go
/
msteinert-go-pam
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Releases Activity
msteinert-go-pam/transaction.go

198 lines
6.2 KiB
Go
Raw Normal View History

[ci skip] Update documentation
2015-12-04 16:05:44 +00:00
// Package pam provides a wrapper for the PAM application API.
Update interface
2015-03-27 23:59:29 +00:00
package pam
transaction: Add support for Binary conversation PAM upports binary conversations using private protocols, this can be handled by C but it's not supported here because we implicitly convert all the messages to string, and this may lead to issues when this is not the case (as in binary protocol the pointer could contain zeros that the GoString conversion would consider them the end of the message). So, add another conversation handler implementation that allows to handle the binary protocol, whose function callback accepts a pointer to the struct (we can't use bytes as the length is unknown and may be defined in the header of the pointer itself). However since the binary prompt is not supported by all the platforms we need to do a compile-time check to disable it in case is used when not supported.
2023-09-19 18:51:45 +00:00
//#cgo CFLAGS: -Wall -std=c99
//#cgo LDFLAGS: -lpam
//
transaction: Define C functions as unexported static inlines This will make it easier to avoid exporting unexpected symbols to the generated PAM libraries. Also it makes less messy handling C code inside go files.
2023-11-20 20:06:58 +00:00
//#include "transaction.h"
Update interface
2015-03-27 23:59:29 +00:00
import "C"
import (
"strings"
transaction: Use Atomic to store/load the status Transactions save the status of each operation in a status field, however such field could be written concurrently by various operations, so we need to be sure that: - We always return the status for the current operation - We store the status in a atomic way so that other actions won't create write races In general, in a multi-thread operation one should not rely on Transaction.Error() to get info about the last operation.
2023-09-29 21:01:50 +00:00
"sync/atomic"
Update interface
2015-03-27 23:59:29 +00:00
"unsafe"
)
transaction: Add PAM Error types Go definitions And use them instead of C ones. Given that we have strings for them we can easily implement error interfaces for it too.
2023-09-22 14:59:03 +00:00
// success indicates a successful function return.
const success = C.PAM_SUCCESS
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Style is the type of message that the conversation handler should display.
Update interface
2015-03-27 23:59:29 +00:00
type Style int
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Coversation handler style types.
Update interface
2015-03-27 23:59:29 +00:00
const (
Fix golint warnings
2015-04-10 20:04:52 +00:00
// PromptEchoOff indicates the conversation handler should obtain a
// string without echoing any text.
Update interface
2015-03-27 23:59:29 +00:00
PromptEchoOff Style = C.PAM_PROMPT_ECHO_OFF
Fix golint warnings
2015-04-10 20:04:52 +00:00
// PromptEchoOn indicates the conversation handler should obtain a
// string while echoing text.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
PromptEchoOn Style = C.PAM_PROMPT_ECHO_ON
Fix golint warnings
2015-04-10 20:04:52 +00:00
// ErrorMsg indicates the conversation handler should display an
// error message.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
ErrorMsg Style = C.PAM_ERROR_MSG
Fix golint warnings
2015-04-10 20:04:52 +00:00
// TextInfo indicates the conversation handler should display some
// text.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
TextInfo Style = C.PAM_TEXT_INFO
transaction: Add support for Binary conversation PAM upports binary conversations using private protocols, this can be handled by C but it's not supported here because we implicitly convert all the messages to string, and this may lead to issues when this is not the case (as in binary protocol the pointer could contain zeros that the GoString conversion would consider them the end of the message). So, add another conversation handler implementation that allows to handle the binary protocol, whose function callback accepts a pointer to the struct (we can't use bytes as the length is unknown and may be defined in the header of the pointer itself). However since the binary prompt is not supported by all the platforms we need to do a compile-time check to disable it in case is used when not supported.
2023-09-19 18:51:45 +00:00
// BinaryPrompt indicates the conversation handler that should implement
// the private binary protocol
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
BinaryPrompt Style = C.PAM_BINARY_PROMPT
Update interface
2015-03-27 23:59:29 +00:00
)
transaction: Add support for Binary conversation PAM upports binary conversations using private protocols, this can be handled by C but it's not supported here because we implicitly convert all the messages to string, and this may lead to issues when this is not the case (as in binary protocol the pointer could contain zeros that the GoString conversion would consider them the end of the message). So, add another conversation handler implementation that allows to handle the binary protocol, whose function callback accepts a pointer to the struct (we can't use bytes as the length is unknown and may be defined in the header of the pointer itself). However since the binary prompt is not supported by all the platforms we need to do a compile-time check to disable it in case is used when not supported.
