Changeset 81251 in vbox for trunk/src/VBox/Runtime

Timestamp:

Oct 14, 2019 11:41:46 AM (5 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

133946

Message:

IPRT/process-creation-posix.cpp: Generalized the PAM option and make *BSD use it to avoid adding lots of -lcrypt. ticketref:18682

File:

• trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp (modified) (9 diffs)

trunk/src/VBox/Runtime/r3/posix/process-creation-posix.cpp

@@ -80 +80 @@
 #endif
 
-#ifdef RT_OS_DARWIN
-# include <mach-o/dyld.h>
+#if !defined(IPRT_USE_PAM) && ( defined(RT_OS_DARWIN) || defined(RT_OS_FREEBSD) || defined(RT_OS_NETBSD) || defined(RT_OS_OPENBSD) )
+# define IPRT_USE_PAM
+#endif
+#ifdef IPRT_USE_PAM
+# ifdef RT_OS_DARWIN
+#  include <mach-o/dyld.h>
+#  define IPRT_LIBPAM_FILE      "libpam.dylib"
+#  define IPRT_PAM_SERVICE_NAME "login"     /** @todo we've been abusing 'login' here, probably not needed? */
+# else
+#  define IPRT_LIBPAM_FILE      "libpam.so"
+#  define IPRT_PAM_SERVICE_NAME "iprt-as-user"
+# endif
 # include <security/pam_appl.h>
 # include <stdlib.h>
@@ -126 +136 @@
 *   Structures and Typedefs                                                                                                      *
 *********************************************************************************************************************************/
-#ifdef RT_OS_DARWIN
+#ifdef IPRT_USE_PAM
 /** For passing info between rtCheckCredentials and rtPamConv. */
 typedef struct RTPROCPAMARGS
@@ -138 +148 @@
 
 
-#ifdef RT_OS_DARWIN
+#ifdef IPRT_USE_PAM
 /**
  * Worker for rtCheckCredentials that feeds password and maybe username to PAM.
@@ -183 +193 @@
     return PAM_SUCCESS;
 }
-#endif /* RT_OS_DARWIN */
-
-
-#ifdef IPRT_WITH_DYNAMIC_CRYPT_R
+#endif /* IPRT_USE_PAM */
+
+
+#if defined(IPRT_WITH_DYNAMIC_CRYPT_R) && !defined(IPRT_USE_PAM)
 /** Pointer to crypt_r(). */
 typedef char *(*PFNCRYPTR)(const char *, const char *, struct crypt_data *);
@@ -230 +240 @@
 static int rtCheckCredentials(const char *pszUser, const char *pszPasswd, gid_t *pGid, uid_t *pUid)
 {
-#if defined(RT_OS_DARWIN)
+#ifdef IPRT_USE_PAM
     RTLogPrintf("rtCheckCredentials\n");
 
@@ -251 +261 @@
      * Note! libpam.2.dylib was introduced with 10.6.x (OpenPAM).
      */
-    void *hModPam = dlopen("libpam.dylib", RTLD_LAZY | RTLD_GLOBAL);
+    void *hModPam = dlopen(IPRT_LIBPAM_FILE, RTLD_LAZY | RTLD_GLOBAL);
     if (hModPam)
     {
@@ -271 +281 @@
             && pfnPamEnd)
         {
-#define pam_start           pfnPamStart
-#define pam_authenticate    pfnPamAuthenticate
-#define pam_acct_mgmt       pfnPamAcctMgmt
-#define pam_set_item        pfnPamSetItem
-#define pam_end             pfnPamEnd
-
-            /* Do the PAM stuff.
-               Note! Abusing 'login' here for now... */
+# define pam_start           pfnPamStart
+# define pam_authenticate    pfnPamAuthenticate
+# define pam_acct_mgmt       pfnPamAcctMgmt
+# define pam_set_item        pfnPamSetItem
+# define pam_end             pfnPamEnd
+
+            /* Do the PAM stuff. */
             pam_handle_t   *hPam        = NULL;
             RTPROCPAMARGS   PamConvArgs = { pszUser, pszPasswd };
@@ -285 +294 @@
             PamConversation.appdata_ptr = &PamConvArgs;
             PamConversation.conv        = rtPamConv;
-            int rc = pam_start("login", pszUser, &PamConversation, &hPam);
+            int rc = pam_start(IPRT_PAM_SERVICE_NAME, pszUser, &PamConversation, &hPam);
             if (rc == PAM_SUCCESS)
             {
@@ -316 +325 @@
     }
     else
-        Log(("rtCheckCredentials: Loading libpam.dylib failed\n"));
+        Log(("rtCheckCredentials: Loading " IPRT_LIBPAM_FILE " failed\n"));
     return VERR_AUTHENTICATION_FAILURE;