Skip to content

Commit

Permalink
Merge pull request #9 from saagarjha/master
Browse files Browse the repository at this point in the history
saagarjha's fixes
  • Loading branch information
Michael Thomas authored Oct 11, 2020
2 parents c969f1b + 604556f commit 6061b86
Showing 1 changed file with 20 additions and 17 deletions.
37 changes: 20 additions & 17 deletions watchid-pam-extension.swift
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,25 @@ import LocalAuthentication

// MARK: (Re)define PAM constants here so we don't need to import .h files.

private let PAM_SUCCESS = 0
private let PAM_AUTH_ERR = 9
private let PAM_IGNORE = 25
private let PAM_SUCCESS = CInt(0)
private let PAM_AUTH_ERR = CInt(9)
private let PAM_IGNORE = CInt(25)
private let PAM_SILENT = CInt(bitPattern: 0x80000000)
private let DEFAULT_REASON = "perform an action that requires authentication"

public typealias vchar = UnsafeMutablePointer<UnsafeMutablePointer<Int8>>
public typealias pam_handler_t = UnsafeRawPointer
public typealias vchar = UnsafePointer<UnsafeMutablePointer<CChar>>
public typealias pam_handle_t = UnsafeRawPointer?

// MARK: Biometric (touchID) authentication

@_silgen_name("pam_sm_authenticate")
public func pam_sm_authenticate(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int {
@_cdecl("pam_sm_authenticate")
public func pam_sm_authenticate(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt {
let sudoArguments = ProcessInfo.processInfo.arguments
if sudoArguments.contains("-A") || sudoArguments.contains("--askpass") {
return PAM_IGNORE
}

let arguments = parseArguments(argc: argc, argv: argv)
let arguments = parseArguments(argc: Int(argc), argv: argv)
var reason = arguments["reason"] ?? DEFAULT_REASON
reason = reason.isEmpty ? DEFAULT_REASON : reason

Expand All @@ -36,7 +37,9 @@ public func pam_sm_authenticate(pamh: pam_handler_t, flags: Int, argc: Int, argv
defer { semaphore.signal() }

if let error = error {
fputs("\(error.localizedDescription)\n", stderr)
if flags & PAM_SILENT == 0 {
fputs("\(error.localizedDescription)\n", stderr)
}
result = PAM_IGNORE
return
}
Expand All @@ -50,8 +53,8 @@ public func pam_sm_authenticate(pamh: pam_handler_t, flags: Int, argc: Int, argv

private func parseArguments(argc: Int, argv: vchar) -> [String: String] {
var parsed = [String: String]()
let arguments = (0 ..< argc)
.map { String(cString: argv[$0]) }
let arguments = UnsafeBufferPointer(start: argv, count: argc)
.compactMap { String(cString: $0) }
.joined(separator: " ")

let regex = try? NSRegularExpression(pattern: "[^\\s\"']+|\"([^\"]*)\"|'([^']*)'",
Expand Down Expand Up @@ -83,17 +86,17 @@ private extension LAPolicy {

// MARK: - Ignored (unhandled) PAM events

@_silgen_name("pam_sm_chauthtok")
public func pam_sm_chauthtok(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int {
@_cdecl("pam_sm_chauthtok")
public func pam_sm_chauthtok(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt {
return PAM_IGNORE
}

@_silgen_name("pam_sm_setcred")
public func pam_sm_setcred(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int {
@_cdecl("pam_sm_setcred")
public func pam_sm_setcred(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt {
return PAM_IGNORE
}

@_silgen_name("pam_sm_acct_mgmt")
public func pam_sm_acct_mgmt(pamh: pam_handler_t, flags: Int, argc: Int, argv: vchar) -> Int {
@_cdecl("pam_sm_acct_mgmt")
public func pam_sm_acct_mgmt(pamh: pam_handle_t, flags: CInt, argc: CInt, argv: vchar) -> CInt {
return PAM_IGNORE
}

0 comments on commit 6061b86

Please sign in to comment.