Merge pull request #182 from pkern/macos

Support for macOS

.github/workflows/presubmit-c.yml

@@ -20,7 +20,7 @@ jobs:
     - uses: actions/checkout@v2
     - name: cpplint
       run: pip install cpplint && cpplint --recursive .
-  test:
+  test-linux:
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -68,3 +68,20 @@ jobs:
         test -f build/out/usr/local/lib/x86_64-linux-gnu/libglome.so
         test -f build/out/usr/local/lib/security/pam_glome.so || \
         test -f build/out/usr/local/lib/x86_64-linux-gnu/security/pam_glome.so
+  test-macos:
+    runs-on: macos-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.x'
+    - name: Install dependencies
+      run: python -m pip install meson ninja
+    - name: Setup build directory
+      run: meson --werror build
+    - name: Build
+      run: ninja -C build
+    - name: Test
+      run: meson test --print-errorlogs -C build

glome_test.c

@@ -26,7 +26,7 @@ static void decode_hex(uint8_t *dst, const char *in) {
   }
 }
 
-static void test_vector1() {
+static void test_vector1(void) {
   uint8_t ka_priv[GLOME_MAX_PRIVATE_KEY_LENGTH] = {0};
   uint8_t ka_pub[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
   uint8_t kb_pub[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
@@ -52,7 +52,7 @@ static void test_vector1() {
   g_assert_cmpmem(tag, sizeof tag, expected_tag, sizeof expected_tag);
 }
 
-static void test_vector2() {
+static void test_vector2(void) {
   uint8_t ka_pub[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
   uint8_t kb_priv[GLOME_MAX_PRIVATE_KEY_LENGTH] = {0};
   uint8_t kb_pub[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};

login/config_test.c

@@ -27,7 +27,7 @@ static const uint8_t DECODED_PUBLIC_KEY[32] = {
     0xeb, 0x98, 0x26, 0xc5, 0xe3, 0x4c, 0x15, 0x52, 0x16, 0x29, 0xe7,
     0x41, 0x58, 0x65, 0x1f, 0x6a, 0xf3, 0xf5, 0xf9, 0x28, 0x5e};
 
-static void test_parse_public_key() {
+static void test_parse_public_key(void) {
   uint8_t decoded[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
   g_assert_true(glome_login_parse_public_key(ENCODED_PUBLIC_KEY, decoded,
                                              sizeof(decoded)));
@@ -54,7 +54,7 @@ static void test_parse_public_key() {
 
 static char* EXAMPLE_CFG = NULL;
 
-static void test_parse_config_file() {
+static void test_parse_config_file(void) {
   g_assert_true(EXAMPLE_CFG != NULL);
 
   glome_login_config_t config = {0};

login/crypto_test.c

@@ -22,7 +22,7 @@
 #include "base64.h"
 #include "login.h"
 
-static void test_derive() {
+static void test_derive(void) {
   uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH] = {0};
   uint8_t public_key[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
   uint8_t expected_public_key[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
@@ -37,7 +37,7 @@ static void test_derive() {
                   sizeof public_key);
 }
 
-static void test_generate() {
+static void test_generate(void) {
   uint8_t private_key[GLOME_MAX_PRIVATE_KEY_LENGTH] = {0};
   uint8_t public_key[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
   uint8_t empty_public_key[GLOME_MAX_PUBLIC_KEY_LENGTH] = {0};
@@ -48,7 +48,7 @@ static void test_generate() {
       memcmp(empty_private_key, private_key, sizeof empty_private_key));
 }
 
-static void test_authcode() {
+static void test_authcode(void) {
   const char* host_id = "myhost";
   const char* action = "exec=/bin/sh";
 

login/login.c

@@ -12,10 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// For vsyslog
-#define _BSD_SOURCE
-#define _DEFAULT_SOURCE
-
 #include "login.h"
 
 #include <assert.h>
@@ -211,9 +207,16 @@ void login_syslog(glome_login_config_t* config, pam_handle_t* pamh,
                   int priority, const char* format, ...) {
   UNUSED(pamh);
   if (config->options & SYSLOG) {
+    const size_t buf_size = 1024;
+    char* buf = calloc(buf_size, 1);
+    if (!buf) {
+      return;
+    }
+
     va_list args;
     va_start(args, format);
-    vsyslog(LOG_MAKEPRI(LOG_AUTH, priority), format, args);
+    vsnprintf(buf, buf_size, format, args);
+    syslog(priority, "%s", buf);
     va_end(args);
   }
 }
@@ -308,6 +311,10 @@ int login_prompt(glome_login_config_t* config, pam_handle_t* pamh,
 static char* create_login_message(glome_login_config_t* config,
                                   pam_handle_t* pamh, const char** error_tag) {
   char* host_id = NULL;
+  int max_hostname_len = sysconf(_SC_HOST_NAME_MAX);
+  if (max_hostname_len == -1) {
+    max_hostname_len = _POSIX_HOST_NAME_MAX;
+  }
 
