merge

author: Jonathan Bauer 2013-06-18 13:07:17 +0200
committer: Jonathan Bauer 2013-06-18 13:07:17 +0200
commit: 4b0b1818c18a9cab5038249565f988c52db51702 (patch)
tree: 8458d5e648cea900dc1b8eaf3005d3dc3b2f06f7 /remote/modules
parent: merge (diff)
parent: Merge branch 'master' of simonslx:openslx-ng/tm-scripts (diff)
download: tm-scripts-4b0b1818c18a9cab5038249565f988c52db51702.tar.gz
tm-scripts-4b0b1818c18a9cab5038249565f988c52db51702.tar.xz
tm-scripts-4b0b1818c18a9cab5038249565f988c52db51702.zip
4 files changed, 284 insertions, 9 deletions
diff --git a/remote/modules/pam/pam.build b/remote/modules/pam/pam.build
index f9a3a213..292171a2 100644
--- a/remote/modules/pam/pam.build
+++ b/remote/modules/pam/pam.build
@@ -3,6 +3,8 @@ fetch_source() {
 }
 
 build() {
+	mkdir -p "$MODULE_BUILD_DIR/opt/openslx/bin"
+	gcc -o "$MODULE_BUILD_DIR/opt/openslx/bin/sslconnect" "$MODULE_DIR/sslconnect.c" -lssl -lcrypto -O3 || perror "Could not compile sslconnect.c"
 	tarcopy "$(list_packet_files | sort -u)" "${MODULE_BUILD_DIR}"	
 }
 
diff --git a/remote/modules/pam/pam.conf b/remote/modules/pam/pam.conf
index 3239f9dd..04b299ab 100644
--- a/remote/modules/pam/pam.conf
+++ b/remote/modules/pam/pam.conf
@@ -1,3 +1,4 @@
+<<<<<<< HEAD
 REQUIRED_INSTALLED_PACKAGES=" libpam-ldap
 			libnss-ldap
 			libpam-script
@@ -36,3 +37,53 @@ REQUIRED_SYSTEM_FILES="	/sbin/mkhomedir_helper
 			/etc/default/locale
 			/lib/security
 			/lib/${ARCH_TRIPLET}/security"
+=======
+REQUIRED_INSTALLED_PACKAGES="
+	libpam-ldap
+	libnss-ldap
+	libpam-script
+	krb5-user
+	krb5-config
+	libpam-krb5
+	libpam-mount
+	libssl-dev
+"
+REQUIRED_CONTENT_PACKAGES="
+	libpam0g
+	libpam-modules
+	libpam-ck-connector
+	libpam-cap
+	libpam-script
+	libldap-2.4-2
+	libpam-ldap
+	libnss-ldap
+	krb5-user
+	krb5-config
+	libpam-krb5
+	libpam-mount
+"
+REQUIRED_BINARIES="
+	sslconnect
+	mount.crypt
+	umount.crypt 
+	mount.crypt_LUKS
+	umount.crypt_LUKS
+	mount.crypto_LUKS
+	umount.crypto_LUKS
+"
+REQUIRED_DIRECTORIES="
+	/lib
+	/usr/lib
+	/etc/security
+"
+REQUIRED_SYSTEM_FILES="
+	/sbin/mkhomedir_helper
+	/etc/pam.conf
+	/etc/login.defs
+	/etc/securetty
+	/etc/default/locale
+	/lib/security
+	/lib/${ARCH_TRIPLET}/security
+"
+
+>>>>>>> b7cbad98534b00134197f4ebbf4eed416de8a654
diff --git a/remote/modules/pam/pam.conf.zypper b/remote/modules/pam/pam.conf.zypper
index 2defe1bb..698aa1c4 100644
--- a/remote/modules/pam/pam.conf.zypper
+++ b/remote/modules/pam/pam.conf.zypper
@@ -1,10 +1,31 @@
-REQUIRED_INSTALLED_PACKAGES=" pam_ldap pam pam-devel nss_ldap pam-modules"
-REQUIRED_CONTENT_PACKAGES="	pam_ldap pam pam-devel nss_ldap pam-modules nss-mdns"
-REQUIRED_BINARIES="	mkhomedir_helper"
-REQUIRED_DIRECTORIES="	/$LIB64
-			/usr/$LIB64
