summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortonnerre <tonnerre@pkgsrc.org>2009-02-15 20:16:08 +0000
committertonnerre <tonnerre@pkgsrc.org>2009-02-15 20:16:08 +0000
commite45d0a42d1cc188c48c7f05c9e751104c76c1900 (patch)
tree74e88cf5c7d45dc73de0a67e3d77f9fe598d8574
parent08c3eb88c62f925c38b6786769420d4443eae971 (diff)
downloadpkgsrc-e45d0a42d1cc188c48c7f05c9e751104c76c1900.tar.gz
Initial import of the mkhomedir PAM module.
The pam_mkhomedir module provides the means for automatic creation of home directories upon login, if necessary. Key Benefits are: * Uses the Pluggable Authentication Module API defined in OSF DCE RFC 86.0. * Removes the need to pre-create user home directories. The software is distributed under the terms of the 2.5-clause BSD license.
-rw-r--r--security/pam-mkhomedir/files/pam_mkhomedir.c297
1 files changed, 297 insertions, 0 deletions
diff --git a/security/pam-mkhomedir/files/pam_mkhomedir.c b/security/pam-mkhomedir/files/pam_mkhomedir.c
new file mode 100644
index 00000000000..441fe7c588e
--- /dev/null
+++ b/security/pam-mkhomedir/files/pam_mkhomedir.c
@@ -0,0 +1,297 @@
+/**
+ * (c) 2009, Tonnerre Lombard <tonnerre@NetBSD.org>,
+ * The NetBSD Foundation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of the The NetBSD Foundation nor the name of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ * SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $NetBSD: pam_mkhomedir.c,v 1.1.1.1 2009/02/15 20:16:08 tonnerre Exp $
+ */
+
+#include <sys/types.h>
+#include <security/pam_appl.h>
+#include <security/pam_modules.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <dirent.h>
+#include <syslog.h>
+
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/wait.h>
+
+static int
+pam_mkhd_copy(pam_handle_t *pamh, const struct passwd *pwent,
+ const char *from, const char *to)
+{
+ char *newfrom, *newto;
+ struct dirent *dentry;
+ struct stat di;
+ ssize_t len;
+ DIR *dirp;
+ int ffd, tfd, ret;
+
+ if (lstat(from, &di))
+ {
+ pam_error(pamh, "Unable to stat %s: %s", from, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ if (S_ISDIR(di.st_mode))
+ {
+ if (mkdir(to, di.st_mode & 07777))
+ {
+ pam_error(pamh, "Creating directory %s failed: %s",
+ to, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ if (chown(to, pwent->pw_uid, pwent->pw_gid))
+ {
+ pam_error(pamh, "Setting ownership of %s failed: %s",
+ to, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ dirp = opendir(from);
+ if (!dirp)
+ {
+ pam_error(pamh, "Unable to open %s: %s", from,
+ strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ while ((dentry = readdir(dirp)))
+ {
+ if (dentry->d_name[0] == '.' &&
+ (dentry->d_name[1] == '\0' ||
+ (dentry->d_name[1] == '.' &&
+ dentry->d_name[2] == '\0')))
+ continue;
+
+ newfrom = malloc(strlen(from) + strlen(dentry->d_name) +
+ 2);
+ if (!newfrom)
+ {
+ closedir(dirp);
+ return PAM_PERM_DENIED;
+ }
+
+ memset(newfrom, 0, strlen(from) + strlen(dentry->d_name) + 2);
+ strlcpy(newfrom, from, strlen(from) + 1);
+ newfrom[strlen(from)] = '/';
+ strlcpy(newfrom + strlen(from) + 1, dentry->d_name, strlen(dentry->d_name) + 1);
+ newfrom[strlen(from) + strlen(dentry->d_name) + 2] =
+ '\0';
+
+ newto = malloc(strlen(to) + strlen(dentry->d_name) + 2);
+ if (!newto)
+ {
+ free(newfrom);
+ closedir(dirp);
+ return PAM_PERM_DENIED;
+ }
+
