2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 #include <security/pam_ext.h>
19 #include <security/pam_modules.h>
26 #include "krate-guard.h"
27 #include "krate-builder.h"
29 #include <klay/exception.h>
30 #include <klay/filesystem.h>
31 #include <klay/xml/parser.h>
32 #include <klay/xml/document.h>
34 #define LAZYMOUNT_EXTERN extern
36 std::string buildKrateManifestPath(const std::string& name)
38 return CONF_PATH "/" + name + ".xml";
41 std::string getKrateName(pam_handle_t* handle)
44 int error = ::pam_get_item(handle, PAM_USER, &retItem);
45 if (error != PAM_SUCCESS) {
46 throw runtime::Exception("Failed to get user");
49 return static_cast<const char*>(retItem);
53 LAZYMOUNT_EXTERN __attribute__((visibility("default")))
54 int container_preprocess(char* id) {
55 std::cout << "kraterize (UID " << id << ")..." << std::endl << std::flush;
57 runtime::User user(std::stoi(std::string(id)));
58 KrateGuard krateGuard(user.getName());
61 auto sessionBuilder = [](const runtime::User& user) {
62 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
63 builder.unshareNamespace();
65 createSession(user, sessionBuilder);
66 } catch (runtime::Exception& e) {
67 std::cerr << "krate error : " << e.what() <<std::endl << std::flush;
71 std::cout << "krate preprocess completed!" << std::endl << std::flush;
75 LAZYMOUNT_EXTERN __attribute__((visibility("default")))
76 int container_postprocess(char* id) {
78 runtime::User user(std::stoi(std::string(id)));
79 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
80 builder.mountOwnFilesystem();
81 } catch (runtime::Exception& e) {
82 std::cerr << "krate error : " << e.what() << std::endl << std::flush;
85 std::cout << "krate postprocess completed!" << std::endl << std::flush;
86 std::cout << "kraterized!" << std::endl << std::flush;
90 PAM_EXTERN __attribute__((visibility("default")))
91 int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
94 runtime::User user(getKrateName(pamh));
95 KrateGuard krateGuard(user.getName());
98 auto sessionBuilder = [](const runtime::User& user) {
99 KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
100 builder.unshareNamespace();
101 builder.mountOwnFilesystem();
103 createSession(user, sessionBuilder);
104 } catch (runtime::Exception& e) {
105 ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
106 return PAM_SESSION_ERR;
112 PAM_EXTERN __attribute__((visibility("default")))
113 int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
116 runtime::User user(getKrateName(pamh));
117 KrateGuard krateGuard(user.getName());
120 destroySession(user);
121 } catch (runtime::Exception& e) {
122 ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
123 return PAM_SESSION_ERR;
129 #ifdef PAM_MODULE_ENTRY
130 PAM_MODULE_ENTRY("pam_krate");