| @@ -1,121 +1,121 @@ | | | @@ -1,121 +1,121 @@ |
1 | #include "cron.h" | | 1 | #include "cron.h" |
2 | | | 2 | |
3 | #ifdef USE_PAM | | 3 | #ifdef USE_PAM |
4 | | | 4 | |
5 | #include <security/pam_appl.h> | | 5 | #include <security/pam_appl.h> |
6 | | | 6 | |
7 | static pam_handle_t *pamh = NULL; | | 7 | static pam_handle_t *pamh = NULL; |
8 | static const struct pam_conv cron_conv = { 0 }; | | 8 | static const struct pam_conv cron_conv; |
9 | | | 9 | |
10 | int | | 10 | int |
11 | cron_pam_start (const char *username) | | 11 | cron_pam_start (const char *username) |
12 | { | | 12 | { |
13 | int retval; | | 13 | int retval; |
14 | | | 14 | |
15 | if (pamh) | | 15 | if (pamh) |
16 | return 0; | | 16 | return 0; |
17 | | | 17 | |
18 | retval = pam_start ("cron", username, &cron_conv, &pamh); | | 18 | retval = pam_start ("cron", username, &cron_conv, &pamh); |
19 | log_close (); | | 19 | log_close (); |
20 | if (retval != PAM_SUCCESS) | | 20 | if (retval != PAM_SUCCESS) |
21 | { | | 21 | { |
22 | pamh = NULL; | | 22 | pamh = NULL; |
23 | log_it ("CRON", getpid (), "pam_start failed", | | 23 | log_it ("CRON", getpid (), "pam_start failed", |
24 | pam_strerror (pamh, retval)); | | 24 | pam_strerror (pamh, retval)); |
25 | return 0; | | 25 | return 0; |
26 | } | | 26 | } |
27 | retval = pam_authenticate (pamh, PAM_SILENT); | | 27 | retval = pam_authenticate (pamh, PAM_SILENT); |
28 | log_close (); | | 28 | log_close (); |
29 | if (retval != PAM_SUCCESS) | | 29 | if (retval != PAM_SUCCESS) |
30 | { | | 30 | { |
31 | log_it ("CRON", getpid (), "pam_authenticate failed", | | 31 | log_it ("CRON", getpid (), "pam_authenticate failed", |
32 | pam_strerror (pamh, retval)); | | 32 | pam_strerror (pamh, retval)); |
33 | pam_end (pamh, retval); | | 33 | pam_end (pamh, retval); |
34 | pamh = NULL; | | 34 | pamh = NULL; |
35 | return 0; | | 35 | return 0; |
36 | } | | 36 | } |
37 | retval = pam_acct_mgmt (pamh, PAM_SILENT); | | 37 | retval = pam_acct_mgmt (pamh, PAM_SILENT); |
38 | log_close (); | | 38 | log_close (); |
39 | if (retval != PAM_SUCCESS) | | 39 | if (retval != PAM_SUCCESS) |
40 | { | | 40 | { |
41 | log_it ("CRON", getpid (), "pam_acct_mgmt failed", | | 41 | log_it ("CRON", getpid (), "pam_acct_mgmt failed", |
42 | pam_strerror (pamh, retval)); | | 42 | pam_strerror (pamh, retval)); |
43 | pam_end (pamh, retval); | | 43 | pam_end (pamh, retval); |
44 | pamh = NULL; | | 44 | pamh = NULL; |
45 | return 0; | | 45 | return 0; |
46 | } | | 46 | } |
47 | retval = pam_open_session (pamh, PAM_SILENT); | | 47 | retval = pam_open_session (pamh, PAM_SILENT); |
48 | log_close (); | | 48 | log_close (); |
49 | if (retval != PAM_SUCCESS) | | 49 | if (retval != PAM_SUCCESS) |
50 | { | | 50 | { |
51 | log_it ("CRON", getpid (), "pam_open_session failed", | | 51 | log_it ("CRON", getpid (), "pam_open_session failed", |
52 | pam_strerror (pamh, retval)); | | 52 | pam_strerror (pamh, retval)); |
