diff options
author | Andreas Schneider <asn@samba.org> | 2020-03-06 17:35:28 +0100 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2020-03-19 12:06:20 +0100 |
commit | e6574f666cb92947b136ac0c951112b65360be7c (patch) | |
tree | 7c8814465d2ef782af655543c8b10e6bfc96ed19 | |
parent | 8ba6072b7581f0b0d9ca380b0b48059d0ad1344a (diff) | |
download | pam_wrapper-e6574f666cb92947b136ac0c951112b65360be7c.tar.gz pam_wrapper-e6574f666cb92947b136ac0c951112b65360be7c.tar.xz pam_wrapper-e6574f666cb92947b136ac0c951112b65360be7c.zip |
pwrap: Add support for pam_start_confdir()
This allows us to not do some ugly binary editing hacks to libpam.so.
https://github.com/linux-pam/linux-pam/commit/7a84910896d5579bd9c016696224d7d69a307bd9
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | src/pam_wrapper.c | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 043c00e..2a3a1d8 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -199,6 +199,12 @@ typedef int (*__libpam_pam_start)(const char *service_name, const struct pam_conv *pam_conversation, pam_handle_t **pamh); +typedef int (*__libpam_pam_start_confdir)(const char *service_name, + const char *user, + const struct pam_conv *pam_conversation, + const char *confdir, + pam_handle_t **pamh); + typedef int (*__libpam_pam_end)(pam_handle_t *pamh, int pam_status); typedef int (*__libpam_pam_authenticate)(pam_handle_t *pamh, int flags); @@ -262,6 +268,7 @@ typedef void (*__libpam_pam_vsyslog)(const pam_handle_t *pamh, struct pwrap_libpam_symbols { PWRAP_SYMBOL_ENTRY(pam_start); + PWRAP_SYMBOL_ENTRY(pam_start_confdir); PWRAP_SYMBOL_ENTRY(pam_end); PWRAP_SYMBOL_ENTRY(pam_authenticate); PWRAP_SYMBOL_ENTRY(pam_chauthtok); @@ -397,6 +404,22 @@ static void *_pwrap_bind_symbol(enum pwrap_lib lib, const char *fn_name) * valgrind and has probably something todo with with the linker. * So we need load each function at the point it is called the first time. */ +#ifdef HAVE_PAM_START_CONFDIR +static int libpam_pam_start_confdir(const char *service_name, + const char *user, + const struct pam_conv *pam_conversation, + const char *confdir, + pam_handle_t **pamh) +{ + pwrap_bind_symbol_libpam(pam_start_confdir); + + return pwrap.libpam.symbols._libpam_pam_start_confdir.f(service_name, + user, + pam_conversation, + confdir, + pamh); +} +#else static int libpam_pam_start(const char *service_name, const char *user, const struct pam_conv *pam_conversation, @@ -410,6 +433,8 @@ static int libpam_pam_start(const char *service_name, pamh); } +#endif + static int libpam_pam_end(pam_handle_t *pamh, int pam_status) { pwrap_bind_symbol_libpam(pam_end); @@ -777,6 +802,7 @@ static void pwrap_clean_stale_dirs(const char *dir) return; } +#ifndef HAVE_PAM_START_CONFDIR static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t mode) { #define PSO_COPY_READ_SIZE 16 @@ -895,6 +921,7 @@ out: return rc; #undef PSO_COPY_READ_SIZE } +#endif /* HAVE_PAM_START_CONFDIR */ static void pwrap_init(void) { @@ -904,8 +931,10 @@ static void pwrap_init(void) struct stat sb; int rc; unsigned i; +#ifndef HAVE_PAM_START_CONFDIR char pam_library[128] = { 0 }; char libpam_path[1024] = { 0 }; +#endif ssize_t ret; FILE *pidfile; char pidfile_path[1024] = { 0 }; @@ -996,6 +1025,14 @@ static void pwrap_init(void) exit(1); } +#ifdef HAVE_PAM_START_CONFDIR + pwrap.libpam_so = strdup(PAM_LIBRARY); + if (pwrap.libpam_so == NULL) { + PWRAP_LOG(PWRAP_LOG_ERROR, "No memory"); + p_rmdirs(pwrap.config_dir); + exit(1); + } +#else /* HAVE_PAM_START_CONFDIR */ /* create lib subdirectory */ snprintf(libpam_path, sizeof(libpam_path), @@ -1080,6 +1117,9 @@ static void pwrap_init(void) p_rmdirs(pwrap.config_dir); exit(1); } +#endif /* HAVE_PAM_START_CONFDIR */ + + PWRAP_LOG(PWRAP_LOG_TRACE, "Using libpam path: %s", pwrap.libpam_so); pwrap.initialised = true; @@ -1198,11 +1238,17 @@ static int pwrap_pam_start(const char *service_name, service_name, user); -#ifdef HAVE_OPENPAM +#if defined(HAVE_OPENPAM) return pwrap_openpam_start(service_name, user, pam_conversation, pamh); +#elif defined (HAVE_PAM_START_CONFDIR) + return libpam_pam_start_confdir(service_name, + user, + pam_conversation, + pwrap.config_dir, + pamh); #else return libpam_pam_start(service_name, user, |