diff options
Diffstat (limited to 'vendor/github.com/msteinert')
| -rw-r--r-- | vendor/github.com/msteinert/pam/LICENSE | 24 | ||||
| -rw-r--r-- | vendor/github.com/msteinert/pam/README.md | 30 | ||||
| -rw-r--r-- | vendor/github.com/msteinert/pam/callback.go | 39 | ||||
| -rw-r--r-- | vendor/github.com/msteinert/pam/transaction.c | 46 | ||||
| -rw-r--r-- | vendor/github.com/msteinert/pam/transaction.go | 306 |
5 files changed, 0 insertions, 445 deletions
diff --git a/vendor/github.com/msteinert/pam/LICENSE b/vendor/github.com/msteinert/pam/LICENSE deleted file mode 100644 index e3adca07..00000000 --- a/vendor/github.com/msteinert/pam/LICENSE +++ /dev/null @@ -1,24 +0,0 @@ -Copyright 2011, krockot -Copyright 2015, Michael Steinert <mike.steinert@gmail.com> -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -* Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -* Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/msteinert/pam/README.md b/vendor/github.com/msteinert/pam/README.md deleted file mode 100644 index 66b38206..00000000 --- a/vendor/github.com/msteinert/pam/README.md +++ /dev/null @@ -1,30 +0,0 @@ -[](https://travis-ci.org/msteinert/pam) -[](http://godoc.org/github.com/msteinert/pam) -[](https://coveralls.io/r/msteinert/pam?branch=master) -[](http://goreportcard.com/report/msteinert/pam) - -# Go PAM - -This is a Go wrapper for the PAM application API. - -## Testing - -To run the full suite, the tests must be run as the root user. To setup your -system for testing, create a user named "test" with the password "secret". For -example: - -``` -$ sudo useradd test \ - -d /tmp/test \ - -p '$1$Qd8H95T5$RYSZQeoFbEB.gS19zS99A0' \ - -s /bin/false -``` - -Then execute the tests: - -``` -$ sudo GOPATH=$GOPATH $(which go) test -v -``` - -[1]: http://godoc.org/github.com/msteinert/pam -[2]: http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html diff --git a/vendor/github.com/msteinert/pam/callback.go b/vendor/github.com/msteinert/pam/callback.go deleted file mode 100644 index 672a36e8..00000000 --- a/vendor/github.com/msteinert/pam/callback.go +++ /dev/null @@ -1,39 +0,0 @@ -package pam - -import "sync" - -var cb struct { - sync.Mutex - m map[int]interface{} - c int -} - -func init() { - cb.m = make(map[int]interface{}) -} - -func cbAdd(v interface{}) int { - cb.Lock() - defer cb.Unlock() - cb.c++ - cb.m[cb.c] = v - return cb.c -} - -func cbGet(c int) interface{} { - cb.Lock() - defer cb.Unlock() - if v, ok := cb.m[c]; ok { - return v - } - panic("Callback pointer not found") -} - -func cbDelete(c int) { - cb.Lock() - defer cb.Unlock() - if _, ok := cb.m[c]; !ok { - panic("Callback pointer not found") - } - delete(cb.m, c) -} diff --git a/vendor/github.com/msteinert/pam/transaction.c b/vendor/github.com/msteinert/pam/transaction.c deleted file mode 100644 index 5cf22a5d..00000000 --- a/vendor/github.com/msteinert/pam/transaction.c +++ /dev/null @@ -1,46 +0,0 @@ -#include "_cgo_export.h" -#include <security/pam_appl.h> -#include <string.h> - -int cb_pam_conv( - int num_msg, - const struct pam_message **msg, - struct pam_response **resp, - void *appdata_ptr) -{ - *resp = calloc(num_msg, sizeof **resp); - if (num_msg <= 0 || num_msg > PAM_MAX_NUM_MSG) { - return PAM_CONV_ERR; - } - if (!*resp) { - return PAM_BUF_ERR; - } - for (size_t i = 0; i < num_msg; ++i) { - struct cbPAMConv_return result = cbPAMConv( - msg[i]->msg_style, - (char *)msg[i]->msg, - (long)appdata_ptr); - if (result.r1 != PAM_SUCCESS) { - goto error; - } - (*resp)[i].resp = result.r0; - } - return PAM_SUCCESS; -error: - for (size_t i = 0; i < num_msg; ++i) { - if ((*resp)[i].resp) { - memset((*resp)[i].resp, 0, strlen((*resp)[i].resp)); - free((*resp)[i].resp); - } - } - memset(*resp, 0, num_msg * sizeof *resp); - free(*resp); - *resp = NULL; - return PAM_CONV_ERR; -} - -void init_pam_conv(struct pam_conv *conv, long c) -{ - conv->conv = cb_pam_conv; - conv->appdata_ptr = (void *)c; -} diff --git a/vendor/github.com/msteinert/pam/transaction.go b/vendor/github.com/msteinert/pam/transaction.go deleted file mode 100644 index cda848e0..00000000 --- a/vendor/github.com/msteinert/pam/transaction.go +++ /dev/null @@ -1,306 +0,0 @@ -// Package pam provides a wrapper for the PAM application API. -package pam - -//#include <security/pam_appl.h> -//#include <stdlib.h> -//#cgo CFLAGS: -Wall -std=c99 -//#cgo