Dear Craig As you'll see from the bug report, I found it easier to replace l2ping with hcitool. That worked for me, and I moved on.
Kind regards -- Ross On 4/06/2013, at 11:36, Craig McQueen <912...@bugs.launchpad.net> wrote: > Is pam_blue maintained? It's looking a bit dead at the moment. How can > we contribute patches "upstream" or to continue development in > Debian/Ubuntu? According to the Ubuntu package, the web site is > http://pam.0xdef.net/ but that is not responding, at least not at the > moment. > > Would it be possible to patch l2ping to work if a non-root user is a > member of e.g. "bluetooth" group? From strace, it seems the problem is > with a call to "socket(PF_BLUETOOTH, SOCK_RAW, 0)", and raw sockets > normally need root user or capability CAP_NET_RAW. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/912695 > > Title: > libpam_blue requires root, fails if non-privileged > > Status in “libpam-blue” package in Ubuntu: > Confirmed > > Bug description: > I modified /etc/pam.d/common-auth to allow two-factor authentication > using password and either bluetooth proximity or, if that fails, > google-authenticator: > > . . . > # here are the per-package modules (the "Primary" block) > auth [success=1 default=ignore] pam_unix.so nullok_secure > # here's the fallback if no module succeeds > auth requisite pam_deny.so > # > auth [success=1 default=ignore] pam_blue.so > auth required pam_google_authenticator.so > # > # prime the stack . . . > > This works fine for login, but bluetooth authentication always fails when > unlocking gnome-screensaver with the error message: > Bluetooth scan failure [bluetooth device up?] > > The reason seems to be that pam_blue is based on l2cap which requires > root authority to create sockets (l2ping runs as root but fails for a > non-privileged user). > > An alternative method of detecting bluetooth proximity is to use hcitool: > hcitool name xx:xx:xx:xx:xx:xx > returns the name of the device whose MAC is given, or nothing on fail, and > it works for a non-privileged user. > > Replacing pam_blue with a simple hacked version using hcitool works for both > login and gnome-screensaver unlock: > > int rc = PAM_SESSION_ERR; > FILE *fpipe; > char *command="hcitool name xx:xx:xx:xx:xx:xx"; > char line[256]; > > if ( !(fpipe = (FILE*)popen(command,"r")) ) { > perror("Problems with pipe"); > exit(1); > } > while ( fgets( line, sizeof line, fpipe)) { > if (strlen(line) > 2) rc = PAM_SUCCESS; > } > pclose(fpipe); > return rc; > > This bug probably affects all versions to date, but has been confirmed > in Ubuntu 11.04 and 11.10, and in libpam-blue 0.9.0-3 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/libpam-blue/+bug/912695/+subscriptions -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/912695 Title: libpam_blue requires root, fails if non-privileged To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-blue/+bug/912695/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
