diff options
author | Andreas Schneider <asn@samba.org> | 2020-03-23 17:44:22 +0100 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2020-03-24 08:38:02 +0100 |
commit | 045210208d5dfc8b4e41735eeb73165d4a37990e (patch) | |
tree | 804073586847cb5c2d921048635419e5455805d6 | |
parent | c559f8d98331ecfa7c32396556fac040c61b7e55 (diff) | |
download | pam_wrapper-045210208d5dfc8b4e41735eeb73165d4a37990e.tar.gz pam_wrapper-045210208d5dfc8b4e41735eeb73165d4a37990e.tar.xz pam_wrapper-045210208d5dfc8b4e41735eeb73165d4a37990e.zip |
pwrap: Create two pwrap_init() functions
One for pam_start() and one for pam_start_confdir() support.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | src/pam_wrapper.c | 145 |
1 files changed, 132 insertions, 13 deletions
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 088754b..3e5ebbe 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -804,7 +804,137 @@ static void pwrap_clean_stale_dirs(const char *dir) return; } -#ifndef HAVE_PAM_START_CONFDIR +#ifdef HAVE_PAM_START_CONFDIR +static void pwrap_init(void) +{ + char tmp_config_dir[] = "/tmp/pam.X"; + size_t len = strlen(tmp_config_dir); + const char *env; + struct stat sb; + int rc; + unsigned i; + ssize_t ret; + FILE *pidfile; + char pidfile_path[1024] = { 0 }; + char letter; + + if (!pam_wrapper_enabled()) { + return; + } + + if (pwrap.initialised) { + return; + } + + /* + * The name is selected to match/replace /etc/pam.d + * We start from a random alphanum trying letters until + * an available directory is found. + */ + letter = 48 + (getpid() % 70); + for (i = 0; i < 127; i++) { + if (isalpha(letter) || isdigit(letter)) { + tmp_config_dir[len - 1] = letter; + + rc = lstat(tmp_config_dir, &sb); + if (rc == 0) { + PWRAP_LOG(PWRAP_LOG_TRACE, + "Check if pam_wrapper dir %s is a " + "stale directory", + tmp_config_dir); + pwrap_clean_stale_dirs(tmp_config_dir); + } else if (rc < 0) { + if (errno != ENOENT) { + continue; + } + break; /* found */ + } + } + + letter++; + letter %= 127; + } + + if (i == 127) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to find a possible path to create " + "pam_wrapper config dir: %s", + tmp_config_dir); + exit(1); + } + + PWRAP_LOG(PWRAP_LOG_DEBUG, "Initialize pam_wrapper"); + + pwrap.config_dir = strdup(tmp_config_dir); + if (pwrap.config_dir == NULL) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "No memory"); + exit(1); + } + PWRAP_LOG(PWRAP_LOG_TRACE, + "pam_wrapper config dir: %s", + tmp_config_dir); + + rc = mkdir(pwrap.config_dir, 0755); + if (rc != 0) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Failed to create pam_wrapper config dir: %s - %s", + tmp_config_dir, strerror(errno)); + } + + /* Create file with the PID of the the process */ + ret = snprintf(pidfile_path, sizeof(pidfile_path), + "%s/pid", pwrap.config_dir); + if (ret < 0) { + p_rmdirs(pwrap.config_dir); + exit(1); + } + + pidfile = fopen(pidfile_path, "w"); + if (pidfile == NULL) { + p_rmdirs(pwrap.config_dir); + exit(1); + } + + rc = fprintf(pidfile, "%d", getpid()); + fclose(pidfile); + if (rc <= 0) { + p_rmdirs(pwrap.config_dir); + exit(1); + } + + pwrap.libpam_so = strdup(PAM_LIBRARY); + if (pwrap.libpam_so == NULL) { + PWRAP_LOG(PWRAP_LOG_ERROR, "No memory"); + p_rmdirs(pwrap.config_dir); + exit(1); + } + + PWRAP_LOG(PWRAP_LOG_TRACE, "Using libpam path: %s", pwrap.libpam_so); + + pwrap.initialised = true; + + env = getenv("PAM_WRAPPER_SERVICE_DIR"); + if (env == NULL) { + PWRAP_LOG(PWRAP_LOG_ERROR, "No config file"); + p_rmdirs(pwrap.config_dir); + exit(1); + } + + rc = copy_confdir(env); + if (rc != 0) { + PWRAP_LOG(PWRAP_LOG_ERROR, "Failed to copy config files"); + p_rmdirs(pwrap.config_dir); + exit(1); + } + + setenv("PAM_WRAPPER_RUNTIME_DIR", pwrap.config_dir, 1); + + PWRAP_LOG(PWRAP_LOG_DEBUG, "Successfully initialized pam_wrapper"); +} + +#else /* HAVE_PAM_START_CONFDIR */ + static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t mode) { #define PSO_COPY_READ_SIZE 16 @@ -923,7 +1053,6 @@ out: return rc; #undef PSO_COPY_READ_SIZE } -#endif /* HAVE_PAM_START_CONFDIR */ static void pwrap_init(void) { @@ -933,10 +1062,8 @@ static void pwrap_init(void) struct stat sb; int rc; unsigned i; -#ifndef HAVE_PAM_START_CONFDIR char pam_library[128] = { 0 }; char libpam_path[1024] = { 0 }; -#endif ssize_t ret; FILE *pidfile; char pidfile_path[1024] = { 0 }; @@ -1027,14 +1154,6 @@ static void pwrap_init(void) exit(1); } -#ifdef HAVE_PAM_START_CONFDIR - pwrap.libpam_so = strdup(PAM_LIBRARY); - if (pwrap.libpam_so == NULL) { - PWRAP_LOG(PWRAP_LOG_ERROR, "No memory"); - p_rmdirs(pwrap.config_dir); - exit(1); - } -#else /* HAVE_PAM_START_CONFDIR */ /* create lib subdirectory */ snprintf(libpam_path, sizeof(libpam_path), @@ -1119,7 +1238,6 @@ static void pwrap_init(void) p_rmdirs(pwrap.config_dir); exit(1); } -#endif /* HAVE_PAM_START_CONFDIR */ PWRAP_LOG(PWRAP_LOG_TRACE, "Using libpam path: %s", pwrap.libpam_so); @@ -1143,6 +1261,7 @@ static void pwrap_init(void) PWRAP_LOG(PWRAP_LOG_DEBUG, "Successfully initialized pam_wrapper"); } +#endif /* HAVE_PAM_START_CONFDIR */ bool pam_wrapper_enabled(void) { |