Prompt-driven auth. helper

By the term "prompt-driven" I mean two-way conversation between the screensaver dialog and the PAM stack. As you probably know, PAM works by conversation with a dialog program asking the user to enter something in answer to each message it sends. In the most conventional case, the only question is "Password:" and the password is the only data the user enters. But in general, the number of questions and messages are not limited to that. The previous support of PAM helper (gs-auth-helper.c) was written and worked for the mentioned "only password" authentication scheme. For other schemes it wasn't enough. New implementation fixes that limitation. Same as the previous version of gs-auth-helper.c, the new version uses pipe interface for interprocess communication and synchronization. However, unlike the previous version, new version uses two pipes instead of a single pipe: the first one is used to transfer prompt text from PAM via the helper to the screensaver dialog, and the second one is used to transfer the user input from the dialog to helper (and then the helper replies with it back to PAM). Having that bidirectional prompt/reply channel it is possible to make as many prompt/reply passes as required by PAM. The present helper program (see the helper/ dir) is based on the helper written by [email protected], which is in turn loosely based on unix_chkpwd by Andrew Morgan. All new code is untabified under the assumption the tab width is 8. Signed-off-by: Paul Wolneykien <[email protected]>
author: Paul Wolneykien <[email protected]> 2021-10-15 17:29:51 +0300
committer: GitHub <[email protected]> 2021-10-15 16:29:51 +0200
commit: ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6 (patch)
tree: 9327a81eb82146d7d43a5ec237040b12e2487de5 /helper/pam-helper.c
parent: a2a282631d9ad88cf5e64f2379c5beb5ab3fab25 (diff)
download: mate-screensaver-ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6.tar.bz2
mate-screensaver-ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6.tar.xz
1 files changed, 289 insertions, 0 deletions
diff --git a/helper/pam-helper.c b/helper/pam-helper.c
new file mode 100644
index 0000000..c2bd837
--- /dev/null
+++ b/helper/pam-helper.c
@@ -0,0 +1,289 @@
+/* Part of mate-screensaver.
+ *
+ * Copyright (C) 2002 SuSE Linux AG.
+ * Copyright (c) 2019-2021 Paul Wolneykien <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/*
+ * Set*id helper program for PAM authentication.
+ *
+ * It is supposed to be called from mate-screensaver
+ * in order to communicate with Linux PAM as a privileged proxy.
+ * The conversation messages from the PAM stack is transmitted to
+ * mate-screensaver dialog via stdout and the received user replies
+ * read from stdin are sent back to PAM.
+ *
+ * Based on the helper written by [email protected], loosely based on
+ * unix_chkpwd by Andrew Morgan.
+ */
+
+#include <security/pam_appl.h>
+#include <security/_pam_macros.h>
+
+#include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "helper_proto.h"
+#include "gs-auth-pam.h"
+
+#define MAXLEN 1024
+
+enum {
+ UNIX_PASSED = 0,
+ UNIX_FAILED = 1
+};
+
+static char * program_name;
+
+/*
+ * Log error messages
+ */
+static void
+_log_err(int err, const char *format,...)
+{
+ va_list args;
+
+ va_start(args, format);
+ openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH);
+ vsyslog(err, format, args);
+ va_end(args);
+ closelog();
+}
+
+static void
+su_sighandler(int sig)
+{
+ if (sig > 0) {
+ _log_err(LOG_NOTICE, "caught signal %d.", sig);
+ exit(sig);
+ }
+}
+
+/*
+ * Setup signal handlers
+ */
+static void
+setup_signals(void)
+{
+ struct sigaction action;
+
+ memset((void *) &action, 0, sizeof(action));
+ action.sa_handler = su_sighandler;
+ action.sa_flags = SA_RESETHAND;
+ sigaction(SIGILL, &action, NULL);
+ sigaction(SIGTRAP, &action, NULL);
+ sigaction(SIGBUS, &action, NULL);
+ sigaction(SIGSEGV, &action, NULL);
+ action.sa_handler = SIG_IGN;
+ action.sa_flags = 0;
+ sigaction(SIGTERM, &action, NULL);
+ sigaction(SIGHUP, &action, NULL);
+ sigaction(SIGINT, &action, NULL);
+ sigaction(SIGQUIT, &action, NULL);
+ sigaction(SIGALRM, &action, NULL);
