2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
19 #include <security/pam_ext.h>
20 #include <security/pam_modules.h>
26 #include "krate-guard.h"
27 #include "krate-builder.h"
28 #include "common/session.h"
30 #include <klay/exception.h>
31 #include <klay/filesystem.h>
32 #include <klay/xml/parser.h>
33 #include <klay/xml/document.h>
35 #define KRATE_UID_MIN 60001
36 #define KRATE_UID_MAX 60100
38 #define LAZYMOUNT_EXTERN extern
39 #define LAZYMOUNT_LIB "/usr/lib/liblazymount.so.0"
41 std::string buildKrateManifestPath(const std::string& name)
43 return "/home/" + name + "/.config/krate/krate.xml";
46 std::string getKrateName(pam_handle_t* handle)
49 int error = ::pam_get_item(handle, PAM_USER, &retItem);
50 if (error != PAM_SUCCESS) {
51 throw runtime::Exception("Failed to get user");
54 return static_cast<const char*>(retItem);
57 static int wait_condition(void)
62 int (*wait_mount_user)(void);
64 r = access(LAZYMOUNT_LIB, F_OK);
66 fprintf(stderr, "cannot find lazymount module - No support lazymount\n");
70 h = dlopen(LAZYMOUNT_LIB, RTLD_LAZY);
72 fprintf(stderr, "lazymount module dlopen error\n");
77 wait_mount_user = (int (*)())dlsym(h, "wait_mount_user");
78 if (!wait_mount_user) {
79 fprintf(stderr, "dlsym wait_mount_user error\n");
85 r = wait_mount_user();
87 fprintf(stderr, "wait_mout_user failed\n");
97 LAZYMOUNT_EXTERN __attribute__((visibility("default")))
98 int container_preprocess(char* id) {
99 std::cout << "kraterize (UID " << id << ")..." << std::endl << std::flush;
101 runtime::User user(std::stoi(std::string(id)));
102 KrateGuard krateGuard(user.getName());
105 auto sessionBuilder = [](const runtime::User& user) {
106 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
107 builder.unshareNamespace();
109 createSession(user, sessionBuilder);
111 if (user.getUid() >= KRATE_UID_MIN && user.getUid() <= KRATE_UID_MAX ) {
114 } catch (runtime::Exception& e) {
115 std::cerr << "krate error : " << e.what() <<std::endl << std::flush;
119 std::cout << "krate preprocess completed!" << std::endl << std::flush;
123 LAZYMOUNT_EXTERN __attribute__((visibility("default")))
124 int container_postprocess(char* id) {
126 runtime::User user(std::stoi(std::string(id)));
127 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
128 builder.mountOwnFilesystem();
129 } catch (runtime::Exception& e) {
130 std::cerr << "krate error : " << e.what() << std::endl << std::flush;
133 std::cout << "krate postprocess completed!" << std::endl << std::flush;
134 std::cout << "kraterized!" << std::endl << std::flush;
138 PAM_EXTERN __attribute__((visibility("default")))
139 int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
142 runtime::User user(getKrateName(pamh));
143 KrateGuard krateGuard(user.getName());
146 auto sessionBuilder = [](const runtime::User& user) {
147 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
148 builder.unshareNamespace();
149 builder.mountOwnFilesystem();
151 createSession(user, sessionBuilder);
152 } catch (runtime::Exception& e) {
153 ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
154 return PAM_SESSION_ERR;
160 PAM_EXTERN __attribute__((visibility("default")))
161 int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
164 runtime::User user(getKrateName(pamh));
165 KrateGuard krateGuard(user.getName());
168 destroySession(user);
169 } catch (runtime::Exception& e) {
170 ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
171 return PAM_SESSION_ERR;
177 #ifdef PAM_MODULE_ENTRY
178 PAM_MODULE_ENTRY("pam_krate");