[Bug 912695] [NEW] libpam_blue requires root, fails if non-privileged

Ross Boswell Fri, 06 Jan 2012 02:42:45 -0800

Public bug reported:

I modified /etc/pam.d/common-auth to allow two-factor authentication
using password and either bluetooth proximity or, if that fails, google-
authenticator:


. . .
# here are the per-package modules (the "Primary" block)
auth    [success=1 default=ignore]      pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
#
auth    [success=1 default=ignore]      pam_blue.so
auth    required                        pam_google_authenticator.so
#
# prime the stack . . .

This works fine for login, but bluetooth authentication always fails when 
unlocking gnome-screensaver with the error message:
Bluetooth scan failure [bluetooth device up?]

The reason seems to be that pam_blue is based on l2cap which requires
root authority to create sockets (l2ping runs as root but fails for a
non-privileged user).

An alternative method of detecting bluetooth proximity is to use hcitool:
hcitool name xx:xx:xx:xx:xx:xx
returns the name of the device whose MAC is given, or nothing on fail, and it 
works for a non-privileged user.

Replacing pam_blue with a simple hacked version using hcitool works for both 
login and gnome-screensaver unlock:
  
  int rc = PAM_SESSION_ERR;
  FILE *fpipe;
  char *command="hcitool name xx:xx:xx:xx:xx:xx";
  char line[256];

  if ( !(fpipe = (FILE*)popen(command,"r")) ) {
     perror("Problems with pipe");
     exit(1);
  }
  while ( fgets( line, sizeof line, fpipe))  {
    if (strlen(line) > 2) rc = PAM_SUCCESS;
  }
  pclose(fpipe);
  return rc;

This bug probably affects all versions to date, but has been confirmed
in Ubuntu 11.04 and 11.10, and in  libpam-blue 0.9.0-3

** Affects: libpam-blue (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/912695

Title:
  libpam_blue requires root, fails if non-privileged

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-blue/+bug/912695/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 912695] [NEW] libpam_blue requires root, fails if non-privileged

Reply via email to