aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Holstein <nathan.holstein@gmail.com>2015-08-05 03:00:56 -0400
committerNathan Holstein <nathan.holstein@gmail.com>2015-08-05 08:58:17 -0400
commite38b848a0e46ec926627ac3d2c43eedcfd5e3d80 (patch)
tree481f064451c0feaaea1d0366e08b5818e0d9e15e
parentcbbdf2e13e296a577f0e161999681eec97d61cd9 (diff)
downloadopendoas-e38b848a0e46ec926627ac3d2c43eedcfd5e3d80.tar.gz
Being integration of PAM into auth_userokay().
-rw-r--r--Makefile1
-rw-r--r--libopenbsd/auth_userokay.c62
2 files changed, 62 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 0b9112e..345b8f2 100644
--- a/Makefile
+++ b/Makefile
@@ -13,6 +13,7 @@ BINMODE=4511
COPTS+= -Wall -Wextra -Werror -pedantic -std=c11
CFLAGS+= -I${CURDIR} -I${CURDIR}/libopenbsd ${COPTS}
+LDFLAGS+= -lpam
BINDIR?=/usr/bin
MANDIR?=/usr/share/man
diff --git a/libopenbsd/auth_userokay.c b/libopenbsd/auth_userokay.c
index 81a3c1f..9c89625 100644
--- a/libopenbsd/auth_userokay.c
+++ b/libopenbsd/auth_userokay.c
@@ -14,22 +14,82 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include <sys/types.h>
#include <errno.h>
+#include <pwd.h>
+#include <readpassphrase.h>
#include <stdio.h>
#include <stdlib.h>
+#include <security/pam_appl.h>
+
#include "openbsd.h"
+#define PAM_SERVICE "sudo"
+
+#define __UNUSED __attribute__ ((unused))
+
+static int
+pam_conv(__UNUSED int huh, __UNUSED const struct pam_message **msg,
+ __UNUSED struct pam_response **rsp, __UNUSED void *ptr)
+{
+ return 0;
+}
+
+static struct pam_conv conv = {
+ .conv = pam_conv,
+ .appdata_ptr = NULL,
+};
+
+static int
+check_pam(const char *user)
+{
+ fprintf(stderr, "check_pam(%s)\n", user);
+
+ int ret;
+ pam_handle_t *pamh = NULL;
+
+ ret = pam_start(PAM_SERVICE, user, &conv, &pamh);
+ if (ret != 0) {
+ fprintf(stderr, "pam_start(\"%s\", \"%s\", ?, ?): failed\n",
+ PAM_SERVICE, user);
+ return -1;
+ }
+
+ if ((ret = pam_close_session(pamh, 0)) != 0) {
+ fprintf(stderr, "pam_close_session(): %s\n", pam_strerror(pamh, ret));
+ return -1;
+ }
+
+ return 0;
+}
+
int
auth_userokay(char *name, char *style, char *type, char *password)
{
+ if (!name)
+ return 0;
if (style || type || password) {
fprintf(stderr, "auth_userokay(name, NULL, NULL, NULL)!\n");
exit(1);
}
- fprintf(stderr, "failing auth check for %s\n", name);
+ int ret = check_pam(name);
+ if (ret != 0) {
+ fprintf(stderr, "PAM authentication failed\n");
+ return 0;
+ }
+
+ /*
+ char passbuf[256];
+ if (readpassphrase("Password: ", passbuf, sizeof(passbuf),
+ RPP_REQUIRE_TTY) == NULL)
+ return 0;
+ explicit_bzero(passbuf, sizeof(passbuf));
+ */
+
+ fprintf(stderr, "failing auth check for %s\n", name);
return 0;
}