pam: checking a user's login passphrase

This commit adds in the fscrypt/pam package. This package will hold all
functionality related to Linux Pluggable Authentication Modules (PAM).
Right now this package uses cgo to mock a PAM conversation, allowing the
function to check if a provided passphrase actually belongs to a user.

Due to the nature of cgo callbacks, global state of the key to check is
necessary for this function. This commit also addresses some issues
about building the cgo components. Now, only the minimal linking flags
are included in the go files. Additional linker flags may now be
necessary to build a static binary of fscrypt. This is addressed in the
Makefile and README.

Finally, this commit fixes a bug where the tests would not run correctly
due to shared global state on the testing filesystem. Fixed, by having
all the tests run sequentially.

Change-Id: Ia43636801da984b505d2f43dd14127b7cfbf2c48

1 files changed, 80 insertions, 0 deletions

diff --git a/pam/pam.c b/pam/pam.c
new file mode 100644
index 0000000..ce640e8
--- /dev/null
+++ b/pam/pam.c
@@ -0,0 +1,80 @@
+/*
+ * pam.c - Functions to let us call into libpam from Go.
+ *
+ * Copyright 2017 Google Inc.
+ * Author: Joe Richey (joerichey@google.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+#include "pam.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "_cgo_export.h"  // for pamInput callback
+
+const char* fscrypt_service = "fscrypt";
+
+static int pam_conv(int num_msg, const struct pam_message** msg,
+                    struct pam_response** resp, void* appdata_ptr) {
+  if (num_msg <= 0 || num_msg > PAM_MAX_NUM_MSG) {
+    return PAM_CONV_ERR;
+  }
+
+  // Allocate the response table with num_msg entries.
+  *resp = calloc(num_msg, sizeof **resp);
+  if (!*resp) {
+    return PAM_BUF_ERR;
+  }
+
+  // Check each message to see if we need to run a callback.
+  char* callback_msg = NULL;
+  char* callback_resp = NULL;
+  int i;
+  for (i = 0; i < num_msg; ++i) {
+    callback_msg = (char*)msg[i]->msg;
+
+    // We run our input callback if the style tells us we need data. Otherwise,
+    // we just print the error messages or text info to standard output.
+    switch (msg[i]->msg_style) {
+      case PAM_PROMPT_ECHO_OFF:
+        callback_resp = pamInput(callback_msg);
+        break;
+      case PAM_PROMPT_ECHO_ON:
+        // We should never have a request for non-secret data
+        unexpectedMessage(callback_msg);
+        callback_resp = NULL;
+        break;
+      case PAM_ERROR_MSG:
+      case PAM_TEXT_INFO:
+        printf("%s\n", callback_msg);
+        continue;
+    }
+
+    if (!callback_resp) {
+      // If the callback failed, free each nonempty response in the response
+      // table and the response table itself.
+      while (--i >= 0) {
+        free((*resp)[i].resp);
+      }
+      free(*resp);
+      return PAM_CONV_ERR;
+    }
+
+    (*resp)[i].resp = callback_resp;
+  }
+  return PAM_SUCCESS;
+}
+
+void pam_init(struct pam_conv* conv) { conv->conv = pam_conv; }