github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/plugins/pam/uidmonitorpam_c.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/plugins/pam/uidmonitorpam_c.go (about)

     1  package main
     2  
     3  /*
     4  #cgo LDFLAGS: -lpam -fPIC
     5  #include <errno.h>
     6  #include <pwd.h>
     7  #include <security/pam_appl.h>
     8  #include <stdlib.h>
     9  #include <stdio.h>
    10  #include <string.h>
    11  #include <sys/stat.h>
    12  #include <sys/types.h>
    13  #include <unistd.h>
    14  #include<syslog.h>
    15  int get_uid(char *user);
    16  
    17  // get_user pulls the username out of the pam handle.
    18  char *get_user(pam_handle_t *pamh) {
    19    if (!pamh)
    20      return NULL;
    21    int pam_err = 0;
    22    const char *user;
    23  
    24    if ((pam_err = pam_get_item(pamh, PAM_USER, (const void**)&user)) != PAM_SUCCESS)
    25      return NULL;
    26  
    27    return strdup(user);
    28  }
    29  
    30  // get_user pulls the username out of the pam handle.
    31  char *get_ruser(pam_handle_t *pamh) {
    32    if (!pamh)
    33      return NULL;
    34    int pam_err = 0;
    35    const char *user;
    36    if ((pam_err = pam_get_item(pamh, PAM_RUSER, (const void**)&user)) != PAM_SUCCESS)
    37      return NULL;
    38    return strdup(user);
    39  }
    40  
    41  
    42  
    43  char *get_service(pam_handle_t *pamh){
    44    int pam_err = 0;
    45    if (!pamh)
    46      return NULL;
    47    const char *service;
    48    if ((pam_err = pam_get_item(pamh, PAM_SERVICE, (const void**)&service)) != PAM_SUCCESS)
    49      return NULL;
    50    return strdup(service);
    51  }
    52  
    53  void initLog() {
    54     openlog(NULL,LOG_PID,LOG_AUTH);
    55  }
    56  
    57  int is_system_user(char *user){
    58     struct passwd entry;
    59     struct passwd *result;
    60     char *buf;
    61     size_t bufsize;
    62    int s;
    63    bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
    64    if (bufsize == -1)
    65          bufsize = 16384;
    66     buf = malloc(bufsize);
    67     s = getpwnam_r(user,&entry,buf,bufsize,&result);
    68     if(result == NULL){
    69       if (s ==0){
    70         return 0;
    71       }
    72     }
    73  //We are late enough in the stack to get no errors about missing users ideally
    74  
    75  if(strcmp("/bin/nologin",entry.pw_shell)== 0 || strcmp("/bin/false",entry.pw_shell) || strlen(entry.pw_shell) < 1){
    76      syslog(LOG_ALERT,"Called with ruser %s",entry.pw_shell);
    77      syslog(LOG_ALERT,"Called with ruser %s",entry.pw_passwd);
    78      return 1;
    79   }
    80  if(entry.pw_passwd[0] == '!' || entry.pw_passwd[0] == '*' || strcmp(entry.pw_passwd,"x") == 0){
    81  return 1;
    82  }
    83    return 0;
    84  }
    85  
    86  int is_root(char *user){
    87    struct passwd entry;
    88    struct passwd *result;
    89    char *buf;
    90    size_t bufsize;
    91    int s;
    92    int i =0;
    93  
    94    bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
    95    if (bufsize == -1)
    96          bufsize = 16384;
    97     buf = malloc(bufsize);
    98     s = getpwnam_r(user,&entry,buf,bufsize,&result);
    99     if(result == NULL){
   100       if (s ==0){
   101         return 0;
   102       }
   103     }
   104     if (entry.pw_uid == 0){
   105        return 1;
   106     }
   107  
   108    return 0;
   109  }
   110  */
   111  import "C"