-
Notifications
You must be signed in to change notification settings - Fork 0
/
pam_provision.c
117 lines (100 loc) · 2.76 KB
/
pam_provision.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <syslog.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include "util.h"
#define NAME "pam_provision"
/* Call the provisioner script (back end for any pam hook) */
int
provision(struct context *ctx, pam_handle_t *pamh, int flags, int argc, const char **argv)
{
char **xargv = NULL;
int i, j;
int status = PAM_SUCCESS;
for (i = 0; i < argc; i++) {
if (!strncmp(argv[i], "log=", 4)) {
int log;
log = get_syslog((char *)&argv[i][4]);
if (log == -1) {
msg(ctx, LOG_WARNING, "unknown log facility %s", &argv[i][4]);
return PAM_SERVICE_ERR;
}
else {
ctx->log = log;
}
}
else if (!strncmp(argv[i], "exec=", 5)) {
xargv = malloc(sizeof(char *) * (argc - i + 1));
xargv[0] = expand(ctx, (char *)&argv[i][5]);
for (i++, j = 1; i < argc; i++, j++)
xargv[j] = expand(ctx, (char *)argv[i]);
xargv[j] = NULL;
break;
}
else {
msg(ctx, LOG_WARNING, "unknown parameter %s", argv[i]);
return PAM_SERVICE_ERR;
}
}
if (xargv) {
status = sh(ctx, xargv);
for (i = 0; xargv[i]; i++)
free(xargv[i]);
}
return status;
}
/* PAM hook for SESSION opening:
* other session required pam_provision.so exec=script.py %u
*/
int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
struct context *ctx = get_context(pamh, NAME, "session-open");
int result;
env_setup(pamh, "open_session");
msg(ctx, LOG_INFO, "%s@%s: open session for %s@%s",
ctx->svc, ctx->uts.nodename, ctx->user, ctx->rhost);
result = provision(ctx, pamh, flags, argc, argv);
free_context(ctx);
return result;
}
/* PAM hook for SESSION closing:
* other session required pam_provision.so exec=script.py %u
*/
int
pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
struct context *ctx = get_context(pamh, NAME, "session-close");
int result;
env_setup(pamh, "close_session");
msg(ctx, LOG_INFO, "%s@%s: close session for %s@%s",
ctx->svc, ctx->uts.nodename, ctx->user, ctx->rhost);
result = provision(ctx, pamh, flags, argc, argv);
free_context(ctx);
return result;
}
/* PAM hook for ACCOUNT management:
* other account required pam_provision.so exec=script.py %u
*/
int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
struct context *ctx = get_context(pamh, NAME, "account");
int result;
env_setup(pamh, "account");
msg(ctx, LOG_INFO, "%s@%s: acct mgmt for %s@%s",
ctx->svc, ctx->uts.nodename, ctx->user, ctx->rhost);
result = provision(ctx, pamh, flags, argc, argv);
free_context(ctx);
return result;
}