-			/etc/security"
-REQUIRED_SYSTEM_FILES=" /etc/login.defs
-                        /etc/securetty
-                        /$LIB64/security"
+REQUIRED_INSTALLED_PACKAGES="
+	pam_ldap
+	pam
+	pam-devel
+	nss_ldap
+	pam-modules
+	libopenssl-devel
+"
+REQUIRED_CONTENT_PACKAGES="
+	pam_ldap
+	pam
+	pam-devel
+	nss_ldap
+	pam-modules
+	nss-mdns
+"
+REQUIRED_BINARIES="
+	sslconnect
+	mkhomedir_helper
+"
+REQUIRED_DIRECTORIES="
+	/$LIB64
+	/usr/$LIB64
+	/etc/security
+"
+REQUIRED_SYSTEM_FILES="
+	/etc/login.defs
+	/etc/securetty
+	/$LIB64/security
+"
 
diff --git a/remote/modules/pam/sslconnect.c b/remote/modules/pam/sslconnect.c
new file mode 100644
index 00000000..af43093c
--- /dev/null
+++ b/remote/modules/pam/sslconnect.c
@@ -0,0 +1,201 @@
+/************************
+ * sslconnect 0.2
+ * Last Change: 2013-06-17
+ * C Implementation by Simon Rettberg
+ * Original sslconnect 0.1 was written in perl by Martin Walter
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <netdb.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+/* Init libs and data strctures */
+void init();
+/* print error report of something failed */
+void ssl_error();
+/* connect via ssl */
+SSL* ssl_connect(char * host, uint16_t port, uint16_t local_port, SSL_CTX ** ctx);
+/* read from ssl connection */
+ssize_t ssl_read(SSL * bio, char * buffer, ssize_t length);
+/* write to ssl connection */
+int ssl_write(SSL * bio, char * buffer, ssize_t length);
+
+int main(int argc, char ** argv);
+
+void init()
+{
+	SSL_load_error_strings();
+	SSL_library_init();
+	OpenSSL_add_all_algorithms();
+}
+
+void ssl_error(char* message)
+{
+	fprintf(stderr, message);
+	fprintf(stderr, "\n%s\n", ERR_error_string(ERR_get_error(), NULL));
+	fprintf(stderr, "Details: %s\n", ERR_reason_error_string(ERR_get_error()));
+	ERR_print_errors_fp(stderr);
+}
+
+SSL* ssl_connect(char * host, uint16_t port, uint16_t local_port, SSL_CTX ** ctx)
+{
+	int ret = 0;
+	/* create socket. needs to be done manually in order to bind to local port */
+	int fd = socket(AF_INET, SOCK_STREAM, 0);
+	if (fd < 0) {
+		fprintf(stderr, "Could not create socket.\n");
+		return NULL;
+	}
+
+	struct sockaddr_in sa_dest, sa_local;
+	memset(&sa_local, 0, sizeof(sa_local));
+	memset(&sa_dest, 0, sizeof(sa_dest));
+
+	sa_local.sin_family = AF_INET;
+	sa_local.sin_port = htons(local_port);
+	ret = bind(fd, (struct sockaddr *)&sa_local, sizeof(struct sockaddr));
+	if (ret == -1) {
+		fprintf(stderr, "Could not bind local socket to 0.0.0.0:%d (%d)\n", (int)local_port, (int)errno);
+		close(fd);
+		return NULL;
+	}
+
+	sa_dest.sin_family = AF_INET;
+	sa_dest.sin_port = htons(port);
+	struct hostent * rec;
+	rec = gethostbyname(host);
+	if (rec == NULL) {