LDFLAGS: -lpam -//void init_pam_conv(struct pam_conv *conv, long c); -import "C" - -import ( - "runtime" - "strings" - "unsafe" -) - -// Style is the type of message that the conversation handler should display. -type Style int - -// Coversation handler style types. -const ( - // PromptEchoOff indicates the conversation handler should obtain a - // string without echoing any text. - PromptEchoOff Style = C.PAM_PROMPT_ECHO_OFF - // PromptEchoOn indicates the conversation handler should obtain a - // string while echoing text. - PromptEchoOn = C.PAM_PROMPT_ECHO_ON - // ErrorMsg indicates the conversation handler should display an - // error message. - ErrorMsg = C.PAM_ERROR_MSG - // TextInfo indicates the conversation handler should display some - // text. - TextInfo = C.PAM_TEXT_INFO -) - -// ConversationHandler is an interface for objects that can be used as -// conversation callbacks during PAM authentication. -type ConversationHandler interface { - // RespondPAM receives a message style and a message string. If the - // message Style is PromptEchoOff or PromptEchoOn then the function - // should return a response string. - RespondPAM(Style, string) (string, error) -} - -// ConversationFunc is an adapter to allow the use of ordinary functions as -// conversation callbacks. -type ConversationFunc func(Style, string) (string, error) - -// RespondPAM is a conversation callback adapter. -func (f ConversationFunc) RespondPAM(s Style, msg string) (string, error) { - return f(s, msg) -} - -// cbPAMConv is a wrapper for the conversation callback function. -//export cbPAMConv -func cbPAMConv(s C.int, msg *C.char, c int) (*C.char, C.int) { - var r string - var err error - v := cbGet(c) - switch cb := v.(type) { - case ConversationHandler: - r, err = cb.RespondPAM(Style(s), C.GoString(msg)) - } - if err != nil { - return nil, C.PAM_CONV_ERR - } - return C.CString(r), C.PAM_SUCCESS -} - -// Transaction is the application's handle for a PAM transaction. -type Transaction struct { - handle *C.pam_handle_t - conv *C.struct_pam_conv - status C.int - c int -} - -// transactionFinalizer cleans up the PAM handle and deletes the callback -// function. -func transactionFinalizer(t *Transaction) { - C.pam_end(t.handle, t.status) - cbDelete(t.c) -} - -// Start initiates a new PAM transaction. Service is treated identically to -// how pam_start treats it internally. -// -// All application calls to PAM begin with Start (or StartFunc). The returned -// transaction provides an interface to the remainder of the API. -func Start(service, user string, handler ConversationHandler) (*Transaction, error) { - t := &Transaction{ - conv: &C.struct_pam_conv{}, - c: cbAdd(handler), - } - C.init_pam_conv(t.conv, C.long(t.c)) - runtime.SetFinalizer(t, transactionFinalizer) - s := C.CString(service) - defer C.free(unsafe.Pointer(s)) - var u *C.char - if len(user) != 0 { - u = C.CString(user) - defer C.free(unsafe.Pointer(u)) - } - t.status = C.pam_start(s, u, t.conv, &t.handle) - if t.status != C.PAM_SUCCESS { - return nil, t - } - return t, nil -} - -// StartFunc registers the handler func as a conversation handler. -func StartFunc(service, user string, handler func(Style, string) (string, error)) (*Transaction, error) { - return Start(service, user, ConversationFunc(handler)) -} - -func (t *Transaction) Error() string { - return C.GoString(C.pam_strerror(t.handle, C.int(t.status))) -} - -// Item is a an PAM information type. -type Item int - -// PAM Item types. -const ( - // Service is the name which identifies the PAM stack. - Service Item = C.PAM_SERVICE - // User identifies the username identity used by a service. - User = C.PAM_USER - // Tty is the terminal name. - Tty = C.PAM_TTY - // Rhost is the requesting host name. - Rhost = C.PAM_RHOST - // Authtok is the currently active authentication token. - Authtok = C.PAM_AUTHTOK - // Oldauthtok is the old authentication token. - Oldauthtok = C.PAM_OLDAUTHTOK - // Ruser is the requesting user name. - Ruser = C.PAM_RUSER - // UserPrompt is the string use to prompt for a username. - UserPrompt = C.PAM_USER_PROMPT -) - -// SetItem sets a PAM information item. -func (t *Transaction) SetItem(i Item, item string) error { - cs := unsafe.Pointer(C.CString(item)) - defer C.free(cs) - t.status = C.pam_set_item(t.handle, C.int(i), cs) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// GetItem