1 #include "cron.h"
2
3 #ifdef USE_PAM
4
5 #include <security/pam_appl.h>
6
7 static pam_handle_t *pamh = NULL;
8 static const struct pam_conv cron_conv;
9
10 int
cron_pam_start(const char * username)11 cron_pam_start (const char *username)
12 {
13 int retval;
14
15 if (pamh)
16 return 0;
17
18 retval = pam_start ("cron", username, &cron_conv, &pamh);
19 log_close ();
20 if (retval != PAM_SUCCESS)
21 {
22 pamh = NULL;
23 log_it ("CRON", getpid (), "pam_start failed",
24 pam_strerror (pamh, retval));
25 return 0;
26 }
27 retval = pam_authenticate (pamh, PAM_SILENT);
28 log_close ();
29 if (retval != PAM_SUCCESS)
30 {
31 log_it ("CRON", getpid (), "pam_authenticate failed",
32 pam_strerror (pamh, retval));
33 pam_end (pamh, retval);
34 pamh = NULL;
35 return 0;
36 }
37 retval = pam_acct_mgmt (pamh, PAM_SILENT);
38 log_close ();
39 if (retval != PAM_SUCCESS)
40 {
41 log_it ("CRON", getpid (), "pam_acct_mgmt failed",
42 pam_strerror (pamh, retval));
43 pam_end (pamh, retval);
44 pamh = NULL;
45 return 0;
46 }
47 retval = pam_open_session (pamh, PAM_SILENT);
48 log_close ();
49 if (retval != PAM_SUCCESS)
50 {
51 log_it ("CRON", getpid (), "pam_open_session failed",
52 pam_strerror (pamh, retval));
53 pam_end (pamh, retval);
54 pamh = NULL;
55 return 0;
56 }
57
58 return 1;
59 }
60
61 int
cron_pam_setcred(void)62 cron_pam_setcred (void)
63 {
64 int retval;
65
66 if (!pamh)
67 return 0;
68
69 retval = pam_setcred (pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
70 log_close ();
71 if (retval != PAM_SUCCESS)
72 {
73 log_it ("CRON", getpid (), "pam_setcred failed",
74 pam_strerror (pamh, retval));
75 pam_end (pamh, retval);
76 pamh = NULL;
77 log_close ();
78 return 0;
79 }
80
81 return 1;
82 }
83
84 void
cron_pam_finish(void)85 cron_pam_finish (void)
86 {
87 if (!pamh)
88 return;
89
90 pam_close_session (pamh, 0);
91 pam_end (pamh, 0);
92 pamh = NULL;
93 log_close ();
94 }
95
96 #ifndef PAM_DATA_SILENT
97 #define PAM_DATA_SILENT 0
98 #endif
99
100 void
cron_pam_child_close(void)101 cron_pam_child_close (void)
102 {
103 pam_end (pamh, PAM_DATA_SILENT);
104 pamh = NULL;
105 log_close ();
106 }
107
108 char **
cron_pam_getenvlist(char ** envp)109 cron_pam_getenvlist (char **envp)
110 {
111 if (!pamh || !envp)
112 return 0;
113
114 for (; *envp; ++envp)
115 if (pam_putenv (pamh, *envp) != PAM_SUCCESS)
116 return 0;
117
118 return pam_getenvlist (pamh);
119 }
120
121 #endif /* USE_PAM */
122