From f3f1d2f98de26e8180c56d87aaad0e4e98fb4e47 Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Wed, 19 Jul 2017 15:40:35 -0700 Subject: Various small nits a helper functions for PAM --- pam/login.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pam') diff --git a/pam/login.go b/pam/login.go index e89ee01..346edd4 100644 --- a/pam/login.go +++ b/pam/login.go @@ -38,7 +38,7 @@ import ( // Pam error values var ( - ErrPAMPassphrase = errors.New("incorrect login passphrase") + ErrPassphrase = errors.New("incorrect login passphrase") ) // Global state is needed for the PAM callback, so we guard this function with a @@ -107,7 +107,7 @@ func IsUserLoginToken(username string, token *crypto.Key, quiet bool) error { } if !authenticated { - return ErrPAMPassphrase + return ErrPassphrase } return nil } -- cgit v1.2.3 From ef5cc07774674c66b5dbeb7c655a26ac6371e378 Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Tue, 22 Aug 2017 15:41:18 -0700 Subject: pam_fscrypt: lock all PAM policies w/ flag --- pam/pam.go | 35 ----------------------------------- 1 file changed, 35 deletions(-) (limited to 'pam') diff --git a/pam/pam.go b/pam/pam.go index 9188b6e..804171d 100644 --- a/pam/pam.go +++ b/pam/pam.go @@ -32,8 +32,6 @@ import ( "errors" "fmt" "unsafe" - - "github.com/google/fscrypt/util" ) // Handle wraps the C pam_handle_t type. This is used from within modules. @@ -99,39 +97,6 @@ func (h *Handle) GetString(name string) (string, error) { return C.GoString((*C.char)(data)), nil } -// SetSlice sets a []string value for the PAM data with the specified name. -func (h *Handle) SetSlice(name string, slice []string) error { - sliceLength := uintptr(len(slice)) - memorySize := (sliceLength + 1) * unsafe.Sizeof(uintptr(0)) - data := C.malloc(C.size_t(memorySize)) - - cSlice := util.PointerSlice(data) - for i, str := range slice { - cSlice[i] = unsafe.Pointer(C.CString(str)) - } - cSlice[sliceLength] = nil - - return h.setData(name, data, C.CleanupFunc(C.freeArray)) -} - -// GetSlice gets a []string value for the PAM data with the specified name. It -// should have been previously set with SetSlice(). -func (h *Handle) GetSlice(name string) ([]string, error) { - data, err := h.getData(name) - if err != nil { - return nil, err - } - - var slice []string - for _, cString := range util.PointerSlice(data) { - if cString == nil { - return slice, nil - } - slice = append(slice, C.GoString((*C.char)(cString))) - } - panic("We will never get here") -} - // GetItem retrieves a PAM information item. This a pointer directory to the // data, so it shouldn't be modified. func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) { -- cgit v1.2.3 From b15792b8d7c197d84970415fd2525c51aee3996c Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Wed, 23 Aug 2017 12:29:10 -0700 Subject: Added some documentation and improved security API --- pam/pam.go | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'pam') diff --git a/pam/pam.go b/pam/pam.go index 804171d..3049efb 100644 --- a/pam/pam.go +++ b/pam/pam.go @@ -32,12 +32,15 @@ import ( "errors" "fmt" "unsafe" + + "github.com/google/fscrypt/security" ) // Handle wraps the C pam_handle_t type. This is used from within modules. type Handle struct { handle *C.pam_handle_t status C.int + privs *security.Privileges } // NewHandle creates a Handle from a raw pointer. @@ -105,19 +108,28 @@ func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) { return data, h.err() } -// GetIDs retrieves the UID and GID of the corresponding PAM_USER. -func (h *Handle) GetIDs() (uid int, gid int, err error) { +// DropThreadPrivileges sets the effective privileges to that of the PAM user +func (h *Handle) DropThreadPrivileges() error { var pamUsername *C.char + var err error + h.status = C.pam_get_user(h.handle, &pamUsername, nil) if err = h.err(); err != nil { - return 0, 0, err + return err } - pwnam := C.getpwnam(pamUsername) if pwnam == nil { - return 0, 0, fmt.Errorf("unknown user %q", C.GoString(pamUsername)) + return fmt.Errorf("unknown user %q", C.GoString(pamUsername)) } - return int(pwnam.pw_uid), int(pwnam.pw_gid), nil + + h.privs, err = security.DropThreadPrivileges(int(pwnam.pw_uid), int(pwnam.pw_gid)) + return err +} + +// RaiseThreadPrivileges restores the original privileges that were running the +// PAM module (this is usually root). +func (h *Handle) RaiseThreadPrivileges() error { + return security.RaiseThreadPrivileges(h.privs) } func (h *Handle) err() error { -- cgit v1.2.3 From d617d7725ce8b91df2152d6539da10c401c59325 Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Wed, 23 Aug 2017 18:51:23 -0700 Subject: pam_fscrypt: Session accounting completed --- pam/pam.go | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) (limited to 'pam') diff --git a/pam/pam.go b/pam/pam.go index 3049efb..12f2e97 100644 --- a/pam/pam.go +++ b/pam/pam.go @@ -31,6 +31,7 @@ import "C" import ( "errors" "fmt" + "log" "unsafe" "github.com/google/fscrypt/security" @@ -41,14 +42,32 @@ type Handle struct { handle *C.pam_handle_t status C.int privs *security.Privileges + // UID of the user being authenticated + UID int + // GID of the user being authenticated + GID int } // NewHandle creates a Handle from a raw pointer. -func NewHandle(pamh unsafe.Pointer) *Handle { - return &Handle{ +func NewHandle(pamh unsafe.Pointer) (*Handle, error) { + h := &Handle{ handle: (*C.pam_handle_t)(pamh), status: C.PAM_SUCCESS, } + + var pamUsername *C.char + h.status = C.pam_get_user(h.handle, &pamUsername, nil) + if err := h.err(); err != nil { + return nil, err + } + + pwnam := C.getpwnam(pamUsername) + if pwnam == nil { + return nil, fmt.Errorf("unknown user %q", C.GoString(pamUsername)) + } + h.UID = int(pwnam.pw_uid) + h.GID = int(pwnam.pw_gid) + return h, nil } func (h *Handle) setData(name string, data unsafe.Pointer, cleanup C.CleanupFunc) error { @@ -110,26 +129,20 @@ func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) { // DropThreadPrivileges sets the effective privileges to that of the PAM user func (h *Handle) DropThreadPrivileges() error { - var pamUsername *C.char var err error - - h.status = C.pam_get_user(h.handle, &pamUsername, nil) - if err = h.err(); err != nil { - return err - } - pwnam := C.getpwnam(pamUsername) - if pwnam == nil { - return fmt.Errorf("unknown user %q", C.GoString(pamUsername)) - } - - h.privs, err = security.DropThreadPrivileges(int(pwnam.pw_uid), int(pwnam.pw_gid)) + h.privs, err = security.DropThreadPrivileges(h.UID, h.GID) return err } // RaiseThreadPrivileges restores the original privileges that were running the -// PAM module (this is usually root). +// PAM module (this is usually root). As this error is often ignored in a defer +// statement, any error is also logged. func (h *Handle) RaiseThreadPrivileges() error { - return security.RaiseThreadPrivileges(h.privs) + err := security.RaiseThreadPrivileges(h.privs) + if err != nil { + log.Print(err) + } + return err } func (h *Handle) err() error { -- cgit v1.2.3