-
PAM从入门到精通(二十四)
接前一篇文章:PAM从入门到精通(二十三)
本文参考:
《The Linux-PAM Application Developers' Guide》
先再来重温一下PAM系统架构:
更加形象的形式:
七、PAM-API各函数源码详解
前边的文章讲解了各PAM-API函数以及总体流程,但是也只是从接口层面介绍的,并没有深入到代码层面。从本篇文章开始,将对于各个接口函数从源码级进行讲解,以使大家不但知其然,还要知其所以然。
1. pam_start函数
上回讲到_pam_start_internal函数的第四部分,本文继续往下进行讲解。为了便于理解,再次贴出_pam_start_internal函数源码。在libpam/pam_start.c中,如下所示:
- static int _pam_start_internal (
- const char *service_name,
- const char *user,
- const struct pam_conv *pam_conversation,
- const char *confdir,
- pam_handle_t **pamh)
- {
- D(("called pam_start: [%s] [%s] [%p] [%p]"
- ,service_name, user, pam_conversation, pamh));
- if (pamh == NULL) {
- pam_syslog(NULL, LOG_CRIT,
- "pam_start: invalid argument: pamh == NULL");
- return (PAM_SYSTEM_ERR);
- }
- if (service_name == NULL) {
- pam_syslog(NULL, LOG_CRIT,
- "pam_start: invalid argument: service == NULL");
- return (PAM_SYSTEM_ERR);
- }
- if (pam_conversation == NULL) {
- pam_syslog(NULL, LOG_CRIT,
- "pam_start: invalid argument: conv == NULL");
- return (PAM_SYSTEM_ERR);
- }
- if ((*pamh = calloc(1, sizeof(**pamh))) == NULL) {
- pam_syslog(NULL, LOG_CRIT, "pam_start: calloc failed for *pamh");
- return (PAM_BUF_ERR);
- }
- /* All service names should be files below /etc/pam.d and nothing
- else. Forbid paths. */
- if (strrchr(service_name, '/') != NULL)
- service_name = strrchr(service_name, '/') + 1;
- /* Mark the caller as the application - permission to do certain
- things is limited to a module or an application */
- __PAM_TO_APP(*pamh);
- if (((*pamh)->service_name = _pam_strdup(service_name)) == NULL) {
- pam_syslog(*pamh, LOG_CRIT,
- "pam_start: _pam_strdup failed for service name");
- _pam_drop(*pamh);
- return (PAM_BUF_ERR);
- } else {
- char *tmp;
- for (tmp=(*pamh)->service_name; *tmp; ++tmp)
- *tmp = tolower(*tmp); /* require lower case */
- }
- if (user) {
- if (((*pamh)->user = _pam_strdup(user)) == NULL) {
- pam_syslog(*pamh, LOG_CRIT,
- "pam_start: _pam_strdup failed for user");
- _pam_drop((*pamh)->service_name);
- _pam_drop(*pamh);
- return (PAM_BUF_ERR);
- }
- } else
- (*pamh)->user = NULL;
- if (confdir) {
- if (((*pamh)->confdir = _pam_strdup(confdir)) == NULL) {
- pam_syslog(*pamh, LOG_CRIT,
- "pam_start: _pam_strdup failed for confdir");
- _pam_drop((*pamh)->service_name);
- _pam_drop((*pamh)->user);
- _pam_drop(*pamh);
- return (PAM_BUF_ERR);
- }
- } else
- (*pamh)->confdir = NULL;
- (*pamh)->tty = NULL;
- (*pamh)->prompt = NULL; /* prompt for pam_get_user() */
- (*pamh)->ruser = NULL;
- (*pamh)->rhost = NULL;
- (*pamh)->authtok = NULL;
- (*pamh)->oldauthtok = NULL;
- (*pamh)->fail_delay.delay_fn_ptr = NULL;
- (*pamh)->former.choice = PAM_NOT_STACKED;
- (*pamh)->former.substates = NULL;
- #ifdef HAVE_LIBAUDIT
- (*pamh)->audit_state = 0;
- #endif
- (*pamh)->xdisplay = NULL;
- (*pamh)->authtok_type = NULL;
- (*pamh)->authtok_verified = 0;
- memset (&((*pamh)->xauth), 0, sizeof ((*pamh)->xauth));
- if (((*pamh)->pam_conversation = (struct pam_conv *)
- malloc(sizeof(struct pam_conv))) == NULL) {
- pam_syslog(*pamh, LOG_CRIT, "pam_start: malloc failed for pam_conv");
- _pam_drop((*pamh)->service_name);
- _pam_drop((*pamh)->user);
- _pam_drop((*pamh)->confdir);
- _pam_drop(*pamh);
- return (PAM_BUF_ERR);
- } else {
- memcpy((*pamh)->pam_conversation, pam_conversation,
- sizeof(struct pam_conv));
- }
- (*pamh)->data = NULL;
- if ( _pam_make_env(*pamh) != PAM_SUCCESS ) {
- pam_syslog(*pamh,LOG_ERR,"pam_start: failed to initialize environment");
- _pam_drop((*pamh)->pam_conversation);
- _pam_drop((*pamh)->service_name);
- _pam_drop((*pamh)->user);
- _pam_drop((*pamh)->confdir);
