Pam rfid challenge ;)

[kazola]

Hi everybody,
just joined these forums. I hope we'll take profit and knowledge from each others! I've been "playing" linux for 5 years and worked in RFID so if I can help in some way, I'll do it.
Meanwhile this is my doubt. I've searched the forums for similar threads but non results appeared when searching "syslog" and "pam". I'm trying to avoid linux login and password mechanism by presenting an RFID card. Here is the code...

Code:

...#includes

#define PAM_SM_AUTH
//#define PAM_SM_ACCOUNT
//#define PAM_SM_SESSION
//#define PAM_SM_PASSWORD

... 

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
                int argc, const char **argv)
{
    const char *servei;
    const char *usuari;
    int valorRetorn = 0;
    // part de syslog
    system("touch /home/kaz/caca");
    openlog("[pam_qdesfire]", LOG_PID, LOG_USER);
    syslog(LOG_ERR, "--entrant pam_sm_authenticate...\n");


    // obtenir nom de servei
    valorRetorn = pam_get_item(pamh, PAM_SERVICE,
                    (const void **)(const void *)&servei);
    if (valorRetorn != PAM_SUCCESS)
    {
            syslog(LOG_ERR, "--no es pot saber el nom del servei PAM!\n");
            closelog();
            return (PAM_AUTH_ERR);
    }
    // i el nom d'usuari associat al tag, HARDCODED
    valorRetorn = pam_set_item(pamh, PAM_USER, "lucas");
    if (pam_get_user(pamh, &usuari, NULL) != PAM_SUCCESS || !usuari || !*usuari)
    {
            syslog(LOG_ERR, "-- no es pot obtenir el nom d'usuari PAM!\n");
            closelog();
            return (PAM_AUTH_ERR);
    }


    // provem de llegir un tag
    valorRetorn = lecturaDESFire();

    // tanquem tot
    syslog(LOG_ERR, "-- auth fallada per a usuari \"%s\" (%s)\n", usuari, servei);
    closelog();
    return(PAM_AUTH_ERR);
}


PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc
    ,const char **argv)
{
    openlog("[pam_qdesfire]", LOG_PID, LOG_USER);
    syslog(LOG_ERR, "--pam_sm_setcred entrat.\n");
    closelog();
    return PAM_SUCCESS;
}


// dades estàtiques mòdul
#ifdef PAM_STATIC
struct pam_module _pam_qdesfire_modstruct = {
        "pam_qdesfire",
        pam_sm_authenticate,
        pam_sm_setcred,
        NULL,
        NULL,
        NULL,
        NULL
};
#endif

Sorry! It is in catalan but I think it is fully understandable. On the other hand, I've supressed unnecessary code lines. When programming a simple main.c, all is working. I can obtain the ID, print it, play with the serial port.... ok the "lecturaDESFire()" is to read some tags it work.

But the problem is that I never see a line from this code to syslog when putting the module in the Linux login mechanism. I've programmed a test_main.c where, using these same code lines, the text appear to syslog so this is not the problem. I've also hardcoded a "touch /home/kaz/caca" test line but this file never appears!

It would seem the module that I generate, "pam_qdesfire.so" does not gets loaded but it does because if I code the "/etc/pam.d/login" with something like "auth required pam_qdesfire.so" I cannot login But the logging and the touch seems not reached. Obviously I think the right choice would be "auth optional pam_qdesfire.so" but it was just to check if the module was getting loaded. The module is in "/lib/security". I don't know what is failing! I've also put "user.err /var/log/qdesfire" in the /etc/rsyslog.conf. I repeat that when I worked with a test main.c typical file, the logging is done.

Wow! There is too much text here but it is a very specifical question. I'll buy a cake to the one that has an idea about this Thanks a lot!

[kazola]

A log in /var/log/secure has indicated me my module was being loaded but crashing because no -lcrypto was at the RELEASE linking stage. Since I'm using MD5 function from openssl/crypto.h, this was a problem.

Thanks to everybody!