2
* Copyright RedHat Inc. 2008
4
* Author: Vivek Goyal <vgoyal@redhat.com>
6
* Derived from pam_limits.c. Original Copyright notice follows.
8
* Copyright (c) Cristian Gafton, 1996-1997, <gafton@redhat.com>
11
* Redistribution and use in source and binary forms, with or without
12
* modification, are permitted provided that the following conditions
14
* 1. Redistributions of source code must retain the above copyright
15
* notice, and the entire permission notice in its entirety,
16
* including the disclaimer of warranties.
17
* 2. Redistributions in binary form must reproduce the above copyright
18
* notice, this list of conditions and the following disclaimer in the
19
* documentation and/or other materials provided with the distribution.
20
* 3. The name of the author may not be used to endorse or promote
21
* products derived from this software without specific prior
24
* ALTERNATIVELY, this product may be distributed under the terms of
25
* the GNU Public License, in which case the provisions of the GPL are
26
* required INSTEAD OF the above restrictions. (This clause is
27
* necessary due to a potential bad interaction between the GPL and
28
* the restrictions contained in a BSD-style copyright.)
30
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
31
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
33
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
34
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
35
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
36
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
37
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
38
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
39
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
40
* OF THE POSSIBILITY OF SUCH DAMAGE.
42
* End of original copyright notice.
44
* This program is free software; you can redistribute it and/or modify it
45
* under the terms of version 2.1 of the GNU Lesser General Public License
46
* as published by the Free Software Foundation.
48
* This program is distributed in the hope that it would be useful, but
49
* WITHOUT ANY WARRANTY; without even the implied warranty of
50
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
60
#include <libcgroup.h>
67
#define PAM_SM_SESSION
69
#include <security/pam_modules.h>
70
#include <security/_pam_macros.h>
71
#include <security/pam_modutil.h>
72
#include <security/pam_ext.h>
74
/* argument parsing */
76
#define PAM_DEBUG_ARG 0x0001
78
static int _pam_parse(const pam_handle_t *pamh, int argc, const char **argv)
82
/* step through arguments */
83
for (ctrl = 0; argc-- > 0; ++argv) {
84
if (!strcmp(*argv, "debug"))
85
ctrl |= PAM_DEBUG_ARG;
87
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
93
/* now the session stuff */
94
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
95
int argc, const char **argv)
104
ctrl = _pam_parse(pamh, argc, argv);
106
ret = pam_get_item(pamh, PAM_USER, (void *) &user_name);
107
if (user_name == NULL || ret != PAM_SUCCESS) {
108
pam_syslog(pamh, LOG_ERR, "open_session - error recovering"
110
return PAM_SESSION_ERR;
113
pwd = pam_modutil_getpwnam(pamh, user_name);
115
if (ctrl & PAM_DEBUG_ARG)
116
pam_syslog(pamh, LOG_ERR, "open_session username"
117
" '%s' does not exist", user_name);
118
return PAM_SESSION_ERR;
121
D(("user name is %s", user_name));
123
/* Initialize libcg */
126
if (ctrl & PAM_DEBUG_ARG)
127
pam_syslog(pamh, LOG_ERR, "libcgroup initialization"
129
return PAM_SESSION_ERR;
132
D(("Initialized libcgroup successfuly."));
134
/* Determine the pid of the task */
137
/* Note: We are using default gid here. Is there a way to determine
138
* under what egid service will be provided?
140
ret = cgroup_change_cgroup_uid_gid(pwd->pw_uid, pwd->pw_gid, pid);
142
if (ctrl & PAM_DEBUG_ARG)
143
pam_syslog(pamh, LOG_ERR, "Change of cgroup for process"
144
" with username %s failed.\n", user_name);
145
return PAM_SESSION_ERR;
148
if (ctrl & PAM_DEBUG_ARG)
149
pam_syslog(pamh, LOG_DEBUG, "Changed cgroup for process %d"
150
" with username %s.\n", pid, user_name);
155
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
158
D(("called pam_cgroup close session"));
160
/* nothing to do yet */