From a7a30131fac19515c23890a79cc0998b78b170ba Mon Sep 17 00:00:00 2001 From: Saagar Jha Date: Thu, 21 Nov 2019 00:46:17 -0800 Subject: [PATCH 1/3] Use @_cdecl instead of @_silgen_name @_silgen_name only changes the symbol name; @_cdecl does that and uses the C ABI. --- watchid-pam-extension.swift | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/watchid-pam-extension.swift b/watchid-pam-extension.swift index f10d272..b043148 100644 --- a/watchid-pam-extension.swift +++ b/watchid-pam-extension.swift @@ -12,8 +12,8 @@ public typealias pam_handler_t = UnsafeRawPointer // MARK: Biometric (touchID) authentication -@_silgen_name("pam_sm_authenticate") public func pam_sm_authenticate(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { +@_cdecl("pam_sm_authenticate") let sudoArguments = ProcessInfo.processInfo.arguments if sudoArguments.contains("-A") || sudoArguments.contains("--askpass") { return PAM_IGNORE @@ -83,17 +83,17 @@ private extension LAPolicy { // MARK: - Ignored (unhandled) PAM events -@_silgen_name("pam_sm_chauthtok") public func pam_sm_chauthtok(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { +@_cdecl("pam_sm_chauthtok") return PAM_IGNORE } -@_silgen_name("pam_sm_setcred") public func pam_sm_setcred(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { +@_cdecl("pam_sm_setcred") return PAM_IGNORE } -@_silgen_name("pam_sm_acct_mgmt") public func pam_sm_acct_mgmt(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { +@_cdecl("pam_sm_acct_mgmt") return PAM_IGNORE } From c492be5ca78549488dd1d41bcecd0b510a481182 Mon Sep 17 00:00:00 2001 From: Saagar Jha Date: Thu, 21 Nov 2019 00:47:33 -0800 Subject: [PATCH 2/3] Match types to their C equivalents more closely --- watchid-pam-extension.swift | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/watchid-pam-extension.swift b/watchid-pam-extension.swift index b043148..8b05f97 100644 --- a/watchid-pam-extension.swift +++ b/watchid-pam-extension.swift @@ -2,24 +2,24 @@ import LocalAuthentication // MARK: (Re)define PAM constants here so we don't need to import .h files. -private let PAM_SUCCESS = 0 -private let PAM_AUTH_ERR = 9 -private let PAM_IGNORE = 25 +private let PAM_SUCCESS = CInt(0) +private let PAM_AUTH_ERR = CInt(9) +private let PAM_IGNORE = CInt(25) private let DEFAULT_REASON = "perform an action that requires authentication" -public typealias vchar = UnsafeMutablePointer> -public typealias pam_handler_t = UnsafeRawPointer +public typealias vchar = UnsafePointer> +public typealias pam_handle_t = UnsafeRawPointer? // MARK: Biometric (touchID) authentication -public func pam_sm_authenticate(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { @_cdecl("pam_sm_authenticate") +public func pam_sm_authenticate(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt { let sudoArguments = ProcessInfo.processInfo.arguments if sudoArguments.contains("-A") || sudoArguments.contains("--askpass") { return PAM_IGNORE } - let arguments = parseArguments(argc: argc, argv: argv) + let arguments = parseArguments(argc: Int(argc), argv: argv) var reason = arguments["reason"] ?? DEFAULT_REASON reason = reason.isEmpty ? DEFAULT_REASON : reason @@ -50,8 +50,8 @@ public func pam_sm_authenticate(pamh: pam_handler_t, flags: Int, argc: Int, argv private func parseArguments(argc: Int, argv: vchar) -> [String: String] { var parsed = [String: String]() - let arguments = (0 ..< argc) - .map { String(cString: argv[$0]) } + let arguments = UnsafeBufferPointer(start: argv, count: argc) + .compactMap { String(cString: $0) } .joined(separator: " ") let regex = try? NSRegularExpression(pattern: "[^\\s\"']+|\"([^\"]*)\"|'([^']*)'", @@ -83,17 +83,17 @@ private extension LAPolicy { // MARK: - Ignored (unhandled) PAM events -public func pam_sm_chauthtok(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { @_cdecl("pam_sm_chauthtok") +public func pam_sm_chauthtok(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt { return PAM_IGNORE } -public func pam_sm_setcred(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { @_cdecl("pam_sm_setcred") +public func pam_sm_setcred(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt { return PAM_IGNORE } -public func pam_sm_acct_mgmt(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int { @_cdecl("pam_sm_acct_mgmt") +public func pam_sm_acct_mgmt(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt { return PAM_IGNORE } From 604556f7bc08e54f257e725f9ff55df2b9bb2488 Mon Sep 17 00:00:00 2001 From: Saagar Jha Date: Thu, 21 Nov 2019 00:48:16 -0800 Subject: [PATCH 3/3] Respect PAM_SILENT --- watchid-pam-extension.swift | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/watchid-pam-extension.swift b/watchid-pam-extension.swift index 8b05f97..64d5153 100644 --- a/watchid-pam-extension.swift +++ b/watchid-pam-extension.swift @@ -5,6 +5,7 @@ import LocalAuthentication private let PAM_SUCCESS = CInt(0) private let PAM_AUTH_ERR = CInt(9) private let PAM_IGNORE = CInt(25) +private let PAM_SILENT = CInt(bitPattern: 0x80000000) private let DEFAULT_REASON = "perform an action that requires authentication" public typealias vchar = UnsafePointer> @@ -36,7 +37,9 @@ public func pam_sm_authenticate(pamh: pam_handle_t, flags: CInt, argc: CInt, arg defer { semaphore.signal() } if let error = error { - fputs("\(error.localizedDescription)\n", stderr) + if flags & PAM_SILENT == 0 { + fputs("\(error.localizedDescription)\n", stderr) + } result = PAM_IGNORE return }