| @@ -1,121 +1,121 @@ | | | @@ -1,121 +1,121 @@ |
| 1 | #include "cron.h" | | 1 | #include "cron.h" |
| 2 | | | 2 | |
| 3 | #ifdef USE_PAM | | 3 | #ifdef USE_PAM |
| 4 | | | 4 | |
| 5 | #include <security/pam_appl.h> | | 5 | #include <security/pam_appl.h> |
| 6 | | | 6 | |
| 7 | static pam_handle_t *pamh = NULL; | | 7 | static pam_handle_t *pamh = NULL; |
| 8 | static const struct pam_conv cron_conv = { 0 }; | | 8 | static const struct pam_conv cron_conv; |
| 9 | | | 9 | |
| 10 | int | | 10 | int |
| 11 | cron_pam_start (const char *username) | | 11 | cron_pam_start (const char *username) |
| 12 | { | | 12 | { |
| 13 | int retval; | | 13 | int retval; |
| 14 | | | 14 | |
| 15 | if (pamh) | | 15 | if (pamh) |
| 16 | return 0; | | 16 | return 0; |
| 17 | | | 17 | |
| 18 | retval = pam_start ("cron", username, &cron_conv, &pamh); | | 18 | retval = pam_start ("cron", username, &cron_conv, &pamh); |
| 19 | log_close (); | | 19 | log_close (); |
| 20 | if (retval != PAM_SUCCESS) | | 20 | if (retval != PAM_SUCCESS) |
| 21 | { | | 21 | { |
| 22 | pamh = NULL; | | 22 | pamh = NULL; |
| 23 | log_it ("CRON", getpid (), "pam_start failed", | | 23 | log_it ("CRON", getpid (), "pam_start failed", |
| 24 | pam_strerror (pamh, retval)); | | 24 | pam_strerror (pamh, retval)); |
| 25 | return 0; | | 25 | return 0; |
| 26 | } | | 26 | } |
| 27 | retval = pam_authenticate (pamh, PAM_SILENT); | | 27 | retval = pam_authenticate (pamh, PAM_SILENT); |
| 28 | log_close (); | | 28 | log_close (); |
| 29 | if (retval != PAM_SUCCESS) | | 29 | if (retval != PAM_SUCCESS) |
| 30 | { | | 30 | { |
| 31 | log_it ("CRON", getpid (), "pam_authenticate failed", | | 31 | log_it ("CRON", getpid (), "pam_authenticate failed", |
| 32 | pam_strerror (pamh, retval)); | | 32 | pam_strerror (pamh, retval)); |
| 33 | pam_end (pamh, retval); | | 33 | pam_end (pamh, retval); |
| 34 | pamh = NULL; | | 34 | pamh = NULL; |
| 35 | return 0; | | 35 | return 0; |
| 36 | } | | 36 | } |
| 37 | retval = pam_acct_mgmt (pamh, PAM_SILENT); | | 37 | retval = pam_acct_mgmt (pamh, PAM_SILENT); |
| 38 | log_close (); | | 38 | log_close (); |
| 39 | if (retval != PAM_SUCCESS) | | 39 | if (retval != PAM_SUCCESS) |
| 40 | { | | 40 | { |
| 41 | log_it ("CRON", getpid (), "pam_acct_mgmt failed", | | 41 | log_it ("CRON", getpid (), "pam_acct_mgmt failed", |
| 42 | pam_strerror (pamh, retval)); | | 42 | pam_strerror (pamh, retval)); |
| 43 | pam_end (pamh, retval); | | 43 | pam_end (pamh, retval); |
| 44 | pamh = NULL; | | 44 | pamh = NULL; |
| 45 | return 0; | | 45 | return 0; |
| 46 | } | | 46 | } |
| 47 | retval = pam_open_session (pamh, PAM_SILENT); | | 47 | retval = pam_open_session (pamh, PAM_SILENT); |
| 48 | log_close (); | | 48 | log_close (); |
| 49 | if (retval != PAM_SUCCESS) | | 49 | if (retval != PAM_SUCCESS) |
| 50 | { | | 50 | { |
| 51 | log_it ("CRON", getpid (), "pam_open_session failed", | | 51 | log_it ("CRON", getpid (), "pam_open_session failed", |
| 52 | pam_strerror (pamh, retval)); | | 52 | pam_strerror (pamh, retval)); |