+ strlcpy(newto, to, strlen(to) + 1);
+ newto[strlen(to)] = '/';
+ strlcpy(newto + strlen(to) + 1, dentry->d_name, strlen(dentry->d_name) + 1);
+ newto[strlen(to) + strlen(dentry->d_name) + 2] = '\0';
+
+ ret = pam_mkhd_copy(pamh, pwent, newfrom, newto);
+
+ free(newto);
+ free(newfrom);
+
+ if (ret != PAM_SUCCESS)
+ {
+ closedir(dirp);
+ return ret;
+ }
+ }
+
+ closedir(dirp);
+ }
+ else if (S_ISLNK(di.st_mode))
+ {
+ newto = malloc(di.st_size) + 1;
+ memset(newto, 0, di.st_size + 1);
+
+ if (readlink(from, newto, di.st_size + 1) < 0)
+ {
+ pam_error(pamh, "Readlink on %s failed: %s", from,
+ strerror(errno));
+ free(newto);
+ return PAM_PERM_DENIED;
+ }
+
+ if (symlink(newto, to))
+ {
+ pam_error(pamh, "Creating symlink %s failed: %s", to,
+ strerror(errno));
+ free(newto);
+ return PAM_PERM_DENIED;
+ }
+
+ free(newto);
+
+ if (lchmod(to, di.st_mode & 07777))
+ {
+ pam_error(pamh, "Changing permissions of symlink %s failed: %s",
+ to, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ if (lchown(to, pwent->pw_uid, pwent->pw_gid))
+ {
+ pam_error(pamh, "Changing ownership of symlink %s failed: %s",
+ to, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+ }
+ else if (S_ISREG(di.st_mode))
+ {
+ ffd = open(from, O_RDONLY, 0);
+ if (ffd == -1)
+ {
+ pam_error(pamh, "Opening %s for reading failed: %s",
+ from, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ tfd = open(to, O_WRONLY | O_CREAT | O_TRUNC, di.st_mode & 07777);
+ if (ffd == -1)
+ {
+ pam_error(pamh, "Opening %s for writing failed: %s",
+ to, strerror(errno));
+ close(ffd);
+ return PAM_PERM_DENIED;
+ }
+
+ newto = malloc(65536);
+ if (!newto)
+ {
+ pam_error(pamh, "Unable to allocate buffer: %s",
+ strerror(errno));
+ close(tfd);
+ close(ffd);
+ return PAM_PERM_DENIED;
+ }
+
+ while ((len = read(ffd, newto, 65546)) > 0)
+ {
+ if (write(tfd, newto, len) == -1)
+ {
+ pam_error(pamh, "Unable to write to %s: %s",
+ to, strerror(errno));
+ free(newto);
+ close(tfd);
+ close(ffd);
+ return PAM_PERM_DENIED;
+ }
+ }
+
+ free(newto);
+ if (len == -1)
+ {
+ pam_error(pamh, "Unable to read from %s: %s", from,
+ strerror(errno));
+ close(tfd);
+ close(ffd);
+ return PAM_PERM_DENIED;
+ }
+
+ if (close(tfd))
+ {
+ pam_error(pamh, "Unable to close %s: %s", to,
+ strerror(errno));
+ close(ffd);
+ return PAM_PERM_DENIED;
+ }
+
+ if (close(ffd))
+ {
+ pam_error(pamh, "Unable to close %s: %s", from,
+ strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+
+ if (chown(to, pwent->pw_uid, pwent->pw_gid))
+ {
+ pam_error(pamh, "Changing ownership of symlink %s failed: %s",
+ to, strerror(errno));
+ return PAM_PERM_DENIED;
+ }
+ }
+
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ const struct passwd *pwent;
+ const char *user;
+ struct stat di;
+ void (*sh)(int);
+ pid_t child;
+ int res;
+
+ /* Who are we talking about anyway? */
+ res = pam_get_user(pamh, &user, NULL);
+ if (res != PAM_SUCCESS)
+ return res;
+
+ /* Fetch passwd entry */
+ pwent = getpwnam(user);
+ if (!pwent)
+ {
+ pam_error(pamh, "User not found in passwd?");
+ return PAM_CRED_INSUFFICIENT;
+ }
+
+ openlog("pam_mkhomedir", LOG_PID, LOG_AUTH);
+ if (stat(pwent->pw_dir, &di))
+ return pam_mkhd_copy(pamh, pwent, "/etc/skel", pwent->pw_dir);
+
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ (void) pamh; (void) flags; (void) argc; (void) argv;
+ return PAM_SUCCESS;
+}