root/pam/pam_mkuserdir.c

/* PAM Make Home Dir module

   This module will create a users home directory if it does not exist
   when the session begins. This allows users to be present in central
   database (such as nis, kerb or ldap) without using a distributed
   file system or pre-creating a large number of directories.

   Here is a sample /etc/pam.d/login file for Debian GNU/Linux
   2.1:

   auth       requisite  pam_securetty.so
   auth       sufficient pam_ldap.so
   auth       required   pam_unix.so
   auth       optional   pam_group.so
   auth       optional   pam_mail.so
   account    requisite  pam_time.so
   account    sufficient pam_ldap.so
   account    required   pam_unix.so
   session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
   session    required   pam_unix.so
   session    optional   pam_lastlog.so
   password   required   pam_unix.so

   Released under the GNU LGPL version 2 or later
   Originally written by Jason Gunthorpe <jgg@debian.org> Feb 1999
   Structure taken from pam_lastlogin by Andrew Morgan
     <morgan@parc.power.net> 1996
 */

// #include "config.h"

#include <stdarg.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <pwd.h>
#include <grp.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <dirent.h>
#include <syslog.h>

/*
 * here, we make a definition for the externally accessible function
 * in this file (this definition is required for static a module
 * but strongly encouraged generally) it is used to instruct the
 * modules include file to define the function prototypes.
 */

#define PAM_SM_SESSION

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>


/* argument parsing */
#define MKHOMEDIR_DEBUG      020  /* keep quiet about things */
#define MKHOMEDIR_QUIET      040  /* keep quiet about things */
#define UNUSED

static unsigned int Mask = 0777;
static char SkelDir[BUFSIZ] = "/etc/skel"; /* THIS MODULE IS NOT THREAD SAFE */
static char DestDir[BUFSIZ] = ""; /* THIS MODULE IS NOT THREAD SAFE */
static char  UserId[BUFSIZ] = "";      /* THIS MODULE IS NOT THREAD SAFE */
static char GroupId[BUFSIZ] = "";      /* THIS MODULE IS NOT THREAD SAFE */

static int
_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv)
{
   int ctrl = 0;

   /* does the appliction require quiet? */
   if ((flags & PAM_SILENT) == PAM_SILENT)
      ctrl |= MKHOMEDIR_QUIET;

   /* step through arguments */
   for (; argc-- > 0; ++argv)
   {
      if (!strcmp(*argv, "silent")) {
   ctrl |= MKHOMEDIR_QUIET;
      } else if (!strncmp(*argv,"mode=",5)) {
   Mask = strtol(*argv+5,0,0);
      } else if (!strncmp(*argv,"uid=",4)) {
  strncpy(UserId,*argv+4,sizeof(UserId));
  UserId[sizeof(UserId)-1] = '\0';
      } else if (!strncmp(*argv,"gid=",4)) {
  strncpy(GroupId,*argv+4,sizeof(GroupId));
  GroupId[sizeof(GroupId)-1] = '\0';
      } else if (!strncmp(*argv,"base=",5)) {
  strncpy(DestDir,*argv+5,sizeof(DestDir));
  DestDir[sizeof(DestDir)-1] = '\0';
      } else {
  pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
      }
   }

   D(("ctrl = %o", ctrl));
   return ctrl;
}

int create_dir (pam_handle_t * pamh, int ctrl,
                const char *source, const char *dest)
{
   const struct passwd *pwd;
   const struct group  *grp;
   mode_t mode;
   /* Get the password entry */
   pwd = pam_modutil_getpwnam (pamh, UserId);
   if (pwd == NULL)
   {
      pam_syslog(pamh, LOG_NOTICE, "couldn't identify user %s",UserId);
      return PAM_USER_UNKNOWN;
   }
   grp = pam_modutil_getgrnam(pamh, GroupId);
   if (grp == NULL)
   {
      pam_syslog(pamh, LOG_NOTICE, "couldn't identify gropu %s",GroupId);
      return PAM_USER_UNKNOWN;
   }

  mode = umask(0);
  if (mkdir (dest, Mask)  != 0 && errno != EEXIST)
  {
    pam_syslog(pamh, LOG_DEBUG, "unable to create directory %s:", dest);
    return PAM_PERM_DENIED;
  }
  umask(mode);

  if(chown(dest,pwd->pw_uid,grp->gr_gid) != 0)
  {
    pam_syslog(pamh, LOG_DEBUG, "unable to change permissions on directory %s", dest);
    return PAM_PERM_DENIED;
  }

  return PAM_SUCCESS;
}

/* --- authentication management functions (only) --- */

PAM_EXTERN int
pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
         const char **argv)
{
   int retval, ctrl;
   const void *user;
   struct stat St;

   /* Parse the flag values */
   ctrl = _pam_parse(pamh, flags, argc, argv);

   /* Determine the user name so we can get the home directory */
   retval = pam_get_item(pamh, PAM_USER, &user);
   if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0')
   {
      pam_syslog(pamh, LOG_NOTICE, "user unknown");
      return PAM_USER_UNKNOWN;
   }

   char home[BUFSIZ] = "";
   strncpy(home, DestDir, strnlen(DestDir,BUFSIZ-1));
   strncat(home, "/", 1);
   strncat(home, user, strlen(user));
   home[strnlen(home,BUFSIZ)] = '\0';

   /* Stat the home directory, if something exists then we assume it is
      correct and return a success*/
   if (stat(home,&St) == 0)
      return PAM_SUCCESS;

   return create_dir(pamh, ctrl, SkelDir, home);
}

/* Ignore */
PAM_EXTERN
int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED,
        int argc UNUSED, const char **argv UNUSED)
{
   return PAM_SUCCESS;
}