH 10/46] [Docs] Update non-manpage "doc/" files Signed-off-by: McDope --- doc/CONFIGURATION | 38 +++++++++++++++++--------------------- doc/QUICKSTART | 16 +++++++++++----- doc/TROUBLESHOOTING | 9 ++++++++- 3 files changed, 36 insertions(+), 27 deletions(-) diff --git a/doc/CONFIGURATION b/doc/CONFIGURATION index 26da64d2..dc662aed 100644 --- a/doc/CONFIGURATION +++ b/doc/CONFIGURATION @@ -104,6 +104,8 @@ The syntax is the following: Some cheap devices don't report a vendor and/or model. To use these devices you can use "Generic" for these values, then it won't be checked. Be aware that this reduces security if you have `one_time_pads` disabled since the device containing the volume won't be checked anymore (but these attributes could be faked with a custom firmware anyway). +You can configure as many devices as you want, but each user can only be configured to use a single device (currently). + ### Example: ```xml @@ -122,7 +124,7 @@ Be aware that this reduces security if you have `one_time_pads` disabled since t | Name | Type | Description | Example | |----------|-----------|-------------------------------------------|------------| | `id` | Attribute | Login of the user | `root` | -| `device` | Attribute | `id` of the device associated to the user | `MyDevice` | +| `device` | Element | `id` of the device associated to the user | `MyDevice` | | `agent` | Element | Agent commands, for use with pamusb-agent | | ### Agent @@ -212,40 +214,34 @@ pamusb-agent -c /some/other/path.conf Example configuration ---------------------------------- -**NOTE**: For detailed information, rely on repository wiki pages. +1. Insert a removable block device -* **1)** Insert an USB block device -* **2)** Add necessary user configuration into `/etc/security/pam_usb.conf` by running: +2. Add necessary device configuration into `/etc/security/pam_usb.conf` by running: ``` -sudo pamusb-conf --add-user= +sudo pamusb-conf --add-device= ``` -where `` is a valid Unix user name. +where `` is a recognizable name for your device. This value is used internally in the configuration file as device `id` value and in output shown to users. (Note: because of it being used as an XML attribute value, it shouldn't contain ampersands etc.) -* **3)** Add necessary device configuration into `/etc/security/pam_usb.conf` by running: +3. Add necessary user configuration into `/etc/security/pam_usb.conf` by running: ``` -sudo pamusb-conf --add-device= +sudo pamusb-conf --add-user= ``` -where `` is a recognizable name for your device. This value is only used internally in the configuration file as device `id` value. - -* **4)** Tweak `/etc/security/pam_usb.conf` manually as desired. Link devices and users, etc. - -**NOTE**: If you don't want to use one time pad files, consider setting `one_time_pad` option to `false`. Pad file use defaults to `true`. +where `` is a valid Unix user name. -If you use one time pads, you need to do the following: +4. Tweak `/etc/security/pam_usb.conf` manually as desired. Link devices and users, etc. -* **5)** Manually mount USB block device partition. You need write access to the mounted partition. +If you use one time pads (default), you need to do the following: -* **6)** Run `/usr/bin/pamusb-check --debug --service=pamusb-agent ` +5. Run `/usr/bin/pamusb-check --debug ` -where `` is associated with the USB block device. +where `` is associated with the removable block device. By default, this command creates directory `$HOME/.pamusb/` with a protected device-associated `.pad` file. If you format the device, you must -delete `$HOME/.pamusb/.pad` file. The created `.pad` file can't be used with a new partition UUIDs for the same or any USB block device. +delete the `$HOME/.pamusb/.pad` file (or run `pamusb-conf --reset-pads=username`). The created `.pad` file can't be used with a new partition UUIDs for the same or any removable block device. -* **7)** Unmount the USB block device. -* **8)** Add proper PAM configuration into `/etc/pam.d/common-auth` as described in [Getting Started](https://github.com/mcdope/pam_usb/wiki/Getting-Started#setting-up-the-pam-module). For testing purposes, it's highly recommended to start with `sufficient` PAM option before possibly moving to `required` or `requisite` option since you can bypass faulty `pam_usb` configurations. -* **9)** Test the device/user configuration by running `sudo echo "pam_usb test"`. The USB block device must be attached (mount not required) and the user must have proper configuration in `/etc/security/pam_usb.conf` file. +6. Add proper PAM configuration into `/etc/pam.d/common-auth` as described in [Getting Started](https://github.com/mcdope/pam_usb/wiki/Getting-Started#setting-up-the-pam-module). For testing purposes, it's highly recommended to start with `sufficient` PAM option before possibly moving to `required` or `requisite` option since you can bypass faulty `pam_usb` configurations. +7. Test the device/user configuration by running `/usr/bin/pamusb-check `. The removable block device must be attached (mount not required) and the user must have proper configuration in `/etc/security/pam_usb.conf` file. diff --git a/doc/QUICKSTART b/doc/QUICKSTART index a867049f..7d7c8ce3 100644 --- a/doc/QUICKSTART +++ b/doc/QUICKSTART @@ -28,7 +28,9 @@ Once you've connected your USB device to the computer, use pamusb-conf to add it [Y/n] y Done. -Note that `MyDevice` can be any arbitrary name you'd like. Also, you can add as many devices as you want. +Note that `MyDevice` can be any arbitrary name you'd like, but will be used as an XML attribute value so stay away from any special characters and stick to A-Z. + +Also, you can add as many devices as you want. However, each user can currently only use a single device so additional devices can only be used for additional users. Next, configure users you want to be able to authenticate with pam_usb: @@ -73,20 +75,22 @@ Your default PAM common-auth configuration should include the following line: This is a current standard which uses passwords to authenticate a user. -Alter your /etc/pam.d/common-auth configuration to: +Alter your `/etc/pam.d/common-auth` configuration to: auth sufficient pam_usb.so auth required pam_unix.so nullok_secure Remember what we've learned in the pam manpages (you've read them, riiiight?): pam rules are a stack, order of the rules is important and makes a difference in behavior. +### Use pam_usb to replace your password The `sufficient` keyword means that if pam_usb allows the authentication, then no password will be asked. If the authentication fails, then the default password-based authentication will be used as fallback. +### Use pam_usb as 2nd factor in addition to your password If you change it to `required`, it means that *both* the USB flash drive and the password will be required to grant access to the system. -At this point, you should be able to authenticate with the relevant USB device plugged-in. +At this point, you should be able to authenticate with the relevant removable device plugged-in. scox $ su * pam_usb v.SVN @@ -103,7 +107,7 @@ The pam_usb agent (pamusb-agent) allows you to automatically execute commands upon locking and unlocking events. Those events are generated when you insert or remove your authentication device. To configure the commands, you have to edit pam_usb's configuration file -(/etc/security/pam_usb.conf) and add agent entries into your user section. +(`/etc/security/pam_usb.conf`) and add agent entries into your user section. For instance, you could automatically start your screensaver as soon as you remove the device, and deactivate it when you plug the device back. @@ -113,7 +117,9 @@ You can find details in [the "Agent" section of Configuration](https://github.co Auto-unlock your GNOME keyring ------------------------------ -You should think twice if you want to enable this feature. To use it you need to put your keyring password in cleartext into your home directory. The tool will only work if that file has permissions only for the owner, however - anyone with root/sudo access will still be able to read it. Keep that in mind before using this feature. Even worse: if you have samba user shares enabled you would share your password via SMB shares - to whoever can access that share. To be clear: this is a comfort feature and is insecure by design. +You should think twice if you want to enable this feature. To use it you need to put your keyring password in cleartext into your home directory. + +The tool will only work if that file has permissions only for the owner, however - anyone with root/sudo access will still be able to read it. Keep that in mind before using this feature. Even worse: if you have samba user shares enabled you would share your password via SMB shares - to whoever can access that share. To be clear: this is a comfort feature and is insecure by design. If you still want to use it, you will have to do four things: * create `.keyring_unlock_password` in your home directory diff --git a/doc/TROUBLESHOOTING b/doc/TROUBLESHOOTING index 3db54b9d..95595959 100644 --- a/doc/TROUBLESHOOTING +++ b/doc/TROUBLESHOOTING @@ -65,4 +65,11 @@ It can happen if you remove the authentication device without unmounting it befo Or, worst case scenario - someone tried to tamper with your system. In example someone could deep-clone (not only FS but also HW Ids) your authentication device and use it to login or sudo (if you use pamusb as the only factor), pads will then be updated on system and the attacking device but not on your original device since it wasn't connected at the time of your login. On next authentication request with your original device you will then get "Pad checking failed!". Of course for most persons this is an unlikely scenario. But if your system and/or device is accessible to other persons, keep it in mind. -To fix this you can just remove the `.pad` file for your device in `~/.pamusb`. The pad will then be regenerated on next authentication request. If that doesn't make the error go away, it will be the device pad causing it, which you can find at `/.pamusb`. Since version 0.8.3 you can also use `pamusb-conf --reset-pads=` \ No newline at end of file +To resolve this you can use `pamusb-conf --reset-pads=`, which will remove the pad files for the given user and its configured device so they will be regenerated on next authentication. + +Agent configuration / commands don't work like expected +-------------- + +The agent will log all executed commands, as well as their exitcode; stdout and stderr (since v0.8.3). You can view this log either via systemd, or - easier - by `tail`'ing `/var/log/auth.log`. + +You can use this to a) verify your config is picked up like expected and b) configured commands do what you want. For some programs, esp. ones expecting to be run within a graphical environment, you will