odyssey/sources/pam.c


/*
 * Odyssey.
 *
 * Scalable PostgreSQL connection pooler.
 */

#include <machinarium.h>
#include <odyssey.h>

#include <security/pam_appl.h>

struct sss
{
	char *psswd;
	char *res;
};

static int
od_pam_conversation(int msgc,
                    const struct pam_message **msgv,
                    struct pam_response **rspv,
                    void *authdata)
{
	od_pam_auth_data_t *auth_data = authdata;
	if (msgc < 1 || msgv == NULL)
		return PAM_CONV_ERR;

	*rspv = malloc(msgc * sizeof(struct pam_response));
	if (*rspv == NULL)
		return PAM_CONV_ERR;
	memset(*rspv, 0, msgc * sizeof(struct pam_response));

	int rc      = PAM_SUCCESS;
	int counter = 0;
	for (; counter < msgc; counter++) {
		od_list_t *i;
		od_list_foreach(&auth_data->link, i)
		{
			od_pam_auth_data_t *param;
			param = od_container_of(i, od_pam_auth_data_t, link);
			if (param->msg_style == msgv[counter]->msg_style) {
				(*rspv)[counter].resp = strdup(param->value);
				break;
			}
		}
		if ((*rspv)[counter].resp == NULL) {
			rc = PAM_CONV_ERR;
			break;
		}
	}

	if (rc != PAM_SUCCESS) {
		for (; counter >= 0; counter--) {
			od_list_t *i;
			od_list_foreach(&auth_data->link, i)
			{
				od_pam_auth_data_t *param;
				param = od_container_of(i, od_pam_auth_data_t, link);
				if (param->msg_style == msgv[counter]->msg_style) {
					free((*rspv)[counter].resp);
					break;
				}
			}
		}
		free(*rspv);
		*rspv = NULL;
	}

	return rc;
}

int
od_pam_auth(char *od_pam_service,
            char *usrname,
            od_pam_auth_data_t *auth_data,
            machine_io_t *io)
{
	struct pam_conv conv = {
		od_pam_conversation,
		.appdata_ptr = auth_data,
	};

	pam_handle_t *pamh = NULL;
	int rc;
	rc = pam_start(od_pam_service, usrname, &conv, &pamh);
	if (rc != PAM_SUCCESS)
		goto error;

	char peer[128];
	od_getpeername(io, peer, sizeof(peer), 1, 0);
	rc = pam_set_item(pamh, PAM_RHOST, peer);
	if (rc != PAM_SUCCESS) {
		goto error;
	}

	rc = pam_authenticate(pamh, PAM_SILENT);
	if (rc != PAM_SUCCESS)
		goto error;

	rc = pam_acct_mgmt(pamh, PAM_SILENT);
	if (rc != PAM_SUCCESS)
		goto error;

	rc = pam_end(pamh, rc);
	if (rc != PAM_SUCCESS)
		return -1;

	return 0;

error:
	pam_end(pamh, rc);
	return -1;
}

void
od_pam_convert_passwd(od_pam_auth_data_t *d, char *passwd)
{
	od_list_t *i;
	od_list_foreach(&d->link, i)
	{
		od_pam_auth_data_t *param =
		  od_container_of(i, od_pam_auth_data_t, link);
		if (param->msg_style == PAM_PROMPT_ECHO_OFF) {
			param->value = strdup(passwd);
		}
		return;
	}
	od_pam_auth_data_t *passwd_data = malloc(sizeof(od_pam_auth_data_t));
	passwd_data->msg_style          = PAM_PROMPT_ECHO_OFF;
	passwd_data->value              = strdup(passwd);

	od_list_append(&d->link, &passwd_data->link);
}

od_pam_auth_data_t *
od_pam_auth_data_create(void)
{
	od_pam_auth_data_t *d;
	d = (od_pam_auth_data_t *)malloc(sizeof(*d));
	if (d == NULL)
		return NULL;
	od_list_init(&d->link);
	return d;
}

void
od_pam_auth_data_free(od_pam_auth_data_t *d)
{
	od_list_t *i;
	od_list_foreach(&d->link, i)
	{
		od_pam_auth_data_t *current =
		  od_container_of(i, od_pam_auth_data_t, link);
		free(current->value);
	}
	od_list_unlink(&d->link);
	free(d);
}
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00
Add PAM auth support 2019-09-09 09:17:41 +00:00			`/*`
			`* Odyssey.`
			`*`
			`* Scalable PostgreSQL connection pooler.`
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00			`*/`
Add PAM auth support 2019-09-09 09:17:41 +00:00
fix build (#237) Co-authored-by: reshke <Kirill Reshke> 2020-11-27 18:03:42 +00:00			`#include <machinarium.h>`
			`#include <odyssey.h>`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00
Add PAM auth support 2019-09-09 09:17:41 +00:00			`#include <security/pam_appl.h>`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`struct sss`
			`{`
			`char *psswd;`
			`char *res;`
			`};`