retrieves a PAM information item. -func (t *Transaction) GetItem(i Item) (string, error) { - var s unsafe.Pointer - t.status = C.pam_get_item(t.handle, C.int(i), &s) - if t.status != C.PAM_SUCCESS { - return "", t - } - return C.GoString((*C.char)(s)), nil -} - -// Flags are inputs to various PAM functions than be combined with a bitwise -// or. Refer to the official PAM documentation for which flags are accepted -// by which functions. -type Flags int - -// PAM Flag types. -const ( - // Silent indicates that no messages should be emitted. - Silent Flags = C.PAM_SILENT - // DisallowNullAuthtok indicates that authorization should fail - // if the user does not have a registered authentication token. - DisallowNullAuthtok = C.PAM_DISALLOW_NULL_AUTHTOK - // EstablishCred indicates that credentials should be established - // for the user. - EstablishCred = C.PAM_ESTABLISH_CRED - // DeleteCred inidicates that credentials should be deleted. - DeleteCred = C.PAM_DELETE_CRED - // ReinitializeCred indicates that credentials should be fully - // reinitialized. - ReinitializeCred = C.PAM_REINITIALIZE_CRED - // RefreshCred indicates that the lifetime of existing credentials - // should be extended. - RefreshCred = C.PAM_REFRESH_CRED - // ChangeExpiredAuthtok indicates that the authentication token - // should be changed if it has expired. - ChangeExpiredAuthtok = C.PAM_CHANGE_EXPIRED_AUTHTOK -) - -// Authenticate is used to authenticate the user. -// -// Valid flags: Silent, DisallowNullAuthtok -func (t *Transaction) Authenticate(f Flags) error { - t.status = C.pam_authenticate(t.handle, C.int(f)) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// SetCred is used to establish, maintain and delete the credentials of a -// user. -// -// Valid flags: EstablishCred, DeleteCred, ReinitializeCred, RefreshCred -func (t *Transaction) SetCred(f Flags) error { - t.status = C.pam_setcred(t.handle, C.int(f)) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// AcctMgmt is used to determine if the user's account is valid. -// -// Valid flags: Silent, DisallowNullAuthtok -func (t *Transaction) AcctMgmt(f Flags) error { - t.status = C.pam_acct_mgmt(t.handle, C.int(f)) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// ChangeAuthTok is used to change the authentication token. -// -// Valid flags: Silent, ChangeExpiredAuthtok -func (t *Transaction) ChangeAuthTok(f Flags) error { - t.status = C.pam_chauthtok(t.handle, C.int(f)) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// OpenSession sets up a user session for an authenticated user. -// -// Valid flags: Slient -func (t *Transaction) OpenSession(f Flags) error { - t.status = C.pam_open_session(t.handle, C.int(f)) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// CloseSession closes a previously opened session. -// -// Valid flags: Silent -func (t *Transaction) CloseSession(f Flags) error { - t.status = C.pam_close_session(t.handle, C.int(f)) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// PutEnv adds or changes the value of PAM environment variables. -// -// NAME=value will set a variable to a value. -// NAME= will set a variable to an empty value. -// NAME (without an "=") will delete a variable. -func (t *Transaction) PutEnv(nameval string) error { - cs := C.CString(nameval) - defer C.free(unsafe.Pointer(cs)) - t.status = C.pam_putenv(t.handle, cs) - if t.status != C.PAM_SUCCESS { - return t - } - return nil -} - -// GetEnv is used to retrieve a PAM environment variable. -func (t *Transaction) GetEnv(name string) string { - cs := C.CString(name) - defer C.free(unsafe.Pointer(cs)) - value := C.pam_getenv(t.handle, cs) - if value == nil { - return "" - } - return C.GoString(value) -} - -func next(p **C.char) **C.char { - return (**C.char)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + unsafe.Sizeof(p))) -} - -// GetEnvList returns a copy of the PAM environment as a map. -func (t *Transaction) GetEnvList() (map[string]string, error) { - env := make(map[string]string) - p := C.pam_getenvlist(t.handle) - if p == nil { - t.status = C.PAM_BUF_ERR - return nil, t - } - for q := p; *q != nil; q = next(q) { - chunks := strings.SplitN(C.GoString(*q), "=", 2) - if len(chunks) == 2 { - env[chunks[0]] = chunks[1] - } - C.free(unsafe.Pointer(*q)) - } - C.free(unsafe.Pointer(p)) - return env, nil -} |