ProxyAuth
Linux PAM to authenticate device via Bluetooth device
pam_sec.c
Go to the documentation of this file.
1 #include "pam_sec.h"
2 
3 int check_config(FILE *log_fp, const char * const file, const int is_dir) {
4  struct stat st;
5 
6  printf("checking file: %s\n", file);
7 
8  if (!is_nlnk(log_fp, file, &st)) {
9  return 0;
10  }
11 
12  if (is_dir) {
13  if (!S_ISDIR(st.st_mode)) {
14  fprintf(stderr, "Error: %s is not a directory\n", file);
15 
16  if (log_fp) {
17  fprintf(log_fp, "Error: %s is not a directory\n", file);
18  }
19  return 0;
20  }
21  }
22  else {
23  if (!S_ISREG(st.st_mode)) {
24  fprintf(stderr, "Error: %s is not a regular file\n", file);
25 
26  if (log_fp) {
27  fprintf(log_fp, "Error: %s is not a regular file\n", file);
28  }
29  return 0;
30  }
31  }
32 
33 
34  if (!check_perm(log_fp, file, &st, is_dir)) {
35  return 0;
36  }
37 
38  return 1;
39 }
40 
41 int is_nlnk(FILE *log_fp, const char * const file, struct stat * const st) {
42  int exist = lstat(file, st);
43 
44  if (exist == -1 && errno == ENOENT) {
45  fprintf(stderr, "%s does not exist\n", file);
46 
47  if (log_fp) {
48  fprintf(log_fp, "Error: %s does not exist\n", file);
49  }
50 
51  return 0;
52  }
53  if (S_ISLNK(st->st_mode)) {
54  fprintf(stderr, "Error: %s is a link\n", file);
55 
56  if (log_fp) {
57  fprintf(log_fp, "Error: %s is a link\n", file);
58  }
59  return 0;
60  }
61  return 1;
62 }
63 
64 int check_perm(FILE *log_fp, const char * const file, const struct stat * const st, const int is_dir) {
65  //check if permission is set correctly (i.e only owner should have rw permission while others and group should only have at most execute and read permission)
66  /* Permission Check Logic
67  * Shift the bits to the right by 6 bits to compare with the owner group (i.e. 3 bits from others and 3 bits from the group)
68  * And it with 0x7 to mast out all other bits except for the most right 3 bits
69  Credits: https://icarus.cs.weber.edu/~dab/cs1410/textbook/2.Core/file_access.html
70  */
71 
72  int perm = 6;
73 
74  if (is_dir) {
75  perm = 7; //execute permission is needed for the owner to access the directory
76  }
77 
78  if ( ((st->st_mode >> 6) & 0x7) != perm) { //owner
79  fprintf(stderr, "Error: Owner type does not have %s permission set to %d\n", file, perm);
80  if (log_fp) {
81  fprintf(log_fp, "Error: Owner type does not have %s permission set to %d\n", file, perm);
82  }
83  return 0;
84  }
85 
86  if (st->st_mode & S_IWGRP) {
87  fprintf(stderr, "Error: Group has write permission to %s\n", file);
88  if (log_fp) {
89  fprintf(log_fp, "Error: Group has write permission to %s\n", file);
90  }
91  return 0;
92  }
93  if (st->st_mode & S_IWOTH) {
94  fprintf(stderr, "Error: Other has write permission to %s\n", file);
95  if (log_fp) {
96  fprintf(log_fp, "Error: Other has write permission to %s\n", file);
97  }
98  return 0;
99  }
100 
101  //check if the owner is root
102  if (st->st_uid != 0) {
103  fprintf(stderr, "Error: %s is not owned by root\n", file);
104  if (log_fp) {
105  fprintf(log_fp, "Error: %s is not owned by root\n", file);
106  }
107  return 0;
108  }
109 
110  return 1;
111 }
is_nlnk
int is_nlnk(FILE *log_fp, const char *const file, struct stat *const st)
Definition: pam_sec.c:41
check_perm
int check_perm(FILE *log_fp, const char *const file, const struct stat *const st, const int is_dir)
Definition: pam_sec.c:64
check_config
int check_config(FILE *log_fp, const char *const file, const int is_dir)
: Where security checks and security tools are placed
Definition: pam_sec.c:3
pam_sec.h
Generated on Mon Mar 7 2022 06:53:49 for ProxyAuth by doxygen 1.9.1