fix: expose pam_sm_setcred to stabilize gdm pam services

#68
34N0 · Apr 15, 2024 · dae148e · dae148e
1 parent 34ef60d
commit dae148e
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 38 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,7 +15,7 @@ repository = "https://github.com/34N0/pam-authramp/"
 chrono = "0.4.31"
 clap = { version = "4.4.16", features = ["derive"] }
 colored = "2.1.0"
-libc = "0.2.97"
+libc = "0.2.153"
 tempdir = "0.3.7"
 tempfile = "3.8.1"
 toml = "0.8.8"

diff --git a/crates/pam/src/lib.rs b/crates/pam/src/lib.rs
@@ -204,4 +204,9 @@ pub trait PamHooks {
     fn sm_authenticate(pamh: &mut PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
         PamResultCode::PAM_IGNORE
     }
+
+    /// Is not actually implemented, but still needs to be exposed to fix some instabilitry issues.
+    fn sm_setcred(pamh: &mut PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+        PamResultCode::PAM_IGNORE
+    }
 }
diff --git a/crates/pam/src/macros.rs b/crates/pam/src/macros.rs
@@ -57,6 +57,17 @@ macro_rules! pam_hooks {
                 let args = extract_argv(argc, argv);
                 super::$ident::sm_authenticate(pamh, args, flags)
             }
+
+            #[no_mangle]
+            pub extern "C" fn pam_sm_setcred(
+                pamh: &mut PamHandle,
+                flags: PamFlag,
+                argc: c_int,
+                argv: *const *const c_char,
+            ) -> PamResultCode {
+                let args = extract_argv(argc, argv);
+                super::$ident::sm_setcred(pamh, args, flags)
+            }
         }
     };
 }

diff --git a/src/lib.rs b/src/lib.rs
@@ -90,7 +90,14 @@ impl PamHooks for Pamauthramp {
         init_authramp(pamh, &args, flags, "auth", |pamh, settings, tally| {
             // match action parameter
             match settings.get_action()? {
-                Actions::PREAUTH => Ok(bounce_auth(pamh, settings, tally)),
+                Actions::PREAUTH => {
+                    let res = bounce_auth(pamh, settings, tally);
+                    pamh.log(
+                        pam::LogLevel::Info,
+                        format!("preauth! {:?}", res),
+                    )?;
+                    Ok(res)
+                },
                 // bounce if called with authfail
                 Actions::AUTHFAIL => Err(bounce_auth(pamh, settings, tally)),
                 Actions::AUTHSUCC => Ok(PamResultCode::PAM_SUCCESS),
@@ -122,6 +129,10 @@ impl PamHooks for Pamauthramp {
             |_pamh, _settings, _tally| { Ok(PamResultCode::PAM_SUCCESS) }
         ))
     }
+
+    fn sm_setcred(_pamh: &mut PamHandle, _args: Vec<&CStr>, _flags: PamFlag) -> PamResultCode {
+        PamResultCode::PAM_SUCCESS
+    }
 }
 
 /// Initializes the authramp module by setting up user information and loading settings.