1 | /* |
---|
2 | * pam_debathena_home_type.c |
---|
3 | * PAM session management functions for pam_debathena_home_type.so |
---|
4 | * |
---|
5 | * Copyright © 2007 Tim Abbott <tabbott@mit.edu> |
---|
6 | * |
---|
7 | * Copyright © 2011 Massachusetts Institute of Technology |
---|
8 | * |
---|
9 | * Permission is hereby granted, free of charge, to any person |
---|
10 | * obtaining a copy of this software and associated documentation |
---|
11 | * files (the "Software"), to deal in the Software without |
---|
12 | * restriction, including without limitation the rights to use, copy, |
---|
13 | * modify, merge, publish, distribute, sublicense, and/or sell copies |
---|
14 | * of the Software, and to permit persons to whom the Software is |
---|
15 | * furnished to do so, subject to the following conditions: |
---|
16 | * |
---|
17 | * The above copyright notice and this permission notice shall be |
---|
18 | * included in all copies or substantial portions of the Software. |
---|
19 | * |
---|
20 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
---|
21 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
---|
22 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
---|
23 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
---|
24 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
---|
25 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
---|
26 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
---|
27 | * SOFTWARE. |
---|
28 | */ |
---|
29 | |
---|
30 | #define _GNU_SOURCE |
---|
31 | #include <sys/types.h> |
---|
32 | #include <sys/wait.h> |
---|
33 | #include <limits.h> |
---|
34 | #include <syslog.h> |
---|
35 | #include <pwd.h> |
---|
36 | #include <stdio.h> |
---|
37 | #include <string.h> |
---|
38 | #include <stdlib.h> |
---|
39 | #include <signal.h> |
---|
40 | #include <errno.h> |
---|
41 | #include <security/pam_appl.h> |
---|
42 | #include <security/pam_modules.h> |
---|
43 | #include <security/pam_misc.h> |
---|
44 | |
---|
45 | #define AFS "/afs/" /* What constitutes the beginning of a path in AFS */ |
---|
46 | |
---|
47 | /* Set DEBATHENA_HOME_TYPE based on whether the homedir is in AFS or local */ |
---|
48 | int |
---|
49 | pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) |
---|
50 | { |
---|
51 | int i; |
---|
52 | int debug = 0; |
---|
53 | int pamret; |
---|
54 | const char *user; |
---|
55 | struct passwd *pw; |
---|
56 | |
---|
57 | for (i = 0; i < argc; i++) { |
---|
58 | if (strcmp(argv[i], "debug") == 0) |
---|
59 | debug = 1; |
---|
60 | } |
---|
61 | |
---|
62 | if ((pamret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { |
---|
63 | syslog(LOG_ERR, "pam_debathena_home_type: pam_get_user: %s:%d", |
---|
64 | pam_strerror(pamh, pamret), pamret); |
---|
65 | return PAM_SESSION_ERR; |
---|
66 | } |
---|
67 | |
---|
68 | errno = 0; |
---|
69 | pw = getpwnam(user); |
---|
70 | if (pw == NULL) { |
---|
71 | if (errno != 0) |
---|
72 | syslog(LOG_ERR, "pam_debathena_home_type: getpwnam: %s", |
---|
73 | strerror(errno)); |
---|
74 | else |
---|
75 | syslog(LOG_ERR, "pam_debathena_home_type: no such user: %s", user); |
---|
76 | return PAM_SESSION_ERR; |
---|
77 | } |
---|
78 | if (debug) |
---|
79 | syslog(LOG_DEBUG, "pam_debathena_home_type: user=%s home=%s", |
---|
80 | user, pw->pw_dir); |
---|
81 | |
---|
82 | char *resolved_path = realpath(pw->pw_dir, NULL); |
---|
83 | if (resolved_path != NULL) { |
---|
84 | if (strncmp(resolved_path, AFS, strlen(AFS)) == 0) { |
---|
85 | if (debug) |
---|
86 | syslog(LOG_DEBUG, "pam_debathena_home_type: AFS homedir %s", user); |
---|
87 | pam_putenv(pamh, "DEBATHENA_HOME_TYPE=afs"); |
---|
88 | } else { |
---|
89 | if (debug) |
---|
90 | syslog(LOG_DEBUG, "pam_debathena_home_type: Local homedir %s", user); |
---|
91 | pam_putenv(pamh, "DEBATHENA_HOME_TYPE=local"); |
---|
92 | } |
---|
93 | } else { |
---|
94 | syslog(LOG_ERR, "pam_debathena_home_type: %s while calling realpath() on %s", strerror(errno), pw->pw_dir); |
---|
95 | if (errno == ENOENT) { |
---|
96 | pam_putenv(pamh, "DEBATHENA_HOME_TYPE=missing"); |
---|
97 | } else { |
---|
98 | pam_putenv(pamh, "DEBATHENA_HOME_TYPE=unknown"); |
---|
99 | } |
---|
100 | } |
---|
101 | free(resolved_path); |
---|
102 | return PAM_SUCCESS; |
---|
103 | } |
---|
104 | |
---|
105 | int |
---|
106 | pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) |
---|
107 | { |
---|
108 | return PAM_SUCCESS; |
---|
109 | } |
---|
110 | |
---|
111 | int |
---|
112 | pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) |
---|
113 | { |
---|
114 | return pam_sm_open_session(pamh, flags, argc, argv); |
---|
115 | } |
---|
116 | |
---|
117 | int |
---|
118 | pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) |
---|
119 | { |
---|
120 | return PAM_IGNORE; |
---|
121 | } |
---|
122 | |
---|