have to provide environment values via `` tags in the agent configuration. Usually the log will provide you with some good clues. But feel free to open a support issue if you need help. \ No newline at end of file From 7c5e976ba9dd84048a2044871194d321f3f56a80 Mon Sep 17 00:00:00 2001 From: McDope Date: Wed, 24 Aug 2022 18:59:15 +0200 Subject: [PATCH 11/46] [Packaging] [Debian] Fix config script picking up device serials as name if they have no revision set (thx cheapo manufacturers) --- debian/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/config b/debian/config index 755d0f54..37ca545f 100755 --- a/debian/config +++ b/debian/config @@ -9,7 +9,7 @@ then CHOICES="" # Iterate over each drive (note that we are reversing the list because udisksctl order is inverted from pamusb-conf/python api) - for DRIVE in `udisksctl status | grep -o ' \S[a-z]\S*' | tr -d ' ' | tac` + for DRIVE in `udisksctl status | grep -o ' \S[a-z]\S* $' | tr -d ' ' | tac` do # echo "Debug: Handling drive /dev/$DRIVE.." From 61b90c5315e14531ea3a265db46faa844e0b406e Mon Sep 17 00:00:00 2001 From: McDope Date: Wed, 24 Aug 2022 19:05:21 +0200 Subject: [PATCH 12/46] #165: Update ChangeLog and debian/changelog --- ChangeLog | 1 + debian/changelog | 1 + 2 files changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 89109b7e..3cbfad17 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ [Packaging] Add make targets for source distribution [Packaging] Add make targets for Arch/ZST builds [Packaging] Improve PKGBUILD for Arch (thx @IslandC0der) + [Packaging] Fix debian autoconfig picking up serials as devices if they have no revision set [Makefile] make install no longer overwrites the config if it already exists [Makefile] Add target to update doc/ textfiles from wiki [Bugfix] Whitelist pamusb-agent for remoteness-check diff --git a/debian/changelog b/debian/changelog index 9976a210..c25fd7e6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ libpam-usb (0.8.3) unstable; urgency=medium * [Feature] pamusb-conf now has a --reset-pads=username option + * [Bugfix] Fix debconf issues with devices having no revision set * [Bugfix] Fix RHOST check triggering on empty value * [Bugfix] Whitelist pamusb-agent for remoteness-check * [Bugfix] Fix "tty from displayserver" remoteness-check method From dc411845784a856e0a4db9c3e43e4f094bea7523 Mon Sep 17 00:00:00 2001 From: McDope Date: Thu, 25 Aug 2022 17:20:39 +0200 Subject: [PATCH 13/46] Update changelogs --- ChangeLog | 1 + debian/changelog | 1 + fedora/SPECS/pam_usb.spec | 1 + 3 files changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3cbfad17..33bb55d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,7 @@ [CI/Tests] Many additions, fixes and automatic nighly builds [CI/Tests] Add testcase ensuring pamusb-agent properly triggers [Docs] Update manpages and text files + [Bugfix] Fix some usages of tmux being able to circumvent localcheck * 0.8.2 [Tools/Docs] Add pamusb-keyring-unlock-gnome, to allow unlocking the GNOME keyring (#11) diff --git a/debian/changelog b/debian/changelog index c25fd7e6..70b1a7d4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ libpam-usb (0.8.3) unstable; urgency=medium * [Bugfix] Whitelist pamusb-agent for remoteness-check * [Bugfix] Fix "tty from displayserver" remoteness-check method * [Docs] Update manpages and text files + * [Bugfix] Fix some usages of tmux being able to circumvent localcheck -- Tobias Bäumer Wed, 24 Aug 2022 21:00:00 +0200 diff --git a/fedora/SPECS/pam_usb.spec b/fedora/SPECS/pam_usb.spec index 69f64606..e30cd361 100644 --- a/fedora/SPECS/pam_usb.spec +++ b/fedora/SPECS/pam_usb.spec @@ -63,6 +63,7 @@ rm -rf %{buildroot}/usr/share/pam-configs - [Bugfix] Whitelist pamusb-agent for remoteness-check - [Bugfix] Fix "tty from displayserver" remoteness-check method - [Docs] Update manpages and text files +- [Bugfix] Fix some usages of tmux being able to circumvent localcheck * Sun May 22 2022 Tobias Bäumer - 0.8.2-1 - First version being packaged for RPM From 20be5fd8c96b9949ece486a34dea67992fd1a1a8 Mon Sep 17 00:00:00 2001 From: McDope Date: Fri, 26 Aug 2022 16:09:19 +0200 Subject: [PATCH 14/46] [local.c] Fix tiny memleak --- src/local.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/local.c b/src/local.c index dadedf59..18426ca1 100644 --- a/src/local.c +++ b/src/local.c @@ -336,6 +336,7 @@ int pusb_local_login(t_pusb_options *opts, const char *user, const char *service } } } + xfree(xorg_tty); } if (local_request == 0) From 5a6d8b8d8b89d66d1a1a00d75011cd6c7fb8489b Mon Sep 17 00:00:00 2001 From: McDope Date: Sat, 27 Aug 2022 15:47:08 +0200 Subject: [PATCH 15/46] #31: Prepare conf.c/xpath.c for multiple devices per user --- src/conf.c | 41 +++++++++++++++++++++++++++++------------ src/conf.h | 1 + src/xpath.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+), 12 deletions(-) diff --git a/src/conf.c b/src/conf.c index 1bfa45c4..3975dc5a 100644 --- a/src/conf.c +++ b/src/conf.c @@ -84,17 +84,18 @@ static int pusb_conf_device_get_property( xmlDoc *doc, const char *property, char *store, - size_t size + size_t size, + char *deviceId ) { char *xpath = NULL; size_t xpath_len; int retval; - xpath_len = strlen(CONF_DEVICE_XPATH) + strlen(opts->device.name) + strlen(property) + 1; + xpath_len = strlen(CONF_DEVICE_XPATH) + strlen(deviceId) + strlen(property) + 1; xpath = xmalloc(xpath_len); memset(xpath, 0x00, xpath_len); - snprintf(xpath, xpath_len, CONF_DEVICE_XPATH, opts->device.name, property); + snprintf(xpath, xpath_len, CONF_DEVICE_XPATH, deviceId, property); retval = pusb_xpath_get_string(doc, xpath, store, size); xfree(xpath); return (retval); @@ -102,18 +103,20 @@ static int pusb_conf_device_get_property( static int pusb_conf_parse_device( t_pusb_options *opts, - xmlDoc *doc + xmlDoc *doc, + int deviceIndex, + char *deviceId ) { - pusb_conf_device_get_property(opts, doc, "vendor", opts->device.vendor, sizeof(opts->device.vendor)); - pusb_conf_device_get_property(opts, doc, "model", opts->device.model, sizeof(opts->device.model)); + pusb_conf_device_get_property(opts, doc, "vendor", opts->device_list[deviceIndex].vendor, sizeof(opts->device_list[deviceIndex].vendor), deviceId); + pusb_conf_device_get_property(opts, doc, "model", opts->device_list[deviceIndex].model, sizeof(opts->device_list[deviceIndex].model), deviceId); - if (!pusb_conf_device_get_property(opts, doc, "serial", opts->device.serial, sizeof(opts->device.serial))) + if (!pusb_conf_device_get_property(opts, doc, "serial", opts->device_list[deviceIndex].serial, sizeof(opts->device_list[deviceIndex].serial), deviceId)) { return (0); } - pusb_conf_device_get_property(opts, doc, "volume_uuid", opts->device.volume_uuid, sizeof(opts->device.volume_uuid)); + pusb_conf_device_get_property(opts, doc, "volume_uuid", opts->device_list[deviceIndex].volume_uuid, sizeof(opts->device_list[deviceIndex].volume_uuid), deviceId); return (1); } @@ -169,19 +172,33 @@ int pusb_conf_parse( return (0); } snprintf(device_xpath, sizeof(device_xpath), CONF_USER_XPATH, user, "device"); - retval = pusb_xpath_get_string( + + char device_list[][sizeof(opts->device.name)] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + retval = pusb_xpath_get_string_list( doc, device_xpath, - opts->device.name, + device_list, sizeof(opts->device.name) ); - if (!retval || !pusb_conf_parse_device(opts, doc)) + + if (!retval) { - log_error("No authentication device configured for user \"%s\".\n", user); + log_error("No authentication device(s) configured for user \"%s\".\n", user); xmlFreeDoc(doc); xmlCleanupParser(); return (0); } + + for (int currentDevice = 0; currentDevice < sizeof(device_list); currentDevice++) + { + if (device_list[currentDevice] == NULL) + { + continue; + } + + pusb_conf_parse_device(opts, doc, currentDevice, device_list[currentDevice]); + } + if (!pusb_conf_parse_options(opts, doc, user, service)) { xmlFreeDoc(doc); diff --git a/src/conf.h b/src/conf.h index ace68164..b5327eeb 100644 --- a/src/conf.h +++ b/src/conf.h @@ -57,6 +57,7 @@ typedef struct pusb_options char system_pad_directory[PATH_MAX]; char device_pad_directory[PATH_MAX]; t_pusb_device device; + t_pusb_device device_list[10]; } t_pusb_options; struct s_opt_list diff --git a/src/xpath.c b/src/xpath.c index 5402ca37..e19b22de 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -128,6 +128,43 @@ int pusb_xpath_get_string( return (1); } +int pusb_xpath_get_string_list( + xmlDocPtr doc, + const char *path, + char *values[], + size_t size +) +{ + xmlXPathObject *result = NULL; + xmlNode *node = NULL; + xmlChar *result_string = NULL; + + if (!(result = pusb_xpath_match(doc, path))) + { + return (0); + } + + for (int currentResult = 0; currentResult < result->nodesetval->nodeNr; currentResult++) + { + node = result->nodesetval->nodeTab[currentResult]->xmlChildrenNode; + result_string = xmlNodeListGetString(doc, node, 1); + if (!result_string) + { + log_debug("Empty value for %s\n", path); + continue; + } + if (!pusb_xpath_strip_string(values[currentResult], (const char *)result_string, size)) + { + log_debug("Result for %s (%s) is too long (max: %d)\n", path, (const char *)result_string, size); + continue; + } + } + + xmlFree(result_string); + xmlXPathFreeObject(result); + return (1); +} + int pusb_xpath_get_string_from( xmlDocPtr doc, const char *base, From 6ea5419374971f3d2b0713c8cecf9dc9f4ae5dbd Mon Sep 17 00:00:00 2001 From: McDope Date: Sat, 27 Aug 2022 16:17:40 +0200 Subject: [PATCH 16/46] #31: [device.c] pusb_device_connected() -> loop device_list and assign first found connected drive as 'primary' drive that will be used further down --- src/device.c | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/src/device.c b/src/device.c index 4ae90cbc..a43220d1 100644 --- a/src/device.c +++ b/src/device.c @@ -35,29 +35,34 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) UDisksObject *object = NULL; UDisksDrive *drive = NULL; - log_debug("Searching for \"%s\" in the hardware database...\n", opts->device.name); - - for (i = 0; i < g_list_length(objects); ++i) + for (int currentDevice; currentDevice < sizeof(opts->device_list); currentDevice++) { - object = UDISKS_OBJECT(g_list_nth(objects, i)->data); - if (udisks_object_peek_drive(object)) + log_debug("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); + + for (i = 0; i < g_list_length(objects); ++i) { - drive = udisks_object_get_drive(object); - retval = strcmp(udisks_drive_get_serial(drive), opts->device.serial) == 0; - - if (strcmp(opts->device.vendor, "Generic") != 0) + object = UDISKS_OBJECT(g_list_nth(objects, i)->data); + if (udisks_object_peek_drive(object)) { - retval = retval && strcmp(udisks_drive_get_vendor(drive), opts->device.vendor) == 0; - } + drive = udisks_object_get_drive(object); + retval = strcmp(udisks_drive_get_serial(drive), opts->device_list[currentDevice].serial) == 0; - if (strcmp(opts->device.model, "Generic") != 0) - { - retval = retval && strcmp(udisks_drive_get_model(drive), opts->device.model) == 0; - } - - g_object_unref(drive); - if (retval) { - break; + if (strcmp(opts->device_list[currentDevice].vendor, "Generic") != 0) + { + retval = retval && strcmp(udisks_drive_get_vendor(drive), opts->device_list[currentDevice].vendor) == 0; + } + + if (strcmp(opts->device_list[currentDevice].model, "Generic") != 0) + { + retval = retval && strcmp(udisks_drive_get_model(drive), opts->device_list[currentDevice].model) == 0; + } + + g_object_unref(drive); + if (retval) { + opts->device = opts->device_list[currentDevice]; + currentDevice = sizeof(opts->device_list) + 1; + break; + } } } } @@ -71,6 +76,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) log_error("Authentication device \"%s\" is not connected.