2026-02-10 00:37:00 +08:00 · 2015-08-31 15:57:00 +02:00
parent 144c6454e0
commit 1c64073cf2
7 changed files with 1 additions and 124 deletions
							
							
								
							
							
						
@@ -48,9 +48,6 @@ auth = "plain[passwd=./sample.passwd]"
#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
# Accounting methods available:
# pam: can only be combined with PAM authentication method, it provides
#      a session opened using PAM.
#
# radius: can be combined with any authentication method, it provides
#      radius accounting to available users (see also stats-report-time).
#
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -67,7 +67,7 @@ AUTH_SOURCES=auth/pam.c auth/pam.h auth/plain.c auth/plain.h auth/radius.c auth/
	auth/common.c auth/common.h auth/gssapi.h auth/gssapi.c auth-unix.c \
	auth-unix.h
ACCT_SOURCES=acct/pam.c acct/pam.h acct/radius.c acct/radius.h
ACCT_SOURCES=acct/radius.c acct/radius.h
ocserv_SOURCES = main.c main-auth.c worker-vpn.c worker-auth.c tlslib.c \
	cookies.c main-misc.c ip-lease.c ip-lease.h \
							
								
							
							
							
						
 
							
							
							
						
@@ -1,83 +0,0 @@
/*
 * Copyright (C) 2013 Nikos Mavrogiannopoulos
 *
 * This file is part of ocserv.
 *
 * ocserv is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 2 of the License, or
 * (at your option) any later version.
 *
 * ocserv is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <vpn.h>
#include "pam.h"
#include <sec-mod-acct.h>
#ifdef HAVE_PAM
#include <security/pam_appl.h>
#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include <pcl.h>
#include <str.h>
#include "auth/pam.h"
static int pam_acct_open_session(unsigned auth_method, void *ctx, const struct common_auth_info_st *ai, const void *sid, unsigned sid_size)
{
struct pam_ctx_st * pctx = ctx;
int pret;
	if (auth_method != AUTH_TYPE_PAM) {
		syslog(LOG_AUTH, "PAM-acct: pam_open_session cannot be combined with this authentication method (%x)", auth_method);
		return -1;
	}
	if (pctx->cr != NULL) {
		co_delete(pctx->cr);
		pctx->cr = NULL;
	}
	pret = pam_open_session(pctx->ph, PAM_SILENT);
	if (pret != PAM_SUCCESS) {
		syslog(LOG_AUTH, "PAM-acct: pam_open_session: %s", pam_strerror(pctx->ph, pret));
		return -1;
	}
	return 0;
}
static void pam_acct_close_session(unsigned auth_method, void *ctx, const struct common_auth_info_st *ai, stats_st *stats, unsigned status)
{
struct pam_ctx_st * pctx = ctx;
int pret;
	pret = pam_close_session(pctx->ph, PAM_SILENT);
	if (pret != PAM_SUCCESS) {
		syslog(LOG_AUTH, "PAM-acct: pam_close_session: %s", pam_strerror(pctx->ph, pret));
	}
	return;
}
const struct acct_mod_st pam_acct_funcs = {
  .type = ACCT_TYPE_PAM,
  .auth_types = AUTH_TYPE_PAM & (~VIRTUAL_AUTH_TYPES),
  .open_session = pam_acct_open_session,
  .close_session = pam_acct_close_session,
};
#endif
							
							
							
						
@@ -1,28 +0,0 @@
/*
 * Copyright (C) 2015 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of ocserv.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 */
#ifndef ACCT_PAM_H
#define ACCT_PAM_H
#include <sec-mod-acct.h>
extern const struct acct_mod_st pam_acct_funcs;
#endif
							
							
								
							
							
						
@@ -33,7 +33,6 @@
#include <c-ctype.h>
#include <auth/pam.h>
#include <auth/radius.h>
#include <acct/pam.h>
#include <acct/radius.h>
#include <auth/plain.h>
#include <auth/gssapi.h>
							
								
							
							
								
							
							
						
@@ -464,9 +463,6 @@ typedef struct acct_types_st {
static acct_types_st avail_acct_types[] =
{
#ifdef HAVE_PAM
	{NAME("pam"), &pam_acct_funcs, NULL},
#endif
#ifdef HAVE_RADIUS
	{NAME("radius"), &radius_acct_funcs, radius_get_brackets_string},
#endif
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -130,9 +130,6 @@ An example configuration file follows.
#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
# Accounting methods available:
# pam: can only be combined with PAM authentication method, it provides
#      a session opened using PAM.
#
# radius: can be combined with any authentication method, it provides
#      radius accounting to available users (see also stats-report-time).
#
							
								
							
							
							
						
 
							
							
								
							
							
						
@@ -20,8 +20,6 @@ use-occtl = true
# to generate password entries.
#auth = "plain[/etc/ocserv/ocpasswd]"
acct = pam
# A banner to be displayed on clients
#banner = "Welcome"