Browse Source

Init

master
Arthur Poulet 4 years ago
commit
cb9ac17514
8 changed files with 187 additions and 0 deletions
  1. +2
    -0
      .gitignore
  2. +9
    -0
      CMakeLists.txt
  3. +11
    -0
      README.md
  4. +1
    -0
      pam.d/login
  5. +100
    -0
      pamela.c
  6. +8
    -0
      pamela.h
  7. +53
    -0
      pamela_manager
  8. +3
    -0
      pamela_passwd

+ 2
- 0
.gitignore View File

@@ -0,0 +1,2 @@
build/
.*.swp

+ 9
- 0
CMakeLists.txt View File

@@ -0,0 +1,9 @@
cmake_minimum_required (VERSION 3.0)
project (Pamela C)

add_library (Pamela SHARED pamela.c)

target_link_libraries(
Pamela
pam
)

+ 11
- 0
README.md View File

@@ -0,0 +1,11 @@
# compile

```sh
mkdir -p build
cd build
cmake ..
make
su -c "cp libPamela.so /lib64/security/pam_ela.so"
cd ..
su -c "echo '' >> /etc/pam.d/login"
```

+ 1
- 0
pam.d/login View File

@@ -0,0 +1 @@
session optional pam_ela.so

+ 100
- 0
pamela.c View File

@@ -0,0 +1,100 @@
#define _GNU_SOURCE
#include <stdio.h>
#include <linux/limits.h>
#include "pamela.h"
#include <syslog.h>

PAM_EXTERN
int pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char **argv) {
char const *user;
int pam_error;

// get user name
if ((pam_error = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
fprintf(stderr, "%sn", pam_strerror(pamh, pam_error));
syslog(LOG_USER | LOG_ERR, "Error pam_get_user()\n");
return pam_error;
}
// open / create volume
char *cmd_open;
if (!asprintf(&cmd_open, "su -l root -c \"pamela_manager open %s\"", user, user)) {
syslog(LOG_USER | LOG_ERR, "Error asprintf()\n");
// log error
return PAM_ABORT;
}
if (system(cmd_open) != 0) {
free(cmd_open);
syslog(LOG_USER | LOG_ERR, "Error during the pamela_manager script\n");
return PAM_ABORT;
}
free(cmd_open);
return PAM_SUCCESS;
}


PAM_EXTERN
int pam_sm_close_session(pam_handle_t *pamh, int flags,
int argc, const char *argv[]) {
syslog(LOG_USER | LOG_ERR, "close()\n");
char const *user;
int pam_error;
// get user name
if ((pam_error = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
fprintf(stderr, "%sn", pam_strerror(pamh, pam_error));
syslog(LOG_USER | LOG_ERR, "Error pam_get_user()\n");
return pam_error;
}
// open / create volume
char *cmd_open;
if (!asprintf(&cmd_open, "su -l root -c \"pamela_manager close %s\"", user, user)) {
// log error
return PAM_ABORT;
}
if (system(cmd_open) != 0) {
free(cmd_open);
syslog(LOG_USER | LOG_ERR, "Error during the pamela_manager script\n");
return PAM_ABORT;
}
free(cmd_open);
return PAM_SUCCESS;
}

/*
PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
syslog(LOG_USER | LOG_ERR, "authenticate()\n");
(void)pamh;
(void)flags;
(void)argc;
(void)argv;
return (PAM_SUCCESS);
}

PAM_EXTERN
int pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
syslog(LOG_USER | LOG_ERR, "setcred()\n");
(void)pamh;
(void)flags;
(void)argc;
(void)argv;
return (PAM_SUCCESS);
}


PAM_EXTERN
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
int argc, const char *argv[])
{
syslog(LOG_USER | LOG_ERR, "acct_mgmt()\n");
(void)pamh;
(void)flags;
(void)argc;
(void)argv;
return (PAM_SUCCESS);
}
*/

+ 8
- 0
pamela.h View File

@@ -0,0 +1,8 @@
#pragma once

#define PAM_SM_SESSION
//#define PAM_SM_AUTH

#include <security/pam_modules.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>

+ 53
- 0
pamela_manager View File

@@ -0,0 +1,53 @@
#!/bin/bash

echo "pamela_manager $@" >> /tmp/pamela.log

# init sessions
sdir=/tmp/.pamela_sessions
mkdir -p $sdir
chmod -R 700 $sdir
#echo "$sdir is initialized to 700"
#chmod 700 /home/.pamela

# init arguments
action=$1
user=$2
if [ "$action" = "" ] || [ "$user" = "" ]; then
echo "Not enough arguments (need 2 <action> <user>)"
exit 1
fi
#echo "Parameters are $action and $user"

# init dir arguments
dir="/home/$user/private"
usdir="$sdir/$user"
if [ "$user" = "root" ]; then
dir="/root/private"
fi
partition="/home/.pamela/$user"

#echo "pamela_manager $action $user $dir $partition" >> /tmp/pamela.log
#echo "pamela_manager $action $user $dir $partition"

# execute script
if [ "$action" = "open" ]; then
[ -d $partition ] || mkdir -p $partition && chown $user $partition
mkdir -p $dir && chown $user $dir
if [ -f $usdir ] && [ "$(cat $usdir)" != "0" ]; then
nb=$(cat $usdir)
nb=$((nb+1))
#echo $nb > $usdir
echo "Already mounted. $nb times" >> /tmp/pamela.log
else
su -l $user -c "encfs $partition $dir" && echo 1 > $usdir && chmod go-xrw $partition
fi
elif [ "$action" = "close" ]; then
nb=$(cat $usdir)
if [ "$nb" -eq "1" ]; then
#echo "rm $usdir" >> /tmp/logx
su -l $user -c "fusermount -u $dir" && rm $usdir
else
nb=$((nb-1))
#echo "$nb" > $usdir
fi
fi

+ 3
- 0
pamela_passwd View File

@@ -0,0 +1,3 @@
#!/bin/sh

encfsctl passwd /home/.pamela/$USER

Loading…
Cancel
Save