| 53 | pam_end (pamh, retval); | | 53 | pam_end (pamh, retval); |
| 54 | pamh = NULL; | | 54 | pamh = NULL; |
| 55 | return 0; | | 55 | return 0; |
| 56 | } | | 56 | } |
| 57 | | | 57 | |
| 58 | return 1; | | 58 | return 1; |
| 59 | } | | 59 | } |
| 60 | | | 60 | |
| 61 | int | | 61 | int |
| 62 | cron_pam_setcred (void) | | 62 | cron_pam_setcred (void) |
| 63 | { | | 63 | { |
| 64 | int retval; | | 64 | int retval; |
| 65 | | | 65 | |
| 66 | if (!pamh) | | 66 | if (!pamh) |
| 67 | return 0; | | 67 | return 0; |
| 68 | | | 68 | |
| 69 | retval = pam_setcred (pamh, PAM_ESTABLISH_CRED | PAM_SILENT); | | 69 | retval = pam_setcred (pamh, PAM_ESTABLISH_CRED | PAM_SILENT); |
| 70 | log_close (); | | 70 | log_close (); |
| 71 | if (retval != PAM_SUCCESS) | | 71 | if (retval != PAM_SUCCESS) |
| 72 | { | | 72 | { |
| 73 | log_it ("CRON", getpid (), "pam_setcred failed", | | 73 | log_it ("CRON", getpid (), "pam_setcred failed", |
| 74 | pam_strerror (pamh, retval)); | | 74 | pam_strerror (pamh, retval)); |
| 75 | pam_end (pamh, retval); | | 75 | pam_end (pamh, retval); |
| 76 | pamh = NULL; | | 76 | pamh = NULL; |
| 77 | log_close (); | | 77 | log_close (); |
| 78 | return 0; | | 78 | return 0; |
| 79 | } | | 79 | } |
| 80 | | | 80 | |
| 81 | return 1; | | 81 | return 1; |
| 82 | } | | 82 | } |
| 83 | | | 83 | |
| 84 | void | | 84 | void |
| 85 | cron_pam_finish (void) | | 85 | cron_pam_finish (void) |
| 86 | { | | 86 | { |
| 87 | if (!pamh) | | 87 | if (!pamh) |
| 88 | return; | | 88 | return; |
| 89 | | | 89 | |
| 90 | pam_close_session (pamh, 0); | | 90 | pam_close_session (pamh, 0); |
| 91 | pam_end (pamh, 0); | | 91 | pam_end (pamh, 0); |
| 92 | pamh = NULL; | | 92 | pamh = NULL; |
| 93 | log_close (); | | 93 | log_close (); |
| 94 | } | | 94 | } |
| 95 | | | 95 | |
| 96 | #ifndef PAM_DATA_SILENT | | 96 | #ifndef PAM_DATA_SILENT |
| 97 | #define PAM_DATA_SILENT 0 | | 97 | #define PAM_DATA_SILENT 0 |
| 98 | #endif | | 98 | #endif |
| 99 | | | 99 | |
| 100 | void | | 100 | void |
| 101 | cron_pam_child_close (void) | | 101 | cron_pam_child_close (void) |
| 102 | { | | 102 | { |
| 103 | pam_end (pamh, PAM_DATA_SILENT); | | 103 | pam_end (pamh, PAM_DATA_SILENT); |
| 104 | pamh = NULL; | | 104 | pamh = NULL; |
| 105 | log_close (); | | 105 | log_close (); |
| 106 | } | | 106 | } |
| 107 | | | 107 | |
| 108 | char ** | | 108 | char ** |
| 109 | cron_pam_getenvlist (char **envp) | | 109 | cron_pam_getenvlist (char **envp) |
| 110 | { | | 110 | { |
| 111 | if (!pamh || !envp) | | 111 | if (!pamh || !envp) |
| 112 | return 0; | | 112 | return 0; |
| 113 | | | 113 | |
| 114 | for (; *envp; ++envp) | | 114 | for (; *envp; ++envp) |
| 115 | if (pam_putenv (pamh, *envp) != PAM_SUCCESS) | | 115 | if (pam_putenv (pamh, *envp) != PAM_SUCCESS) |
| 116 | return 0; | | 116 | return 0; |
| 117 | | | 117 | |
| 118 | return pam_getenvlist (pamh); | | 118 | return pam_getenvlist (pamh); |
| 119 | } | | 119 | } |
| 120 | | | 120 | |
| 121 | #endif /* USE_PAM */ | | 121 | #endif /* USE_PAM */ |