2023-09-19 18:51:45 +00:00
// BinaryPointer exposes the type used for the data in a binary conversation
// it represents a pointer to data that is produced by the module and that
// must be parsed depending on the protocol in use
type BinaryPointer unsafe.Pointer
transaction: Add ModuleTransaction type and ModuleHandler interface This allows to easily define go-handlers for module operations. We need to expose few more types externally so that it's possible to create the module transaction handler and return specific transaction errors
2023-09-25 16:52:56 +00:00
// NativeHandle is the type of the native PAM handle for a transaction so that
// it can be exported
type NativeHandle = *C.pam_handle_t
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
// transactionBase is a handler for a PAM transaction that can be used to
// group the operations that can be performed both by the application and the
// module side
type transactionBase struct {
transaction: Add ModuleTransaction type and ModuleHandler interface This allows to easily define go-handlers for module operations. We need to expose few more types externally so that it's possible to create the module transaction handler and return specific transaction errors
2023-09-25 16:52:56 +00:00
handle NativeHandle
transaction: Use Atomic to store/load the status Transactions save the status of each operation in a status field, however such field could be written concurrently by various operations, so we need to be sure that: - We always return the status for the current operation - We store the status in a atomic way so that other actions won't create write races In general, in a multi-thread operation one should not rely on Transaction.Error() to get info about the last operation.
2023-09-29 21:01:50 +00:00
lastStatus atomic.Int32
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
}
transaction: Add an helper function to handle pam functions return status All the pam functions return an integer with the status of the operation so instead of duplicating the same code everywhere, that is quite error prone, use an helper function. It would have been nice to make this more dynamic, but cgo doesn't allow us to do much magic here. This is enough though.
2023-10-11 08:25:42 +00:00
// Allows to call pam functions managing return status
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
func (t *transactionBase) handlePamStatus(cStatus C.int) error {
transaction: Use Atomic to store/load the status Transactions save the status of each operation in a status field, however such field could be written concurrently by various operations, so we need to be sure that: - We always return the status for the current operation - We store the status in a atomic way so that other actions won't create write races In general, in a multi-thread operation one should not rely on Transaction.Error() to get info about the last operation.
2023-09-29 21:01:50 +00:00
t.lastStatus.Store(int32(cStatus))
transaction: Never return Transaction as error While transaction does implement error, it's not a valid error implementer because it may have bogous values since it's not thread-safe and so we may read the result of Error() when it's into an invalid state As per this never return it as an error, while always return the Status unless when not available, where we still return pam.Error.
2023-10-11 10:16:59 +00:00
if status := Error(cStatus); status != success {
return status
transaction: Add an helper function to handle pam functions return status All the pam functions return an integer with the status of the operation so instead of duplicating the same code everywhere, that is quite error prone, use an helper function. It would have been nice to make this more dynamic, but cgo doesn't allow us to do much magic here. This is enough though.
2023-10-11 08:25:42 +00:00
}
return nil
}
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Item is a an PAM information type.
Update interface
2015-03-27 23:59:29 +00:00
type Item int
Fix golint warnings
2015-04-10 20:04:52 +00:00
// PAM Item types.
Update interface
2015-03-27 23:59:29 +00:00
const (
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Service is the name which identifies the PAM stack.
Service Item = C.PAM_SERVICE
// User identifies the username identity used by a service.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
User Item = C.PAM_USER
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Tty is the terminal name.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
Tty Item = C.PAM_TTY
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Rhost is the requesting host name.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
Rhost Item = C.PAM_RHOST
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Authtok is the currently active authentication token.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
Authtok Item = C.PAM_AUTHTOK
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Oldauthtok is the old authentication token.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
Oldauthtok Item = C.PAM_OLDAUTHTOK
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Ruser is the requesting user name.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
Ruser Item = C.PAM_RUSER
Fix golint warnings
2015-04-10 20:04:52 +00:00
// UserPrompt is the string use to prompt for a username.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
UserPrompt Item = C.PAM_USER_PROMPT
transaction: Add missing default PAM item types
2023-10-25 19:03:57 +00:00
// FailDelay is the app supplied function to override failure delays.
FailDelay Item = C.PAM_FAIL_DELAY
// Xdisplay is the X display name
Xdisplay Item = C.PAM_XDISPLAY
// Xauthdata is the X server authentication data.
Xauthdata Item = C.PAM_XAUTHDATA
// AuthtokType is the type for pam_get_authtok
AuthtokType Item = C.PAM_AUTHTOK_TYPE
Update interface
2015-03-27 23:59:29 +00:00
)
Fix golint warnings
2015-04-10 20:04:52 +00:00
// SetItem sets a PAM information item.
