2004/Dec/03

almost finish for authentication just part set system environment not yet
for llfslogin.c

#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
#include <pwd.h>
#include <unistd.h>
#include <sys/types.h>

static struct pam_conv conv = {
misc_conv,
NULL
};
int get_file(char *name,char **image)
{
FILE *file;
char *buffer;
long Lsize;
file = fopen(name,"rb");
if(file==NULL)
exit(1);
fseek(file,0,SEEK_END);
Lsize = ftell(file);
printf("Lsize = %d\n",Lsize);
rewind(file);
buffer = (char*)malloc(Lsize);
if(buffer == NULL)
exit(2);
fread(buffer,1,Lsize,file);
*image = buffer;
fclose(file);
return 0;
}
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *uid = "nobody";


if(argc == 2) {
uid = argv[1];
}

if(argc > 2) {
fprintf(stderr, "Usage: check_user [uid]\n");
exit(1);
}
fprintf(stdout,"uid before = %s\n",uid);
/* pam_start() initialize the pam_handle_t for llfslogin */
retval = pam_start("llfslogin", uid, &conv, &pamh);


/* pam_authenticate() attempt to authenticate the user */
if(retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);

if(retval == PAM_SUCCESS) {
fprintf(stdout, "AUthenticated retval = %d\n",retval);
/* pam_get_time() retrieve the username */

retval = pam_get_item(pamh, PAM_USER, (const void **) &uid);
if(retval != PAM_SUCCESS)
fprintf(stderr," pam get time error \n");

/* getpwuid(3) retrieve group , shell , etc.*/
struct passwd *pw;
int p_uid;
p_uid = atoi (uid);
pw = getpwuid(p_uid);

if(setgid(pw->pw_gid)==-1)
fprintf(stdout,"set gid fail \n");
if(setuid(pw->pw_uid)==-1)
fprintf(stdout,"set uid fail \n");

fprintf(stdout,"UID passwd entry: \n name=%s, uid=%d, gid=%d, home=%s, shell=%s\n",pw->pw_name, pw->pw_uid, pw->pw_gid, pw->pw_dir, pw->pw_shell);
/* pam_end() free pam handle */
if(pam_end(pamh,retval) != PAM_SUCCESS) {
pamh = NULL;
fprintf(stderr, "llfslogin: failed to release authenticator\n");
exit(1);
}


/* fork(2) */
/* execvp(3) launch shell (bash(1) , tcsh(1), etc.) */
char *cmd[] = { "bash", (char *)0 };
execvp("bash",cmd);
return (retval == PAM_SUCCESS ? 0:1 );
}
if(retval == PAM_AUTH_ERR){
/* syslog(3) */
fprintf(stdout, "Not Authenticated retval = %d \n",retval);
exit(1);
}

}
gcc llfslogin.c -o llfslogin -lpam_misc


and this is for pam_llfs_auth.c

/*
*
* NAME
* pam_llfs_auth.c -- Copyright (C) 2005 Mr. Kriangkrai Nitranon
* ptk386@hotmail.com
*
* DESCRIPTION:
* This defines a PAM useable module for use with fingerprint scanner_AFS4000
*
* AUTHOR:
* Kriangkrai Nitranon, 01/01/05
*
* LICENSE: See file LICENSE.
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <scanner.h>
#include <VFinger.h>
#include <string.h>
#include <security/pam_modules.h>


struct scanner_info* scanner = &scanner_AFS4000;

void do_extraction (unsigned char *fileName, BYTE* features,int w , int h, int dpi)
{
DWORD features_size = 0;
int ret = 0;
ret = VFExtract (w, h, (BYTE *) fileName, dpi, features, &features_size, 0);
if (ret != VFE_OK)
{
if (ret == VFE_LOW_QUALITY_IMAGE)
{
printf ("WARNING: Image1 is low quality.\n");
}
else
{
printf ("An error1 occured. Exiting %d.\n",ret);
exit (1);
}
}

printf("G: %d, size: %d byetes, minutiae count: %d\n",VFFeatGetG(features),features_size,VFFeatGetMinutiaCount(features));
}
int get_file(char *name,char **image)
{
FILE *file;
char *buffer;
long Lsize;
file = fopen(name,"rb");
if(file==NULL)
exit(1);
fseek(file,0,SEEK_END);
Lsize = ftell(file);
printf("Lsize = %d\n",Lsize);
rewind(file);
buffer = (char*)malloc(Lsize);
if(buffer == NULL)
exit(2);
fread(buffer,1,Lsize,file);
*image = buffer;
fclose(file);
return 0;
}
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
{
/* define value for pam */
const char *uid;
char *passwd;
int retval;

fprintf(stdout,"pam start to authenticate\n");
/* get the user id */
retval = pam_get_user(pamh, &uid, NULL);


if(retval == PAM_SUCCESS)
{
if( uid == NULL )
{
fprintf(stderr, "bad uid [%s]\n",uid);
}

