src/pam/afs_session.c

   1 /*
   2  * Copyright 2000, International Business Machines Corporation and others.
   3  * All Rights Reserved.
   4  *
   5  * This software has been released under the terms of the IBM Public
   6  * License.  For details, see the LICENSE file in the top-level source
   7  * directory or online at http://www.openafs.org/dl/license10.html
   8  */
   9
  10 #include <afsconfig.h>
  11 #include <afs/param.h>
  12
  13 #include <roken.h>
  14
  15 #include <security/pam_appl.h>
  16 #include <security/pam_modules.h>
  17
  18 #include <afs/auth.h>
  19 #include "afs_message.h"
  20 #include "afs_util.h"
  21
  22 extern int
  23 pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
  24                     const char **argv)
  25 {
  26     return PAM_SUCCESS;
  27 }
  28
  29
  30 #define REMAINLIFETIME 300
  31
  32 extern int
  33 pam_sm_close_session(pam_handle_t * pamh, int flags, int argc,
  34                      const char **argv)
  35 {
  36     int i;
  37     int logmask = LOG_UPTO(LOG_INFO);
  38     int remain = 0;
  39     int remainlifetime = REMAINLIFETIME;
  40     int no_unlog = 0;
  41
  42     openlog(pam_afs_ident, LOG_CONS | LOG_PID, LOG_AUTH);
  43     setlogmask(logmask);
  44
  45     /*
  46      * Parse the user options.  Log an error for any unknown options.
  47      */
  48     for (i = 0; i < argc; i++) {
  49         if (strcasecmp(argv[i], "debug") == 0) {
  50             logmask |= LOG_MASK(LOG_DEBUG);
  51             (void)setlogmask(logmask);
  52         } else if (strcasecmp(argv[i], "remain") == 0) {
  53             remain = 1;
  54         } else if (strcasecmp(argv[i], "remainlifetime") == 0) {
  55             i++;
  56             remain = 1;
  57             remainlifetime = (int)strtol(argv[i], NULL, 10);
  58             if (remainlifetime == 0) {
  59                 if ((errno == EINVAL) || (errno == ERANGE)) {
  60                     remainlifetime = REMAINLIFETIME;
  61                     pam_afs_syslog(LOG_ERR, PAMAFS_REMAINLIFETIME, argv[i],
  62                                    REMAINLIFETIME);
  63                 } else {
  64                     no_unlog = 0;
  65                     remain = 0;
  66                 }
  67             }
  68         } else if (strcmp(argv[i], "no_unlog") == 0) {
  69             no_unlog = 1;
  70         } else {
  71             pam_afs_syslog(LOG_ERR, PAMAFS_UNKNOWNOPT, argv[i]);
  72         }
  73     }
  74
  75     if (logmask & LOG_MASK(LOG_DEBUG))
  76         syslog(LOG_DEBUG,
  77                "pam_afs_session_close: remain: %d, remainlifetime: %d, no_unlog: %d",
  78                remain, remainlifetime, no_unlog);
  79     if (remain && !no_unlog) {
  80         switch (fork()) {
  81         case -1:                /* error */
  82             return (PAM_SESSION_ERR);
  83         case 0:         /* child */
  84 #ifdef AFS_LINUX20_ENV
  85             setpgrp();
  86 #endif
  87             setsid();
  88             for (i = 0; i < 64; i++)
  89                 close(i);
  90             sleep(remainlifetime);
  91             ktc_ForgetAllTokens();
  92             pam_afs_syslog(LOG_INFO, PAMAFS_SESSIONCLOSED2);
  93             exit(0);
  94         default:                /* parent */
  95             pam_afs_syslog(LOG_INFO, PAMAFS_SESSIONCLOSED1);
  96             return (PAM_SUCCESS);
  97         }
  98     }
  99     if (!no_unlog && ktc_ForgetAllTokens())
 100         return PAM_SESSION_ERR;
 101     if (logmask & LOG_MASK(LOG_DEBUG))
 102         syslog(LOG_DEBUG, "pam_afs_session_close: Session closed");
 103     return PAM_SUCCESS;
 104 }