PAM Module

CharactersWriter.hpp

@@ -0,0 +1,194 @@
+/*
+  Copyright (C) 2013 Przemek Mazurkiewicz ([email protected])
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+*/
+
+#ifndef XML_CHARACTERS_WRITER_HPP__f66b9cdaf20734ef11086d0851a9c563
+#define XML_CHARACTERS_WRITER_HPP__f66b9cdaf20734ef11086d0851a9c563
+
+#include <string>
+
+/**
+	@file CharactersWriter.hpp
+*/
+
+namespace Xml
+{
+	namespace Encoding
+	{
+		/**
+			@brief Class responsible for writing strings in the UTF-8 encoding.
+
+			@sa Utf16Writer, Utf32Writer and Inspector.
+		*/
+		class Utf8Writer
+		{
+		public:
+			/**
+				@brief String type that is able to store the UTF-8 encoded string.
+			*/
+			typedef std::string StringType;
+
+			/**
+				@brief Inserts the Unicode character into the UTF-8 encoded string.
+
+				@param[out] stringDestination String where the character should be inserted.
+				@param codePoint Code point of the Unicode character to write.
+			*/
+			static void WriteCharacter(StringType& stringDestination, char32_t codePoint);
+		};
+
+		/**
+			@brief Class responsible for writing strings in the UTF-16 encoding.
+
+			@sa Utf8Writer, Utf32Writer and Inspector.
+		*/
+		class Utf16Writer
+		{
+		public:
+			/**
+				@brief String type that is able to store the UTF-16 encoded string.
+			*/
+			typedef std::u16string StringType;
+
+			/**
+				@brief Inserts the Unicode character into the UTF-16 encoded string.
+
+				@param[out] stringDestination String where the character should be inserted.
+				@param codePoint Code point of the Unicode character to write.
+			*/
+			static void WriteCharacter(StringType& stringDestination, char32_t codePoint);
+		};
+
+		/**
+			@brief Class responsible for writing strings in the UTF-32 encoding.
+
+			@sa Utf8Writer, Utf16Writer and Inspector.
+		*/
+		class Utf32Writer
+		{
+		public:
+			/**
+				@brief String type that is able to store the UTF-32 encoded string.
+			*/
+			typedef std::u32string StringType;
+
+			/**
+				@brief Inserts Unicode character into the UTF-32 encoded string.
+
+				@param[out] stringDestination String where the character should be inserted.
+				@param codePoint Code point of Unicode character to write.
+			*/
+			static void WriteCharacter(StringType& stringDestination, char32_t codePoint);
+		};
+
+		inline void Utf8Writer::WriteCharacter(
+			StringType& stringDestination, char32_t codePoint)
+		{
+			if (codePoint <= 0x7F)
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(codePoint));
+			}
+			else if (codePoint <= 0x7FF)
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint >> 6) | 0xC0));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint & 0x3F) | 0x80));
+			}
+			else if (codePoint <= 0xFFFF)
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint >> 12) | 0xE0));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 6) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint & 0x3F) | 0x80));
+			}
+			else if (codePoint <= 0x1FFFFF)
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint >> 18) | 0xF0));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 12) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 6) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint & 0x3F) | 0x80));
+			}
+			// Invalid character. Put this anyway.
+			else if (codePoint <= 0x3FFFFFF)
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint >> 24) | 0xF8));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 18) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 12) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 6) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint & 0x3F) | 0x80));
+			}
+			else
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint >> 30) | 0xFC));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 24) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 18) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 12) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					((codePoint >> 6) & 0x3F) | 0x80));
+				stringDestination.push_back(static_cast<StringType::value_type>(
+					(codePoint & 0x3F) | 0x80));
+			}
+		}
+
+		inline void Utf16Writer::WriteCharacter(
+			StringType& stringDestination, char32_t codePoint)
+		{
+			if ((codePoint <= 0xD7FF) || (codePoint >= 0xE000 && codePoint <= 0xFFFF))
+			{
+				stringDestination.push_back(static_cast<StringType::value_type>(codePoint));
+			}
+			else if (codePoint >= 0x10000 && codePoint <= 0x10FFFF)
+			{
+				// We have surrogate pair.
+				codePoint -= 0x10000;
+				char32_t surr = (codePoint >> 10) + 0xD800; // Lead surrogate.
+				stringDestination.push_back(static_cast<StringType::value_type>(surr));
+				surr = (codePoint & 0x3FF) + 0xDC00; // Trail surrogate.
+				stringDestination.push_back(static_cast<StringType::value_type>(surr));
+			}
+		}
+
+		inline void Utf32Writer::WriteCharacter(
+			StringType& stringDestination, char32_t codePoint)
+		{
+			stringDestination.push_back(static_cast<StringType::value_type>(codePoint));
+		}
+	}
+}
+
+#endif
+

