src/mypam.c

   1 //Harvie 2o11 - Warning: Not bulletproof yet!
   2 #define ENV_PREFIX "JAIL_"
   3 #define DEFAULT_JAIL "/var/ssh-chroot"
   4
   5 #include <stdio.h>
   6 #include <stdlib.h>
   7
   8 #define PAM_SM_SESSION
   9 #include <security/pam_modules.h>
  10
  11 PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
  12         const char* user;
  13         pam_get_user(pamh, &user, "login: ");
  14         //printf("Welcome %s\n", user);
  15
  16         setenv(ENV_PREFIX "USER", user, 1);
  17         setenv(ENV_PREFIX "DIR", DEFAULT_JAIL, 1);
  18         if(argc > 0) setenv(ENV_PREFIX "DIR", argv[0], 1);
  19
  20
  21         //system("echo start $HOME; echo a && true && echo b && false && echo c");
  22         setuid(0); setgid(0);
  23         system("mkdir -p \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
  24         system("chown root:root \"$JAIL_DIR/$JAIL_USER\"");
  25         system("chown \"$JAIL_USER:$JAIL_USER\" \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
  26         system("mountpoint -q \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\" || mount -o bind \"$HOME\" \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
  27
  28         return PAM_SUCCESS; //PAM_SESSION_ERR | PAM_SUCCESS
  29 }