[exim-cvs] pam dynamic module

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] pam dynamic module
Gitweb: https://git.exim.org/exim.git/commitdiff/7fba0a36b45d510611efe21df3523e89a9601ffd
Commit:     7fba0a36b45d510611efe21df3523e89a9601ffd
Parent:     db1d45ff1e5f3d83d24e75400a157d5fbc86d1c7
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Sep 7 18:52:15 2024 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Sep 7 19:03:06 2024 +0100


    pam dynamic module
---
 doc/doc-txt/NewStuff                         |  2 +-
 src/OS/Makefile-Base                         |  5 +----
 src/scripts/Configure-Makefile               |  2 +-
 src/scripts/MakeLinks                        |  1 +
 src/src/EDITME                               |  5 +++++
 src/src/exim.h                               |  3 +++
 src/src/expand.c                             | 19 +++++++++++++------
 src/src/functions.h                          |  1 -
 src/src/miscmods/Makefile                    |  2 ++
 src/src/{auths/call_pam.c => miscmods/pam.c} | 28 ++++++++++++++++++++++++----
 src/src/miscmods/pam_api.h                   | 14 ++++++++++++++
 src/src/miscmods/radius_api.h                | 14 ++++++++++++++
 12 files changed, 79 insertions(+), 17 deletions(-)


diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index fe94e46c7..935efb59a 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -14,7 +14,7 @@ Version 4.98

3. Events smtp:fail:protocol and smtp:fail:syntax

- 4. JSON and LDAP lookup support, RADIUS, SPF, DKIM, DMARC and ARC support,
+ 4. JSON and LDAP lookup support, PAM, RADIUS, SPF, DKIM, DMARC and ARC support,
     all the router and authenticator drivers, and all the transport drivers
     except smtp, can now be built as loadable modules


diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base
index ddd7cf5ac..22b56aae5 100644
--- a/src/OS/Makefile-Base
+++ b/src/OS/Makefile-Base
@@ -509,7 +509,7 @@ OBJ_LOOKUPS = lf_quote.o lf_check_file.o lf_sqlperform.o
 OBJ_ROUTERS = rf_change_domain.o rf_expand_data.o rf_get_errors_address.o \
     rf_get_munge_headers.o rf_get_transport.o rf_get_ugid.o \
     rf_lookup_hostlist.o rf_queue_add.o rf_self_action.o rf_set_ugid.o
-OBJ_AUTHS = call_pam.o call_pwcheck.o check_serv_cond.o \
+OBJ_AUTHS = call_pwcheck.o check_serv_cond.o \
     get_data.o get_no64_data.o pwcheck.o


 OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \
@@ -968,9 +968,6 @@ rf_set_ugid.o:           routers/rf_set_ugid.c
 auth-spa.o:         auths/auth-spa.c
     @echo "$(CC) $<"
     $(FE)$(CC) -c $(CFLAGS) -I. $(INCLUDE) $<
-call_pam.o:         auths/call_pam.c
-    @echo "$(CC) $<"
-    $(FE)$(CC) -c $(CFLAGS) -I. $(INCLUDE) $<
 call_pwcheck.o:     auths/call_pwcheck.c auths/pwcheck.h
     @echo "$(CC) $<"
     $(FE)$(CC) -c $(CFLAGS) -I. $(INCLUDE) $<
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
index 96a6cce22..4fc917dc9 100755
--- a/src/scripts/Configure-Makefile
+++ b/src/scripts/Configure-Makefile
@@ -309,7 +309,7 @@ done <<-END
  routers    ROUTER    ACCEPT DNSLOOKUP IPLITERAL IPLOOKUP MANUALROUTE QUERYPROGRAM REDIRECT
  transports TRANSPORT    APPENDFILE AUTOREPLY LMTP PIPE QUEUEFILE SMTP
  auths        AUTH    CRAM_MD5 CYRUS_SASL DOVECOT EXTERNAL GSASL HEIMDAL_GSSAPI PLAINTEXT SPA TLS
- miscmods   SUPPORT    ARC _DKIM DMARC RADIUS SPF
+ miscmods   SUPPORT    ARC _DKIM DMARC PAM RADIUS SPF
 END