\n", opts->device.name); } + g_object_unref(object); g_list_foreach(objects, (GFunc) g_object_unref, NULL); g_list_free(objects); From a4a4b0db34059e0d10efe2e3c476b8a3662a1a6b Mon Sep 17 00:00:00 2001 From: McDope Date: Sat, 27 Aug 2022 16:20:57 +0200 Subject: [PATCH 17/46] #31: Prepare dist/doc config for multi-device --- doc/pam_usb.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/pam_usb.conf b/doc/pam_usb.conf index 8a591298..55681055 100644 --- a/doc/pam_usb.conf +++ b/doc/pam_usb.conf @@ -22,6 +22,13 @@ See http://www.pamusb.org/doc/configuring 6F6B-42FC + + Commodore + REU + CMDKXXXXXXXXXXXXXXXX + 6F6B-00FF + + --> @@ -38,6 +45,7 @@ See http://www.pamusb.org/doc/configuring removal: MyDevice + MySecondDevice gnome-screensaver-command -\-lock From d4d9709078507af36d73a19c51fba2e5d1730bd3 Mon Sep 17 00:00:00 2001 From: McDope Date: Sat, 27 Aug 2022 16:25:45 +0200 Subject: [PATCH 18/46] #31: [pamusb-agent] add todo --- tools/pamusb-agent | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index bf4575e4..08495811 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -209,6 +209,7 @@ def userDeviceThread(user): } ) + # @todo: adjust for multiple devices here deviceName = user.find('device').text.strip() devices = doc.findall("devices/device") From f0a6fd08f24d4295bb2451ed2f67b2fa4724e122 Mon Sep 17 00:00:00 2001 From: McDope Date: Sat, 27 Aug 2022 16:38:14 +0200 Subject: [PATCH 19/46] #31 CI, plz? From 5538ec683777a1b6e9dbb236aee74d2f7d979efa Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 28 Aug 2022 17:17:45 +0200 Subject: [PATCH 20/46] #31: Fix errors --- src/conf.c | 18 +++++++++++++++--- src/device.c | 13 ++++++++----- src/xpath.c | 8 ++++++-- src/xpath.h | 1 + 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/src/conf.c b/src/conf.c index 3975dc5a..4e004c3b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -173,7 +173,14 @@ int pusb_conf_parse( } snprintf(device_xpath, sizeof(device_xpath), CONF_USER_XPATH, user, "device"); - char device_list[][sizeof(opts->device.name)] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + char *device_list[10] = { + xmalloc(128), xmalloc(128), xmalloc(128), xmalloc(128), xmalloc(128), + xmalloc(128), xmalloc(128), xmalloc(128), xmalloc(128), xmalloc(128) + }; + for (int currentDevice = 0; currentDevice < 10; currentDevice++) + { + memset(device_list[currentDevice], 0x0, 128); + } retval = pusb_xpath_get_string_list( doc, device_xpath, @@ -189,14 +196,19 @@ int pusb_conf_parse( return (0); } - for (int currentDevice = 0; currentDevice < sizeof(device_list); currentDevice++) + for (int currentDevice = 0; currentDevice < 10; currentDevice++) { - if (device_list[currentDevice] == NULL) + log_error("DBG: currentDevice: %d, strnlen: %d, value: %s\n", currentDevice, strnlen(device_list[currentDevice], 128), device_list[currentDevice]); + if (device_list[currentDevice] == NULL || strnlen(device_list[currentDevice], 128) == 0) { continue; } + strncpy(opts->device_list[currentDevice].name, device_list[currentDevice], strnlen(device_list[currentDevice], 128)); pusb_conf_parse_device(opts, doc, currentDevice, device_list[currentDevice]); + log_error("DBG: found device\n"); + log_error("DBG: name: %s\n", opts->device_list[currentDevice].name); + log_error("DBG: vendor: %s\n", opts->device_list[currentDevice].vendor); } if (!pusb_conf_parse_options(opts, doc, user, service)) diff --git a/src/device.c b/src/device.c index a43220d1..bd6ca837 100644 --- a/src/device.c +++ b/src/device.c @@ -35,9 +35,9 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) UDisksObject *object = NULL; UDisksDrive *drive = NULL; - for (int currentDevice; currentDevice < sizeof(opts->device_list); currentDevice++) + for (int currentDevice = 0; currentDevice < 10; currentDevice++) { - log_debug("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); + log_error("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); for (i = 0; i < g_list_length(objects); ++i) { @@ -59,8 +59,12 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) g_object_unref(drive); if (retval) { - opts->device = opts->device_list[currentDevice]; - currentDevice = sizeof(opts->device_list) + 1; + strncpy(opts->device.name, opts->device_list[currentDevice].name, sizeof(opts->device_list[currentDevice].name)); + strncpy(opts->device.vendor, opts->device_list[currentDevice].vendor, sizeof(opts->device_list[currentDevice].vendor)); + strncpy(opts->device.model, opts->device_list[currentDevice].model, sizeof(opts->device_list[currentDevice].model)); + strncpy(opts->device.serial, opts->device_list[currentDevice].serial, sizeof(opts->device_list[currentDevice].serial)); + strncpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid, sizeof(opts->device_list[currentDevice].volume_uuid)); + currentDevice = 11; break; } } @@ -76,7 +80,6 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) log_error("Authentication device \"%s\" is not connected.\n", opts->device.name); } - g_object_unref(object); g_list_foreach(objects, (GFunc) g_object_unref, NULL); g_list_free(objects); diff --git a/src/xpath.c b/src/xpath.c index e19b22de..5e8fd95d 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -144,20 +144,24 @@ int pusb_xpath_get_string_list( return (0); } + log_error("DBG: Found %d devices for user\n", result->nodesetval->nodeNr); for (int currentResult = 0; currentResult < result->nodesetval->nodeNr; currentResult++) { + log_error("DBG: result %d\n", currentResult); node = result->nodesetval->nodeTab[currentResult]->xmlChildrenNode; result_string = xmlNodeListGetString(doc, node, 1); - if (!result_string) + if (!result_string || strcmp("", (char *) result_string) == 0) { log_debug("Empty value for %s\n", path); continue; } - if (!pusb_xpath_strip_string(values[currentResult], (const char *)result_string, size)) + if (!pusb_xpath_strip_string(values[currentResult], (char *)result_string, size)) { log_debug("Result for %s (%s) is too long (max: %d)\n", path, (const char *)result_string, size); continue; } + + log_error("DBG: Found device %s\n", result_string); } xmlFree(result_string); diff --git a/src/xpath.h b/src/xpath.h index 6b6bcc50..9343061b 100644 --- a/src/xpath.h +++ b/src/xpath.h @@ -20,6 +20,7 @@ # include int pusb_xpath_get_string(xmlDocPtr doc, const char *path, char *value, size_t size); +int pusb_xpath_get_string_list(xmlDocPtr doc, const char *path, char *value[], size_t size); int pusb_xpath_get_string_from(xmlDocPtr doc, const char *base, const char *path, char *value, size_t size); int pusb_xpath_get_bool(xmlDocPtr doc, const char *path, int *value); int pusb_xpath_get_bool_from(xmlDocPtr doc, const char *base, const char *path, int *value); From d2be4dde4a962fde48a7caff4c4f4190ae7796f8 Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 16:48:43 +0200 Subject: [PATCH 21/46] #31: Don't iterate empty devices, fix 'nodevice' output --- src/device.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/device.c b/src/device.c index bd6ca837..73ed5e5a 100644 --- a/src/device.c +++ b/src/device.c @@ -37,6 +37,11 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) for (int currentDevice = 0; currentDevice < 10; currentDevice++) { + if (strcmp(opts->device_list[currentDevice].name, "") == 0) + { + continue; + } + log_error("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); for (i = 0; i < g_list_length(objects); ++i) @@ -77,7 +82,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) } else { - log_error("Authentication device \"%s\" is not connected.\n", opts->device.name); + log_error("None of the configured authentication devices is connected.\n"); } g_list_foreach(objects, (GFunc) g_object_unref, NULL); From f1f5c9c9a701395bb7ae88daa7c7d588af1b93c3 Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 17:23:57 +0200 Subject: [PATCH 22/46] #31: Revert ae51375dda71ce44882b15b14c171b6f538d21a0, add support for adding additional devices to existing users --- tools/pamusb-conf | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/tools/pamusb-conf b/tools/pamusb-conf index c50b88d2..1da8e58c 100755 --- a/tools/pamusb-conf +++ b/tools/pamusb-conf @@ -127,13 +127,6 @@ def addUser(options): print('You must add a device (--add-device) before adding users') sys.exit(1) - alreadyConfiguredUsers = doc.getElementsByTagName('user') - if len(alreadyConfiguredUsers) > 0: - for user in alreadyConfiguredUsers: - if user.getAttribute('id') == options['userName']: - print('This user is already added to the configuration, to edit it you need to do it manually currently - sorry.') - sys.exit(1) - devices = [] for device in devicesObj: devices.append(device.getAttribute('id')) @@ -151,14 +144,29 @@ def addUser(options): ] ) + # Check if user exists users = doc.getElementsByTagName('users') - user = doc.createElement('user') - user.attributes['id'] = options['userName'] - e = doc.createElement('device') - t = doc.createTextNode(device) - e.appendChild(t) - user.appendChild(e) - users[0].appendChild(prettifyElement(user)) + userElements = doc.getElementsByTagName('user') + user = False + for _user in userElements: + if _user.getAttribute('id') == options['userName']: + user = _user + break + + if user is False: # does not exist, lets create + user = doc.createElement('user') + user.attributes['id'] = options['userName'] + e = doc.createElement('device') + t = doc.createTextNode(device) + e.appendChild(t) + user.appendChild(e) + users[0].appendChild(prettifyElement(user)) + else: # just add another device + e = doc.createElement('device') + t = doc.createTextNode(device) + e.appendChild(t) + user.appendChild(e) + writeConf(options, doc) def listAvailableDevicesAndVolumes(options): From 7571f19813b41f1069dc5f9393654c1fe90ea78f Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:00:28 +0200 Subject: [PATCH 23/46] #31: Adjust tests for multi-device support --- tests/can-actually-be-used/create-image.sh | 1 + tests/can-actually-be-used/mount-image.sh | 18 +++++++++++++++++- tests/can-actually-be-used/run-tests.sh | 4 ++-- .../test-conf-adds-device.sh | 4 ---- .../test-conf-detects-device.sh | 6 ++++-- .../test-conf-doesnt-add-user-twice.sh | 7 ------- tests/can-actually-be-used/umount-image.sh | 3 +++ 7 files changed, 27 insertions(+), 16 deletions(-) delete mode 100755 tests/can-actually-be-used/test-conf-adds-device.sh delete mode 100755 tests/can-actually-be-used/test-conf-doesnt-add-user-twice.sh diff --git a/tests/can-actually-be-used/create-image.sh b/tests/can-actually-be-used/create-image.sh index a2654eb0..433c1dc7 100755 --- a/tests/can-actually-be-used/create-image.sh +++ b/tests/can-actually-be-used/create-image.sh @@ -3,3 +3,4 @@ set -e fallocate -l 16M virtual_usb.img +fallocate -l 16M virtual_usb_alt.img diff --git a/tests/can-actually-be-used/mount-image.sh b/tests/can-actually-be-used/mount-image.sh index b85de3d8..487bd33a 100755 --- a/tests/can-actually-be-used/mount-image.sh +++ b/tests/can-actually-be-used/mount-image.sh @@ -3,7 +3,7 @@ set -e # Load module with image -sudo modprobe g_mass_storage file=./virtual_usb.img stall=0 removable=y iSerialNumber=1234567890 +sudo modprobe g_mass_storage file=./virtual_usb.img stall=0 removable=y iSerialNumber=1234567890 iProduct=FirstStick echo "Info: sleeping 5s to ensure kernel picks up our new device..." sleep 5 @@ -19,3 +19,19 @@ sudo mkfs.vfat "/dev/"$CREATED_DEVICE"1" mkdir -p /tmp/fakestick sudo mount -t vfat "/dev/"$CREATED_DEVICE"1" /tmp/fakestick -o rw,umask=0000 +# Load module with second image +sudo modprobe g_mass_storage file=./virtual_usb_alt.img stall=0 removable=y iSerialNumber=1234567891 iProduct=SecondStick +echo "Info: sleeping 5s to ensure kernel picks up our new device..." +sleep 5 + +# Determine device id, create partition and format it +CREATED_DEVICE_2=$(lsblk | grep 16M | awk '{ print $1 }') +echo "Info: fake device registered as /dev/$CREATED_DEVICE_2" +echo "Info: creating partition..." +echo 'type=83' | sudo sfdisk /dev/$CREATED_DEVICE_2 +echo "Info: formatting partition as vfat..." +sudo mkfs.vfat "/dev/"$CREATED_DEVICE_2"1" + +# Create mountpoint and mount alt fake stick +mkdir -p /tmp/fakestick_alt +sudo mount -t vfat "/dev/"$CREATED_DEVICE_2"1" /tmp/fakestick_alt -o rw,umask=0000 diff --git a/tests/can-actually-be-used/run-tests.sh b/tests/can-actually-be-used/run-tests.sh index 05d6603f..c21e6aaf 100755 --- a/tests/can-actually-be-used/run-tests.sh +++ b/tests/can-actually-be-used/run-tests.sh @@ -7,8 +7,8 @@ rm -rf /home/`whoami`/.pamusb # Run tests ./test-conf-detects-device.sh && \ -./test-conf-adds-device.sh && \ +./test-conf-adds-devices.sh && \ ./test-conf-adds-user.sh && \ -./test-conf-doesnt-add-user-twice.sh && \ +./test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh && \ ./test-check-verify-created-config.sh && \ ./test-agent-properly-triggers.sh diff --git a/tests/can-actually-be-used/test-conf-adds-device.sh b/tests/can-actually-be-used/test-conf-adds-device.sh deleted file mode 100755 index f3cfbe5e..00000000 --- a/tests/can-actually-be-used/test-conf-adds-device.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/bash -echo -e "Test:\t\t\tpamusb-conf properly add device(s)" -echo -en "pamusb-conf output:\t" # to fake the unhideable python output as expected output :P -sudo pamusb-conf --add-device=test --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "File-Stor Gadget" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file diff --git a/tests/can-actually-be-used/test-conf-detects-device.sh b/tests/can-actually-be-used/test-conf-detects-device.sh index 4a51dd14..aaffbcc6 100755 --- a/tests/can-actually-be-used/test-conf-detects-device.sh +++ b/tests/can-actually-be-used/test-conf-detects-device.sh @@ -1,4 +1,6 @@ #!/usr/bin/bash echo -e "Test:\t\t\tpamusb-conf properly detects device(s)" -echo -en "pamusb-conf output:\t" # to fake the unhideable python output as expected output :P -pamusb-conf --list-devices 2>/dev/null | grep "Linux File-Stor Gadget (1234567890)" && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file +echo -en "pamusb-conf output (first device):\t" # to fake the unhideable python output as expected output :P +pamusb-conf --list-devices 2>/dev/null | grep "Linux FirstStick (1234567890)" && echo -e "Result:\t\t\tPASSED!" || exit 1 +echo -en "pamusb-conf output (first device):\t" # to fake the unhideable python output as expected output :P +pamusb-conf --list-devices 2>/dev/null | grep "Linux SecondStick (1234567891)" && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file diff --git a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice.sh b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice.sh deleted file mode 100755 index 3760509b..00000000 --- a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/bash - -# @todo: this will fail if other devices are present. its missing a step to actually determine the number used internally -# @todo: check if the numbering used in debconf is correct after all - -echo -e "Test:\t\t\tpamusb-conf doesn't add user(s) twice" -sudo pamusb-conf --add-user=`whoami` --device=0 --yes | grep "already added" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file diff --git a/tests/can-actually-be-used/umount-image.sh b/tests/can-actually-be-used/umount-image.sh index 33bd3e12..a2931f95 100755 --- a/tests/can-actually-be-used/umount-image.sh +++ b/tests/can-actually-be-used/umount-image.sh @@ -1,8 +1,11 @@ #!/usr/bin/bash sync && sync && sync sudo umount /tmp/fakestick +sudo umount /tmp/fakestick_alt sudo modprobe -r g_mass_storage rm virtual_usb.img +rm virtual_usb_alt.img rm -rf /tmp/fakestick +rm -rf /tmp/fakestick_alt rm -rf /home/`whoami`/.pamusb From d71b610d76ea02d00a6f2fe87344070a3582c114 Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:14:36 +0200 Subject: [PATCH 24/46] #31: We cant load the mod 2x, so adjust tests accordingly --- tests/can-actually-be-used/mount-image.sh | 17 ----------------- .../test-conf-adds-devices.sh | 4 ++++ ...add-user-twice-but-adds-a-second-device.sh | 19 +++++++++++++++++++ tests/can-actually-be-used/umount-image.sh | 3 --- 4 files changed, 23 insertions(+), 20 deletions(-) create mode 100755 tests/can-actually-be-used/test-conf-adds-devices.sh create mode 100755 tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh diff --git a/tests/can-actually-be-used/mount-image.sh b/tests/can-actually-be-used/mount-image.sh index 487bd33a..6469a1fd 100755 --- a/tests/can-actually-be-used/mount-image.sh +++ b/tests/can-actually-be-used/mount-image.sh @@ -18,20 +18,3 @@ sudo mkfs.vfat "/dev/"$CREATED_DEVICE"1" # Create mountpoint and mount fake stick mkdir -p /tmp/fakestick sudo mount -t vfat "/dev/"$CREATED_DEVICE"1" /tmp/fakestick -o rw,umask=0000 - -# Load module with second image -sudo modprobe g_mass_storage file=./virtual_usb_alt.img stall=0 removable=y iSerialNumber=1234567891 iProduct=SecondStick -echo "Info: sleeping 5s to ensure kernel picks up our new device..." -sleep 5 - -# Determine device id, create partition and format it -CREATED_DEVICE_2=$(lsblk | grep 16M | awk '{ print $1 }') -echo "Info: fake device registered as /dev/$CREATED_DEVICE_2" -echo "Info: creating partition..." -echo 'type=83' | sudo sfdisk /dev/$CREATED_DEVICE_2 -echo "Info: formatting partition as vfat..." -sudo mkfs.vfat "/dev/"$CREATED_DEVICE_2"1" - -# Create mountpoint and mount alt fake stick -mkdir -p /tmp/fakestick_alt -sudo mount -t vfat "/dev/"$CREATED_DEVICE_2"1" /tmp/fakestick_alt -o rw,umask=0000 diff --git a/tests/can-actually-be-used/test-conf-adds-devices.sh b/tests/can-actually-be-used/test-conf-adds-devices.sh new file mode 100755 index 00000000..3e735438 --- /dev/null +++ b/tests/can-actually-be-used/test-conf-adds-devices.sh @@ -0,0 +1,4 @@ +#!/usr/bin/bash +echo -e "Test:\t\t\tpamusb-conf properly add device(s)" +echo -en "pamusb-conf output:\t" # to fake the unhideable python output as expected output :P +sudo pamusb-conf --add-device=test --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "FirstStick" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file diff --git a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh new file mode 100755 index 00000000..24f26413 --- /dev/null +++ b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh @@ -0,0 +1,19 @@ +#!/usr/bin/bash + +echo -e "Test:\t\t\tpamusb-conf doesn't add user(s) twice, but it adds a second device for an existing user" + +# "unplug" virtual usb +sync && sync && sync +sudo umount /tmp/fakestick +sudo modprobe -r g_mass_storage || exit 1 +sleep 10 + +# "plug" another virtual usb +sudo modprobe g_mass_storage file=./virtual_usb.img stall=0 removable=y iSerialNumber=1234567891 iProduct=SecondStick || exit 1 +sleep 10 + +echo -en "pamusb-conf --add-device output:\t" # to fake the unhideable python output as expected output :P +sudo pamusb-conf --add-device=test2 --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "SecondStick" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 + +echo -en "pamusb-conf --add-user output:\t" # to fake the unhideable python output as expected output :P +sudo pamusb-conf --add-user=`whoami` --device=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "SecondStick" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 diff --git a/tests/can-actually-be-used/umount-image.sh b/tests/can-actually-be-used/umount-image.sh index a2931f95..33bd3e12 100755 --- a/tests/can-actually-be-used/umount-image.sh +++ b/tests/can-actually-be-used/umount-image.sh @@ -1,11 +1,8 @@ #!/usr/bin/bash sync && sync && sync sudo umount /tmp/fakestick -sudo umount /tmp/fakestick_alt sudo modprobe -r g_mass_storage rm virtual_usb.img -rm virtual_usb_alt.img rm -rf /tmp/fakestick -rm -rf /tmp/fakestick_alt rm -rf /home/`whoami`/.pamusb From 3ab225056382f203bc27243f00af1af76e2e649f Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:16:51 +0200 Subject: [PATCH 25/46] #31: Rename add-device back, since it only adds a single device --- tests/can-actually-be-used/run-tests.sh | 2 +- .../{test-conf-adds-devices.sh => test-conf-adds-device.sh} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename tests/can-actually-be-used/{test-conf-adds-devices.sh => test-conf-adds-device.sh} (100%) diff --git a/tests/can-actually-be-used/run-tests.sh b/tests/can-actually-be-used/run-tests.sh index c21e6aaf..b10d6486 100755 --- a/tests/can-actually-be-used/run-tests.sh +++ b/tests/can-actually-be-used/run-tests.sh @@ -7,7 +7,7 @@ rm -rf /home/`whoami`/.pamusb # Run tests ./test-conf-detects-device.sh && \ -./test-conf-adds-devices.sh && \ +./test-conf-adds-device.sh && \ ./test-conf-adds-user.sh && \ ./test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh && \ ./test-check-verify-created-config.sh && \ diff --git a/tests/can-actually-be-used/test-conf-adds-devices.sh b/tests/can-actually-be-used/test-conf-adds-device.sh similarity index 100% rename from tests/can-actually-be-used/test-conf-adds-devices.sh rename to tests/can-actually-be-used/test-conf-adds-device.sh From 78ef7d4ca1dd63cf30cffeee2eda12fa920b182f Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:29:05 +0200 Subject: [PATCH 26/46] #31: Fix detects-device testcase --- tests/can-actually-be-used/test-conf-detects-device.