+}
+
+static int
+_converse(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
+{
+ struct pam_response *reply = NULL;
+ char buf[MAXLEN];
+ int num;
+ int ret = PAM_SUCCESS;
+
+ if (!(reply = malloc(sizeof(*reply) * num_msg)))
+ return PAM_CONV_ERR;
+
+ for (num = 0; num < num_msg; num++) {
+ ssize_t wt, rd;
+ size_t msg_len = strlen(msg[num]->msg);
+ wt = write_prompt (STDOUT_FILENO,
+ pam_style_to_gs_style (msg[num]->msg_style),
+ msg[num]->msg, msg_len);
+ if (wt < 0 || wt != msg_len) {
+ _log_err(LOG_ERR, "error writing promt");
+ ret = PAM_CONV_ERR;
+ break;
+ }
+
+ rd = read_msg (STDIN_FILENO, buf, sizeof (buf));
+ if (rd < 0) {
+ _log_err(LOG_ERR, "error reading reply");
+ ret = PAM_CONV_ERR;
+ break;
+ }
+
+ reply[num].resp = malloc (rd + 1);
+ if (!reply[num].resp)
+ ret = PAM_BUF_ERR;
+ else {
+ reply[num].resp_retcode = 0;
+ memcpy (reply[num].resp, buf, rd);
+ reply[num].resp[rd] = '\0';
+ }
+ }
+
+ if (ret != PAM_SUCCESS && reply != NULL) {
+ for (num = 0; num < num_msg; num++)
+ free (reply[num].resp);
+ free (reply);
+ *resp = NULL;
+ } else
+ *resp = reply;
+
+ return ret;
+}
+
+static int
+_authenticate(const char *service, const char *user)
+{
+ struct pam_conv conv = { _converse, NULL };
+ pam_handle_t *pamh;
+ int err;
+
+ err = pam_start(service, user, &conv, &pamh);
+ if (err != PAM_SUCCESS) {
+ _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)",
+ service, user, err);
+ return UNIX_FAILED;
+ }
+
+ err = pam_authenticate(pamh, 0);
+ if (err != PAM_SUCCESS)
+ _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s",
+ service, user,
+ pam_strerror(pamh, err));
+
+ if (err == PAM_SUCCESS)
+ {
+ int err2 = pam_setcred(pamh, PAM_REFRESH_CRED);
+ if (err2 != PAM_SUCCESS)
+ _log_err(LOG_ERR, "pam_setcred(%s, %s): %s",
+ service, user,
+ pam_strerror(pamh, err2));
+ /*
+ * ignore errors on refresh credentials.
+ * If this did not work we use the old once.
+ */
+ }
+
+ pam_end(pamh, err);
+
+ if (err != PAM_SUCCESS)
+ return UNIX_FAILED;
+ return UNIX_PASSED;
+}
+
+static char *
+getuidname(uid_t uid)
+{
+ struct passwd *pw;
+ static char username[32];
+
+ pw = getpwuid(uid);
+ if (pw == NULL)
+ return NULL;
+
+ strncpy(username, pw->pw_name, sizeof(username));
+ username[sizeof(username) - 1] = '\0';
+
+ endpwent();
+ return username;
+}
+
+int
+main(int argc, char *argv[])
+{
+ const char *program_name;
+ char *service, *user;
+ int fd;
+ uid_t uid;
+
+ uid = getuid();
+
+ /*
+ * Make sure standard file descriptors are connected.
+ */
+ while ((fd = open("/dev/null", O_RDWR)) <= 2)
+ ;
+ close(fd);
+
+ /*
+ * Get the program name
+ */
+ if ((program_name = strrchr(argv[0], '/')) != NULL)
+ program_name++;
+ else
+ program_name = argv[0];
+
+ /*
+ * Catch or ignore as many signal as possible.
+ */
+ setup_signals();
+
+ /*
+ * Check argument list
+ */
+ if (argc < 2 || argc > 3) {
+ _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc);
+ return UNIX_FAILED;
+ }
+
+ /*
+ * Get the service name.
+ */
+ service = argv[1];
+
+ /*
+ * Discourage users messing around (fat chance)
+ */
+ if (isatty(STDIN_FILENO) && uid != 0) {
+ _log_err(LOG_NOTICE,
+ "Inappropriate use of Unix helper binary [UID=%d]",
+ uid);
+ fprintf(stderr,
+ "This binary is not designed for running in this way\n"
+ "-- the system administrator has been informed\n");
+ sleep(10); /* this should discourage/annoy the user */
+ return UNIX_FAILED;
+ }
+
+ /*
+ * determine the caller's user name
+ */
+ user = getuidname(uid);
+ if (argc == 3 && strcmp(user, argv[2])) {
+ user = argv[2];
+ /* Discourage use of this program as a
+ * password cracker */
+ if (uid != 0)
+ sleep(5);
+ }
+ return _authenticate(service, user);
+}
author	Paul Wolneykien <[email protected]>	2021-10-15 17:29:51 +0300
committer	GitHub <[email protected]>	2021-10-15 16:29:51 +0200
commit	ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6 (patch)
tree	9327a81eb82146d7d43a5ec237040b12e2487de5 /helper/pam-helper.c
parent	a2a282631d9ad88cf5e64f2379c5beb5ab3fab25 (diff)
download	mate-screensaver-ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6.tar.bz2 mate-screensaver-ed6e6065bf0e85b64317b5a34b9f7a36a0c839a6.tar.xz