}
else
{
fprintf(stderr, "trouble reading uid \n");
return PAM_INCOMPLETE;
}

/* define value for scanner and Verifinger */
int ret;
int i = scanner -> init();
int dpi = scanner -> dpi;
int w1, w2, h2, h1;
int result = 0;
char *name = scanner -> name;
char *imageFromFile , *imageFromScanner;
char filename[256];
BYTE featuresFromFile[VF_MAX_FEATURES_SIZE], featuresFromScanner[VF_MAX_FEATURES_SIZE];
VFMatchDetails md;
md.Size = sizeof(md);

strcat(filename,"/etc/llfs/");
strcat(filename,uid);

/* initialize and set value for Verifinger Linux SDK */

ret = VFInitialize();
fprintf(stdout,"VFInitialize returns %d \n",ret);
if (ret != VFE_OK){
fprintf(stderr,"VFInitialize error");
return 1;
}
int threshold = 84;
//int threshold = 60;
//int threshold = 72;
//int threshold = 84;
ret = VFSetParameter(VFP_MATCHING_THRESHOLD, (INT)threshold, NULL);
if (ret != VFE_OK){
fprintf(stderr,"VFSetParameter error");
return 1;
}
int rotation = 180;
ret = VFSetParameter(VFP_MAXIMAL_ROTATION, (INT)rotation, NULL);
if (ret != VFE_OK){
fprintf(stderr,"VFSetParameter error");
return 1;
}
/* open /dev/usb/device and select until a scanned fingerprint is received */
fscanf(stdout,"Please scan your finger \n");
do
{
imageFromScanner = scanner -> read(&w1, &h1);
}while(imageFromScanner == NULL);
do_extraction (imageFromScanner, featuresFromScanner, w1, h1, dpi);

/* get image from file that has same name as uid in /etc/llfs */
get_file(filename,&imageFromFile);
do_extraction (imageFromFile, featuresFromFile, 96, 96, 250);
free(imageFromFile);

/* performs fingerprint verification between image from file and image from scanner*/
result = VFVerify(featuresFromFile, featuresFromScanner, &md, 0);
switch (result)
{
case VFE_OK:
/* SUCCESS set the username for llfslogin */
printf ("Fingerprints matched. Similarity: %d\n", md.Similarity);
pam_set_item(pamh, PAM_USER,(const void *)uid);
return PAM_SUCCESS;
break;
case VFE_FAILED:
/* FAILURE authentication has failed */
printf("Fingerprints didn't match. Similarity: %d\n", md.Similarity);
return PAM_AUTH_ERR;
break;
default:
return PAM_AUTH_ERR;
break;
}

return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
const char **argv) {

return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
const char **argv) {


return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
const char **argv) {

return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
const char **argv) {


return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv) {

return PAM_SUCCESS;
}

isag16:~/workspace# gcc pam_llfs_auth.c -c
isag16:~/workspace# gcc -shared -Xlinker -x -o pam_llfs_auth.so pam_llfs_auth.o -lc AFS4000.o -lusb -lVFinger -lpam
isag16:~/workspace#

this is a how does it work?

isag16:~/workspace# ./llfslogin 1000 <==== (argv[1] get from bioauthtty)
uid before = 1000
pam start to authenticate
VFInitialize returns 0
G: 136, size: 139 byetes, minutiae count: 22 this is a pam_llfs_auth did
Lsize = 9216
G: 143, size: 115 byetes, minutiae count: 18
Fingerprints matched. Similarity: 261
AUthenticated retval = 0
UID passwd entry:
name=moo, uid=1000, gid=1000, home=/home/moo, shell=/bin/bash
isag16:~/workspace$ id
uid=1000(moo) gid=1000(moo) groups=0(root)
isag16:~/workspace$

