# TEST NEW SMTP FUNC

PRECONFIG:

* debian 9.7 (minimal server install) : just 120 pkg - without X11
$ wget -nv https://download.opensuse.org/repositories/home:Alexander_Naumov: 
   pam-accesscontrol/Debian_9.0/Release.key -O Release.key
$ apt-key add - < Release.key
$ apt-get update
$ echo 'deb http://download.opensuse.org/repositories/home:/Alexander_Naumov:
   /pam-accesscontrol/Debian_9.0/ /' > 
   /etc/apt/sources.list.d/home:Alexander_Naumov:pam-accesscontrol.list
$ apt install pam-accesscontrol
$ cd /tmp
$ [email protected]:alexander-naumov/pam-accesscontrol.git

update with upstream

$ apt install mailutils
$ apt install postfix

type: local only
name: debian.fritz.box

$ systemctl restart postfix
$ CHECK: echo "TEST MAIL" | mail -s "Subject" root@localhost
$ vim pam-accessconfig.conf

SERVER:127.0.0.1
SSHD [email protected],deface@localhost,root@localhost,[email protected]

RESULT:

+ CONFIG ----------------------------------- PASSWD OK -------- PASSWD NG -------+
|				                                                 |
| LOGIN (SSH) + SSH OPEN FOR USER .......... MAIL LOCAL -> OK	MAIL LOCAL -> NO?|
|	       				     MAIL EXTER -> NO? 	MAIL EXTER -> NO?|
|                                                                                |
| LOGIN (SSH) + SSH CLOSED FOR USER ........ MAIL LOCAL -> NO?	MAIL LOCAL -> NO?|	
|                                            MAIL EXTER -> NO? 	MAIL EXTER -> NO?|
+--------------------------------------------------------------------------------+

Arch Linux & Gentoo Support

Packages for Arch and Gentoo Linux It's possibe to build Arch-packages in OBS.

Additional context

Status in process ...

More info / Support

@oleg-pahl

Lightdm + i3 on Debian 9.7

# pam-accesscontrol check-my-config /etc/pam-accesscontrol.d/pam-accesscontrol.conf`

FILE: /etc/pam-accesscontrol.d/pam-accesscontrol.conf
DEFAULT:OPEN
DEBUG:TRUE
LIGHTDM CLOSE USER DEFACE

# tail -f syslog | grep -i Error`

debian lightdm[1049]: Error getting user list from org.freedesktop.Accounts:
GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: 
The name org.freedesktop. Accounts was not provided by any .service files

Let's create a documentation (man page) for the GPG keys management.

By opening new session, pam-accesscontrol puts some information to the syslog twice: during authentication phase and opening-new-session phase. It's not critical, but should be fixed.

That would be great to have some minimalist version of the pam-accesscontrol. Right now this PAM management system is depend of PyQt5. What means for some distros like SLE is about 100 addition packages. It's just for PyQt5 support...

For such desktop distros like Kubuntu it's just a 6 packages.

I suggest to provide something like the CORE package that will provide the core functionality of pam-accesscontrol and some addition packages for notification windows (it could be Qt5, GTK+ or just Tk windows). The idea is to have stable version that could work without this addition "GUI-package".

Hi.
I try to build this app in my Docker Container with GitLab CI Runner.
I found that opessh-server dep is absent.

Workaround: Please fix opessh-server to openssh-server

Source: pam-accesscontrol
Section: misc
Standards-Version: 3.9.3
Priority: extra
Maintainer: Alexander Naumov [email protected]
Build-Depends: debhelper (>= 7.0.50~),
config-package-dev
cdbs

Package: pam-accesscontrol
Pre-Depends: coreutils
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.7), opessh-server, libpam-python
Description: PAM-ACCESSCONTROL is writen in python and use PAM to control login access to
the host via SSH, sddm, slim, gdm, kdm, xdm, lightdm, and login(1).
It makes it possible to manages access for some group of users or, for example,
depend on configuration can ask user for confirmation about establishing each
new incoming SSH-connection.

Hi, Alex.

Its me.
look here ...