   if (config->host_id != NULL) {
     host_id = strdup(config->host_id);
@@ -316,12 +323,12 @@ static char* create_login_message(glome_login_config_t* config,
       return NULL;
     }
   } else {
-    host_id = calloc(HOST_NAME_MAX + 1, 1);
+    host_id = calloc(max_hostname_len + 1, 1);
     if (host_id == NULL) {
       *error_tag = "malloc-host-id";
       return NULL;
     }
-    if (get_machine_id(host_id, HOST_NAME_MAX + 1, error_tag) < 0) {
+    if (get_machine_id(host_id, max_hostname_len + 1, error_tag) < 0) {
       *error_tag = "get-machine-id";
       return NULL;
     }

login/login_test.c

@@ -22,7 +22,7 @@
 #include "base64.h"
 #include "crypto.h"
 
-static void test_shell_action() {
+static void test_shell_action(void) {
   const char* error_tag = NULL;
   char* action = NULL;
   size_t action_len = 0;
@@ -33,7 +33,7 @@ static void test_shell_action() {
   g_assert_null(error_tag);
 }
 
-static void test_vector_1() {
+static void test_vector_1(void) {
   const char* host_id_type = "mytype";
   const char* host_id = "myhost";
   const char* action = "root";
@@ -90,7 +90,7 @@ static void test_vector_1() {
   }
 }
 
-static void test_vector_2() {
+static void test_vector_2(void) {
   const char* host_id_type = "";
   const char* host_id = "myhost";
   const char* action = "exec=/bin/sh";

login/meson.build

@@ -39,6 +39,7 @@ pkg.generate(login_lib,
 
 glome_login = executable(
     'glome-login', ['main.c', 'login.c'],
+    dependencies : [openssl_dep],
     link_with : login_lib,
     include_directories : glome_incdir,
     install : true,
@@ -71,9 +72,18 @@ endif
 if get_option('pam-glome')
     cc = meson.get_compiler('c')
     libpam = cc.find_library('pam')
+
+    args = ['-DPAM_GLOME']
+    pam_ext_present = cc.has_function('pam_syslog',
+        dependencies: libpam,
+        prefix: '#include <security/pam_ext.h>')
+    if pam_ext_present
+        args += ['-DHAVE_PAM_EXT']
+    endif
+
     pam_glome = shared_library(
         'pam_glome', ['pam.c', 'login.c'],
-        c_args : '-DPAM_GLOME',
+        c_args : args,
         dependencies : [libpam, openssl_dep],
         link_with : [glome_lib, login_lib],
         include_directories : glome_incdir,

login/pam.c

@@ -15,8 +15,12 @@
 #include <errno.h>
 #include <limits.h>
 #include <openssl/crypto.h>
-#include <security/pam_ext.h>
 #include <security/pam_modules.h>
+#ifdef HAVE_PAM_EXT
+#include <security/pam_ext.h>
+#else
+#include <security/pam_appl.h>
+#endif
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
@@ -29,6 +33,11 @@
 
 #define MODULE_NAME "pam_glome"
 
+#ifndef HAVE_PAM_EXT
+void pam_syslog(void *pamh, ...) { (void)(pamh); }
+void pam_vsyslog(void *pamh, ...) { (void)(pamh); }
+#endif
+
 #define MAX_ERROR_MESSAGE_SIZE 4095
 
 #define UNUSED(var) (void)(var)
@@ -129,7 +138,7 @@ void login_error(glome_login_config_t *config, pam_handle_t *pamh,
   }
 
   struct pam_message msg[1] = {
-      {.msg = message, .msg_style = PAM_ERROR_MSG},
+      {.msg = (char *)message, .msg_style = PAM_ERROR_MSG},
   };
   const struct pam_message *pmsg[1] = {&msg[0]};
   struct pam_response *resp = NULL;
@@ -160,7 +169,7 @@ int login_prompt(glome_login_config_t *config, pam_handle_t *pamh,
                  size_t input_size) {
   UNUSED(config);
   struct pam_message msg[1] = {
-      {.msg = message, .msg_style = PAM_TEXT_INFO},
+      {.msg = (char *)message, .msg_style = PAM_TEXT_INFO},
   };
   const struct pam_message *pmsg[1] = {&msg[0]};
   struct pam_response *resp = NULL;