From 151af71b9be27b832ebd0e4a84554edea1520fb7 Mon Sep 17 00:00:00 2001 From: KRI Date: Mon, 15 Mar 2021 08:43:19 +0100 Subject: [PATCH] RDEV-2529 nowa opcja w pliku konfiguracyjnym enablePasswdEmail dodana funkcja getPasswdUserEmail --- SSH/PAM/rublon.config | 3 ++- SSH/PAM/src/misc.h | 6 +++++- SSH/PAM/src/pamApp.c | 41 +++++++++++++++++++++++++++++++++++------ 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/SSH/PAM/rublon.config b/SSH/PAM/rublon.config index 1fb0bfd..f67b278 100644 --- a/SSH/PAM/rublon.config +++ b/SSH/PAM/rublon.config @@ -4,4 +4,5 @@ userDomain= rublonApiServer=https://core.rublon.net failmode=safe prompt=1 -logging=true \ No newline at end of file +logging=true +enablePasswdEmail=true \ No newline at end of file diff --git a/SSH/PAM/src/misc.h b/SSH/PAM/src/misc.h index dd845ba..f0da4f4 100644 --- a/SSH/PAM/src/misc.h +++ b/SSH/PAM/src/misc.h @@ -46,4 +46,8 @@ char *signData(pam_handle_t *pamh, char *data, char *secretKey); int verifyData(pam_handle_t *pamh, char *data, char *secretKey, char *sign); int postCredentials(pam_handle_t *pamh, char *systemToken, char *accessToken, char *rublonApiServer, char *secretKey); char *getConfigValue(const char * value); -void debugLog(const char *message1, const char *message2); \ No newline at end of file +void debugLog(const char *message1, const char *message2); + +char *getPasswdUserEmail(const char * pamUser); +FILE *popen(const char *command, const char *mode); +int pclose(FILE *stream); \ No newline at end of file diff --git a/SSH/PAM/src/pamApp.c b/SSH/PAM/src/pamApp.c index 7d8e21d..e96b6b6 100644 --- a/SSH/PAM/src/pamApp.c +++ b/SSH/PAM/src/pamApp.c @@ -25,7 +25,7 @@ struct args { pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; -void* usersThread(void* input) { +void * usersThread(void* input) { int out = -1; char *script; asprintf(&script,"python3 /usr/share/rublon-ssh/confirmUser.py %s %s",((struct args*)input)->rublonApiServer ,((struct args*)input)->transactionId); @@ -41,7 +41,7 @@ void* usersThread(void* input) { } } -void* methodsThread(void* input) { +void * methodsThread(void* input) { char *jsonObj; char *url; char *status; @@ -67,7 +67,7 @@ void* methodsThread(void* input) { } } -char *getConfigValue(const char * value) { +char * getConfigValue(const char* value) { struct cfg_struct* cfg; cfg = cfg_init(); if (cfg_load(cfg,"/etc/rublon.config") < 0) @@ -76,11 +76,30 @@ char *getConfigValue(const char * value) { return (char*)cfg_get(cfg,value); } +char * getPasswdUserEmail(const char* pamUser) { + FILE *cmd; + char result[1024]; + char *query; + asprintf(&query, "getent passwd %s | grep -E -o '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'", pamUser); + cmd = popen(query, "r"); + if (cmd == NULL) { + result[0] = NULL; + } + while (fgets(result, sizeof(result), cmd)) { + pclose(cmd); + return result; + } + pclose(cmd); + result[0] = NULL; + return (char*)result; +} + int startRublon(pam_handle_t *pamh) { char *systemToken; char *secretKey; const char *appUserId; char *userEmail; + char *passwdUserEmail = NULL; char *userDomain; char *rublonApiServer; char *transactionId; @@ -93,19 +112,29 @@ int startRublon(pam_handle_t *pamh) { appInfo.companyName = NULL; appInfo.applicationName = NULL; - struct args *threadArgs = (struct args *)malloc(sizeof(struct args)); + struct args *threadArgs = (struct args *)malloc(sizeof(struct args)); pam_get_user(pamh, &pamUser, NULL); + char *passwdEmail = getConfigValue("enablePasswdEmail"); + if((passwdEmail != NULL) && (strcmp(passwdEmail,"true") == 0)) { + passwdUserEmail = getPasswdUserEmail(pamUser); + asprintf(&userEmail, "%s", passwdUserEmail); + } + systemToken = getConfigValue("systemToken"); secretKey = getConfigValue("secretKey"); appUserId = pamUser; userEmail = getConfigValue("userEmail"); userDomain = getConfigValue("userDomain"); rublonApiServer = getConfigValue("rublonApiServer"); - asprintf(&userEmail, "%s%s%s", pamUser,"@",userDomain); + if(userEmail != NULL) + asprintf(&userEmail, "%s%s%s", pamUser,"@",userDomain); transactionId = NULL; - debugLog("module initialization for user:", pamUser); + pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "email user %s", userEmail ); + + debugLog("module initialization for user:", pamUser); + debugLog("module initialization for user email:", userEmail); if(systemToken[0] == '\0') debugLog("No systemToken", ""); if(secretKey[0] == '\0')