Move a library/tools to libkrate git

[platform/core/security/krate.git] / module / krate.cpp

/*
 *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */

#include <dlfcn.h>
#include <syslog.h>
#include <security/pam_ext.h>
#include <security/pam_modules.h>

#include <string>
#include <vector>
#include <iostream>

#include "krate-guard.h"
#include "krate-builder.h"
#include "common/session.h"

#include <klay/exception.h>
#include <klay/filesystem.h>
#include <klay/xml/parser.h>
#include <klay/xml/document.h>

#define KRATE_UID_MIN 60001
#define KRATE_UID_MAX 60100

#define LAZYMOUNT_EXTERN extern
#define LAZYMOUNT_LIB "/usr/lib/liblazymount.so.0"

std::string buildKrateManifestPath(const std::string& name)
{
        return "/home/" + name + "/.config/krate/krate.xml";
}

std::string getKrateName(pam_handle_t* handle)
{
        const void* retItem;
        int error = ::pam_get_item(handle, PAM_USER, &retItem);
        if (error != PAM_SUCCESS) {
                throw runtime::Exception("Failed to get user");
        }

        return static_cast<const char*>(retItem);
}

static int wait_condition(void)
{
    int r;
    void *h;

    int (*wait_mount_user)(void);

    r = access(LAZYMOUNT_LIB, F_OK);
    if (r < 0){
        fprintf(stderr, "cannot find lazymount module - No support lazymount\n");
        return 0;
    }

    h = dlopen(LAZYMOUNT_LIB, RTLD_LAZY);
    if (!h) {
        fprintf(stderr, "lazymount module dlopen error\n");
        return -1;
    }

        do{
        wait_mount_user = (int (*)())dlsym(h, "wait_mount_user");
        if (!wait_mount_user) {
            fprintf(stderr, "dlsym wait_mount_user error\n");
            dlclose(h);
            return -1;
        }
    } while (0);

    r = wait_mount_user();
    if (r < 0) {
        fprintf(stderr, "wait_mout_user failed\n");
        dlclose(h);
        return r;
    }

    dlclose(h);
    return 0;
}

extern "C" {
LAZYMOUNT_EXTERN  __attribute__((visibility("default")))
int container_preprocess(char* id) {
        std::cout << "kraterize (UID " << id << ")..." << std::endl << std::flush;
        try {
                runtime::User user(std::stoi(std::string(id)));
                KrateGuard krateGuard(user.getName());
                krateGuard.wait();

                auto sessionBuilder = [](const runtime::User& user) {
                        KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
                        builder.unshareNamespace();
                };
                createSession(user, sessionBuilder);

                if (user.getUid() >= KRATE_UID_MIN && user.getUid() <= KRATE_UID_MAX ) {
                        wait_condition();
                }
        } catch (runtime::Exception& e) {
                std::cerr << "krate error : " << e.what() <<std::endl << std::flush;
                return -1;
        }

        std::cout << "krate preprocess completed!" << std::endl << std::flush;
        return 0;
}

LAZYMOUNT_EXTERN  __attribute__((visibility("default")))
int container_postprocess(char* id) {
        try {
                runtime::User user(std::stoi(std::string(id)));
                KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
                builder.mountOwnFilesystem();
        } catch (runtime::Exception& e) {
                std::cerr << "krate error : " << e.what() << std::endl << std::flush;
                return -1;
        }
        std::cout << "krate postprocess completed!" << std::endl << std::flush;
        std::cout << "kraterized!" << std::endl << std::flush;
        return 0;
}

PAM_EXTERN  __attribute__((visibility("default")))
int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
{
        try {
                runtime::User user(getKrateName(pamh));
                KrateGuard krateGuard(user.getName());
                krateGuard.wait();

                auto sessionBuilder = [](const runtime::User& user) {
                        KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
                        builder.unshareNamespace();
                        builder.mountOwnFilesystem();
                };
                createSession(user, sessionBuilder);
        } catch (runtime::Exception& e) {
                ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
                return PAM_SESSION_ERR;
        }

        return PAM_SUCCESS;
}

PAM_EXTERN  __attribute__((visibility("default")))
int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
{
        try {
                runtime::User user(getKrateName(pamh));
                KrateGuard krateGuard(user.getName());
                krateGuard.wait();

                destroySession(user);
        } catch (runtime::Exception& e) {
                ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
                return PAM_SESSION_ERR;
        }

        return PAM_SUCCESS;
}

#ifdef PAM_MODULE_ENTRY
PAM_MODULE_ENTRY("pam_krate");
#endif

}