Add PAM authentication support

[foxcpp]

This will allow to reuse a lot of components developed for PAM.

Notes

• CGo dependency: libpam
• libpam does have a callback-based interface, it needs to be used with extreme care to not introduce memory vulnerabilities.

Problems to solve

• maddy needs to access the shadow database (/etc/shadow) on configurations using the local database. Should we just require maddy to be running as root (or with CAP_DAC_READ_SEARCH) or somehow isolate code working with this file?

Some example code can be found here: https://stackoverflow.com/questions/10910193/how-to-authenticate-username-password-using-pam-w-o-root-privileges
Except probably we want to define our own PAM service instead of using "su".

[emersion]

CGo dependency: libpam

Maybe there is a pure Go PAM implementation out there? libpam is very annoying to use.

maddy needs to access the shadow database (/etc/shadow) on configurations using the local database

We don't need that with PAM. We only need that for #21.

[foxcpp]

We don't need that with PAM. We only need that for #21.

From pam_unix.so(8):

A helper binary, unix_chkpwd(8), is provided to check the user's password when it is stored in a read protected database. This binary is very simple and will only check the password of the user invoking it. It is called transparently on behalf of the user by the authenticating component of this module. In this way it is possible for applications like xlock(1) to work without being setuid-root.

Ok, didn't know. Perhaps, can we use it for #21 too?

UPD: No, we shouldn't.

The interface of the helper - command line options, and input/output data format are internal to the pam_unix module and it should not be called directly from applications.

[foxcpp]

Oh, unix_chkpwd works only for current user so it is not useful for us. We need root to access /etc/shadow.

[foxcpp]

So, what I think should be done.

Create a separate binary called maddy-pam-helper.
When started it reads two \0-terminated lines on stdin (username and password) and sets exit status depending on authentication success.

Generally, when installed to the system, this binary should setuid root (or given CAP_DAC_READ_SEARCH capability on Linux) and be only executable by a group that maddy server runs under (user group "maddy"?).

[emersion]

Oh, right. RIP, we need root either way.

[foxcpp]

https://github.com/foxcpp/maddy/tree/pam