pwrap: Wrap pam_setcred

3 files changed, 74 insertions, 2 deletions

diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index 996ec56..b2285ad 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -193,6 +193,8 @@ typedef int (*__libpam_pam_open_session)(pam_handle_t *pamh, int flags);
 
 typedef int (*__libpam_pam_close_session)(pam_handle_t *pamh, int flags);
 
+typedef int (*__libpam_pam_setcred)(pam_handle_t *pamh, int flags);
+
 #define PWRAP_SYMBOL_ENTRY(i) \
 	union { \
 		__libpam_##i f; \
@@ -210,6 +212,7 @@ struct pwrap_libpam_symbols {
 	PWRAP_SYMBOL_ENTRY(pam_getenvlist);
 	PWRAP_SYMBOL_ENTRY(pam_open_session);
 	PWRAP_SYMBOL_ENTRY(pam_close_session);
+	PWRAP_SYMBOL_ENTRY(pam_setcred);
 };
 
 struct pwrap {
@@ -390,6 +393,13 @@ static int libpam_pam_close_session(pam_handle_t *pamh, int flags)
 	return pwrap.libpam.symbols._libpam_pam_close_session.f(pamh, flags);
 }
 
+static int libpam_pam_setcred(pam_handle_t *pamh, int flags)
+{
+	pwrap_bind_symbol_libpam(pam_setcred);
+
+	return pwrap.libpam.symbols._libpam_pam_setcred.f(pamh, flags);
+}
+
 /*********************************************************
  * PWRAP INIT
  *********************************************************/
@@ -815,6 +825,17 @@ int pam_close_session(pam_handle_t *pamh, int flags)
 	return pwrap_pam_close_session(pamh, flags);
 }
 
+static int pwrap_pam_setcred(pam_handle_t *pamh, int flags)
+{
+	PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_pam_setcred called");
+	return libpam_pam_setcred(pamh, flags);
+}
+
+int pam_setcred(pam_handle_t *pamh, int flags)
+{
+	return pwrap_pam_setcred(pamh, flags);
+}
+
 /****************************
  * DESTRUCTOR
  ***************************/
diff --git a/tests/pam_example.c b/tests/pam_example.c
index 1510453..feca3c4 100644
--- a/tests/pam_example.c
+++ b/tests/pam_example.c
@@ -15,6 +15,9 @@
 #define HOME_VAR	"HOMEDIR"
 #define HOME_VAR_SZ	sizeof(HOME_VAR)-1
 
+#define CRED_VAR	"CRED"
+#define CRED_VAR_SZ	sizeof(CRED_VAR)-1
+
 /* Skips leading tabs and spaces to find beginning of a key,
  * then walks over the key until a blank is find
  */
@@ -412,12 +415,38 @@ PAM_EXTERN int
 pam_sm_setcred(pam_handle_t *pamh, int flags,
 	       int argc, const char *argv[])
 {
-	(void) pamh;  /* unused */
+	struct pam_example_ctx pctx;
+	int rv;
+	char cred[PATH_MAX + CRED_VAR_SZ];
+
 	(void) flags; /* unused */
 	(void) argc;  /* unused */
 	(void) argv;  /* unused */
 
-	return PAM_SUCCESS;
+	memset(&pctx, 0, sizeof(struct pam_example_ctx));
+
+	rv = pam_example_get(pamh, &pctx);
+	if (rv != PAM_SUCCESS) {
+		goto done;
+	}
+
+	rv = snprintf(cred, sizeof(cred),
+		      "%s=/tmp/%s",
+		      CRED_VAR, pctx.pli.username);
+	if (rv <= 0) {
+		rv = PAM_BUF_ERR;
+		goto done;
+	}
+
+	rv = pam_putenv(pamh, cred);
+	if (rv != PAM_SUCCESS) {
+		goto done;
+	}
+
+	rv = PAM_SUCCESS;
+done:
+	pam_example_free(&pctx);
+	return rv;
 }
 
 PAM_EXTERN int
diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c
index a37c312..605e8be 100644
--- a/tests/test_pam_wrapper.c
+++ b/tests/test_pam_wrapper.c
@@ -386,6 +386,25 @@ static void test_pam_chauthtok_prelim_failed(void **state)
 	assert_int_equal(rv, PAM_AUTH_ERR);
 }
 
+static void test_pam_setcred(void **state)
+{
+	int rv;
+	const char *v;
+	struct pwrap_test_ctx *test_ctx;
+
+	test_ctx = (struct pwrap_test_ctx *) *state;
+
+	v = pam_getenv(test_ctx->ph, "CRED");
+	assert_null(v);
+
+	rv = pam_setcred(test_ctx->ph, 0);
+	assert_int_equal(rv, PAM_SUCCESS);
+
+	v = pam_getenv(test_ctx->ph, "CRED");
+	assert_non_null(v);
+	assert_string_equal(v, "/tmp/testuser");
+}
+
 int main(void) {
 	int rc;
 
@@ -417,6 +436,9 @@ int main(void) {
 		cmocka_unit_test_setup_teardown(test_pam_chauthtok_prelim_failed,
 						setup_ctx_only,
 						teardown),
+		cmocka_unit_test_setup_teardown(test_pam_setcred,
+						setup_noconv,
+						teardown),
 	};
 
 	rc = cmocka_run_group_tests(init_tests, NULL, NULL);