From 6cef9f0fc159de4c9fd708050ec76adb4e74d390 Mon Sep 17 00:00:00 2001 From: Tomasz Kramkowski Date: Fri, 27 Jan 2023 13:58:10 +0000 Subject: openat variant --- src/lib.rs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 src/lib.rs (limited to 'src') diff --git a/src/lib.rs b/src/lib.rs new file mode 100644 index 0000000..23f5b79 --- /dev/null +++ b/src/lib.rs @@ -0,0 +1,56 @@ +use libc::mode_t; +use openat::{Dir, AsPath}; +use pam::constants::{PamFlag, PamResultCode}; +use pam::module::{PamHandle, PamHooks}; +use std::ffi::CStr; +use std::io::{ErrorKind, Write}; +use std::process; + +const CG_MOUNT: &str = "/sys/fs/cgroup"; + +struct PAMUserCG; +pam::pam_hooks!(PAMUserCG); + +fn create_and_open_dir( + d: &Dir, path: P, mode: mode_t, + ) -> std::io::Result { + match d.create_dir(path, mode) { + Ok(()) => Ok(()), + Err(e) => match e.kind() { + ErrorKind::AlreadyExists => Ok(()), + _ => Err(e), + } + }?; + d.sub_dir(path) +} + +struct SessionError; + +fn open_session(h: &mut PamHandle) -> Result<(), SessionError> { + let user = h.get_user(None).or(Err(SessionError))?; + let user = users::get_user_by_name(&user).ok_or(SessionError)?; + let d = Dir::open(CG_MOUNT).or(Err(SessionError))?; + let d = create_and_open_dir(&d, "user", 0o777).or(Err(SessionError))?; + let d = create_and_open_dir(&d, &user.uid().to_string(), 0o777) + .or(Err(SessionError))?; + let d = create_and_open_dir(&d, "leaf", 0o777).or(Err(SessionError))?; + let pid = process::id().to_string(); + let mut procs = d.open_file_ex("cgroup.procs", libc::O_WRONLY, 0) + .or(Err(SessionError))?; + procs.write_all(pid.as_bytes()).or(Err(SessionError))?; + Ok(()) +} + +impl PamHooks for PAMUserCG { + fn sm_open_session( + h: &mut PamHandle, + _args: Vec<&CStr>, + _flags: PamFlag + ) -> PamResultCode { + if open_session(h).is_ok() { + PamResultCode::PAM_SUCCESS + } else { + PamResultCode::PAM_SESSION_ERR + } + } +} -- cgit v1.2.3-54-g00ecf