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/can-actually-be-used/test-conf-detects-device.sh b/tests/can-actually-be-used/test-conf-detects-device.sh index aaffbcc6..1ff0d08a 100755 --- a/tests/can-actually-be-used/test-conf-detects-device.sh +++ b/tests/can-actually-be-used/test-conf-detects-device.sh @@ -1,6 +1,4 @@ #!/usr/bin/bash echo -e "Test:\t\t\tpamusb-conf properly detects device(s)" echo -en "pamusb-conf output (first device):\t" # to fake the unhideable python output as expected output :P -pamusb-conf --list-devices 2>/dev/null | grep "Linux FirstStick (1234567890)" && echo -e "Result:\t\t\tPASSED!" || exit 1 -echo -en "pamusb-conf output (first device):\t" # to fake the unhideable python output as expected output :P -pamusb-conf --list-devices 2>/dev/null | grep "Linux SecondStick (1234567891)" && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file +pamusb-conf --list-devices 2>/dev/null | grep "Linux File-Stor Gadget (1234567890)" && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file From b1947cdf8a026975560d91727e64b14446e0ea0c Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:37:12 +0200 Subject: [PATCH 27/46] #31: More test fixes --- tests/can-actually-be-used/test-conf-adds-device.sh | 2 +- tests/can-actually-be-used/test-conf-detects-device.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/can-actually-be-used/test-conf-adds-device.sh b/tests/can-actually-be-used/test-conf-adds-device.sh index 3e735438..e58df4d4 100755 --- a/tests/can-actually-be-used/test-conf-adds-device.sh +++ b/tests/can-actually-be-used/test-conf-adds-device.sh @@ -1,4 +1,4 @@ #!/usr/bin/bash echo -e "Test:\t\t\tpamusb-conf properly add device(s)" echo -en "pamusb-conf output:\t" # to fake the unhideable python output as expected output :P -sudo pamusb-conf --add-device=test --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "FirstStick" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file +sudo pamusb-conf --add-device=test --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "1324567890" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file diff --git a/tests/can-actually-be-used/test-conf-detects-device.sh b/tests/can-actually-be-used/test-conf-detects-device.sh index 1ff0d08a..4a51dd14 100755 --- a/tests/can-actually-be-used/test-conf-detects-device.sh +++ b/tests/can-actually-be-used/test-conf-detects-device.sh @@ -1,4 +1,4 @@ #!/usr/bin/bash echo -e "Test:\t\t\tpamusb-conf properly detects device(s)" -echo -en "pamusb-conf output (first device):\t" # to fake the unhideable python output as expected output :P +echo -en "pamusb-conf output:\t" # to fake the unhideable python output as expected output :P pamusb-conf --list-devices 2>/dev/null | grep "Linux File-Stor Gadget (1234567890)" && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file From 50d86f4f5b868fafa4009382a28787d3d1e02971 Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:39:31 +0200 Subject: [PATCH 28/46] #31: Moremore test fixes --- tests/can-actually-be-used/test-conf-adds-device.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/can-actually-be-used/test-conf-adds-device.sh b/tests/can-actually-be-used/test-conf-adds-device.sh index e58df4d4..28dcec22 100755 --- a/tests/can-actually-be-used/test-conf-adds-device.sh +++ b/tests/can-actually-be-used/test-conf-adds-device.sh @@ -1,4 +1,4 @@ #!/usr/bin/bash echo -e "Test:\t\t\tpamusb-conf properly add device(s)" echo -en "pamusb-conf output:\t" # to fake the unhideable python output as expected output :P -sudo pamusb-conf --add-device=test --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "1324567890" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file +sudo pamusb-conf --add-device=test --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "1234567890" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file From 9615cb02d6d5e2d599acf6bed2ed2bc635c3f21b Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:43:23 +0200 Subject: [PATCH 29/46] #31: Moar test fixes --- ...est-conf-doesnt-add-user-twice-but-adds-a-second-device.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh index 24f26413..de526f29 100755 --- a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh +++ b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh @@ -13,7 +13,7 @@ sudo modprobe g_mass_storage file=./virtual_usb.img stall=0 removable=y iSerialN sleep 10 echo -en "pamusb-conf --add-device output:\t" # to fake the unhideable python output as expected output :P -sudo pamusb-conf --add-device=test2 --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "SecondStick" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 +sudo pamusb-conf --add-device=test2 --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "1234567891" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 echo -en "pamusb-conf --add-user output:\t" # to fake the unhideable python output as expected output :P -sudo pamusb-conf --add-user=`whoami` --device=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "SecondStick" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 +sudo pamusb-conf --add-user=`whoami` --device=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "test2" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 From 7d3da0b855ec1eea652870401bfb9206215f0cac Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 18:48:04 +0200 Subject: [PATCH 30/46] #31: Moarmoar test fixes --- .../test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh index de526f29..0c6a158d 100755 --- a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh +++ b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh @@ -16,4 +16,4 @@ echo -en "pamusb-conf --add-device output:\t" # to fake the unhideable python ou sudo pamusb-conf --add-device=test2 --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "1234567891" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 echo -en "pamusb-conf --add-user output:\t" # to fake the unhideable python output as expected output :P -sudo pamusb-conf --add-user=`whoami` --device=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "test2" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 +sudo pamusb-conf --add-user=`whoami` --device=1 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "test2" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 From 68504d78bb336a51a939944c1e550af21ac06ac8 Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 19:04:12 +0200 Subject: [PATCH 31/46] #31: Get some debug output --- tests/can-actually-be-used/test-check-verify-created-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/can-actually-be-used/test-check-verify-created-config.sh b/tests/can-actually-be-used/test-check-verify-created-config.sh index 2217f00a..dd0b0393 100755 --- a/tests/can-actually-be-used/test-check-verify-created-config.sh +++ b/tests/can-actually-be-used/test-check-verify-created-config.sh @@ -1,4 +1,4 @@ #!/usr/bin/bash echo -e "Test:\t\t\tpamusb-check verifies the config previous tests created / reports granted" -pamusb-check `whoami` 2>&1 && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file +pamusb-check --debug `whoami` && echo -e "Result:\t\t\tPASSED!" || exit 1 \ No newline at end of file From 869a1010f7efe9b4b8c5d0f9676adcc15b6a258b Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 29 Aug 2022 19:08:04 +0200 Subject: [PATCH 32/46] #31: Manually mount alternate stick --- .../test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh index 0c6a158d..484e8014 100755 --- a/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh +++ b/tests/can-actually-be-used/test-conf-doesnt-add-user-twice-but-adds-a-second-device.sh @@ -11,6 +11,8 @@ sleep 10 # "plug" another virtual usb sudo modprobe g_mass_storage file=./virtual_usb.img stall=0 removable=y iSerialNumber=1234567891 iProduct=SecondStick || exit 1 sleep 10 +CREATED_DEVICE=$(lsblk | grep 16M | awk '{ print $1 }') +sudo mount -t vfat "/dev/"$CREATED_DEVICE"1" /tmp/fakestick -o rw,umask=0000 echo -en "pamusb-conf --add-device output:\t" # to fake the unhideable python output as expected output :P sudo pamusb-conf --add-device=test2 --device=0 --volume=0 --yes | grep "Done" && cat /etc/security/pam_usb.conf | grep "1234567891" > /dev/null && echo -e "Result:\t\t\tPASSED!" || exit 1 From 6a30c3dc607c8224d16459c268507c96e79f980d Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 7 Jan 2024 21:56:29 +0100 Subject: [PATCH 33/46] =?UTF-8?q?=C3=A431:=20Misc?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/conf.c | 17 ++++++++++++++++- src/device.c | 10 +++++----- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/src/conf.c b/src/conf.c index 4e004c3b..60a7808d 100644 --- a/src/conf.c +++ b/src/conf.c @@ -193,12 +193,17 @@ int pusb_conf_parse( log_error("No authentication device(s) configured for user \"%s\".\n", user); xmlFreeDoc(doc); xmlCleanupParser(); + + for (int currentDevice = 0; currentDevice < 10; currentDevice++) + { + xfree(device_list[currentDevice]); + } return (0); } for (int currentDevice = 0; currentDevice < 10; currentDevice++) { - log_error("DBG: currentDevice: %d, strnlen: %d, value: %s\n", currentDevice, strnlen(device_list[currentDevice], 128), device_list[currentDevice]); + log_error("DBG: currentDevice: %d, strnlen: %d, value: %s\n", currentDevice, (int) strnlen(device_list[currentDevice], 128), device_list[currentDevice]); if (device_list[currentDevice] == NULL || strnlen(device_list[currentDevice], 128) == 0) { continue; @@ -215,9 +220,19 @@ int pusb_conf_parse( { xmlFreeDoc(doc); xmlCleanupParser(); + + for (int currentDevice = 0; currentDevice < 10; currentDevice++) + { + xfree(device_list[currentDevice]); + } return (0); } xmlFreeDoc(doc); xmlCleanupParser(); + + for (int currentDevice = 0; currentDevice < 10; currentDevice++) + { + xfree(device_list[currentDevice]); + } return (1); } diff --git a/src/device.c b/src/device.c index ec00a53d..150ed40d 100644 --- a/src/device.c +++ b/src/device.c @@ -64,11 +64,11 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) g_object_unref(drive); if (retval) { - strncpy(opts->device.name, opts->device_list[currentDevice].name, sizeof(opts->device_list[currentDevice].name)); - strncpy(opts->device.vendor, opts->device_list[currentDevice].vendor, sizeof(opts->device_list[currentDevice].vendor)); - strncpy(opts->device.model, opts->device_list[currentDevice].model, sizeof(opts->device_list[currentDevice].model)); - strncpy(opts->device.serial, opts->device_list[currentDevice].serial, sizeof(opts->device_list[currentDevice].serial)); - strncpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid, sizeof(opts->device_list[currentDevice].volume_uuid)); + strcpy(opts->device.name, opts->device_list[currentDevice].name); + strcpy(opts->device.vendor, opts->device_list[currentDevice].vendor, sizeof(opts->device_list[currentDevice].vendor)); + strcpy(opts->device.model, opts->device_list[currentDevice].model, sizeof(opts->device_list[currentDevice].model)); + strcpy(opts->device.serial, opts->device_list[currentDevice].serial, sizeof(opts->device_list[currentDevice].serial)); + strcpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid, sizeof(opts->device_list[currentDevice].volume_uuid)); currentDevice = 11; break; } From 35fbd34279b13546878efd01574951f4285efd60 Mon Sep 17 00:00:00 2001 From: McDope Date: Mon, 8 Jan 2024 19:47:25 +0100 Subject: [PATCH 34/46] #31: Misc --- src/conf.c | 6 +++--- src/device.c | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/conf.c b/src/conf.c index 60a7808d..eac9f7e2 100644 --- a/src/conf.c +++ b/src/conf.c @@ -203,13 +203,13 @@ int pusb_conf_parse( for (int currentDevice = 0; currentDevice < 10; currentDevice++) { - log_error("DBG: currentDevice: %d, strnlen: %d, value: %s\n", currentDevice, (int) strnlen(device_list[currentDevice], 128), device_list[currentDevice]); - if (device_list[currentDevice] == NULL || strnlen(device_list[currentDevice], 128) == 0) + log_error("DBG: currentDevice: %d, strlen: %d, value: %s\n", currentDevice, (int) strlen(device_list[currentDevice]), device_list[currentDevice]); + if (device_list[currentDevice] == NULL || strlen(device_list[currentDevice]) == 0) { continue; } - strncpy(opts->device_list[currentDevice].name, device_list[currentDevice], strnlen(device_list[currentDevice], 128)); + strcpy(opts->device_list[currentDevice].name, device_list[currentDevice]); pusb_conf_parse_device(opts, doc, currentDevice, device_list[currentDevice]); log_error("DBG: found device\n"); log_error("DBG: name: %s\n", opts->device_list[currentDevice].name); diff --git a/src/device.c b/src/device.c index 150ed40d..475c49f2 100644 --- a/src/device.c +++ b/src/device.c @@ -65,10 +65,10 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) g_object_unref(drive); if (retval) { strcpy(opts->device.name, opts->device_list[currentDevice].name); - strcpy(opts->device.vendor, opts->device_list[currentDevice].vendor, sizeof(opts->device_list[currentDevice].vendor)); - strcpy(opts->device.model, opts->device_list[currentDevice].model, sizeof(opts->device_list[currentDevice].model)); - strcpy(opts->device.serial, opts->device_list[currentDevice].serial, sizeof(opts->device_list[currentDevice].serial)); - strcpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid, sizeof(opts->device_list[currentDevice].volume_uuid)); + strcpy(opts->device.vendor, opts->device_list[currentDevice].vendor); + strcpy(opts->device.model, opts->device_list[currentDevice].model); + strcpy(opts->device.serial, opts->device_list[currentDevice].serial); + strcpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid); currentDevice = 11; break; } From c4aa26d68ca5831be0f41a175e9212a5121c96c1 Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 31 Mar 2024 12:46:38 +0200 Subject: [PATCH 35/46] #31: Update todos --- tools/pamusb-agent | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 08495811..4ab4a535 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -209,13 +209,13 @@ def userDeviceThread(user): } ) - # @todo: adjust for multiple devices here + # @todo: adjust for multiple devices here, should be an array of devices deviceName = user.find('device').text.strip() devices = doc.findall("devices/device") deviceOK = False for device in devices: - if device.get('id') == deviceName: + if device.get('id') == deviceName: # should loop all devices and monitor them all, no part should be devicename bound deviceOK = True break From 1aca921186194349153685885539cc64dd9c22b0 Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 14 Jul 2024 12:20:29 +0200 Subject: [PATCH 36/46] #31: Fix merge derp, make it actually work again --- src/conf.c | 7 +++++-- src/device.c | 2 ++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 58e36bd7..47f41db1 100644 --- a/src/conf.c +++ b/src/conf.c @@ -119,12 +119,12 @@ static int pusb_conf_parse_device( pusb_conf_device_get_property(opts, doc, "vendor", opts->device_list[deviceIndex].vendor, sizeof(opts->device_list[deviceIndex].vendor), deviceId); pusb_conf_device_get_property(opts, doc, "model", opts->device_list[deviceIndex].model, sizeof(opts->device_list[deviceIndex].model), deviceId); - if (!pusb_conf_device_get_property(opts, doc, "serial", opts->device.serial, sizeof(opts->device.serial), deviceId)) + if (!pusb_conf_device_get_property(opts, doc, "serial", opts->device_list[deviceIndex].serial, sizeof(opts->device_list[deviceIndex].serial), deviceId)) { return 0; } - pusb_conf_device_get_property(opts, doc, "volume_uuid", opts->device.volume_uuid, sizeof(opts->device.volume_uuid), deviceId); + pusb_conf_device_get_property(opts, doc, "volume_uuid", opts->device_list[deviceIndex].volume_uuid, sizeof(opts->device_list[deviceIndex].volume_uuid), deviceId); return 1; } @@ -221,6 +221,9 @@ int pusb_conf_parse( log_error("DBG: found device\n"); log_error("DBG: name: %s\n", opts->device_list[currentDevice].name); log_error("DBG: vendor: %s\n", opts->device_list[currentDevice].vendor); + log_error("DBG: model: %s\n", opts->device_list[currentDevice].model); + log_error("DBG: serial: %s\n", opts->device_list[currentDevice].serial); + log_error("DBG: volume_uuid: %s\n", opts->device_list[currentDevice].volume_uuid); } if (!pusb_conf_parse_options(opts, doc, user, service)) diff --git a/src/device.c b/src/device.c index ad500fca..0a9dba3d 100644 --- a/src/device.c +++ b/src/device.c @@ -44,6 +44,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) log_error("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); + log_debug("Found %d drives to check/iterate...\n", g_list_length(objects)); for (i = 0; i < g_list_length(objects); ++i) { object = UDISKS_OBJECT(g_list_nth(objects, i)->data); @@ -51,6 +52,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) { drive = udisks_object_get_drive(object); retval = strcmp(udisks_drive_get_serial(drive), opts->device_list[currentDevice].serial) == 0; + log_debug("Looking for serial '%s', found '%s'...\n", opts->device_list[currentDevice].serial, udisks_drive_get_serial(drive)); if (strcmp(opts->device_list[currentDevice].vendor, "Generic") != 0) { From 914896bbd7894dfe9bc319a5152a93517b9ce31b Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 14 Jul 2024 13:57:28 +0200 Subject: [PATCH 37/46] #31: Start to adjust agent --- tools/pamusb-agent | 68 ++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 30 deletions(-) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 4ab4a535..28d25ce9 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -40,9 +40,10 @@ from gi.repository import GLib, UDisks import xml.etree.ElementTree as et class HotPlugDevice: - def __init__(self, serial): + def __init__(self, serial, name): self.__udi = None self.__serial = serial + self.__name = name self.__callbacks = [] self.__running = False @@ -92,7 +93,7 @@ class HotPlugDevice: return self.__udi = udi if self.__running: - [ cb('added') for cb in self.__callbacks ] + [ cb('added', self.__name) for cb in self.__callbacks ] def __deviceRemoved(self, udi): if self.__udi is None: @@ -101,7 +102,7 @@ class HotPlugDevice: return self.__udi = None if self.__running: - [ cb('removed') for cb in self.__callbacks ] + [ cb('removed', self.__name) for cb in self.__callbacks ] class Log: def __init__(self): @@ -209,24 +210,27 @@ def userDeviceThread(user): } ) - # @todo: adjust for multiple devices here, should be an array of devices - deviceName = user.find('device').text.strip() + device_names = {} + to_watch = {} + + all_devices = doc.findall("devices/device") + user_devices = user.findall("device") + for device in user_devices: + device_names += device.get('id') - devices = doc.findall("devices/device") deviceOK = False - for device in devices: - if device.get('id') == deviceName: # should loop all devices and monitor them all, no part should be devicename bound + for device in all_devices: + if device.get('id') in device_names: + to_watch += {"name": device.get('id'), "serial": device.get('serial')} deviceOK = True - break if not deviceOK: - logger.error('Device %s not found in configuration file.' % deviceName) + logger.error('Device(s) not found in configuration file.') return 1 - serial = device.find('serial').text.strip() resumeTimestamp = datetime.datetime.min - def authChangeCallback(event): + def authChangeCallback(event, deviceName): if event == 'removed': nonlocal resumeTimestamp currentTimestamp = datetime.datetime.now() @@ -268,7 +272,7 @@ def userDeviceThread(user): logger.info('Process exit code: %d' % (process.returncode)) logger.info('Process stdout: %s' % (process.stdout.decode())) logger.info('Process stderr: %s' % (process.stderr.decode())) - + else: logger.info('No commands defined for unlock!') @@ -280,28 +284,32 @@ def userDeviceThread(user): def onSuspendOrResume(start, member=None): nonlocal resumeTimestamp - nonlocal hpDev + nonlocal hpDevs - if start == True: - logger.info('Suspending user "%s"' % (userName)) - resumeTimestamp = datetime.datetime.max - else: - logger.info('Resuming user "%s"' % (userName)) - if hpDev.isDeviceConnected() == True: - logger.info('Device is connected for user "%s", unlocking' % (userName)) - authChangeCallback('added') + for hpDev in hpDevs: + if start == True: + logger.info('Suspending user "%s"' % (userName)) + resumeTimestamp = datetime.datetime.max + else: + logger.info('Resuming user "%s"' % (userName)) + if hpDev.isDeviceConnected() == True: + logger.info('Device %s is connected for user "%s", unlocking' % (hpDev.