X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=libopenbsd%2Fauth_userokay.c;h=9c896253a8e15c21190bfe9c245ff3fe8ec8973e;hb=e38b848a0e46ec926627ac3d2c43eedcfd5e3d80;hp=81a3c1fccf0c3bd02ef001aea473a867170f1ae3;hpb=cbbdf2e13e296a577f0e161999681eec97d61cd9;p=opendoas.git diff --git a/libopenbsd/auth_userokay.c b/libopenbsd/auth_userokay.c index 81a3c1f..9c89625 100644 --- a/libopenbsd/auth_userokay.c +++ b/libopenbsd/auth_userokay.c @@ -14,22 +14,82 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include +#include +#include #include #include +#include + #include "openbsd.h" +#define PAM_SERVICE "sudo" + +#define __UNUSED __attribute__ ((unused)) + +static int +pam_conv(__UNUSED int huh, __UNUSED const struct pam_message **msg, + __UNUSED struct pam_response **rsp, __UNUSED void *ptr) +{ + return 0; +} + +static struct pam_conv conv = { + .conv = pam_conv, + .appdata_ptr = NULL, +}; + +static int +check_pam(const char *user) +{ + fprintf(stderr, "check_pam(%s)\n", user); + + int ret; + pam_handle_t *pamh = NULL; + + ret = pam_start(PAM_SERVICE, user, &conv, &pamh); + if (ret != 0) { + fprintf(stderr, "pam_start(\"%s\", \"%s\", ?, ?): failed\n", + PAM_SERVICE, user); + return -1; + } + + if ((ret = pam_close_session(pamh, 0)) != 0) { + fprintf(stderr, "pam_close_session(): %s\n", pam_strerror(pamh, ret)); + return -1; + } + + return 0; +} + int auth_userokay(char *name, char *style, char *type, char *password) { + if (!name) + return 0; if (style || type || password) { fprintf(stderr, "auth_userokay(name, NULL, NULL, NULL)!\n"); exit(1); } - fprintf(stderr, "failing auth check for %s\n", name); + int ret = check_pam(name); + if (ret != 0) { + fprintf(stderr, "PAM authentication failed\n"); + return 0; + } + + /* + char passbuf[256]; + if (readpassphrase("Password: ", passbuf, sizeof(passbuf), + RPP_REQUIRE_TTY) == NULL) + return 0; + explicit_bzero(passbuf, sizeof(passbuf)); + */ + + fprintf(stderr, "failing auth check for %s\n", name); return 0; }