2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
22 #include <security/pam_appl.h>
23 #include <security/pam_modules.h>
25 #include "afs_message.h"
29 pam_sm_open_session(pam_handle_t * pamh, int flags, int argc,
36 #define REMAINLIFETIME 300
39 pam_sm_close_session(pam_handle_t * pamh, int flags, int argc,
43 int logmask = LOG_UPTO(LOG_INFO);
46 int remainlifetime = REMAINLIFETIME;
49 openlog(pam_afs_ident, LOG_CONS | LOG_PID, LOG_AUTH);
50 origmask = setlogmask(logmask);
53 * Parse the user options. Log an error for any unknown options.
55 for (i = 0; i < argc; i++) {
56 if (strcasecmp(argv[i], "debug") == 0) {
57 logmask |= LOG_MASK(LOG_DEBUG);
58 (void)setlogmask(logmask);
59 } else if (strcasecmp(argv[i], "remain") == 0) {
61 } else if (strcasecmp(argv[i], "remainlifetime") == 0) {
64 remainlifetime = (int)strtol(argv[i], (char **)NULL, 10);
65 if (remainlifetime == 0)
66 if ((errno == EINVAL) || (errno == ERANGE)) {
67 remainlifetime = REMAINLIFETIME;
68 pam_afs_syslog(LOG_ERR, PAMAFS_REMAINLIFETIME, argv[i],
74 } else if (strcmp(argv[i], "no_unlog") == 0) {
77 pam_afs_syslog(LOG_ERR, PAMAFS_UNKNOWNOPT, argv[i]);
81 if (logmask && LOG_MASK(LOG_DEBUG))
83 "pam_afs_session_close: remain: %d, remainlifetime: %d, no_unlog: %d",
84 remain, remainlifetime, no_unlog);
85 if (remain && !no_unlog) {
88 return (PAM_SESSION_ERR);
90 #ifdef AFS_LINUX20_ENV
94 for (i = 0; i < 64; i++)
96 sleep(remainlifetime);
97 ktc_ForgetAllTokens();
98 pam_afs_syslog(LOG_INFO, PAMAFS_SESSIONCLOSED2);
100 default: /* parent */
101 pam_afs_syslog(LOG_INFO, PAMAFS_SESSIONCLOSED1);
102 return (PAM_SUCCESS);
105 if (!no_unlog && ktc_ForgetAllTokens())
106 return PAM_SESSION_ERR;
107 if (logmask && LOG_MASK(LOG_DEBUG))
108 syslog(LOG_DEBUG, "pam_afs_session_close: Session closed");