Add krate-mount service

[platform/core/security/krate.git] / module / krate.cpp

diff --git a/module/krate.cpp b/module/krate.cpp
index 84496cf..8c9a320 100644 (file)
--- a/module/krate.cpp
+++ b/module/krate.cpp
@@ -14,27 +14,32 @@
  *  limitations under the License
  */
 
+#include <dlfcn.h>
 #include <syslog.h>
+#include <unistd.h>
 #include <security/pam_ext.h>
 #include <security/pam_modules.h>
 
 #include <string>
 #include <vector>
+#include <iostream>
 
-#include "session.h"
-#include "krate-guard.h"
 #include "krate-builder.h"
 
 #include <klay/exception.h>
 #include <klay/filesystem.h>
-#include <klay/xml/parser.h>
-#include <klay/xml/document.h>
 
-std::string buildKrateManifestPath(const std::string& name)
-{
-       return CONF_PATH "/" + name + ".xml";
+#define KRATE_UID_MIN 6000
+#define KRATE_UID_MAX 6999
+
+namespace {
+
+static std::string getFlagFilePath(runtime::User &user) {
+       return "/run/user/" + std::to_string(user.getUid()) + "/.container";
 }
 
+} // namespace
+
 std::string getKrateName(pam_handle_t* handle)
 {
        const void* retItem;
@@ -46,31 +51,21 @@ std::string getKrateName(pam_handle_t* handle)
        return static_cast<const char*>(retItem);
 }
 
-void openKrateSession(const std::string& name)
-{
-       auto sessionBuilder = [](const runtime::User& user) {
-               KrateBuilder builder(user, buildKrateManifestPath(user.getName()));
-               builder.containerize();
-       };
-
-       createSession(runtime::User(name), sessionBuilder);
-}
-
-void closeKrateSession(const std::string& name)
-{
-       destroySession(runtime::User(name));
-}
-
 extern "C" {
 PAM_EXTERN  __attribute__((visibility("default")))
 int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
 {
        try {
-               std::string name = getKrateName(pamh);
-               KrateGuard krateGuard(name);
-               krateGuard.wait();
+               runtime::User user(getKrateName(pamh));
+
+               KrateBuilder builder(user);
+               builder.enterKrate();
 
-               openKrateSession(name);
+               if (user.getUid() >= KRATE_UID_MIN && user.getUid() <= KRATE_UID_MAX ) {
+                       runtime::File flag(getFlagFilePath(user));
+                       if (!flag.exists())
+                               flag.create(0644);
+               }
        } catch (runtime::Exception& e) {
                ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
                return PAM_SESSION_ERR;
@@ -83,11 +78,14 @@ PAM_EXTERN  __attribute__((visibility("default")))
 int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char* argv[])
 {
        try {
-               std::string name = getKrateName(pamh);
-               KrateGuard krateGuard(name);
-               krateGuard.wait();
+               runtime::User user(getKrateName(pamh));
+
+               KrateBuilder builder(user);
+               builder.exitKrate();
 
-               closeKrateSession(name);
+               runtime::File flag(getFlagFilePath(user));
+               if (flag.exists())
+                       flag.remove(false);
        } catch (runtime::Exception& e) {
                ::pam_syslog(pamh, LOG_ERR, "%s", e.what());
                return PAM_SESSION_ERR;