Attachment 434561 Details for Bug 700053

[patch] add pam_systemd support

pam_systemd.patch (text/plain), 9.81 KB, created by Frederic Crozat on 2011-06-15 12:06:09 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Frederic Crozat

Created: 2011-06-15 12:06:09 UTC

Size: 9.81 KB

patch

obsolete

>Index: pam-config-0.79/src/Makefile.am
>===================================================================
>--- pam-config-0.79.orig/src/Makefile.am
>+++ pam-config-0.79/src/Makefile.am
>@@ -30,7 +30,7 @@ pam_config_SOURCES = pam-config.c load_c
> 	mod_pam_group.c mod_pam_time.c mod_pam_ssh.c mod_pam_succeed_if.c \
> 	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
> 	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
>-	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c
>+	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c
> 
> noinst_HEADERS = pam-config.h pam-module.h
> 
>Index: pam-config-0.79/src/mod_pam_systemd.c
>===================================================================
>--- /dev/null
>+++ pam-config-0.79/src/mod_pam_systemd.c
>@@ -0,0 +1,229 @@
>+/* Copyright (C) 2011 Frederic Crozat
>+   Author: Frederic Crozat <fcrozat@suse.com>
>+
>+   This program is free software; you can redistribute it and/or modify
>+   it under the terms of the GNU General Public License version 2 as
>+   published by the Free Software Foundation.
>+
>+   This program is distributed in the hope that it will be useful,
>+   but WITHOUT ANY WARRANTY; without even the implied warranty of
>+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+   GNU General Public License for more details.
>+
>+   You should have received a copy of the GNU General Public License
>+   along with this program; if not, write to the Free Software Foundation,
>+   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
>+
>+#ifdef HAVE_CONFIG_H
>+#include <config.h>
>+#endif
>+
>+#include <stdio.h>
>+#include <string.h>
>+#include <ctype.h>
>+#include <dirent.h>
>+#include <stdlib.h>
>+
>+#include "pam-config.h"
>+#include "pam-module.h"
>+
>+extern char *confdir;
>+
>+static int
>+session_pred_systemd (config_content_t *cfg_content)
>+{
>+  int do_insert = FALSE;
>+  /* insert if current line does not already contain this module */
>+  do_insert = strcasestr (cfg_content->line, "pam_systemd.so") == NULL;
>+  /* and this line starts with 'session' */
>+  do_insert &= strcasestr (cfg_content->line, "session") != NULL;
>+
>+  /* and there is no next line, or the next line is something
>+   * different than session */
>+  do_insert &= ( cfg_content->next == NULL ||
>+		 strcasestr (cfg_content->line, "pam_loginuid") == NULL);
>+
>+  return do_insert;
>+}
>+
>+/*
>+ * This implementation follows a different approach than the other
>+ * single service modules (lastlog, loginuid and mount):
>+ *
>+ * Rather than operating on the file directly, the config/service
>+ * file is parsed in first into *cfg_content.
>+ *
>+ * Then depending on the cmd line switch (-a/d), it operates on the
>+ * linked list instead, using insert_if() and remove_module().
>+ *
>+ * I chose this solution because this way there is more flexibility
>+ * where to insert the module.
>+ *
>+ * You can specify the insertion point by writing a custom predicate
>+ * (see session_pred_systemd for examples).
>+ */
>+
>+static int
>+write_config_systemd (pam_module_t *this, enum write_type op __attribute__((unused)), FILE *unused __attribute__((unused)))
>+{
>+  option_set_t *opt_set = this->get_opt_set (this, SESSION);
>+  int status = TRUE;
>+  config_content_t *cfg_content;