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
func (t *transactionBase) SetItem(i Item, item string) error {
Update interface
2015-03-27 23:59:29 +00:00
cs := unsafe.Pointer(C.CString(item))
defer C.free(cs)
transaction: Add an helper function to handle pam functions return status All the pam functions return an integer with the status of the operation so instead of duplicating the same code everywhere, that is quite error prone, use an helper function. It would have been nice to make this more dynamic, but cgo doesn't allow us to do much magic here. This is enough though.
2023-10-11 08:25:42 +00:00
return t.handlePamStatus(C.pam_set_item(t.handle, C.int(i), cs))
Update interface
2015-03-27 23:59:29 +00:00
}
Fix golint warnings
2015-04-10 20:04:52 +00:00
// GetItem retrieves a PAM information item.
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
func (t *transactionBase) GetItem(i Item) (string, error) {
Update interface
2015-03-27 23:59:29 +00:00
var s unsafe.Pointer
transaction: Add an helper function to handle pam functions return status All the pam functions return an integer with the status of the operation so instead of duplicating the same code everywhere, that is quite error prone, use an helper function. It would have been nice to make this more dynamic, but cgo doesn't allow us to do much magic here. This is enough though.
2023-10-11 08:25:42 +00:00
err := t.handlePamStatus(C.pam_get_item(t.handle, C.int(i), &s))
if err != nil {
return "", err
Update interface
2015-03-27 23:59:29 +00:00
}
return C.GoString((*C.char)(s)), nil
}
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Flags are inputs to various PAM functions than be combined with a bitwise
// or. Refer to the official PAM documentation for which flags are accepted
// by which functions.
Update interface
2015-03-27 23:59:29 +00:00
type Flags int
Fix golint warnings
2015-04-10 20:04:52 +00:00
// PAM Flag types.
Update interface
2015-03-27 23:59:29 +00:00
const (
Fix golint warnings
2015-04-10 20:04:52 +00:00
// Silent indicates that no messages should be emitted.
Silent Flags = C.PAM_SILENT
// DisallowNullAuthtok indicates that authorization should fail
// if the user does not have a registered authentication token.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
DisallowNullAuthtok Flags = C.PAM_DISALLOW_NULL_AUTHTOK
Fix golint warnings
2015-04-10 20:04:52 +00:00
// EstablishCred indicates that credentials should be established
// for the user.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
EstablishCred Flags = C.PAM_ESTABLISH_CRED
transaction: Fix comment typo
2023-11-20 20:15:43 +00:00
// DeleteCred indicates that credentials should be deleted.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
DeleteCred Flags = C.PAM_DELETE_CRED
Fix golint warnings
2015-04-10 20:04:52 +00:00
// ReinitializeCred indicates that credentials should be fully
// reinitialized.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
ReinitializeCred Flags = C.PAM_REINITIALIZE_CRED
Fix golint warnings
2015-04-10 20:04:52 +00:00
// RefreshCred indicates that the lifetime of existing credentials
// should be extended.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
RefreshCred Flags = C.PAM_REFRESH_CRED
Fix golint warnings
2015-04-10 20:04:52 +00:00
// ChangeExpiredAuthtok indicates that the authentication token
// should be changed if it has expired.
transaction: Mark Item, Flags and Style const values as Item, Flags and Style types We redefined various PAM constant values for items, flags and style, but only few of them were marked as being Item's or Flag's. This caused go to just consider them as generic integers instead of the actual subtype.
2023-10-10 09:45:12 +00:00
ChangeExpiredAuthtok Flags = C.PAM_CHANGE_EXPIRED_AUTHTOK
Update interface
2015-03-27 23:59:29 +00:00
)
Fix golint warnings
2015-04-10 20:04:52 +00:00
// PutEnv adds or changes the value of PAM environment variables.
//
// NAME=value will set a variable to a value.
// NAME= will set a variable to an empty value.
// NAME (without an "=") will delete a variable.
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
func (t *transactionBase) PutEnv(nameval string) error {
Update interface
2015-03-27 23:59:29 +00:00
cs := C.CString(nameval)
defer C.free(unsafe.Pointer(cs))
transaction: Add an helper function to handle pam functions return status All the pam functions return an integer with the status of the operation so instead of duplicating the same code everywhere, that is quite error prone, use an helper function. It would have been nice to make this more dynamic, but cgo doesn't allow us to do much magic here. This is enough though.
2023-10-11 08:25:42 +00:00
return t.handlePamStatus(C.pam_putenv(t.handle, cs))
Update interface
2015-03-27 23:59:29 +00:00
}
Fix golint warnings
2015-04-10 20:04:52 +00:00
// GetEnv is used to retrieve a PAM environment variable.
