aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jakub.hrozek@posteo.se>2015-09-29 10:32:28 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-09-29 14:31:45 +0200
commite412f1c592703ad43e2516e38827a75da89a42ab (patch)
treece6981e33badb1201f8309f9a33c18ff32acae5c
parent754fc9a34bc48cea2e74390fec8ba077d0ce3e2b (diff)
downloadpam_wrapper-e412f1c592703ad43e2516e38827a75da89a42ab.tar.gz
pam_wrapper-e412f1c592703ad43e2516e38827a75da89a42ab.tar.xz
pam_wrapper-e412f1c592703ad43e2516e38827a75da89a42ab.zip
pwrap: Wrap pam_get_data/pam_set_data
-rw-r--r--src/pam_wrapper.c74
-rw-r--r--tests/pam_example.c35
2 files changed, 109 insertions, 0 deletions
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index 360d792..87b49d5 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -37,6 +37,7 @@
#ifdef HAVE_SECURITY_PAM_APPL_H
#include <security/pam_appl.h>
#endif
+#include <security/pam_modules.h>
#ifdef HAVE_GCC_THREAD_LOCAL_STORAGE
# define PWRAP_THREAD __thread
@@ -199,6 +200,17 @@ typedef int (*__libpam_pam_get_item)(const pam_handle_t *pamh, int item_type, co
typedef int (*__libpam_pam_set_item)(pam_handle_t *pamh, int item_type, const void *item);
+typedef int (*__libpam_pam_get_data)(const pam_handle_t *pamh,
+ const char *module_data_name,
+ const void **data);
+
+typedef int (*__libpam_pam_set_data)(pam_handle_t *pamh,
+ const char *module_data_name,
+ void *data,
+ void (*cleanup)(pam_handle_t *pamh,
+ void *data,
+ int error_status));
+
#define PWRAP_SYMBOL_ENTRY(i) \
union { \
__libpam_##i f; \
@@ -219,6 +231,8 @@ struct pwrap_libpam_symbols {
PWRAP_SYMBOL_ENTRY(pam_setcred);
PWRAP_SYMBOL_ENTRY(pam_get_item);
PWRAP_SYMBOL_ENTRY(pam_set_item);
+ PWRAP_SYMBOL_ENTRY(pam_get_data);
+ PWRAP_SYMBOL_ENTRY(pam_set_data);
};
struct pwrap {
@@ -420,6 +434,32 @@ static int libpam_pam_set_item(pam_handle_t *pamh, int item_type, const void *it
return pwrap.libpam.symbols._libpam_pam_set_item.f(pamh, item_type, item);
}
+static int libpam_pam_get_data(const pam_handle_t *pamh,
+ const char *module_data_name,
+ const void **data)
+{
+ pwrap_bind_symbol_libpam(pam_get_data);
+
+ return pwrap.libpam.symbols._libpam_pam_get_data.f(pamh,
+ module_data_name,
+ data);
+}
+
+static int libpam_pam_set_data(pam_handle_t *pamh,
+ const char *module_data_name,
+ void *data,
+ void (*cleanup)(pam_handle_t *pamh,
+ void *data,
+ int error_status))
+{
+ pwrap_bind_symbol_libpam(pam_set_data);
+
+ return pwrap.libpam.symbols._libpam_pam_set_data.f(pamh,
+ module_data_name,
+ data,
+ cleanup);
+}
+
/*********************************************************
* PWRAP INIT
*********************************************************/
@@ -878,6 +918,40 @@ int pam_set_item(pam_handle_t *pamh, int item_type, const void *item)
return pwrap_pam_set_item(pamh, item_type, item);
}
+static int pwrap_pam_get_data(const pam_handle_t *pamh, const char *module_data_name, const void **data)
+{
+ PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_get_data called");
+ return libpam_pam_get_data(pamh, module_data_name, data);
+}
+
+int pam_get_data(const pam_handle_t *pamh,
+ const char *module_data_name,
+ const void **data)
+{
+ return pwrap_pam_get_data(pamh, module_data_name, data);
+}
+
+static int pwrap_pam_set_data(pam_handle_t *pamh,
+ const char *module_data_name,
+ void *data,
+ void (*cleanup)(pam_handle_t *pamh,
+ void *data,
+ int error_status))
+{
+ PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_set_data called");
+ return libpam_pam_set_data(pamh, module_data_name, data, cleanup);
+}
+
+int pam_set_data(pam_handle_t *pamh,
+ const char *module_data_name,
+ void *data,
+ void (*cleanup)(pam_handle_t *pamh,
+ void *data,
+ int error_status))
+{
+ return pwrap_pam_set_data(pamh, module_data_name, data, cleanup);
+}
+
/****************************
* DESTRUCTOR
***************************/
diff --git a/tests/pam_example.c b/tests/pam_example.c
index feca3c4..10412ea 100644
--- a/tests/pam_example.c
+++ b/tests/pam_example.c
@@ -7,6 +7,7 @@
#include <unistd.h>
#include <ctype.h>
#include <errno.h>
+#include <time.h>
#include <security/pam_modules.h>
#include <security/pam_appl.h>
@@ -18,6 +19,8 @@
#define CRED_VAR "CRED"
#define CRED_VAR_SZ sizeof(CRED_VAR)-1
+#define PAM_EXAMPLE_AUTH_DATA "pam_example:auth_data"
+
/* Skips leading tabs and spaces to find beginning of a key,
* then walks over the key until a blank is find
*/
@@ -547,6 +550,16 @@ done:
return rv;
}
+static void pam_example_stamp_destructor(pam_handle_t *pamh,
+ void *data,
+ int error_status)
+{
+ (void) pamh; /* unused */
+ (void) error_status; /* unused */
+
+ free(data);
+}
+
PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
@@ -554,6 +567,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
struct pam_example_ctx pctx;
const char *old_pass;
int rv;
+ time_t *auth_stamp = NULL;
+ const time_t *auth_stamp_out = NULL;
(void) flags; /* unused */
(void) argc; /* unused */
@@ -576,6 +591,19 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
goto done;
}
+ auth_stamp = malloc(sizeof(time_t));
+ if (auth_stamp == NULL) {
+ rv = PAM_BUF_ERR;
+ goto done;
+ }
+ *auth_stamp = time(NULL);
+
+ rv = pam_set_data(pamh, PAM_EXAMPLE_AUTH_DATA,
+ auth_stamp, pam_example_stamp_destructor);
+ if (rv != PAM_SUCCESS) {
+ goto done;
+ }
+
rv = pam_example_auth(&pctx);
} else if (flags & PAM_UPDATE_AUTHTOK) {
rv = pam_get_item(pamh,
@@ -586,6 +614,13 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
goto done;
}
+
+ rv = pam_get_data(pamh, PAM_EXAMPLE_AUTH_DATA,
+ (const void **) &auth_stamp_out);
+ if (rv != PAM_SUCCESS) {
+ goto done;
+ }
+
rv = pam_example_read_password(pamh, PAM_AUTHTOK,
"New Password :",
"Verify New Password :",