2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 #include <security/pam_ext.h>
19 #include <security/pam_modules.h>
25 #include "krate-guard.h"
26 #include "krate-builder.h"
28 #include <klay/exception.h>
29 #include <klay/filesystem.h>
30 #include <klay/xml/parser.h>
31 #include <klay/xml/document.h>
33 #define KRATE_MANIFEST_DIR CONF_PATH "/krate/"
35 std::string buildKrateManifestPath(const std::string& name)
37 return KRATE_MANIFEST_DIR + name + ".xml";
40 std::string getKrateName(pam_handle_t* handle)
43 int error = ::pam_get_item(handle, PAM_USER, &retItem);
44 if (error != PAM_SUCCESS) {
45 throw runtime::Exception("Failed to get user");
48 return static_cast<const char*>(retItem);
51 void openKrateSession(const std::string& name)
53 auto sessionBuilder = [](const runtime::User& user) {
54 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
55 builder.containerize();
58 createSession(runtime::User(name), sessionBuilder);
61 void closeKrateSession(const std::string& name)
63 destroySession(runtime::User(name));
67 PAM_EXTERN __attribute__((visibility("default")))
68 int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
71 std::string name = getKrateName(pamh);
72 KrateGuard krateGuard(name);
75 openKrateSession(name);
76 } catch (runtime::Exception& e) {
77 ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
78 return PAM_SESSION_ERR;
84 PAM_EXTERN __attribute__((visibility("default")))
85 int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
88 std::string name = getKrateName(pamh);
89 KrateGuard krateGuard(name);
92 closeKrateSession(name);
93 } catch (runtime::Exception& e) {
94 ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
95 return PAM_SESSION_ERR;
101 #ifdef PAM_MODULE_ENTRY
102 PAM_MODULE_ENTRY("pam_krate");