 # See if there is a definition of EXIM_PERL in what we have built so far.
diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks
index 1b272a5c9..a3a3131a2 100755
--- a/src/scripts/MakeLinks
+++ b/src/scripts/MakeLinks
@@ -102,6 +102,7 @@ for f in dummy.c \
     pdkim/crypt_ver.h pdkim/pdkim.c pdkim/pdkim.h \
     pdkim/pdkim_hash.h pdkim/signing.c pdkim/signing.h \
     dmarc.c dmarc.h dmarc_api.h \
+    pam.c pam_api.h \
     radius.c radius_api.h \
     spf.c spf.h spf_api.h
 do
diff --git a/src/src/EDITME b/src/src/EDITME
index 9d458842a..c12d74c35 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -1089,6 +1089,8 @@ ZCAT_COMMAND=/usr/bin/zcat
 # distributions (see http://ftp.kernel.org/pub/linux/libs/pam/). The Exim
 # support, which is intended for use in conjunction with the SMTP AUTH
 # facilities, is included only when requested by the following setting:
+#
+# For a dynamic module build add SUPPORT_PAM=2 and SUPPORT_PAM_LIBS=-lpam


# SUPPORT_PAM=yes

@@ -1146,6 +1148,9 @@ ZCAT_COMMAND=/usr/bin/zcat
# which is intended for use in conjunction with the SMTP AUTH facilities,
# is included only when requested by setting the following parameter to the
# location of your Radius configuration file:
+#
+# For a dynamic module build add SUPPORT_RADIUS=2 and (if needed)
+# SUPPORT_RADIUS_LIBS=-l<foo>

# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
# RADIUS_CONFIG_FILE=/etc/radius.conf
diff --git a/src/src/exim.h b/src/src/exim.h
index 550f1a7bd..a3b7112a6 100644
--- a/src/src/exim.h
+++ b/src/src/exim.h
@@ -561,6 +561,9 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly.
#ifdef RADIUS_CONFIG_FILE
# include "miscmods/radius_api.h"
#endif
+#ifdef SUPPORT_PAM
+# include "miscmods/pam_api.h"
+#endif

 /* The following stuff must follow the inclusion of config.h because it
 requires various things that are set therein. */
diff --git a/src/src/expand.c b/src/src/expand.c
index cdfe93cdc..d9e71897e 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -2767,12 +2767,19 @@ switch(cond_type = identify_operator(&s, &opname))
     /* Various authentication tests - all optionally compiled */


     case ECOND_PAM:
-    #ifdef SUPPORT_PAM
-    rc = auth_call_pam(sub[0], &expand_string_message);
-    goto END_AUTH;
-    #else
-    goto COND_FAILED_NOT_COMPILED;
-    #endif  /* SUPPORT_PAM */
+#ifdef SUPPORT_PAM
+      {
+      const misc_module_info * mi = misc_mod_find(US"pam", NULL);
+      typedef int (*fn_t)(const uschar *, uschar **);
+      if (!mi)
+    goto COND_FAILED_NOT_COMPILED;
+      rc = (((fn_t *) mi->functions)[PAM_AUTH_CALL])
+                      (sub[0], &expand_string_message);
+      goto END_AUTH;
+      }
+#else
+      goto COND_FAILED_NOT_COMPILED;
+#endif  /* SUPPORT_PAM */


     case ECOND_RADIUS:
 #ifdef RADIUS_CONFIG_FILE
diff --git a/src/src/functions.h b/src/src/functions.h
index 493b2287e..cb470bcb3 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -111,7 +111,6 @@ extern void    add_driver_info(driver_info **, const driver_info *, size_t);