53 | pam_end (pamh, retval); | | 53 | pam_end (pamh, retval); |
54 | pamh = NULL; | | 54 | pamh = NULL; |
55 | return 0; | | 55 | return 0; |
56 | } | | 56 | } |
57 | | | 57 | |
58 | return 1; | | 58 | return 1; |
59 | } | | 59 | } |
60 | | | 60 | |
61 | int | | 61 | int |
62 | cron_pam_setcred (void) | | 62 | cron_pam_setcred (void) |
63 | { | | 63 | { |
64 | int retval; | | 64 | int retval; |
65 | | | 65 | |
66 | if (!pamh) | | 66 | if (!pamh) |
67 | return 0; | | 67 | return 0; |
68 | | | 68 | |
69 | retval = pam_setcred (pamh, PAM_ESTABLISH_CRED | PAM_SILENT); | | 69 | retval = pam_setcred (pamh, PAM_ESTABLISH_CRED | PAM_SILENT); |
70 | log_close (); | | 70 | log_close (); |
71 | if (retval != PAM_SUCCESS) | | 71 | if (retval != PAM_SUCCESS) |
72 | { | | 72 | { |
73 | log_it ("CRON", getpid (), "pam_setcred failed", | | 73 | log_it ("CRON", getpid (), "pam_setcred failed", |
74 | pam_strerror (pamh, retval)); | | 74 | pam_strerror (pamh, retval)); |
75 | pam_end (pamh, retval); | | 75 | pam_end (pamh, retval); |
76 | pamh = NULL; | | 76 | pamh = NULL; |
77 | log_close (); | | 77 | log_close (); |
78 | return 0; | | 78 | return 0; |
79 | } | | 79 | } |
80 | | | 80 | |
81 | return 1; | | 81 | return 1; |
82 | } | | 82 | } |
83 | | | 83 | |
84 | void | | 84 | void |
85 | cron_pam_finish (void) | | 85 | cron_pam_finish (void) |
86 | { | | 86 | { |
87 | if (!pamh) | | 87 | if (!pamh) |
88 | return; | | 88 | return; |
89 | | | 89 | |
90 | pam_close_session (pamh, 0); | | 90 | pam_close_session (pamh, 0); |
91 | pam_end (pamh, 0); | | 91 | pam_end (pamh, 0); |
92 | pamh = NULL; | | 92 | pamh = NULL; |
93 | log_close (); | | 93 | log_close (); |
94 | } | | 94 | } |
95 | | | 95 | |
96 | #ifndef PAM_DATA_SILENT | | 96 | #ifndef PAM_DATA_SILENT |
97 | #define PAM_DATA_SILENT 0 | | 97 | #define PAM_DATA_SILENT 0 |
98 | #endif | | 98 | #endif |
99 | | | 99 | |
100 | void | | 100 | void |
101 | cron_pam_child_close (void) | | 101 | cron_pam_child_close (void) |
102 | { | | 102 | { |
103 | pam_end (pamh, PAM_DATA_SILENT); | | 103 | pam_end (pamh, PAM_DATA_SILENT); |
104 | pamh = NULL; | | 104 | pamh = NULL; |
105 | log_close (); | | 105 | log_close (); |
106 | } | | 106 | } |
107 | | | 107 | |
108 | char ** | | 108 | char ** |
109 | cron_pam_getenvlist (char **envp) | | 109 | cron_pam_getenvlist (char **envp) |
110 | { | | 110 | { |
111 | if (!pamh || !envp) | | 111 | if (!pamh || !envp) |
112 | return 0; | | 112 | return 0; |
113 | | | 113 | |
114 | for (; *envp; ++envp) | | 114 | for (; *envp; ++envp) |
115 | if (pam_putenv (pamh, *envp) != PAM_SUCCESS) | | 115 | if (pam_putenv (pamh, *envp) != PAM_SUCCESS) |
116 | return 0; | | 116 | return 0; |
117 | | | 117 | |
118 | return pam_getenvlist (pamh); | | 118 | return pam_getenvlist (pamh); |
119 | } | | 119 | } |
120 | | | 120 | |
121 | #endif /* USE_PAM */ | | 121 | #endif /* USE_PAM */ |