Add PAM auth support 2019-09-09 09:17:41 +00:00			`static int`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`od_pam_conversation(int msgc,`
			`const struct pam_message **msgv,`
			`struct pam_response **rspv,`
			`void *authdata)`
			`{`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_pam_auth_data_t *auth_data = authdata;`
			`if (msgc < 1 \|\| msgv == NULL)`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`return PAM_CONV_ERR;`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00
Add PAM auth support 2019-09-09 09:17:41 +00:00			`rspv = malloc(msgc sizeof(struct pam_response));`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`if (*rspv == NULL)`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`return PAM_CONV_ERR;`
			`memset(rspv, 0, msgc sizeof(struct pam_response));`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00			`int rc = PAM_SUCCESS;`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`int counter = 0;`
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00			`for (; counter < msgc; counter++) {`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_list_t *i;`
			`od_list_foreach(&auth_data->link, i)`
			`{`
			`od_pam_auth_data_t *param;`
			`param = od_container_of(i, od_pam_auth_data_t, link);`
			`if (param->msg_style == msgv[counter]->msg_style) {`
			`(*rspv)[counter].resp = strdup(param->value);`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`break;`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`}`
			`}`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`if ((*rspv)[counter].resp == NULL) {`
			`rc = PAM_CONV_ERR;`
			`break;`
			`}`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`}`
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`if (rc != PAM_SUCCESS) {`
			`for (; counter >= 0; counter--) {`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_list_t *i;`
			`od_list_foreach(&auth_data->link, i)`
			`{`
			`od_pam_auth_data_t *param;`
			`param = od_container_of(i, od_pam_auth_data_t, link);`
			`if (param->msg_style == msgv[counter]->msg_style) {`
			`free((*rspv)[counter].resp);`
			`break;`
			`}`
			`}`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`}`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`free(*rspv);`
odyssey: set pam response ptr to NULL on error 2019-09-28 14:27:34 +00:00			`*rspv = NULL;`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`}`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00
			`return rc;`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`}`

			`int`
added style check to travis (#158) * added style check to travis * fixed style * missing change * check style first * no excludes, use certain clang-format version * install clang-format-9 * added submodule * fix exclude 2020-06-04 17:35:44 +00:00			`od_pam_auth(char *od_pam_service,`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`char *usrname,`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00			`od_pam_auth_data_t *auth_data,`
added style check to travis (#158) * added style check to travis * fixed style * missing change * check style first * no excludes, use certain clang-format version * install clang-format-9 * added submodule * fix exclude 2020-06-04 17:35:44 +00:00			`machine_io_t *io)`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`{`
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00			`struct pam_conv conv = {`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`od_pam_conversation,`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`.appdata_ptr = auth_data,`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`};`

			`pam_handle_t *pamh = NULL;`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`int rc;`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00			`rc = pam_start(od_pam_service, usrname, &conv, &pamh);`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`if (rc != PAM_SUCCESS)`
			`goto error;`
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00
added style check to travis (#158) * added style check to travis * fixed style * missing change * check style first * no excludes, use certain clang-format version * install clang-format-9 * added submodule * fix exclude 2020-06-04 17:35:44 +00:00			`char peer[128];`
			`od_getpeername(io, peer, sizeof(peer), 1, 0);`
			`rc = pam_set_item(pamh, PAM_RHOST, peer);`
			`if (rc != PAM_SUCCESS) {`
			`goto error;`
			`}`
Add remote hosthona param to pam auth (#142) Co-authored-by: reshke <Kirill Reshke> 2020-04-07 08:58:13 +00:00
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`rc = pam_authenticate(pamh, PAM_SILENT);`
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`if (rc != PAM_SUCCESS)`
			`goto error;`
Applying clang-format with saving indentations (#140) * applying clang-format with saving indentations * rebase 2020-04-02 11:00:56 +00:00
odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`rc = pam_acct_mgmt(pamh, PAM_SILENT);`
			`if (rc != PAM_SUCCESS)`
			`goto error;`

			`rc = pam_end(pamh, rc);`
			`if (rc != PAM_SUCCESS)`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`return -1;`

odyssey: post merge fixes 2019-09-27 13:47:45 +00:00			`return 0;`

			`error:`
			`pam_end(pamh, rc);`
			`return -1;`
Add PAM auth support 2019-09-09 09:17:41 +00:00			`}`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00
			`void`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_pam_convert_passwd(od_pam_auth_data_t d, char passwd)`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00			`{`
odyssey: fix pam passwd convertion (#185) Co-authored-by: reshke <Kirill Reshke> 2020-06-29 15:54:59 +00:00			`od_list_t *i;`
			`od_list_foreach(&d->link, i)`
			`{`
			`od_pam_auth_data_t *param =`
			`od_container_of(i, od_pam_auth_data_t, link);`
			`if (param->msg_style == PAM_PROMPT_ECHO_OFF) {`
			`param->value = strdup(passwd);`
			`}`
			`return;`
			`}`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_pam_auth_data_t *passwd_data = malloc(sizeof(od_pam_auth_data_t));`
			`passwd_data->msg_style = PAM_PROMPT_ECHO_OFF;`
			`passwd_data->value = strdup(passwd);`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_list_append(&d->link, &passwd_data->link);`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00			`}`

			`od_pam_auth_data_t *`
fix function usage, added void to empty arg list 2020-06-14 07:23:04 +00:00			`od_pam_auth_data_create(void)`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00			`{`
			`od_pam_auth_data_t *d;`
			`d = (od_pam_auth_data_t )malloc(sizeof(d));`
			`if (d == NULL)`
			`return NULL;`
			`od_list_init(&d->link);`
			`return d;`
			`}`

			`void`
			`od_pam_auth_data_free(od_pam_auth_data_t *d)`
			`{`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`od_list_t *i;`
			`od_list_foreach(&d->link, i)`
			`{`
			`od_pam_auth_data_t *current =`
			`od_container_of(i, od_pam_auth_data_t, link);`
			`free(current->value);`
			`}`
odyssey modules (#156) 2020-06-09 09:19:11 +00:00			`od_list_unlink(&d->link);`
			`free(d);`
PAM PI modifications (#176) Co-authored-by: reshke <Kirill Reshke> 2020-06-16 05:27:33 +00:00			`}`