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
func (t *transactionBase) GetEnv(name string) string {
Update interface
2015-03-27 23:59:29 +00:00
cs := C.CString(name)
defer C.free(unsafe.Pointer(cs))
value := C.pam_getenv(t.handle, cs)
if value == nil {
return ""
}
return C.GoString(value)
}
This looks a bit better
2015-03-30 23:20:09 +00:00
func next(p **C.char) **C.char {
return (**C.char)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + unsafe.Sizeof(p)))
}
Fix golint warnings
2015-04-10 20:04:52 +00:00
// GetEnvList returns a copy of the PAM environment as a map.
transaction: Add a transaction base type to define more transaction kinds A pam handler can be used both by a module and by an Application, go-pam is meant to be used in the application side right now, but it can be easily changed to also create modules. This is the prerequisite work to support this.
2023-09-25 16:46:03 +00:00
func (t *transactionBase) GetEnvList() (map[string]string, error) {
Update interface
2015-03-27 23:59:29 +00:00
env := make(map[string]string)
p := C.pam_getenvlist(t.handle)
if p == nil {
transaction: Use Atomic to store/load the status Transactions save the status of each operation in a status field, however such field could be written concurrently by various operations, so we need to be sure that: - We always return the status for the current operation - We store the status in a atomic way so that other actions won't create write races In general, in a multi-thread operation one should not rely on Transaction.Error() to get info about the last operation.
2023-09-29 21:01:50 +00:00
t.lastStatus.Store(int32(ErrBuf))
transaction: Never return Transaction as error While transaction does implement error, it's not a valid error implementer because it may have bogous values since it's not thread-safe and so we may read the result of Error() when it's into an invalid state As per this never return it as an error, while always return the Status unless when not available, where we still return pam.Error.
2023-10-11 10:16:59 +00:00
return nil, ErrBuf
Update interface
2015-03-27 23:59:29 +00:00
}
transaction: Use Atomic to store/load the status Transactions save the status of each operation in a status field, however such field could be written concurrently by various operations, so we need to be sure that: - We always return the status for the current operation - We store the status in a atomic way so that other actions won't create write races In general, in a multi-thread operation one should not rely on Transaction.Error() to get info about the last operation.
2023-09-29 21:01:50 +00:00
t.lastStatus.Store(success)
This looks a bit better
2015-03-30 23:20:09 +00:00
for q := p; *q != nil; q = next(q) {
Fix a silly bug and add test coverage
2015-03-30 23:13:10 +00:00
chunks := strings.SplitN(C.GoString(*q), "=", 2)
Update interface
2015-03-27 23:59:29 +00:00
if len(chunks) == 2 {
env[chunks[0]] = chunks[1]
}
Fix a silly bug and add test coverage
2015-03-30 23:13:10 +00:00
C.free(unsafe.Pointer(*q))
Update interface
2015-03-27 23:59:29 +00:00
}
Rework pam_getenvlist so it doesn't leak
2015-03-30 19:53:16 +00:00
C.free(unsafe.Pointer(p))
Update interface
2015-03-27 23:59:29 +00:00
return env, nil
}
Allow to define confdir PAM has a pam_start_confdir() which allows to define the configuration directory where all services are located. This is useful to define your own service on tests in particular, so that you can control your stack and be independant of the host when running them. Allow defining this configuration directory, with a new StartConfDir function. Also, allow pre-checking for the API availability with CheckPamHasStartConfdir().
2022-09-16 06:09:26 +00:00
// CheckPamHasStartConfdir return if pam on system supports pam_system_confdir
func CheckPamHasStartConfdir() bool {
return C.check_pam_start_confdir() == 0
}
transaction: Add support for Binary conversation PAM upports binary conversations using private protocols, this can be handled by C but it's not supported here because we implicitly convert all the messages to string, and this may lead to issues when this is not the case (as in binary protocol the pointer could contain zeros that the GoString conversion would consider them the end of the message). So, add another conversation handler implementation that allows to handle the binary protocol, whose function callback accepts a pointer to the struct (we can't use bytes as the length is unknown and may be defined in the header of the pointer itself). However since the binary prompt is not supported by all the platforms we need to do a compile-time check to disable it in case is used when not supported.
2023-09-19 18:51:45 +00:00
// CheckPamHasBinaryProtocol return if pam on system supports PAM_BINARY_PROMPT
func CheckPamHasBinaryProtocol() bool {
return C.BINARY_PROMPT_IS_SUPPORTED != 0
}