 extern void    assert_no_variables(void *, int, const char *, int);
-extern int     auth_call_pam(const uschar *, uschar **);
 extern int     auth_call_pwcheck(uschar *, uschar **);
 extern int     auth_call_saslauthd(const uschar *, const uschar *,
              const uschar *, const uschar *, uschar **);
diff --git a/src/src/miscmods/Makefile b/src/src/miscmods/Makefile
index a15fd9b38..8f53088ff 100644
--- a/src/src/miscmods/Makefile
+++ b/src/src/miscmods/Makefile
@@ -37,6 +37,8 @@ dkim.o  dkim.so:    $(HDRS) dkim.h dkim.c dkim_transport.c \
             signing.h signing.c
 dmarc.o dmarc.so:    $(HDRS) pdkim.h dmarc.h dmarc.c
 dummy.o:        dummy.c
+pam.o   pam.so:        $(HDRS) pam.c
+radius.o radius.so:    $(HDRS) radius.c
 spf.o   spf.so:        $(HDRS) spf.h spf.c


 dkim.o:
diff --git a/src/src/auths/call_pam.c b/src/src/miscmods/pam.c
similarity index 92%
rename from src/src/auths/call_pam.c
rename to src/src/miscmods/pam.c
index 3ff15711d..1f1b2e2eb 100644
--- a/src/src/auths/call_pam.c
+++ b/src/src/miscmods/pam.c
@@ -2,8 +2,8 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/


+/* Copyright (c) The Exim Maintainers 2020 - 2024 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */

@@ -28,9 +28,9 @@ static void dummy(int x) { dummy2(x-1); }
#else /* SUPPORT_PAM */

#ifdef PAM_H_IN_PAM
-#include <pam/pam_appl.h>
+# include <pam/pam_appl.h>
#else
-#include <security/pam_appl.h>
+# include <security/pam_appl.h>
#endif

 /* According to the specification, it should be possible to have an application
@@ -128,7 +128,7 @@ Returns:   OK if authentication succeeded
            ERROR some other error condition
 */


-int
+static int
auth_call_pam(const uschar *s, uschar **errptr)
{
pam_handle_t *pamh = NULL;
@@ -200,6 +200,26 @@ if (pam_error == PAM_USER_UNKNOWN ||
return ERROR;
}

+
+
+/******************************************************************************/
+/* Module API */
+
+static void * pam_functions[] = {
+  [RADIUS_AUTH_CALL] =    auth_call_pam,
+};
+
+misc_module_info rad_module_info =
+{
+  .name =        US"pam",
+# ifdef DYNLOOKUP
+  .dyn_magic =        MISC_MODULE_MAGIC,
+# endif
+
+  .functions =        pam_functions,
+  .functions_count =    nelem(pam_functions),
+};
+
 #endif  /* SUPPORT_PAM */


 /* End of call_pam.c */
diff --git a/src/src/miscmods/pam_api.h b/src/src/miscmods/pam_api.h
new file mode 100644
index 000000000..d83f27aa0
--- /dev/null
+++ b/src/src/miscmods/pam_api.h
@@ -0,0 +1,14 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) The Exim Maintainers 2024 */
+/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+
+/* API definitions for the pam module */
+
+
+/* Function table entry numbers */
+
+#define    PAM_AUTH_CALL        0
diff --git a/src/src/miscmods/radius_api.h b/src/src/miscmods/radius_api.h
new file mode 100644
index 000000000..361a01ce3
--- /dev/null
+++ b/src/src/miscmods/radius_api.h
@@ -0,0 +1,14 @@
+/*************************************************
+*     Exim - an Internet mail transport agent    *
+*************************************************/
+
+/* Copyright (c) The Exim Maintainers 2024 */
+/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+
+/* API definitions for the radius module */
+
+
+/* Function table entry numbers */
+
+#define    RADIUS_AUTH_CALL        0


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/