+		fprintf(stderr, "Error: Invalid host: %s\n", host);
+		return NULL;
+	}
+	memcpy(&(sa_dest.sin_addr), rec->h_addr, sizeof(struct in_addr));
+
+	ret = connect(fd, (struct sockaddr *)&sa_dest, sizeof(struct sockaddr));
+	if (ret == -1) {
+		fprintf(stderr, "Could not connect to %s:%d (%d)\n", host, (int)port, (int)errno);
+		close(fd);
+		return NULL;
+	}
+
+	/* openssl part */
+	SSL * ssl;
+
+	/* Set up the SSL pointers */
+	*ctx = SSL_CTX_new(SSLv23_client_method());
+	ssl = SSL_new(*ctx);
+	SSL_set_fd(ssl, fd);
+	ret = SSL_connect(ssl);
+
+	if (ret <= 0) {
+		ssl_error("Unable to SSL_connect");
+		return NULL;
+	}
+
+	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+	return ssl;
+}
+
+ssize_t ssl_read(SSL * ssl, char * buffer, ssize_t length)
+{
+	ssize_t ret = -1;
+	int retries = 10;
+
+	while (ret < 0 && --retries > 0) {
+
+		ret = SSL_read(ssl, buffer, length);
+		if (ret >= 0) {
+			return ret;
+		}
+
+		ssl_error("SSL_read failed");
+		return -1;
+
+	}
+
+	return -1;
+}
+
+int ssl_write(SSL * ssl, char * buffer, ssize_t length)
+{
+	ssize_t ret = -1;
+	int retries = 10;
+
+	while (ret < 0 && --retries > 0) {
+
+		ret = SSL_write(ssl, buffer, length);
+		if (ret >= 0) {
+			return ret;
+		}
+
+		ssl_error("SSL_write failed");
+		return -1;
+
+	}
+
+	return -1;
+}
+
+#define READBUF 5000
+int main(int argc, char ** argv)
+{
+	if (argc < 2) {
+		fprintf(stderr, "Usage: %s host:port\n", argv[0]);
+		return 1;
+	}
+
+	init();
+
+	char buffer[READBUF];
+	SSL_CTX * ctx = NULL;
+	SSL * ssl;
+	ssize_t len;
+	size_t ret;
+	char * pos;
+	int port, lport;
+	pos = strchr(argv[1], ':');
+	if (pos == NULL) {
+		fprintf(stderr, "Error: No Port given.\n");
+		return 5;
+	}
+	port = atoi(pos+1);
+	*pos = '\0';
+
+	lport = rand() % 800 + 95;
+
+	ssl = ssl_connect(argv[1], (uint16_t)port, (uint16_t)lport, &ctx);
+	if (ssl == NULL) {
+		return 2;
+	}
+
+	ssl_write(ssl, "", 0);
+	for (;;) {
+		len = ssl_read(ssl, buffer, READBUF);
+		if (len <= 0) {
+			break;
+		}
+		ret = fwrite(buffer, 1, len, stdout);
+		if (ret != len) {
+			fprintf(stderr, "Error: fwrite could not write all received data to stdout.\n");
+			return 3;
+		}
+	}
+
+	if (len < 0) {
+		return 4;
+	}
+
+	return 0;
+}
+
author	Jonathan Bauer	2013-06-18 13:07:17 +0200
committer	Jonathan Bauer	2013-06-18 13:07:17 +0200
commit	4b0b1818c18a9cab5038249565f988c52db51702 (patch)
tree	8458d5e648cea900dc1b8eaf3005d3dc3b2f06f7 /remote/modules
parent	merge (diff)
parent	Merge branch 'master' of simonslx:openslx-ng/tm-scripts (diff)
download	tm-scripts-4b0b1818c18a9cab5038249565f988c52db51702.tar.gz tm-scripts-4b0b1818c18a9cab5038249565f988c52db51702.tar.xz tm-scripts-4b0b1818c18a9cab5038249565f988c52db51702.zip