From e38b848a0e46ec926627ac3d2c43eedcfd5e3d80 Mon Sep 17 00:00:00 2001
From: Nathan Holstein <nathan.holstein@gmail.com>
Date: Wed, 5 Aug 2015 03:00:56 -0400
Subject: [PATCH 1/1] Being integration of PAM into auth_userokay().

---
 Makefile                   |  1 +
 libopenbsd/auth_userokay.c | 62 +++++++++++++++++++++++++++++++++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 0b9112e..345b8f2 100644
--- a/Makefile
+++ b/Makefile
@@ -13,6 +13,7 @@ BINMODE=4511
 
 COPTS+= -Wall -Wextra -Werror -pedantic -std=c11
 CFLAGS+= -I${CURDIR} -I${CURDIR}/libopenbsd ${COPTS}
+LDFLAGS+= -lpam
 
 BINDIR?=/usr/bin
 MANDIR?=/usr/share/man
diff --git a/libopenbsd/auth_userokay.c b/libopenbsd/auth_userokay.c
index 81a3c1f..9c89625 100644
--- a/libopenbsd/auth_userokay.c
+++ b/libopenbsd/auth_userokay.c
@@ -14,22 +14,82 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <sys/types.h>
 #include <errno.h>
+#include <pwd.h>
+#include <readpassphrase.h>
 #include <stdio.h>
 #include <stdlib.h>
 
+#include <security/pam_appl.h>
+
 #include "openbsd.h"
 
+#define PAM_SERVICE "sudo"
+
+#define __UNUSED __attribute__ ((unused))
+
+static int
+pam_conv(__UNUSED int huh, __UNUSED const struct pam_message **msg,
+		__UNUSED struct pam_response **rsp, __UNUSED void *ptr)
+{
+	return 0;
+}
+
+static struct pam_conv conv = {
+	.conv = pam_conv,
+	.appdata_ptr = NULL,
+};
+
+static int
+check_pam(const char *user)
+{
+	fprintf(stderr, "check_pam(%s)\n", user);
+
+	int ret;
+	pam_handle_t *pamh = NULL;
+
+	ret = pam_start(PAM_SERVICE, user, &conv, &pamh);
+	if (ret != 0) {
+		fprintf(stderr, "pam_start(\"%s\", \"%s\", ?, ?): failed\n",
+				PAM_SERVICE, user);
+		return -1;
+	}
+
+	if ((ret = pam_close_session(pamh, 0)) != 0) {
+		fprintf(stderr, "pam_close_session(): %s\n", pam_strerror(pamh, ret));
+		return -1;
+	}
+
+	return 0;
+}
+
 int
 auth_userokay(char *name, char *style, char *type, char *password)
 {
+	if (!name)
+		return 0;
 	if (style || type || password) {
 		fprintf(stderr, "auth_userokay(name, NULL, NULL, NULL)!\n");
 		exit(1);
 	}
 
-	fprintf(stderr, "failing auth check for %s\n", name);
+	int ret = check_pam(name);
+	if (ret != 0) {
+		fprintf(stderr, "PAM authentication failed\n");
+		return 0;
+	}
+
+	/*
+	char passbuf[256];
+	if (readpassphrase("Password: ", passbuf, sizeof(passbuf),
+			RPP_REQUIRE_TTY) == NULL)
+		return 0;
 
+	explicit_bzero(passbuf, sizeof(passbuf));
+	*/
+
+	fprintf(stderr, "failing auth check for %s\n", name);
 	return 0;
 }
 
-- 
2.39.2