From e26a6116ecf52ae96e307d48102e60ad6f6a044d Mon Sep 17 00:00:00 2001 From: Gitea Date: Fri, 14 Feb 2025 08:57:46 +0100 Subject: [PATCH] Switch from just saving XML data to parsing JSON data --- Changelog | 5 +++++ Makefile | 18 +++++++++++------- add-eid.c | 18 ++++++++++++++---- auth.c | 31 +++++++++++++++++++++++++------ client.c | 4 ++-- debian/changelog | 6 ++++++ debian/control | 1 + 7 files changed, 64 insertions(+), 19 deletions(-) diff --git a/Changelog b/Changelog index 430e754..b2f2ec2 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,8 @@ +2025-01-13 Christoph Pleger + + Release 4.0 + + Switch from just saving XML data to parsing JSON data + 2024-10-08 Christoph Pleger Release 3.0 diff --git a/Makefile b/Makefile index 68771d2..329a1a6 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,8 @@ ARCH := $(shell gcc -dumpmachine) -EXEC_OBJS := authorized_eid.o client.o add-eid.o -PAM_OBJS := pam_eid.o auth.o authorized_eid.o client.o +EXEC_OBJS := authorized_eid.o client.o add-eid.o json.o +PAM_OBJS := pam_eid.o auth.o authorized_eid.o client.o json.o CURL_CFLAGS := $(shell /usr/bin/pkg-config --cflags libcurl) CURL_LDFLAGS := $(shell /usr/bin/pkg-config --libs libcurl) @@ -16,9 +16,12 @@ PAM_LDFLAGS := $(shell /usr/bin/pkg-config --libs pam) GLIB_CFLAGS := $(shell /usr/bin/pkg-config --cflags glib-2.0) GLIB_LDFLAGS := $(shell /usr/bin/pkg-config --libs glib-2.0) -CFLAGS := -O2 -Wall -Werror -g -fPIC $(CURL_CFLAGS) $(PAM_CFLAGS) $(GLIB_CFLAGS) -EXEC_LDFLAGS := $(CURL_LDFLAGS) $(GLIB_LDFLAGS) -PAM_LDFLAGS := $(CURL_LDFLAGS) $(PAM_LDFLAGS) $(GLIB_LDFLAGS) +JSON_CFLAGS := $(shell /usr/bin/pkg-config --cflags libcjson) +JSON_LDFLAGS := $(shell /usr/bin/pkg-config --libs libcjson) + +CFLAGS := -O2 -Wall -Werror -g -fPIC $(CURL_CFLAGS) $(PAM_CFLAGS) $(GLIB_CFLAGS) $(JSON_CFLAGS) +EXEC_LDFLAGS := $(CURL_LDFLAGS) $(GLIB_LDFLAGS) $(JSON_LDFLAGS) +PAM_LDFLAGS := $(CURL_LDFLAGS) $(PAM_LDFLAGS) $(GLIB_LDFLAGS) $(JSON_LDFLAGS) all: pam_eid.so add-eid @@ -29,10 +32,11 @@ add-eid: $(EXEC_OBJS) gcc -o add-eid $(EXEC_OBJS) $(EXEC_LDFLAGS) pam_eid.o: auth.h pam_eid.h -auth.o: authorized_eid.h client.h auth.h pam_eid.h -add-eid.o: authorized_eid.h client.h +auth.o: authorized_eid.h client.h auth.h pam_eid.h json.h +add-eid.o: authorized_eid.h client.h json.h authorized_eid.o: authorized_eid.h client.o: client.h +json.o: json.h install: all install -m 755 -d $(DESTDIR)/usr/lib/$(ARCH)/security diff --git a/add-eid.c b/add-eid.c index 8d4b134..7506d3e 100644 --- a/add-eid.c +++ b/add-eid.c @@ -15,14 +15,15 @@ #include "authorized_eid.h" #include "client.h" +#include "json.h" int main(int argc, char *argv[]) { struct passwd *passwd; FILE *authorized_eid; + char *res1, *res2; gchar *hash; CURL *curl; - char *res; if ((curl = curl_easy_init()) == NULL) { @@ -31,15 +32,24 @@ int main(int argc, char *argv[]) } port = 24727; - res = eidResponse(curl); + res1 = eidResponse(curl); - if (res == NULL) + if (res1 == NULL) { fprintf(stderr, "Did not receive a valid result from the web\n"); exit(-2); } - hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res)); + res2 = json2txt(res1); + + if (res2 == NULL) + { + fprintf(stderr, "The result from the web could not be parsed\n"); + exit(-3); + } + + hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res2, strlen(res2)); + free(res2); errno = 0; if ((passwd = getpwuid(geteuid())) == NULL) diff --git a/auth.c b/auth.c index 7b84707..2dc3371 100644 --- a/auth.c +++ b/auth.c @@ -15,12 +15,14 @@ #include "authorized_eid.h" #include "client.h" #include "auth.h" +#include "json.h" #include "pam_eid.h" int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl) { char *fileEntry = NULL; - char *res = NULL; + char *res1 = NULL; + char *res2 = NULL; FILE *authorized_eid; gchar *hash; size_t n; @@ -45,7 +47,7 @@ int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl) port = 41325; - if ((res = eidResponse(curl)) == NULL) + if ((res1 = eidResponse(curl)) == NULL) { pam_syslog(pamh, LOG_ERR, "curl_easy_perform() failed: %s", errbuf); r = PAM_SERVICE_ERR; @@ -56,10 +58,27 @@ int auth(pam_handle_t *pamh, struct passwd *passwd, CURL *curl) { pam_syslog(pamh, LOG_DEBUG, "curl_easy_perform() succeeded"); pam_syslog(pamh, LOG_DEBUG, "The data read from web is: %s", - res); + res1); } - hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res, strlen(res)); + res2 = json2txt(res1); + + if (res2 == NULL) + { + pam_syslog(pamh, LOG_DEBUG, "The result from the web could not be parsed\n"); + r = PAM_SERVICE_ERR; + goto cleanup; + } + + if (params.debug) + { + pam_syslog(pamh, LOG_DEBUG, "json2txt() succeeded"); + pam_syslog(pamh, LOG_DEBUG, "The result is: %s", + res2); + } + + hash = g_compute_checksum_for_string(G_CHECKSUM_SHA512, res2, strlen(res2)); + free(res2); if (params.debug) { @@ -107,8 +126,8 @@ cleanup: if (authorized_eid != NULL) fclose(authorized_eid); - if (res != NULL) - free(res); + if (res1 != NULL) + free(res1); if (fileEntry != NULL) free(fileEntry); diff --git a/client.c b/client.c index fc25086..e28c636 100644 --- a/client.c +++ b/client.c @@ -10,8 +10,8 @@ #include "client.h" -static const char action_eid[] = "tcTokenURL=https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=xml"; -static const char action_eid_ok[] = "http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok"; +static const char action_eid[] = "tcTokenURL=https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json"; +static const char action_eid_ok[] = "http://www.bsi.bund.de/ecard/api/1.1/resultmajor#ok"; char errbuf[CURL_ERROR_SIZE]; int port; diff --git a/debian/changelog b/debian/changelog index fe6a5cd..cb7cd99 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pam-eid (4.0-1) unstable; urgency=medium + + * New upstream release + + -- Christoph Pleger Thu, 13 Feb 2025 18:56:49 +0100 + pam-eid (3.0-1) unstable; urgency=medium * New upstream release diff --git a/debian/control b/debian/control index 879ff59..3ce0734 100644 --- a/debian/control +++ b/debian/control @@ -8,6 +8,7 @@ Build-Depends: libcurl4-gnutls-dev | libcurl4-openssl-dev, libglib2.0-dev, libpam0g-dev, + libcjson-dev, pkgconf | pkg-config Standards-Version: 4.6.2