pam/pam_vouch/sbin/pam-vouch

   1 #!/bin/bash
   2
   3 set -e
   4 set -o pipefail
   5
   6 cd /var/run/pam_vouch
   7
   8 _resolveip()
   9 {
  10         local host=$1
  11         if [ "${host:0:1}" = '[' ]
  12         then
  13                 host=${host:1}
  14                 host=${host%%]*}
  15         else
  16                 host=${host%%:*}
  17         fi
  18         resolveip "$host"
  19 }
  20
  21 bolden()
  22 {
  23         echo -ne "\e[1m"
  24         echo -n "$*"
  25         echo -ne "\e[m"
  26 }
  27
  28 for file in req-*
  29 do
  30         uuid=${file:4}
  31
  32         # note, $file is trusted
  33         . $file
  34         age=`perl -MTime::Duration -e "print ago(time - $PAM_VOUCH_TIMESTAMP)"`
  35         exp=`perl -MTime::Duration -e "print ago(time - $PAM_VOUCH_EXPIRE)"`
  36
  37         echo "Access request:"
  38         echo "  when:            $(date -d "@$PAM_VOUCH_TIMESTAMP") ($(bolden "$age"))"
  39         echo "  request expires: $(date -d "@$PAM_VOUCH_EXPIRE") ($exp)"
  40         echo "  source host:     $PAM_RHOST"
  41         echo -n "  "; _resolveip "$PAM_RHOST"
  42         echo "  tty:             $PAM_TTY"
  43         echo "  local service:   $PAM_SERVICE"
  44         echo "  login as:        $(bolden "$PAM_USER")"
  45         echo
  46
  47         read -e -p "Allow? [y/n] " reply
  48
  49         if [ $PAM_VOUCH_EXPIRE -le `date +%s` ]
  50         then
  51                 echo "Request expired in the meanwhile."
  52         else
  53                 if [ ".$reply" = .y ]
  54                 then
  55                         touch "allow-$uuid"
  56                         echo "You granted access."
  57                 elif [ ".$reply" = .n ]
  58                 then
  59                         rm "req-$uuid"
  60                         echo "You denied access."
  61                 else
  62                         echo "Undecided."
  63                 fi
  64         fi
  65         echo
  66 done