summaryrefslogtreecommitdiffstats
path: root/src/shared/pam-util.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/shared/pam-util.c106
1 files changed, 105 insertions, 1 deletions
diff --git a/src/shared/pam-util.c b/src/shared/pam-util.c
index f5814ef..3cbe431 100644
--- a/src/shared/pam-util.c
+++ b/src/shared/pam-util.c
@@ -14,6 +14,14 @@
#include "stdio-util.h"
#include "string-util.h"
+void pam_log_setup(void) {
+ /* Make sure we don't leak the syslog fd we open by opening/closing the fd each time. */
+ log_set_open_when_needed(true);
+
+ /* pam logs to syslog so let's make our generic logging functions do the same thing. */
+ log_set_target(LOG_TARGET_SYSLOG);
+}
+
int pam_syslog_errno(pam_handle_t *handle, int level, int error, const char *format, ...) {
va_list ap;
@@ -96,7 +104,9 @@ static void pam_bus_data_destroy(pam_handle_t *handle, void *data, int error_sta
if (FLAGS_SET(error_status, PAM_DATA_SILENT) &&
d->bus && bus_origin_changed(d->bus))
/* Please adjust test/units/end.sh when updating the log message. */
- pam_syslog(handle, LOG_DEBUG, "Attempted to close sd-bus after fork whose connection is opened before the fork, this should not happen.");
+ pam_syslog(handle, LOG_DEBUG,
+ "Warning: cannot close sd-bus connection (%s) after fork when it was opened before the fork.",
+ strna(d->cache_id));
pam_bus_data_free(data);
}
@@ -177,6 +187,8 @@ int pam_acquire_bus_connection(
if (r != PAM_SUCCESS)
return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to set PAM bus data: @PAMERR@");
+ pam_syslog(handle, LOG_DEBUG, "New sd-bus connection (%s) opened.", d->cache_id);
+
success:
*ret_bus = sd_bus_ref(d->bus);
@@ -205,7 +217,99 @@ int pam_release_bus_connection(pam_handle_t *handle, const char *module_name) {
return PAM_SUCCESS;
}
+int pam_get_bus_data(
+ pam_handle_t *handle,
+ const char *module_name,
+ PamBusData **ret) {
+
+ PamBusData *d = NULL;
+ _cleanup_free_ char *cache_id = NULL;
+ int r;
+
+ assert(handle);
+ assert(module_name);
+ assert(ret);
+
+ cache_id = pam_make_bus_cache_id(module_name);
+ if (!cache_id)
+ return pam_log_oom(handle);
+
+ /* We cache the bus connection so that we can share it between the session and the authentication hooks */
+ r = pam_get_data(handle, cache_id, (const void**) &d);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_NO_MODULE_DATA))
+ return pam_syslog_pam_error(handle, LOG_ERR, r, "Failed to get bus connection: @PAMERR@");
+
+ *ret = d;
+ return PAM_SUCCESS;
+}
+
void pam_cleanup_free(pam_handle_t *handle, void *data, int error_status) {
/* A generic destructor for pam_set_data() that just frees the specified data */
free(data);
}
+
+int pam_get_item_many_internal(pam_handle_t *handle, ...) {
+ va_list ap;
+ int r;
+
+ va_start(ap, handle);
+ for (;;) {
+ int item_type = va_arg(ap, int);
+
+ if (item_type <= 0) {
+ r = PAM_SUCCESS;
+ break;
+ }
+
+ const void **value = ASSERT_PTR(va_arg(ap, const void **));
+
+ r = pam_get_item(handle, item_type, value);
+ if (!IN_SET(r, PAM_BAD_ITEM, PAM_SUCCESS))
+ break;
+ }
+ va_end(ap);
+
+ return r;
+}
+
+int pam_prompt_graceful(pam_handle_t *handle, int style, char **ret_response, const char *fmt, ...) {
+ va_list args;
+ int r;
+
+ assert(handle);
+ assert(fmt);
+
+ /* This is just like pam_prompt(), but does not noisily (i.e. beyond LOG_DEBUG) log on its own, but leaves that to the caller */
+
+ _cleanup_free_ char *msg = NULL;
+ va_start(args, fmt);
+ r = vasprintf(&msg, fmt, args);
+ va_end(args);
+ if (r < 0)
+ return PAM_BUF_ERR;
+
+ const struct pam_conv *conv = NULL;
+ r = pam_get_item(handle, PAM_CONV, (const void**) &conv);
+ if (!IN_SET(r, PAM_SUCCESS, PAM_BAD_ITEM))
+ return pam_syslog_pam_error(handle, LOG_DEBUG, r, "Failed to get conversation function structure: @PAMERR@");
+ if (!conv || !conv->conv) {
+ pam_syslog(handle, LOG_DEBUG, "No conversation function.");
+ return PAM_SYSTEM_ERR;
+ }
+
+ struct pam_message message = {
+ .msg_style = style,
+ .msg = msg,
+ };
+ const struct pam_message *pmessage = &message;
+ _cleanup_free_ struct pam_response *response = NULL;
+ r = conv->conv(1, &pmessage, &response, conv->appdata_ptr);
+ _cleanup_(erase_and_freep) char *rr = response ? response->resp : NULL; /* make sure string is freed + erased */
+ if (r != PAM_SUCCESS)
+ return pam_syslog_pam_error(handle, LOG_DEBUG, r, "Conversation function failed: @PAMERR@");
+
+ if (ret_response)
+ *ret_response = TAKE_PTR(rr);
+
+ return PAM_SUCCESS;
+}