Forward XPC peer information to the control session

diff --git a/Daemon/Daemon.swift b/Daemon/Daemon.swift
index 7e3ef41c93198dff444a11170fae13236a04e611..6bc9ee40b3febc3ab038874e95970e3831ecc4c2 100644 (file)
--- a/Daemon/Daemon.swift
+++ b/Daemon/Daemon.swift
@@ -5,9 +5,17 @@
 //  Created by Robert Sesek on 6/19/24.
 //
 
+import Darwin
 import Foundation
 import OSLog
 
+@_silgen_name("proc_pidpath")
+func proc_pidpath(
+    _ pid: pid_t,
+    _ string: UnsafeMutablePointer<UInt8>?,
+    _ size: UInt32
+) -> Int
+
 extension OS_xpc_object {
   func description() -> String {
     let d = xpc_copy_description(self)
@@ -116,10 +124,22 @@ class Daemon {
       return
     }
 
+    let peerPid = xpc_connection_get_pid(authConn)
+    let peerUid = xpc_connection_get_euid(authConn)
+    var peerPath = ""
+    let path = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN))
+    if proc_pidpath(peerPid, path, UInt32(MAXPATHLEN)) > 0 {
+      peerPath = String(cString: path)
+    }
+    path.deallocate()
+
     log.log("Received authentication request, forwarding to control: \(obj.description, privacy: .public)")
 
     let req = xpc_dictionary_create_empty()
     xpc_dictionary_set_value(req, "request", obj)
+    xpc_dictionary_set_int64(req, "pid", Int64(peerPid))
+    xpc_dictionary_set_int64(req, "uid", Int64(peerUid))
+    xpc_dictionary_set_string(req, "path", peerPath.cString(using: .utf8) ?? [])
     xpc_connection_send_message_with_reply(connection!, req, nil) { response in
       self.log.log("Received control channel response: \(response.description, privacy: .public)")
       xpc_dictionary_set_string(reply, "reply", "authenticate")

diff --git a/PAM/pam_interauth.c b/PAM/pam_interauth.c
index fada8de04706aaa60ef89d63b40bd3d3bb457996..43ba01bbaced75786f49a612eb0b0d56f7d17388 100644 (file)
--- a/PAM/pam_interauth.c
+++ b/PAM/pam_interauth.c
@@ -5,8 +5,8 @@
 //  Created by Robert Sesek on 6/19/24.
 //
 
-#include <stdio.h>
 #include <os/log.h>
+#include <stdio.h>
 #include <xpc/xpc.h>
 
 #define PAM_SM_AUTH

diff --git a/README.md b/README.md
index 6d3bb04b0afb40695784ce07a39f5c34f526e80f..6ec4fd5e414ecb015df9cd5f465e3aa2078039d8 100644 (file)
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ Edit these files and insert the following as the first line:
 - /etc/pam.d/login
 - /etc/pam.d/authorization
 - /etc/pam.d/screensaver
+- /etc/pam.d/screensaver_new
 
 ```
 auth       sufficient     /Library/InterAuth.bundle/Contents/Libraries/pam_interauth.so.2

diff --git a/Tool/main.swift b/Tool/main.swift
index 2b13b2353d89cf976c3e77eb151d5fda1ef6a7d8..4c5140ec89189d44731c5caa20b97a7d6e67eb13 100644 (file)
--- a/Tool/main.swift
+++ b/Tool/main.swift
@@ -39,9 +39,14 @@ xpc_connection_set_event_handler(conn) { (msg: xpc_object_t) in
   }
 
   print("\n*** Authentication Request ***")
+  print("  PAM:")
   print("    User      = \(getXPCString(req, "user"))")
   print("    Service   = \(getXPCString(req, "service"))")
   print("    Applicant = \(getXPCString(req, "applicant"))")
+  print("  Application:")
+  print("    PID  = \(xpc_dictionary_get_int64(msg, "pid"))")
+  print("    UID  = \(xpc_dictionary_get_int64(msg, "uid"))")
+  print("    Path = \(getXPCString(msg, "path"))")
 
   var authorize = false
   while true {
@@ -70,4 +75,3 @@ xpc_dictionary_set_string(ping, "action", "ping")
 xpc_connection_send_message(conn, ping)
 
 dispatchMain()
-