- _pam_drop(*pamh);
- return PAM_ABORT;
- }
- _pam_reset_timer(*pamh); /* initialize timer support */
- _pam_start_handlers(*pamh); /* cannot fail */
- /* According to the SunOS man pages, loading modules and resolving
- * symbols happens on the first call from the application. */
- if ( _pam_init_handlers(*pamh) != PAM_SUCCESS ) {
- pam_syslog(*pamh, LOG_ERR, "pam_start: failed to initialize handlers");
- _pam_drop_env(*pamh); /* purge the environment */
- _pam_drop((*pamh)->pam_conversation);
- _pam_drop((*pamh)->service_name);
- _pam_drop((*pamh)->user);
- _pam_drop((*pamh)->confdir);
- _pam_drop(*pamh);
- return PAM_ABORT;
- }
- D(("exiting pam_start successfully"));
- return PAM_SUCCESS;
- }
接下来来到以下代码片段:
- (*pamh)->tty = NULL;
- (*pamh)->prompt = NULL; /* prompt for pam_get_user() */
- (*pamh)->ruser = NULL;
- (*pamh)->rhost = NULL;
- (*pamh)->authtok = NULL;
- (*pamh)->oldauthtok = NULL;
- (*pamh)->fail_delay.delay_fn_ptr = NULL;
- (*pamh)->former.choice = PAM_NOT_STACKED;
- (*pamh)->former.substates = NULL;
- #ifdef HAVE_LIBAUDIT
- (*pamh)->audit_state = 0;
- #endif
- (*pamh)->xdisplay = NULL;
- (*pamh)->authtok_type = NULL;
- (*pamh)->authtok_verified = 0;
- memset (&((*pamh)->xauth), 0, sizeof ((*pamh)->xauth));
这段代码无需做过多解释,就是对pam_handle_t **pamh即struct pam_handle的诸多成员赋值。为了便于理解,再次给出struct pam_handle的定义,在libpam/pam_private.h中,如下:
- struct pam_handle {
- char *authtok;
- unsigned caller_is;
- struct pam_conv *pam_conversation;
- char *oldauthtok;
- char *prompt; /* for use by pam_get_user() */
- char *service_name;
- char *user;
- char *rhost;
- char *ruser;
- char *tty;
- char *xdisplay;
- char *authtok_type; /* PAM_AUTHTOK_TYPE */
- struct pam_data *data;
- struct pam_environ *env; /* structure to maintain environment list */
- struct _pam_fail_delay fail_delay; /* helper function for easy delays */
- struct pam_xauth_data xauth; /* auth info for X display */
- struct service handlers;
- struct _pam_former_state former; /* library state - support for
- event driven applications */
- const char *mod_name; /* Name of the module currently executed */
- int mod_argc; /* Number of module arguments */
- char **mod_argv; /* module arguments */
- int choice; /* Which function we call from the module */
- #ifdef HAVE_LIBAUDIT
- int audit_state; /* keep track of reported audit messages */
- #endif
- int authtok_verified;
- char *confdir;
- };
接下来来到以下代码片段:
- if (((*pamh)->pam_conversation = (struct pam_conv *)
- malloc(sizeof(struct pam_conv))) == NULL) {
- pam_syslog(*pamh, LOG_CRIT, "pam_start: malloc failed for pam_conv");
- _pam_drop((*pamh)->service_name);
- _pam_drop((*pamh)->user);
- _pam_drop((*pamh)->confdir);
- _pam_drop(*pamh);
- return (PAM_BUF_ERR);
- } else {
- memcpy((*pamh)->pam_conversation, pam_conversation,
- sizeof(struct pam_conv));
- }
为(*pamh)->pam_conversation分配内存空间。如果失败,释放之前已经分配的service_name、user、confdir等内存空间;如果成功申请到内存,则将由pam_start函数传下来的pam_conversation完全拷贝。
一般调用pam_start函数的示例如下:
- static struct pam_conv conv = {
- misc_conv,
- NULL
- }
- /* 初始化,并提供一个回调函数 */
- if ((pam_start("login", user_name, &conv, &pamh)) != PAM_SUCCESS)
- exit(1);
接下来来到以下一行代码:
(*pamh)->data = NULL;将(*pamh)->data设置为NULL。
_pam_start_internal函数的其余部分将在后续文章中继续讲解。
-
相关阅读:
第10讲:DQL数据查询语句之LIMIT分页查询示例
在回调之间共享数据
WebAPI中使用WebService后发布注意要点
【笔者感悟】笔者的工作感悟【二】
Android 12(S) 图像显示系统 - 简述Allocator/Mapper HAL服务的获取过程(十五)
node项目调试
智能热水器语音控制丨打造智能家居新体验
任务调度平台在服务器集群上的分布式搭建笔记
⑩② 【MySQL索引】详解MySQL`索引`:结构、分类、性能分析、设计及使用规则。
HTML5期末大作业:游戏网站设计与实现——基于bootstrap响应式游戏资讯网站制作HTML+CSS+JavaScript
- 原文地址:https://blog.csdn.net/phmatthaus/article/details/134027066