>+  int writeit = opt_set->is_enabled (opt_set, "is_enabled");
>+  char *line;
>+  char *opt_create_session, *opt_kill_session, *opt_kill_user;
>+  char *opt_kill_only_users, *opt_kill_exclude_users, *opt_controllers, *opt_reset_controllers;
>+  char *opt;
>+
>+  if (debug)
>+    debug_write_call (this, SESSION);
>+
>+  load_single_config (gl_service, &cfg_content);
>+
>+  /* remove every occurrence of pam_systemd.so from the service
>+   * file
>+   */
>+  remove_module (&cfg_content, "pam_systemd.so");
>+  if (writeit)
>+  {
>+    if (!is_module_enabled (service_module_list, "pam_loginuid.so", SESSION)) {
>+      fprintf (stderr, _("ERROR: pam_loginuid.so is not enabled for service '%s', but needed by pam_systemd.so\n"), gl_service);
>+      return 1;
>+    }
>+
>+  if ((opt = opt_set->get_opt (opt_set, "create_session")))
>+  {
>+    if (asprintf(&opt_create_session, " create-session=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_create_session = NULL;
>+  if ((opt = opt_set->get_opt (opt_set, "kill_session")))
>+  {
>+    if (asprintf(&opt_kill_session, " kill-session=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_kill_session = NULL;
>+  if ((opt = opt_set->get_opt (opt_set, "kill_user")))
>+  {
>+    if (asprintf(&opt_kill_user, " kill-user=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_kill_user = NULL;
>+  if ((opt = opt_set->get_opt (opt_set, "kill_only_users")))
>+  {
>+    if (asprintf(&opt_kill_only_users, " kill-only-users=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_kill_only_users = NULL;
>+  if ((opt = opt_set->get_opt (opt_set, "kill_exclude_users")))
>+  {
>+    if (asprintf(&opt_kill_exclude_users, " kill-exclude-users=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_kill_exclude_users = NULL;
>+  if ((opt = opt_set->get_opt (opt_set, "controllers")))
>+  {
>+    if (asprintf(&opt_controllers, " controllers=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_controllers = NULL;
>+  if ((opt = opt_set->get_opt (opt_set, "reset_controllers")))
>+  {
>+    if (asprintf(&opt_reset_controllers, " reset-controllers=%s",opt) == -1)
>+      return 1;
>+  }
>+  else
>+    opt_reset_controllers = NULL;
>+    if (asprintf (&line, "session\t required\tpam_systemd.so%s %s %s %s %s %s %s\n",
>+			  opt_create_session ? opt_create_session : "",
>+			  opt_kill_session ? opt_kill_session : "",
>+			  opt_kill_user ? opt_kill_user : "",
>+			  opt_kill_only_users ? opt_kill_only_users : "",
>+			  opt_kill_exclude_users ? opt_kill_exclude_users : "",
>+			  opt_controllers ? opt_controllers : "",
>+			  opt_reset_controllers ? opt_reset_controllers : "") == -1)
>+      return 1;
>+    /* insert pam_systemd.so as the last module in the session
>+     * stack
>+     */
>+    status &= insert_if (&cfg_content, line , &session_pred_systemd, AFTER);
>+    free (line);
>+  }
>+  if (!status)
>+  {
>+    fprintf (stderr, _("ERROR: Could not add pam_systemd.so to service '%s'"), gl_service);
>+    return 1;
>+  }
>+
>+  return write_single_config (gl_service, &cfg_content);
>+}
>+
>+
>+static int
>+parse_config_systemd (pam_module_t *this, char *args, write_type_t type)
>+{
>+  option_set_t *opt_set = this->get_opt_set (this, type);
>+
>+  if (debug)
>+    printf ("**** parse_config_%s (%s): '%s'\n", this->name,
>+	    type2string (type), args ? args : "");
>+
>+  opt_set->enable (opt_set, "is_enabled", TRUE);
>+
>+  while (args && strlen (args) > 0)
>+    {
>+      char *cp = strsep (&args, " \t");
>+
>+      if (args)
>+	while (isspace ((int) *args))
>+	  ++args;
>+
