1 /*
2
3 uWSGI pam plugin 20120809
4
5 Credits:
6
7 Harry Percival (PythonAnywhere.com)
8
9
10 */
11 #include "../../uwsgi.h"
12
13 extern struct uwsgi_server uwsgi;
14
15 #include <security/pam_appl.h>
16
17 char *uwsgi_pam_service = NULL;
18 char *uwsgi_pam_user = NULL;
19
20 struct uwsgi_option uwsgi_pam_options[] = {
21 {"pam", required_argument, 0, "set the pam service name to use", uwsgi_opt_set_str, &uwsgi_pam_service, 0},
22 {"pam-user", required_argument, 0, "set a fake user for pam", uwsgi_opt_set_str, &uwsgi_pam_user, 0},
23 {0, 0, 0, 0, 0, 0 ,0},
24
25 };
26
uwsgi_pam_conv(int num_msg,const struct pam_message ** msg,struct pam_response ** resp,void * appdata_ptr)27 static int uwsgi_pam_conv(int num_msg, const struct pam_message **msg,
28 struct pam_response **resp, void *appdata_ptr) {
29 int i;
30 for(i=0;i<num_msg;i++) {
31 uwsgi_log("%s\n", msg[i]->msg);
32 }
33 return PAM_SUCCESS;
34 }
35
uwsgi_setup_pam(void)36 void uwsgi_setup_pam(void) {
37 pam_handle_t *pamh = NULL;
38 struct pam_conv pamc = { uwsgi_pam_conv, NULL };
39
40 if (uwsgi_pam_service) {
41 if (!uwsgi_pam_user) {
42 if (!uwsgi.uid) {
43 uwsgi_log("you cannot use pam for root !!!\n");
44 exit(1);
45 }
46 struct passwd *pwd = getpwuid(uwsgi.uid);
47 if (!pwd) {
48 uwsgi_error("getpwuid()");
49 exit(1);
50 }
51 // no need to make a copy as we will use that only here
52 uwsgi_pam_user = pwd->pw_name;
53 }
54
55 if (pam_start(uwsgi_pam_service, uwsgi_pam_user, &pamc, &pamh) != PAM_SUCCESS) {
56 uwsgi_error("pam_start()");
57 exit(1);
58 }
59 if (pam_open_session(pamh, 0) != PAM_SUCCESS) {
60 uwsgi_error("pam_open_session()");
61 exit(1);
62 }
63 }
64 }
65
66 struct uwsgi_plugin pam_plugin = {
67 .name = "pam",
68 .options = uwsgi_pam_options,
69 .before_privileges_drop = uwsgi_setup_pam,
70 };
71