__name, userName)) + authChangeCallback('added') - resumeTimestamp = datetime.datetime.now() + resumeTimestamp = datetime.datetime.now() login1Interface = login1ManagerDBusIface() for signal in ['PrepareForSleep', 'PrepareForShutdown']: login1Interface.connect_to_signal(signal, onSuspendOrResume, member_keyword='member') - hpDev = HotPlugDevice(serial) - hpDev.addCallback(authChangeCallback) + hpDevs = {} + for watch_this in to_watch: + hpDev = HotPlugDevice(watch_this.get('serial'), watch_this.get('name')) + hpDev.addCallback(authChangeCallback) + hpDevs += hpDev - logger.info('Watching device "%s" for user "%s"' % (deviceName, userName)) - hpDev.run() + logger.info('Watching device "%s" for user "%s"' % (watch_this.get('name'), userName)) + hpDev.run() udisks = UDisks.Client.new_sync() udisksObjectManager = udisks.get_object_manager() @@ -356,10 +364,10 @@ if options['daemon'] and os.fork(): sys.exit(0) def sig_handler(sig, frame): - logger.info('Stopping agent.') - sys.exit(0) + logger.info('Stopping agent.') + sys.exit(0) sys_signals = ['SIGINT', 'SIGTERM', 'SIGTSTP', 'SIGTTIN', 'SIGTTOU'] for i in sys_signals: - signal.signal(getattr(signal, i), sig_handler) + signal.signal(getattr(signal, i), sig_handler) From d2af4a4d191b8fb2be5d684ee9486a7f9d71bcfd Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 14 Jul 2024 15:37:11 +0200 Subject: [PATCH 38/46] #31: Continue work on agent [WIP/Broken] --- tools/pamusb-agent | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 28d25ce9..672aa841 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -210,21 +210,30 @@ def userDeviceThread(user): } ) - device_names = {} - to_watch = {} + devices_for_user = [] + to_watch = [] all_devices = doc.findall("devices/device") + logger.info('Found %d devices available for configuration.' % len(all_devices)) + user_devices = user.findall("device") + logger.info('Found %d devices configured for user.' % len(user_devices)) for device in user_devices: - device_names += device.get('id') + devices_for_user.append(device.text) + logger.info('devices_for_users: %s' % devices_for_user) + logger.info('Got all device data and configured devices for user, now creating watch list...') deviceOK = False for device in all_devices: - if device.get('id') in device_names: - to_watch += {"name": device.get('id'), "serial": device.get('serial')} + logger.info('Iterating all devices to find data for user devices...') + if device.get('id') in devices_for_user: + logger.info('Found a valid device for user "%s", adding to watchlist.' % userName) + to_watch.append({"name": device.get('id'), "serial": device.findtext('serial')}) deviceOK = True + else: + logger.info('Device "%s" is not valid for user' % device.get('id')) - if not deviceOK: + if not deviceOK or len(to_watch) == 0: logger.error('Device(s) not found in configuration file.') return 1 @@ -298,18 +307,24 @@ def userDeviceThread(user): resumeTimestamp = datetime.datetime.now() + logger.info('Binding to signals...') login1Interface = login1ManagerDBusIface() for signal in ['PrepareForSleep', 'PrepareForShutdown']: login1Interface.connect_to_signal(signal, onSuspendOrResume, member_keyword='member') - hpDevs = {} + logger.info('Setting up HotPlugDevices for configured %d user devices...' % (len(to_watch))) + hpDevs = [] for watch_this in to_watch: + logger.info('Creating hpDev for device "%s" with serial "%s"...' % (watch_this.get('name'), watch_this.get('serial'))) + hpDev = HotPlugDevice(watch_this.get('serial'), watch_this.get('name')) hpDev.addCallback(authChangeCallback) - hpDevs += hpDev logger.info('Watching device "%s" for user "%s"' % (watch_this.get('name'), userName)) - hpDev.run() + hpDev.run() # @todo: asap as run() is called the loop doesnt continue anymore + hpDevs.append(hpDev) + + logger.info('All HotPlugDevices created.') udisks = UDisks.Client.new_sync() udisksObjectManager = udisks.get_object_manager() From 256c630f8d409687ee7a2d6e5d0a420728802a50 Mon Sep 17 00:00:00 2001 From: McDope Date: Sun, 14 Jul 2024 21:56:46 +0200 Subject: [PATCH 39/46] #31: [agent] Start a thread for each device --- tools/pamusb-agent | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 672aa841..9e826f2e 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -314,6 +314,7 @@ def userDeviceThread(user): logger.info('Setting up HotPlugDevices for configured %d user devices...' % (len(to_watch))) hpDevs = [] + threads = [] for watch_this in to_watch: logger.info('Creating hpDev for device "%s" with serial "%s"...' % (watch_this.get('name'), watch_this.get('serial'))) @@ -321,7 +322,11 @@ def userDeviceThread(user): hpDev.addCallback(authChangeCallback) logger.info('Watching device "%s" for user "%s"' % (watch_this.get('name'), userName)) - hpDev.run() # @todo: asap as run() is called the loop doesnt continue anymore + + thread = threading.Thread(target=hpDev.run) + thread.start() + + threads.append(thread) hpDevs.append(hpDev) logger.info('All HotPlugDevices created.') From 0b2d52bd070f05b101a78391828be4ae9dc07855 Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 16 Jul 2024 19:32:36 +0200 Subject: [PATCH 40/46] #31: [agent] Only react to event if no other device is connected for currect user --- tools/pamusb-agent | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 9e826f2e..50a27614 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -63,6 +63,9 @@ class HotPlugDevice: return False + def getWatchedDeviceName(self): + return self.__name + def __scanDevices(self): for udi in udisksObjectManager.get_objects(): if udi.get_block(): @@ -240,6 +243,13 @@ def userDeviceThread(user): resumeTimestamp = datetime.datetime.min def authChangeCallback(event, deviceName): + nonlocal hpDevs + + for otherDeviceThread in hpDevs: + if not otherDeviceThread.getWatchedDeviceName() == deviceName and otherDeviceThread.isDeviceConnected(): + logger.info('Device "%s" removed or plugged but another one is connected anyway, ignoring' % deviceName) + return + if event == 'removed': nonlocal resumeTimestamp currentTimestamp = datetime.datetime.now() From 97037bde41483e9bab74e0d8630777443f10a64d Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 16 Jul 2024 19:39:14 +0200 Subject: [PATCH 41/46] #31: [Tests] Give more time for unlock event --- tests/can-actually-be-used/test-agent-properly-triggers.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/can-actually-be-used/test-agent-properly-triggers.sh b/tests/can-actually-be-used/test-agent-properly-triggers.sh index 1d8f7ea2..4ed675cc 100755 --- a/tests/can-actually-be-used/test-agent-properly-triggers.sh +++ b/tests/can-actually-be-used/test-agent-properly-triggers.sh @@ -13,12 +13,12 @@ sleep 5 # make sure agent is up sync && sync && sync sudo umount /tmp/fakestick sudo modprobe -r g_mass_storage || exit 1 -sleep 10 +sleep 20 sudo tail -n 200 /var/log/auth.log | grep "pamusb-agent\[" | grep "has been removed, locking down user" > /dev/null && echo -e "\t\t\t\tLock event found" || { echo -e "\t\t\t\tNo lock event found!"; exit 1; } # "plug" virtual usb sudo modprobe g_mass_storage file=./virtual_usb.img stall=0 removable=y iSerialNumber=1234567890 || exit 1 -sleep 10 +sleep 20 sudo tail -n 200 /var/log/auth.log | grep "pamusb-agent\[" | grep "Authentication succeeded. Unlocking user" > /dev/null && echo -e "\t\t\t\tUnlock event found" || { echo -e "\t\t\t\tNo unlock event found!"; exit 1; } # Disable agent again From 5dc323c96f90abbcaf82efce04f655a5ccff2fef Mon Sep 17 00:00:00 2001 From: McDope Date: Tue, 16 Jul 2024 20:08:36 +0200 Subject: [PATCH 42/46] #31: Run deepseek-coder-v2 over changed C files --- src/device.c | 20 +++++++------- src/xpath.c | 78 +++++++++++++++++++++++++++++++++------------------- 2 files changed, 59 insertions(+), 39 deletions(-) diff --git a/src/device.c b/src/device.c index 0a9dba3d..a7cf0db8 100644 --- a/src/device.c +++ b/src/device.c @@ -31,7 +31,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) GDBusObjectManager *manager = udisks_client_get_object_manager(udisks); GList *objects = g_dbus_object_manager_get_objects(manager); int retval = 0; - int i; + int i; UDisksObject *object = NULL; UDisksDrive *drive = NULL; @@ -44,7 +44,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) log_error("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); - log_debug("Found %d drives to check/iterate...\n", g_list_length(objects)); + log_debug("Found %d drives to check/iterate...\n", g_list_length(objects)); for (i = 0; i < g_list_length(objects); ++i) { object = UDISKS_OBJECT(g_list_nth(objects, i)->data); @@ -52,7 +52,7 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) { drive = udisks_object_get_drive(object); retval = strcmp(udisks_drive_get_serial(drive), opts->device_list[currentDevice].serial) == 0; - log_debug("Looking for serial '%s', found '%s'...\n", opts->device_list[currentDevice].serial, udisks_drive_get_serial(drive)); + log_debug("Looking for serial '%s', found '%s'...\n", opts->device_list[currentDevice].serial, udisks_drive_get_serial(drive)); if (strcmp(opts->device_list[currentDevice].vendor, "Generic") != 0) { @@ -66,12 +66,12 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) g_object_unref(drive); if (retval) { - strcpy(opts->device.name, opts->device_list[currentDevice].name); - strcpy(opts->device.vendor, opts->device_list[currentDevice].vendor); - strcpy(opts->device.model, opts->device_list[currentDevice].model); - strcpy(opts->device.serial, opts->device_list[currentDevice].serial); - strcpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid); - currentDevice = 11; + strncpy(opts->device.name, opts->device_list[currentDevice].name, sizeof(opts->device.name) - 1); + strncpy(opts->device.vendor, opts->device_list[currentDevice].vendor, sizeof(opts->device.vendor) - 1); + strncpy(opts->device.model, opts->device_list[currentDevice].model, sizeof(opts->device.model) - 1); + strncpy(opts->device.serial, opts->device_list[currentDevice].serial, sizeof(opts->device.serial) - 1); + strncpy(opts->device.volume_uuid, opts->device_list[currentDevice].volume_uuid, sizeof(opts->device.volume_uuid) - 1); + currentDevice = 10; break; } } @@ -106,7 +106,7 @@ int pusb_device_check(t_pusb_options *opts, const char *user) if (udisks_client_error != NULL) { log_error("Unable to check for device, could not get UDisksClient! Error was: %s\n", udisks_client_error->message); - g_error_free (udisks_client_error); + g_error_free(udisks_client_error); return (0); } diff --git a/src/xpath.c b/src/xpath.c index 5e8fd95d..6a8ce2a2 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -31,21 +31,21 @@ static xmlXPathObject *pusb_xpath_match(xmlDocPtr doc, const char *path) if (context == NULL) { log_error("Unable to create XML context\n"); - return (NULL); + return NULL; } result = xmlXPathEvalExpression((xmlChar *)path, context); xmlXPathFreeContext(context); if (result == NULL) { log_error("Error in xmlXPathEvalExpression\n"); - return (NULL); + return NULL; } if (xmlXPathNodeSetIsEmpty(result->nodesetval)) { xmlXPathFreeObject(result); - return (NULL); + return NULL; } - return (result); + return result; } static int pusb_xpath_strip_string(char *dest, const char *src, size_t size) @@ -71,18 +71,18 @@ static int pusb_xpath_strip_string(char *dest, const char *src, size_t size) if (first_char == -1 || last_char == -1) { - return (0); + return 0; } if ((last_char - first_char) > (size - 1)) { log_error("Device name is too long: %s", src); - return (0); + return 0; } memset(dest, 0x0, size); strncpy(dest, &(src[first_char]), last_char - first_char + 1); - return (1); + return 1; } int pusb_xpath_get_string( @@ -98,14 +98,14 @@ int pusb_xpath_get_string( if (!