-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathpam.go
56 lines (48 loc) · 1.14 KB
/
pam.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package main
import (
"unsafe"
)
/*
#cgo LDFLAGS: -lpam -fPIC
#include <security/pam_appl.h>
#include <stdlib.h>
char *string_from_argv(int, char**);
char *get_user(pam_handle_t *pamh);
int get_uid(char *user);
*/
import "C"
func init() {
if !disablePtrace() {
pamLog("unable to disable ptrace")
}
}
func sliceFromArgv(argc C.int, argv **C.char) []string {
r := make([]string, 0, argc)
for i := 0; i < int(argc); i++ {
s := C.string_from_argv(C.int(i), argv)
defer C.free(unsafe.Pointer(s))
r = append(r, C.GoString(s))
}
return r
}
//export pam_sm_authenticate
func pam_sm_authenticate(pamh *C.pam_handle_t, flags, argc C.int, argv **C.char) C.int {
cUsername := C.get_user(pamh)
if cUsername == nil {
return C.PAM_USER_UNKNOWN
}
defer C.free(unsafe.Pointer(cUsername))
uid := int(C.get_uid(cUsername))
if uid < 0 {
return C.PAM_USER_UNKNOWN
}
r := pamAuthenticate(pamh, uid, C.GoString(cUsername), sliceFromArgv(argc, argv))
if r == AuthError {
return C.PAM_AUTH_ERR
}
return C.PAM_SUCCESS
}
//export pam_sm_setcred
func pam_sm_setcred(pamh *C.pam_handle_t, flags, argc C.int, argv **C.char) C.int {
return C.PAM_SUCCESS
}