github-personal/sysadm
1
0
Fork 0
mirror of https://github.com/outbackdingo/sysadm.git synced 2026-01-27 02:20:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add an additional localhost verification check for passwordless logins: Ensure that the designated user is actually active on the localhost (via "users" if no graphical sessions running, or number of active processes if there are graphical sessions running)

Browse Source
This commit is contained in:
Ken Moore
2016-05-11 12:14:20 -04:00
parent a303e160af
commit 9012c7cb57
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/server/AuthorizationManager.cpp
View File

@@ -8,6 +8,7 @@
#include "globals.h"
#include <QCryptographicHash>
#include "library/sysadm-general.h" //simplification functions
// Stuff for PAM to work
#include <sys/types.h>
@@ -171,7 +172,7 @@ QString AuthorizationManager::LoginUP(QHostAddress host, QString user, QString p
if(!localhost || user=="root" || user=="toor"){
ok = pam_checkPW(user,pass);
}else{
ok = true; //allow local access for users without password
ok = local_checkActive(user); //allow local access for users without password
}
}
qDebug() << "User Login Attempt:" << user << " Success:" << ok << " IP:" << host.toString();
@@ -339,6 +340,23 @@ QStringList AuthorizationManager::getUserGroups(QString user){
return out;
}
bool AuthorizationManager::local_checkActive(QString user){
//Check for X Sessions first (don't show up with normal login verification tools)
QDir xdir("/tmp/.X11-unix");
qDebug() << "Check local user activity:" << user;
if(xdir.exists() && !xdir.entryList(QDir::System | QDir::NoDotAndDotDot, QDir::Name).isEmpty() ){
//Found an active graphical session - check for active processes associated with the user
QString res = sysadm::General::RunCommand("ps",QStringList() << "-U" << user << "-x");
//qDebug() << "PS list length:" << res.split("\n").length();
return (res.split("\n").length()>2); //more than 1 active process for this user (labels + shell/desktop + tool used to communicate with sysadm)
}else{
//No X sessions - look for normal login sessions
QStringList active = sysadm::General::RunCommand("users").section("\n",0,0).split(" ");
//qDebug() << "active users" << active;
return active.contains(user);
}
}
bool AuthorizationManager::BumpFailCount(QString host){
//Returns: true if the failure count is over the limit
//key: "<IP>::::<failnum>"

1
src/server/AuthorizationManager.h
View File

@@ -46,6 +46,7 @@ private:
QString generateNewToken(bool isOperator, QString name);
QStringList getUserGroups(QString user);
bool local_checkActive(QString user);
//Failure count management
bool BumpFailCount(QString host);