>+      if (strncmp (cp, "create-session=", 15) == 0)
>+	   opt_set->set_opt (opt_set, "create_session", strdup(&cp[15]));
>+      else if (strncmp (cp, "kill-session=", 13) == 0)
>+	   opt_set->set_opt (opt_set, "kill_session", strdup(&cp[13]));
>+      else if (strncmp (cp, "kill-user=", 10) == 0)
>+	   opt_set->set_opt (opt_set, "kill_user", strdup(&cp[10]));
>+      else if (strncmp (cp, "kill-only-users=", 16) == 0)
>+  	   opt_set->set_opt (opt_set, "kill_only_users", strdup (&cp[16]));
>+      else if (strncmp (cp, "kill-exclude-users=", 19) == 0)
>+  	   opt_set->set_opt (opt_set, "kill_exclude_users", strdup (&cp[19]));
>+      else if (strncmp (cp, "controllers=", 12) == 0)
>+  	   opt_set->set_opt (opt_set, "controllers", strdup (&cp[12]));
>+      else if (strncmp (cp, "reset-controllers=", 18) == 0)
>+  	   opt_set->set_opt (opt_set, "reset_controllers", strdup (&cp[18]));
>+      else
>+	   print_unknown_option_error ("pam_systemd.so", cp);
>+    }
>+  return 1;
>+}
>+
>+GETOPT_START_1(SESSION)
>+GETOPT_END_1(SESSION)
>+
>+PRINT_ARGS("systemd")
>+PRINT_XMLHELP("systemd")
>+
>+/* ---- contruct module object ---- */
>+DECLARE_BOOL_OPTS_1 (is_enabled);
>+DECLARE_STRING_OPTS_7 (create_session, kill_session, kill_user, kill_only_users, kill_exclude_users, controllers, reset_controllers);
>+DECLARE_OPT_SETS;
>+
>+static module_helptext_t helptext[] = {{NULL, NULL, NULL}};
>+
>+
>+/* at last construct the complete module object */
>+pam_module_t mod_pam_systemd = { "pam_systemd.so", opt_sets, helptext,
>+				     &parse_config_systemd,
>+				     &def_print_module,
>+				     &write_config_systemd,
>+				     &get_opt_set,
>+				     &getopt,
>+				     &print_args,
>+				     &print_xmlhelp};
>Index: pam-config-0.79/src/supported-modules.h
>===================================================================
>--- pam-config-0.79.orig/src/supported-modules.h
>+++ pam-config-0.79/src/supported-modules.h
>@@ -39,6 +39,7 @@ extern pam_module_t mod_pam_cryptpass;
> extern pam_module_t mod_pam_csync;
> extern pam_module_t mod_pam_loginuid;
> extern pam_module_t mod_pam_mount;
>+extern pam_module_t mod_pam_systemd;
> 
> pam_module_t *common_module_list[] = {
>   &mod_pam_apparmor,
>@@ -157,5 +158,6 @@ pam_module_t *service_module_list[] = {
>   &mod_pam_lastlog,
>   &mod_pam_loginuid,
>   &mod_pam_mount,
>+  &mod_pam_systemd,
>   NULL
> };
>Index: pam-config-0.79/src/pam-module.h
>===================================================================
>--- pam-config-0.79.orig/src/pam-module.h
>+++ pam-config-0.79/src/pam-module.h
>@@ -219,6 +219,12 @@ typedef struct {
>   GENERIC_OPT_SET_3( password,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3); \
>   GENERIC_OPT_SET_3( session,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3);
> 
>+#define DECLARE_STRING_OPTS_4(OPT_1,OPT_2,OPT_3,OPT_4)			\
>+  GENERIC_OPT_SET_4( auth,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3,OPT_4); \
>+  GENERIC_OPT_SET_4( account,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3,OPT_4); \
>+  GENERIC_OPT_SET_4( password,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3,OPT_4); \
>+  GENERIC_OPT_SET_4( session,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3,OPT_4);
>+
> #define DECLARE_STRING_OPTS_5(OPT_1,OPT_2,OPT_3,OPT_4,OPT_5)	\
>   GENERIC_OPT_SET_5( auth,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5 );	\
>   GENERIC_OPT_SET_5( account,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5 );	\

Actions: View | Diff

Attachments on bug 700053: 434561 | 434564 | 434571 | 435099 | 446170