Commit | Line | Data |
---|---|---|
805e021f CE |
1 | /* |
2 | * Copyright 2000, International Business Machines Corporation and others. | |
3 | * All Rights Reserved. | |
4 | * | |
5 | * This software has been released under the terms of the IBM Public | |
6 | * License. For details, see the LICENSE file in the top-level source | |
7 | * directory or online at http://www.openafs.org/dl/license10.html | |
8 | */ | |
9 | ||
10 | #include <afsconfig.h> | |
11 | #include <afs/param.h> | |
12 | ||
13 | #include <roken.h> | |
14 | ||
15 | #include <security/pam_appl.h> | |
16 | #include <security/pam_modules.h> | |
17 | ||
18 | #include <afs/auth.h> | |
19 | #include "afs_message.h" | |
20 | #include "afs_util.h" | |
21 | ||
22 | extern int | |
23 | pam_sm_open_session(pam_handle_t * pamh, int flags, int argc, | |
24 | const char **argv) | |
25 | { | |
26 | return PAM_SUCCESS; | |
27 | } | |
28 | ||
29 | ||
30 | #define REMAINLIFETIME 300 | |
31 | ||
32 | extern int | |
33 | pam_sm_close_session(pam_handle_t * pamh, int flags, int argc, | |
34 | const char **argv) | |
35 | { | |
36 | int i; | |
37 | int logmask = LOG_UPTO(LOG_INFO); | |
38 | int remain = 0; | |
39 | int remainlifetime = REMAINLIFETIME; | |
40 | int no_unlog = 0; | |
41 | ||
42 | openlog(pam_afs_ident, LOG_CONS | LOG_PID, LOG_AUTH); | |
43 | setlogmask(logmask); | |
44 | ||
45 | /* | |
46 | * Parse the user options. Log an error for any unknown options. | |
47 | */ | |
48 | for (i = 0; i < argc; i++) { | |
49 | if (strcasecmp(argv[i], "debug") == 0) { | |
50 | logmask |= LOG_MASK(LOG_DEBUG); | |
51 | (void)setlogmask(logmask); | |
52 | } else if (strcasecmp(argv[i], "remain") == 0) { | |
53 | remain = 1; | |
54 | } else if (strcasecmp(argv[i], "remainlifetime") == 0) { | |
55 | i++; | |
56 | remain = 1; | |
57 | remainlifetime = (int)strtol(argv[i], NULL, 10); | |
58 | if (remainlifetime == 0) { | |
59 | if ((errno == EINVAL) || (errno == ERANGE)) { | |
60 | remainlifetime = REMAINLIFETIME; | |
61 | pam_afs_syslog(LOG_ERR, PAMAFS_REMAINLIFETIME, argv[i], | |
62 | REMAINLIFETIME); | |
63 | } else { | |
64 | no_unlog = 0; | |
65 | remain = 0; | |
66 | } | |
67 | } | |
68 | } else if (strcmp(argv[i], "no_unlog") == 0) { | |
69 | no_unlog = 1; | |
70 | } else { | |
71 | pam_afs_syslog(LOG_ERR, PAMAFS_UNKNOWNOPT, argv[i]); | |
72 | } | |
73 | } | |
74 | ||
75 | if (logmask & LOG_MASK(LOG_DEBUG)) | |
76 | syslog(LOG_DEBUG, | |
77 | "pam_afs_session_close: remain: %d, remainlifetime: %d, no_unlog: %d", | |
78 | remain, remainlifetime, no_unlog); | |
79 | if (remain && !no_unlog) { | |
80 | switch (fork()) { | |
81 | case -1: /* error */ | |
82 | return (PAM_SESSION_ERR); | |
83 | case 0: /* child */ | |
84 | #ifdef AFS_LINUX20_ENV | |
85 | setpgrp(); | |
86 | #endif | |
87 | setsid(); | |
88 | for (i = 0; i < 64; i++) | |
89 | close(i); | |
90 | sleep(remainlifetime); | |
91 | ktc_ForgetAllTokens(); | |
92 | pam_afs_syslog(LOG_INFO, PAMAFS_SESSIONCLOSED2); | |
93 | exit(0); | |
94 | default: /* parent */ | |
95 | pam_afs_syslog(LOG_INFO, PAMAFS_SESSIONCLOSED1); | |
96 | return (PAM_SUCCESS); | |
97 | } | |
98 | } | |
99 | if (!no_unlog && ktc_ForgetAllTokens()) | |
100 | return PAM_SESSION_ERR; | |
101 | if (logmask & LOG_MASK(LOG_DEBUG)) | |
102 | syslog(LOG_DEBUG, "pam_afs_session_close: Session closed"); | |
103 | return PAM_SUCCESS; | |
104 | } |