System:

ubuntu 14.04 (KDM) Kernel 4.4.0

File:

/lib/security/accesscontrol.py

Code:

def create_log(logtype, SERVICE, rhost, user, mode, msg):
  """
  It creates new entry in the logfile. The format of log-entry is:
  date <SPACE> current time <TAB> service name <TAB> rule <TAB> username@hostname <TAB> some_text <newline>
  """
  now  = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")
  FILE = '/var/log/pam-accesscontrol-' + str(datetime.datetime.now().strftime("%Y-%m")) + '.log'

  if not rhost: rhost = "localhost"
  try:
    fd = open(FILE, 'a+')
    fd.write("%s%s%s%s%s\n" % (now.ljust(23), SERVICE.ljust(7), str(mode).ljust(10), (str(user) + "@" + str(rhost)).ljust(50), msg.ljust(15)))
    fd.close()
  except:
syslog.syslog(logtype + "Hi, I am here .... .... can't open/write logfile " + FILE)

Test:

I try lock my screen then unlock and check syslog

Syslog Output:

# tail -f /var/log/syslog | grep filelog

date ... kcheckpass (kdm) ... can't open/write logfile /var/log/pam-accesscontrol ...

Workaround:

# sudo chmod +s /path/kcheckpass 
or change func in file [accesscontrol.py]

Links:

https://github.com/KDE/kscreenlocker/tree/master/kcheckpass

Please contact me on [email protected] if u need more info.
Many thx for your strong support!
P.S. RunBSD

Hi Alex,

could you be so kind to change src name from v0.97.tar.gz to goto-accesscontrol-0.97.tar.gz ?

Thx

Hi, Alex
Many Thx for your Support.
Could you be so kind to change debian/control file and putt all Build-Depends in one line with comma or just put comma after config-package-dev!
Thx.

Before:

Build-Depends: debhelper (>= 7.0.50~),
 config-package-dev
 cdbs

After:

Build-Depends: debhelper (>= 7.0.50~), config-package-dev, cdbs

Because of log from my GitLab CI/CD Docker Runner Container:

Running with gitlab-runner 11.0.0 (5396d320)
on MY Build Runner 92da1a5f
Using Docker executor with image mybuildsys:latest ...
Using locally found image version due to if-not-present pull policy
Using docker image sha256:302d7f148f2d5a67bef8c075908bac1106431ba17ea2b09dffeb7184bcc9aadb for mybuildsys:latest ...
Running on runner-92da1a5f-project-1-concurrent-0 via sietest...
Cloning repository...
Cloning into '/builds/root/pamac'...
Checking out 87bbf50a as master...
Skipping Git submodules setup
$ dpkg-buildpackage -us -uc
dpkg-buildpackage: source package pam-accesscontrol
dpkg-buildpackage: source version 0.92
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Alexander Naumov [email protected]
dpkg-buildpackage: host architecture amd64
dpkg-source --before-build pamac
dpkg-source: warning: can't parse dependency config-package-dev
cdbs
dpkg-source: error: error occurred while parsing Build-Depends
dpkg-buildpackage: error: dpkg-source --before-build pamac gave error exit status 255
ERROR: Job failed: exit code 1

[root@redhat tmp]# rpm -i pam-accesscontrol-0.94-2.1.noarch.rpm

error: Failed dependencies:

/usr/bin/python3 is needed by pam-accesscontrol-0.94-2.1.noarch
pam-python is needed by pam-accesscontrol-0.94-2.1.noarch
python3-qt5 is needed by pam-accesscontrol-0.94-2.1.noarch

> FYI:
> Kernel: 3.10.0-862.el7.x86_64 GNU/Linux

Deprecation, Deprecation everywhere :-)

# pam-accesscontrol show-pam-info sshd login
/usr/sbin/pam-accesscontrol:63: DeprecationWarning: dist() and linux_distribution() functions are deprecated in Python 3.5
  if platform.linux_distribution()[0] in ['Ubuntu', 'Debian']:
/usr/sbin/pam-accesscontrol:65: DeprecationWarning: dist() and linux_distribution() functions are deprecated in Python 3.5
  if platform.linux_distribution()[0] in ['CentOS Linux', 'Fedora', 'openSUSE', 'SuSE']:
/usr/sbin/pam-accesscontrol:67: DeprecationWarning: dist() and linux_distribution() functions are deprecated in Python 3.5
  if len(platform.linux_distribution()[0]) == 0:
-----------------------------------------------------------------------
Information about /etc/pam.d/sshd:
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.

xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
-----------------------------------------------------------------------
Information about /etc/pam.d/login:
This package contains a large variety of low-level system utilities
that are necessary for a Linux system to function. It contains the
mount program, the fdisk configuration tool, and more.

openSUSE Tumbleweed, Python3.7.3