Makefile

@@ -0,0 +1,6 @@
+CC = g++
+CFLAGS = -L/usr/X11R6/lib -lX11 -lopencv_core -lopencv_imgproc -lopencv_objdetect -lopencv_highgui -lzbar
+XLIB= -L/usr/X11R6/lib -lX11
+pam_qrcode.so:
+	${CC} -fPIC -DPIC -shared -rdynamic -o pam_qrcode.so PAMQRCodeAuth.cpp model/Challenge.cpp model/Response.cpp util/Parser.cpp ${XLIB} ${CFLAGS}
+

PAMQRCodeAuth.cpp

@@ -0,0 +1,143 @@
+/* Include PAM headers */
+#include "util/rapidjson/document.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/_pam_types.h>
+#include <opencv2/highgui/highgui.hpp>
+#include <opencv2/imgproc/imgproc.hpp>
+#include <opencv2/core/core.hpp>
+#include <opencv2/opencv.hpp>
+#include <X11/Xutil.h>
+#include <X11/Xlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <zbar.h>
+#include <iostream>
+#include <string>
+#include <algorithm>
+#include "util/Parser.h"
+#include <vector>
+#include "model/Challenge.h"
+#include "model/Response.h"
+
+#define PAM_SM_ACCOUNT
+#define PAM_SM_AUTH
+#define PAM_SM_PASSWORD
+#define PAM_SM_SESSION
+
+using namespace std;
+using namespace zbar;
+using namespace cv;
+
+/* PAM entry point for session creation */
+int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return PAM_SUCCESS;
+}
+
+/* PAM entry point for session cleanup */
+int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return PAM_SUCCESS;
+}
+
+/* PAM entry point for accounting */
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return PAM_SUCCESS; 
+}
+
+Response decoder(string content){
+   rapidjson::Document d;
+	//char chars[] = {'\\'};
+	//content.erase (std::remove(content.begin(), content.end(), chars[0]), content.end());
+	char *a=new char[content.size()+1];
+	a[content.size()]=0;
+	memcpy(a,content.c_str(),content.size());
+	d.Parse<0>(a);
+	Response *response=new Response(d["username"].GetString(),d["pc_name"].GetString(),d["response"].GetInt());
+	return *response;
+}
+
+/* PAM entry point for authentication verification */
+int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    CvCapture* capture = cvCreateCameraCapture(CV_CAP_ANY);
+    IplImage* frame;
+    //bool found=false;	
+	 ImageScanner scanner;
+	 scanner.set_config(ZBAR_NONE, ZBAR_CFG_ENABLE, 1);
+	 const char* user = NULL;
+	 int retval = pam_get_user(pamh, &user, NULL);
+	 if(retval != PAM_SUCCESS){
+		 cout<<"pam_get_user returned error:"<<pam_strerror(pamh,retval)<<endl;
+		 return retval;
+	 }
+	 if (user == NULL || *user == '\0'){
+		 cout<<"username not known"<<endl;
+		 return PAM_AUTHINFO_UNAVAIL;
+	 }
+	 string username(user);
+	 Parser p;
+	 vector<Challenge> challenges=p.parse();
+    while (1)  {
+        frame = cvQueryFrame(capture);
+        cvSaveImage("/etc/pamqrcode/history.png", frame);
+        Mat f(frame);
+        Mat grey;
+        cvtColor(f,grey,CV_BGR2GRAY);
+        int width = f.cols;
+        int height = f.rows;
+        uchar *raw = (uchar *)grey.data;
+        // wrap image data
+        Image image(width, height, "Y800", raw, width * height);
+        // scan the image for barcodes
+        int n = scanner.scan(image);
+        // extract results
+      //  string username(user);
+        for(Image::SymbolIterator symbol = image.symbol_begin(); symbol != image.symbol_end(); ++symbol) {
+				string content=symbol->get_data();
+			   Response response=decoder(content);
+			   int challenge=-1;
+				for(unsigned int i=0;i<challenges.size();i++){
+						if(challenges[i].getUsername().compare(response.getUsername())==0){
+							challenge=challenges[i].getChallenge();
+						}
+				}
+				if(challenge+1==response.getResponse()){
+						 int retval = pam_set_item(pamh, PAM_USER, response.getUsername().c_str());
+		             cout<<"success"<<endl;
+				       cvReleaseCapture(&capture);
+   					 cvReleaseImage(&frame);
+		             return PAM_SUCCESS;
+		         }
+		         else{
+		             cout<<"fail"<<endl;
+						 cvReleaseCapture(&capture);
+  						 cvReleaseImage(&frame);
+		             return PAM_AUTHINFO_UNAVAIL;
+		         }
+			  // }
+          //  found=true;
+        }
+        // cvWaitKey(40);
+    }
+   cvReleaseCapture(&capture);
+   cvReleaseImage(&frame);
+	return PAM_SUCCESS;
+}
+
+/*
+PAM entry point for setting user credentials (that is, to actually
+establish the authenticated user's credentials to the service provider)
+*/
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return PAM_SUCCESS;
+
+}
+
+/* PAM entry point for authentication token (password) changes */
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+    return PAM_SUCCESS;
+
+}
+