aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2020-03-06 17:35:28 +0100
committerAndreas Schneider <asn@samba.org>2020-03-19 12:06:20 +0100
commite6574f666cb92947b136ac0c951112b65360be7c (patch)
tree7c8814465d2ef782af655543c8b10e6bfc96ed19
parent8ba6072b7581f0b0d9ca380b0b48059d0ad1344a (diff)
downloadpam_wrapper-e6574f666cb92947b136ac0c951112b65360be7c.tar.gz
pam_wrapper-e6574f666cb92947b136ac0c951112b65360be7c.tar.xz
pam_wrapper-e6574f666cb92947b136ac0c951112b65360be7c.zip
pwrap: Add support for pam_start_confdir()
This allows us to not do some ugly binary editing hacks to libpam.so. https://github.com/linux-pam/linux-pam/commit/7a84910896d5579bd9c016696224d7d69a307bd9 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r--src/pam_wrapper.c48
1 files changed, 47 insertions, 1 deletions
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index 043c00e..2a3a1d8 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -199,6 +199,12 @@ typedef int (*__libpam_pam_start)(const char *service_name,
const struct pam_conv *pam_conversation,
pam_handle_t **pamh);
+typedef int (*__libpam_pam_start_confdir)(const char *service_name,
+ const char *user,
+ const struct pam_conv *pam_conversation,
+ const char *confdir,
+ pam_handle_t **pamh);
+
typedef int (*__libpam_pam_end)(pam_handle_t *pamh, int pam_status);
typedef int (*__libpam_pam_authenticate)(pam_handle_t *pamh, int flags);
@@ -262,6 +268,7 @@ typedef void (*__libpam_pam_vsyslog)(const pam_handle_t *pamh,
struct pwrap_libpam_symbols {
PWRAP_SYMBOL_ENTRY(pam_start);
+ PWRAP_SYMBOL_ENTRY(pam_start_confdir);
PWRAP_SYMBOL_ENTRY(pam_end);
PWRAP_SYMBOL_ENTRY(pam_authenticate);
PWRAP_SYMBOL_ENTRY(pam_chauthtok);
@@ -397,6 +404,22 @@ static void *_pwrap_bind_symbol(enum pwrap_lib lib, const char *fn_name)
* valgrind and has probably something todo with with the linker.
* So we need load each function at the point it is called the first time.
*/
+#ifdef HAVE_PAM_START_CONFDIR
+static int libpam_pam_start_confdir(const char *service_name,
+ const char *user,
+ const struct pam_conv *pam_conversation,
+ const char *confdir,
+ pam_handle_t **pamh)
+{
+ pwrap_bind_symbol_libpam(pam_start_confdir);
+
+ return pwrap.libpam.symbols._libpam_pam_start_confdir.f(service_name,
+ user,
+ pam_conversation,
+ confdir,
+ pamh);
+}
+#else
static int libpam_pam_start(const char *service_name,
const char *user,
const struct pam_conv *pam_conversation,
@@ -410,6 +433,8 @@ static int libpam_pam_start(const char *service_name,
pamh);
}
+#endif
+
static int libpam_pam_end(pam_handle_t *pamh, int pam_status)
{
pwrap_bind_symbol_libpam(pam_end);
@@ -777,6 +802,7 @@ static void pwrap_clean_stale_dirs(const char *dir)
return;
}
+#ifndef HAVE_PAM_START_CONFDIR
static int pso_copy(const char *src, const char *dst, const char *pdir, mode_t mode)
{
#define PSO_COPY_READ_SIZE 16
@@ -895,6 +921,7 @@ out:
return rc;
#undef PSO_COPY_READ_SIZE
}
+#endif /* HAVE_PAM_START_CONFDIR */
static void pwrap_init(void)
{
@@ -904,8 +931,10 @@ static void pwrap_init(void)
struct stat sb;
int rc;
unsigned i;
+#ifndef HAVE_PAM_START_CONFDIR
char pam_library[128] = { 0 };
char libpam_path[1024] = { 0 };
+#endif
ssize_t ret;
FILE *pidfile;
char pidfile_path[1024] = { 0 };
@@ -996,6 +1025,14 @@ static void pwrap_init(void)
exit(1);
}
+#ifdef HAVE_PAM_START_CONFDIR
+ pwrap.libpam_so = strdup(PAM_LIBRARY);
+ if (pwrap.libpam_so == NULL) {
+ PWRAP_LOG(PWRAP_LOG_ERROR, "No memory");
+ p_rmdirs(pwrap.config_dir);
+ exit(1);
+ }
+#else /* HAVE_PAM_START_CONFDIR */
/* create lib subdirectory */
snprintf(libpam_path,
sizeof(libpam_path),
@@ -1080,6 +1117,9 @@ static void pwrap_init(void)
p_rmdirs(pwrap.config_dir);
exit(1);
}
+#endif /* HAVE_PAM_START_CONFDIR */
+
+ PWRAP_LOG(PWRAP_LOG_TRACE, "Using libpam path: %s", pwrap.libpam_so);
pwrap.initialised = true;
@@ -1198,11 +1238,17 @@ static int pwrap_pam_start(const char *service_name,
service_name,
user);
-#ifdef HAVE_OPENPAM
+#if defined(HAVE_OPENPAM)
return pwrap_openpam_start(service_name,
user,
pam_conversation,
pamh);
+#elif defined (HAVE_PAM_START_CONFDIR)
+ return libpam_pam_start_confdir(service_name,
+ user,
+ pam_conversation,
+ pwrap.config_dir,
+ pamh);
#else
return libpam_pam_start(service_name,
user,