(result = pusb_xpath_match(doc, path))) { - return (0); + return 0; } if (result->nodesetval->nodeNr > 1) { xmlXPathFreeObject(result); log_debug("Syntax error: %s: more than one record found\n", path); - return (0); + return 0; } node = result->nodesetval->nodeTab[0]->xmlChildrenNode; @@ -114,18 +114,18 @@ int pusb_xpath_get_string( { xmlXPathFreeObject(result); log_debug("Empty value for %s\n", path); - return (0); + return 0; } if (!pusb_xpath_strip_string(value, (const char *)result_string, size)) { xmlFree(result_string); xmlXPathFreeObject(result); log_debug("Result for %s (%s) is too long (max: %d)\n", path, (const char *)result_string, size); - return (0); + return 0; } xmlFree(result_string); xmlXPathFreeObject(result); - return (1); + return 1; } int pusb_xpath_get_string_list( @@ -141,7 +141,7 @@ int pusb_xpath_get_string_list( if (!(result = pusb_xpath_match(doc, path))) { - return (0); + return 0; } log_error("DBG: Found %d devices for user\n", result->nodesetval->nodeNr); @@ -150,7 +150,7 @@ int pusb_xpath_get_string_list( log_error("DBG: result %d\n", currentResult); node = result->nodesetval->nodeTab[currentResult]->xmlChildrenNode; result_string = xmlNodeListGetString(doc, node, 1); - if (!result_string || strcmp("", (char *) result_string) == 0) + if (!result_string || strcmp("", (char *)result_string) == 0) { log_debug("Empty value for %s\n", path); continue; @@ -166,7 +166,7 @@ int pusb_xpath_get_string_list( xmlFree(result_string); xmlXPathFreeObject(result); - return (1); + return 1; } int pusb_xpath_get_string_from( @@ -183,6 +183,11 @@ int pusb_xpath_get_string_from( xpath_size = strlen(base) + strlen(path) + 1; xpath = xmalloc(xpath_size); + if (xpath == NULL) + { + log_error("Memory allocation failed\n"); + return 0; + } memset(xpath, 0x00, xpath_size); snprintf(xpath, xpath_size, "%s%s", base, path); retval = pusb_xpath_get_string(doc, xpath, value, size); @@ -192,7 +197,7 @@ int pusb_xpath_get_string_from( } xfree(xpath); - return (retval); + return retval; } int pusb_xpath_get_bool(xmlDocPtr doc, const char *path, int *value) @@ -201,23 +206,23 @@ int pusb_xpath_get_bool(xmlDocPtr doc, const char *path, int *value) if (!pusb_xpath_get_string(doc, path, ret, sizeof(ret))) { - return (0); + return 0; } if (!strcmp(ret, "true")) { *value = 1; - return (1); + return 1; } if (!strcmp(ret, "false")) { *value = 0; - return (1); + return 1; } log_debug("Expecting a boolean, got %s\n", ret); - return (0); + return 0; } int pusb_xpath_get_bool_from( @@ -233,11 +238,16 @@ int pusb_xpath_get_bool_from( xpath_size = strlen(base) + strlen(path) + 1; xpath = xmalloc(xpath_size); + if (xpath == NULL) + { + log_error("Memory allocation failed\n"); + return 0; + } memset(xpath, 0x00, xpath_size); snprintf(xpath, xpath_size, "%s%s", base, path); retval = pusb_xpath_get_bool(doc, xpath, value); xfree(xpath); - return (retval); + return retval; } int pusb_xpath_get_time(xmlDocPtr doc, const char *path, time_t *value) @@ -248,7 +258,7 @@ int pusb_xpath_get_time(xmlDocPtr doc, const char *path, time_t *value) if (!pusb_xpath_get_string(doc, path, ret, sizeof(ret))) { - return (0); + return 0; } last = &(ret[strlen(ret) - 1]); @@ -272,16 +282,16 @@ int pusb_xpath_get_time(xmlDocPtr doc, const char *path, time_t *value) else if (!isdigit(*last)) { log_debug("Expecting a time modifier, got %c\n", *last); - return (0); + return 0; } if (!isdigit(*last)) { *last = '\0'; } - *value = (time_t) atoi(ret) * coef; + *value = (time_t)atoi(ret) * coef; - return (0); + return 1; } int pusb_xpath_get_time_from( @@ -297,11 +307,16 @@ int pusb_xpath_get_time_from( xpath_size = strlen(base) + strlen(path) + 1; xpath = xmalloc(xpath_size); + if (xpath == NULL) + { + log_error("Memory allocation failed\n"); + return 0; + } memset(xpath, 0x00, xpath_size); snprintf(xpath, xpath_size, "%s%s", base, path); retval = pusb_xpath_get_time(doc, xpath, value); xfree(xpath); - return (retval); + return retval; } int pusb_xpath_get_int(xmlDocPtr doc, const char *path, int *value) @@ -310,11 +325,11 @@ int pusb_xpath_get_int(xmlDocPtr doc, const char *path, int *value) if (!pusb_xpath_get_string(doc, path, ret, sizeof(ret))) { - return (0); + return 0; } *value = atoi(ret); - return (1); + return 1; } int pusb_xpath_get_int_from( @@ -330,9 +345,14 @@ int pusb_xpath_get_int_from( xpath_size = strlen(base) + strlen(path) + 1; xpath = xmalloc(xpath_size); + if (xpath == NULL) + { + log_error("Memory allocation failed\n"); + return 0; + } memset(xpath, 0x00, xpath_size); snprintf(xpath, xpath_size, "%s%s", base, path); retval = pusb_xpath_get_int(doc, xpath, value); xfree(xpath); - return (retval); + return retval; } From f016b10974d9a5280f0e58ee07ac4ed7d0bd9d45 Mon Sep 17 00:00:00 2001 From: McDope Date: Thu, 18 Jul 2024 16:44:29 +0200 Subject: [PATCH 43/46] #31: Remove debug output --- src/conf.c | 7 ------- src/xpath.c | 4 ---- 2 files changed, 11 deletions(-) diff --git a/src/conf.c b/src/conf.c index 47f41db1..f77dfff6 100644 --- a/src/conf.c +++ b/src/conf.c @@ -210,7 +210,6 @@ int pusb_conf_parse( for (int currentDevice = 0; currentDevice < 10; currentDevice++) { - log_error("DBG: currentDevice: %d, strlen: %d, value: %s\n", currentDevice, (int) strlen(device_list[currentDevice]), device_list[currentDevice]); if (device_list[currentDevice] == NULL || strlen(device_list[currentDevice]) == 0) { continue; @@ -218,12 +217,6 @@ int pusb_conf_parse( strcpy(opts->device_list[currentDevice].name, device_list[currentDevice]); pusb_conf_parse_device(opts, doc, currentDevice, device_list[currentDevice]); - log_error("DBG: found device\n"); - log_error("DBG: name: %s\n", opts->device_list[currentDevice].name); - log_error("DBG: vendor: %s\n", opts->device_list[currentDevice].vendor); - log_error("DBG: model: %s\n", opts->device_list[currentDevice].model); - log_error("DBG: serial: %s\n", opts->device_list[currentDevice].serial); - log_error("DBG: volume_uuid: %s\n", opts->device_list[currentDevice].volume_uuid); } if (!pusb_conf_parse_options(opts, doc, user, service)) diff --git a/src/xpath.c b/src/xpath.c index 6a8ce2a2..611d180f 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -144,10 +144,8 @@ int pusb_xpath_get_string_list( return 0; } - log_error("DBG: Found %d devices for user\n", result->nodesetval->nodeNr); for (int currentResult = 0; currentResult < result->nodesetval->nodeNr; currentResult++) { - log_error("DBG: result %d\n", currentResult); node = result->nodesetval->nodeTab[currentResult]->xmlChildrenNode; result_string = xmlNodeListGetString(doc, node, 1); if (!result_string || strcmp("", (char *)result_string) == 0) @@ -160,8 +158,6 @@ int pusb_xpath_get_string_list( log_debug("Result for %s (%s) is too long (max: %d)\n", path, (const char *)result_string, size); continue; } - - log_error("DBG: Found device %s\n", result_string); } xmlFree(result_string); From c68d079b3d1e0d04523dcc5b3e8ef11c8bed0d37 Mon Sep 17 00:00:00 2001 From: McDope Date: Thu, 18 Jul 2024 16:53:22 +0200 Subject: [PATCH 44/46] #31: Remove even more debug output --- src/device.c | 2 -- tools/pamusb-agent | 13 +------------ 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/src/device.c b/src/device.c index a7cf0db8..094821fd 100644 --- a/src/device.c +++ b/src/device.c @@ -44,7 +44,6 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) log_error("Searching for \"%s\" in the hardware database...\n", opts->device_list[currentDevice].name); - log_debug("Found %d drives to check/iterate...\n", g_list_length(objects)); for (i = 0; i < g_list_length(objects); ++i) { object = UDISKS_OBJECT(g_list_nth(objects, i)->data); @@ -52,7 +51,6 @@ static int pusb_device_connected(t_pusb_options *opts, UDisksClient *udisks) { drive = udisks_object_get_drive(object); retval = strcmp(udisks_drive_get_serial(drive), opts->device_list[currentDevice].serial) == 0; - log_debug("Looking for serial '%s', found '%s'...\n", opts->device_list[currentDevice].serial, udisks_drive_get_serial(drive)); if (strcmp(opts->device_list[currentDevice].vendor, "Generic") != 0) { diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 50a27614..d813d5dd 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -217,24 +217,15 @@ def userDeviceThread(user): to_watch = [] all_devices = doc.findall("devices/device") - logger.info('Found %d devices available for configuration.' % len(all_devices)) - user_devices = user.findall("device") - logger.info('Found %d devices configured for user.' % len(user_devices)) for device in user_devices: devices_for_user.append(device.text) - logger.info('devices_for_users: %s' % devices_for_user) - logger.info('Got all device data and configured devices for user, now creating watch list...') deviceOK = False for device in all_devices: - logger.info('Iterating all devices to find data for user devices...') if device.get('id') in devices_for_user: - logger.info('Found a valid device for user "%s", adding to watchlist.' % userName) to_watch.append({"name": device.get('id'), "serial": device.findtext('serial')}) deviceOK = True - else: - logger.info('Device "%s" is not valid for user' % device.get('id')) if not deviceOK or len(to_watch) == 0: logger.error('Device(s) not found in configuration file.') @@ -326,13 +317,11 @@ def userDeviceThread(user): hpDevs = [] threads = [] for watch_this in to_watch: - logger.info('Creating hpDev for device "%s" with serial "%s"...' % (watch_this.get('name'), watch_this.get('serial'))) + logger.info('Watching device "%s" for user "%s"' % (watch_this.get('name'), userName)) hpDev = HotPlugDevice(watch_this.get('serial'), watch_this.get('name')) hpDev.addCallback(authChangeCallback) - logger.info('Watching device "%s" for user "%s"' % (watch_this.get('name'), userName)) - thread = threading.Thread(target=hpDev.run) thread.start() From cd95c82cc0e6e23948ab70128379f6288e098e70 Mon Sep 17 00:00:00 2001 From: McDope Date: Thu, 18 Jul 2024 17:00:03 +0200 Subject: [PATCH 45/46] #31: Remove even more debug output --- tools/pamusb-agent | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index d813d5dd..9e64f48a 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -308,12 +308,10 @@ def userDeviceThread(user): resumeTimestamp = datetime.datetime.now() - logger.info('Binding to signals...') login1Interface = login1ManagerDBusIface() for signal in ['PrepareForSleep', 'PrepareForShutdown']: login1Interface.connect_to_signal(signal, onSuspendOrResume, member_keyword='member') - logger.info('Setting up HotPlugDevices for configured %d user devices...' % (len(to_watch))) hpDevs = [] threads = [] for watch_this in to_watch: From 1e6969596e84164a40cd601d3d58eadba091f34a Mon Sep 17 00:00:00 2001 From: McDope Date: Thu, 18 Jul 2024 17:21:14 +0200 Subject: [PATCH 46/46] #31: Remove even more debug output --- tools/pamusb-agent | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/pamusb-agent b/tools/pamusb-agent index 9e64f48a..428364a7 100755 --- a/tools/pamusb-agent +++ b/tools/pamusb-agent @@ -326,8 +326,6 @@ def userDeviceThread(user): threads.append(thread) hpDevs.append(hpDev) - logger.info('All HotPlugDevices created.') - udisks = UDisks.Client.new_sync() udisksObjectManager = udisks.get_object_manager()