source: trunk/debathena/debathena/libpam-xauthority/pam_xauthority.c @ 22686

Revision 22686, 4.9 KB checked in by ghudson, 17 years ago (diff)
* debathena/debathena: Snapshot debathena package sources from /mit/debathena/packages/debathena.
Line 
1/*
2 * pam_xauthority.c
3 * PAM session management functions for pam_xauthority.so
4 *
5 * Copyright © 2007 Tim Abbott <tabbott@mit.edu> and Anders Kaseorg
6 * <andersk@mit.edu>
7 *
8 * Permission is hereby granted, free of charge, to any person
9 * obtaining a copy of this software and associated documentation
10 * files (the "Software"), to deal in the Software without
11 * restriction, including without limitation the rights to use, copy,
12 * modify, merge, publish, distribute, sublicense, and/or sell copies
13 * of the Software, and to permit persons to whom the Software is
14 * furnished to do so, subject to the following conditions:
15 *
16 * The above copyright notice and this permission notice shall be
17 * included in all copies or substantial portions of the Software.
18 *
19 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
20 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
21 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
22 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
23 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
24 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
25 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
26 * SOFTWARE.
27 */
28
29#include <sys/types.h>
30#include <sys/wait.h>
31#include <unistd.h>
32#include <syslog.h>
33#include <pwd.h>
34#include <stdio.h>
35#include <string.h>
36#include <stdlib.h>
37#include <errno.h>
38#include <security/pam_appl.h>
39#include <security/pam_modules.h>
40#include <security/pam_misc.h>
41
42#define XAUTH "XAUTHORITY"
43
44#define MAXBUF 256
45
46void xauth_cleanup(pam_handle_t *pamh, void *data, int pam_end_status);
47
48/* Initiate session management by creating Xauthority file. */
49int
50pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
51{
52    int i;
53    int debug = 0;
54    int pamret;
55    int n;
56    const char *user;
57    struct passwd *pw;
58    char xauth[MAXBUF];
59    char envput[MAXBUF];
60    const char *dir = "/tmp";
61    int xauth_fd;
62
63    for (i = 0; i < argc; i++) {
64        if (strcmp(argv[i], "debug") == 0)
65            debug = 1;
66        else if (strncmp(argv[i], "dir=", 4) == 0)
67            dir = argv[i] + 4;
68    }
69
70    if ((pamret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
71        syslog(LOG_ERR, "pam_athena-locker: pam_get_user: %s", pam_strerror(pamh, pamret));
72        return PAM_SESSION_ERR;
73    }
74    errno = 0;
75    pw = getpwnam(user);
76    if (pw == NULL) {
77        if (errno != 0)
78            syslog(LOG_ERR, "pam_xauthority: getpwnam: %s", strerror(errno));
79        else
80            syslog(LOG_ERR, "pam_xauthority: no such user: %s", user);
81        return PAM_SESSION_ERR;
82    }
83
84    n = snprintf(xauth, MAXBUF, "%s/xauth-%d-XXXXXX", dir, pw->pw_uid);
85    if (n < 0 || n >= MAXBUF) {
86        syslog(LOG_ERR, "pam_xauthority: snprintf failed");
87        return PAM_SESSION_ERR;
88    }
89    xauth_fd = mkstemp(xauth);
90    if (xauth_fd == -1) {
91        syslog(LOG_ERR, "pam_xauthority: mkstemp: %s", strerror(errno));
92        return PAM_SESSION_ERR;
93    }
94    if (fchown(xauth_fd, pw->pw_uid, -1) != 0) {
95        syslog(LOG_ERR, "pam_xauthority: fchown: %s", strerror(errno));
96        return PAM_SESSION_ERR;
97    }
98    if (close(xauth_fd) != 0) {
99        syslog(LOG_ERR, "pam_xauthority: close: %s", strerror(errno));
100        return PAM_SESSION_ERR;
101    }
102    if (debug)
103        syslog(LOG_DEBUG, "pam_xauthority: using Xauthority file %s", xauth);
104
105    n = snprintf(envput, MAXBUF, "%s=%s", XAUTH, xauth);
106    if (n < 0 || n >= MAXBUF) {
107        syslog(LOG_ERR, "pam_xauthority: snprintf failed");
108        return PAM_SESSION_ERR;
109    }
110    pamret = pam_putenv(pamh, envput);
111    if (pamret != PAM_SUCCESS) {
112        syslog(LOG_ERR, "pam_xauthority: pam_putenv: %s",
113               pam_strerror(pamh, pamret));
114        return PAM_SESSION_ERR;
115    }
116    pamret = pam_set_data(pamh, XAUTH, xauth, xauth_cleanup);
117    if (pamret != PAM_SUCCESS) {
118        syslog(LOG_ERR, "pam_xauthority: pam_set_data: %s",
119               pam_strerror(pamh, pamret));
120        return PAM_SESSION_ERR;
121    }
122    return PAM_SUCCESS;
123}
124
125void
126xauth_cleanup(pam_handle_t *pamh, void *data, int pam_end_status)
127{
128    return;
129}
130
131/* Terminate session management by destroying old xauthority file. */
132int
133pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
134{
135    int i;
136    int debug = 0;
137    const char *xauth;
138
139    for (i = 0; i < argc; i++) {
140        if (strcmp(argv[i], "debug") == 0)
141            debug = 1;
142    }
143
144    xauth = pam_getenv(pamh, XAUTH);
145    if (xauth == NULL) {
146        syslog(LOG_ERR, "pam_xauthority: cannot get %s environment variable",
147               XAUTH);
148        return PAM_SESSION_ERR;
149    }
150
151    if (debug)
152        syslog(LOG_DEBUG, "pam_xauthority: unlinking Xauthority file %s",
153               xauth);
154    if (unlink(xauth) != 0) {
155        syslog(LOG_ERR, "pam_xauthority: unlink: %s", strerror(errno));
156        return PAM_SESSION_ERR;
157    }
158
159    return PAM_SUCCESS;
160}
161
162int
163pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
164{
165    if (flags == PAM_ESTABLISH_CRED)
166        return pam_sm_open_session(pamh, flags, argc, argv);
167    return PAM_SUCCESS;
168}
169
170int
171pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
172{
173    return PAM_SUCCESS;
174}
175
Note: See TracBrowser for help on using the repository browser.