diff options
author | Jakub Hrozek <jakub.hrozek@posteo.se> | 2015-09-29 10:32:28 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-29 14:31:45 +0200 |
commit | e412f1c592703ad43e2516e38827a75da89a42ab (patch) | |
tree | ce6981e33badb1201f8309f9a33c18ff32acae5c | |
parent | 754fc9a34bc48cea2e74390fec8ba077d0ce3e2b (diff) | |
download | pam_wrapper-e412f1c592703ad43e2516e38827a75da89a42ab.tar.gz pam_wrapper-e412f1c592703ad43e2516e38827a75da89a42ab.tar.xz pam_wrapper-e412f1c592703ad43e2516e38827a75da89a42ab.zip |
pwrap: Wrap pam_get_data/pam_set_data
-rw-r--r-- | src/pam_wrapper.c | 74 | ||||
-rw-r--r-- | tests/pam_example.c | 35 |
2 files changed, 109 insertions, 0 deletions
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 360d792..87b49d5 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -37,6 +37,7 @@ #ifdef HAVE_SECURITY_PAM_APPL_H #include <security/pam_appl.h> #endif +#include <security/pam_modules.h> #ifdef HAVE_GCC_THREAD_LOCAL_STORAGE # define PWRAP_THREAD __thread @@ -199,6 +200,17 @@ typedef int (*__libpam_pam_get_item)(const pam_handle_t *pamh, int item_type, co typedef int (*__libpam_pam_set_item)(pam_handle_t *pamh, int item_type, const void *item); +typedef int (*__libpam_pam_get_data)(const pam_handle_t *pamh, + const char *module_data_name, + const void **data); + +typedef int (*__libpam_pam_set_data)(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int error_status)); + #define PWRAP_SYMBOL_ENTRY(i) \ union { \ __libpam_##i f; \ @@ -219,6 +231,8 @@ struct pwrap_libpam_symbols { PWRAP_SYMBOL_ENTRY(pam_setcred); PWRAP_SYMBOL_ENTRY(pam_get_item); PWRAP_SYMBOL_ENTRY(pam_set_item); + PWRAP_SYMBOL_ENTRY(pam_get_data); + PWRAP_SYMBOL_ENTRY(pam_set_data); }; struct pwrap { @@ -420,6 +434,32 @@ static int libpam_pam_set_item(pam_handle_t *pamh, int item_type, const void *it return pwrap.libpam.symbols._libpam_pam_set_item.f(pamh, item_type, item); } +static int libpam_pam_get_data(const pam_handle_t *pamh, + const char *module_data_name, + const void **data) +{ + pwrap_bind_symbol_libpam(pam_get_data); + + return pwrap.libpam.symbols._libpam_pam_get_data.f(pamh, + module_data_name, + data); +} + +static int libpam_pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int error_status)) +{ + pwrap_bind_symbol_libpam(pam_set_data); + + return pwrap.libpam.symbols._libpam_pam_set_data.f(pamh, + module_data_name, + data, + cleanup); +} + /********************************************************* * PWRAP INIT *********************************************************/ @@ -878,6 +918,40 @@ int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) return pwrap_pam_set_item(pamh, item_type, item); } +static int pwrap_pam_get_data(const pam_handle_t *pamh, const char *module_data_name, const void **data) +{ + PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_get_data called"); + return libpam_pam_get_data(pamh, module_data_name, data); +} + +int pam_get_data(const pam_handle_t *pamh, + const char *module_data_name, + const void **data) +{ + return pwrap_pam_get_data(pamh, module_data_name, data); +} + +static int pwrap_pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int error_status)) +{ + PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_set_data called"); + return libpam_pam_set_data(pamh, module_data_name, data, cleanup); +} + +int pam_set_data(pam_handle_t *pamh, + const char *module_data_name, + void *data, + void (*cleanup)(pam_handle_t *pamh, + void *data, + int error_status)) +{ + return pwrap_pam_set_data(pamh, module_data_name, data, cleanup); +} + /**************************** * DESTRUCTOR ***************************/ diff --git a/tests/pam_example.c b/tests/pam_example.c index feca3c4..10412ea 100644 --- a/tests/pam_example.c +++ b/tests/pam_example.c @@ -7,6 +7,7 @@ #include <unistd.h> #include <ctype.h> #include <errno.h> +#include <time.h> #include <security/pam_modules.h> #include <security/pam_appl.h> @@ -18,6 +19,8 @@ #define CRED_VAR "CRED" #define CRED_VAR_SZ sizeof(CRED_VAR)-1 +#define PAM_EXAMPLE_AUTH_DATA "pam_example:auth_data" + /* Skips leading tabs and spaces to find beginning of a key, * then walks over the key until a blank is find */ @@ -547,6 +550,16 @@ done: return rv; } +static void pam_example_stamp_destructor(pam_handle_t *pamh, + void *data, + int error_status) +{ + (void) pamh; /* unused */ + (void) error_status; /* unused */ + + free(data); +} + PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) @@ -554,6 +567,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, struct pam_example_ctx pctx; const char *old_pass; int rv; + time_t *auth_stamp = NULL; + const time_t *auth_stamp_out = NULL; (void) flags; /* unused */ (void) argc; /* unused */ @@ -576,6 +591,19 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, goto done; } + auth_stamp = malloc(sizeof(time_t)); + if (auth_stamp == NULL) { + rv = PAM_BUF_ERR; + goto done; + } + *auth_stamp = time(NULL); + + rv = pam_set_data(pamh, PAM_EXAMPLE_AUTH_DATA, + auth_stamp, pam_example_stamp_destructor); + if (rv != PAM_SUCCESS) { + goto done; + } + rv = pam_example_auth(&pctx); } else if (flags & PAM_UPDATE_AUTHTOK) { rv = pam_get_item(pamh, @@ -586,6 +614,13 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, goto done; } + + rv = pam_get_data(pamh, PAM_EXAMPLE_AUTH_DATA, + (const void **) &auth_stamp_out); + if (rv != PAM_SUCCESS) { + goto done; + } + rv = pam_example_read_password(pamh, PAM_AUTHTOK, "New Password :", "Verify New Password :", |