Comment

Comment:

Tweet


watch naruto online!!
#31 by naruto episodes (124.157.189.199) At 2010-01-03 17:46,
hi all !!
#30 by sears parts (124.157.191.197) At 2009-12-03 13:10,
Que se ra
#29 by scratch and dent (124.157.236.46) At 2009-11-12 04:48,
ขอบคุณค่ะ
#28 by โหลดเพลง (124.157.236.176) At 2009-10-06 01:49,
Que
#27 by sera (124.157.236.176) At 2009-10-03 17:10,
ดีๆ
#26 by ดีๆ (124.157.236.229) At 2009-09-22 06:04,
ขอบคุณจ้า
#25 by parts (124.157.236.229) At 2009-09-21 07:12,
ขอบคุณจ้า
#24 by ดาวโหลดเพลง (124.157.236.219) At 2009-09-09 12:13,
goiazhhb uaalcgin gkhkbaci
#23 by wKZYYalCVnQtdbE (94.102.49.213) At 2009-08-14 22:34,
apralthm nyjcxnes klshwuqs
#22 by CYDfrVygFDOgh (94.102.49.213) At 2009-08-14 21:08,
epcwtdnq poaplvpu nvcomppa
#21 by aEdJwmmtO (94.102.49.213) At 2009-08-14 19:41,
tgyolswo svvrhptg yhdmhgex
#20 by oTgDhijoCNikdj (94.102.49.213) At 2009-08-14 18:14,
blkfsicn vsxzdhwy haarsiij
#19 by gTOQIQyqfUiF (94.102.49.213) At 2009-08-14 16:50,
rhxnjhrp twdwzknh akxkeozg
#18 by xnCDYFitywEWKSh (94.102.49.213) At 2009-08-14 14:03,
ukeukdyh mgnbsldf biisrdzm
#17 by kJVKbvsnNvPniD (89.248.172.50) At 2009-08-10 00:08,
jtgvblqp qlhhpxyt waglnrgz
#16 by swQmMqAdaWMXXwyMS (89.248.172.50) At 2009-08-09 22:45,
zlfcypsb zqwsjork vubmeliq
#15 by WwYCpePOvTcODxIohsF (89.248.172.50) At 2009-08-09 21:19,
xqsvsuvz rnxdrped fmexbabr
#14 by hkNRyHOCmElZOKXhOC (89.248.172.50) At 2009-08-09 19:53,
bijgsxqv yznihhjn hcwqumme
#13 by wEUpVGFivzjYMPFyZRS (95.169.190.71) At 2009-08-01 11:48,
inmxukhj ndivdvfj tjuygewp
#12 by OaBZsaqePPwl (95.169.190.71) At 2009-08-01 10:28,
haothyib milogkvd pzjhlqfu
#11 by PQRmIhBhs (95.169.190.71) At 2009-07-31 18:46,
lgjsauyx prswryuo eafpcify
#10 by HFgRUFwh (95.169.190.71) At 2009-07-31 17:56,
frkmihzs oezaclrh chwgzotr
#9 by zENlSIRLH (95.169.190.71) At 2009-07-31 17:06,
saabesah wiifwdmc filhuiir
#8 by DTQEasMIvHQhXWwU (95.169.190.71) At 2009-07-31 16:15,
xcjjznsa enastdlt pmdbypcx
#7 by eljPQxxFKFu (95.169.190.71) At 2009-07-31 15:23,
rrwparkb gvrhcfie khnwxubv
#6 by jgPXpxnNokfgG (95.169.190.71) At 2009-07-31 13:42,
kogdvrhn qmyaxxbg bgluwivo
#5 by gAhZGEianvtLAg (95.169.190.71) At 2009-07-31 12:50,
xaougsna lcqsvkaq rizijywl
#4 by WVWVRlduZurDTygOVU (95.169.190.71) At 2009-07-31 11:09,
vksecbkr unhhmaxi bfwnghry
#3 by wYheaqJObBl (94.102.49.213) At 2009-07-25 16:44,
yNKmlO dzzojenf yywyaicv dfvoeule
#2 by VUZELfbBTkGLPOxIxS (89.248.172.50) At 2009-07-21 05:54,
Google is the best search engine
#1 by HYyKxQXz (85.255.114.131) At 2007-03-02 18:16,