[gdm-list] gdm and pam session interaction
- From: Richard Horton <arimus uk gmail com>
- To: gdm-list gnome org
- Subject: [gdm-list] gdm and pam session interaction
- Date: Thu, 2 Sep 2010 11:08:40 +0100
Hi,
I've got a very simple (currently) pam module which hooks the
session_open and session_close to enable me to send notifications of
user sessions to a central server (this server needs to change various
parameters depending on whether the workstation user is in 'full' or
'training' type modes based on group memberships).
It works fine for bash logins and other console include su but does
not record anything for gdm.
The core 'guts' of the module are as follows, neither the session open
nor close appear to get called as no syslog entries are generated...
(I know the code is a mess, its a prototype and my first fiddle with
pam moduels). I have tried adding session required pam_session_hook.so
(for that is the name of the hook :) ) to both the /etc/pam.d/gdm
config and /etc/pam.d/system-auth but no joy with either...
I'd like to use pam if at all possible for this as it provides a
framework which can grow and will also cope with any potential gui
changes.
TIA
Richard.
-- code below here --
static int run_pam_hook( const char *user, const char *tag)
{
/* for now all we'll do is shove a line in the syslog...
* in theory pretty much anything goes. Be careful with the return code.
*/
/* Syslog specific variables */
int slog_opt=0;
int slog_prio=0;
int ret_code=PAM_SESSION_ERR;
slog_opt = LOG_PID | LOG_NDELAY;
slog_prio= LOG_USER;
/* User/Group variables */
struct passwd *pwd_ent;
int i,ng=0; // used to store number of variables
gid_t *groups = NULL; // stores the groups
pwd_ent = getpwnam(user);
if(pwd_ent == NULL) {
syslog(LOG_ERR,"Could not retrieve user details for %s",user);
return ret_code;
}
openlog("pam_session_hook_log",slog_opt,slog_prio);
/* The first call is used to get the number of groups and then malloc
the required amount of space to
* hold the array of group id's.
* Currently only really using the number of groups (ng) in this example.
*/
if (getgrouplist(user, pwd_ent->pw_gid, NULL, &ng) < 0) {
groups = (gid_t *) malloc(ng * sizeof (gid_t));
getgrouplist(user, pwd_ent->pw_gid, groups, &ng);
}
if(tag==PSH_OPEN_SESSION)
{
syslog(LOG_NOTICE,"Session started: User=%s(%d), Primary
Group=%ld, Number of Groups=%ld",
user,pwd_ent->pw_uid,pwd_ent->pw_gid,ng);
ret_code=PAM_SUCCESS;
} else
if(tag==PSH_CLOSE_SESSION)
{
syslog(LOG_NOTICE,"Session ended for %s",user);
ret_code=PAM_SUCCESS;
} else
/*If we ever, ever, ever, get here then something is horribly wrong!*/
{
syslog(LOG_NOTICE,"WTF!!!!");
ret_code=PAM_SESSION_ERR;
}
closelog();
return ret_code;
}
PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
int argc, const char **argv)
{
const char *user = NULL;
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS
|| user == NULL)
return PAM_USER_UNKNOWN;
return run_pam_hook(user, PSH_OPEN_SESSION);
}
PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
int argc, const char **argv)
{
const char *user = NULL;
if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS
|| user == NULL)
return PAM_SUCCESS;
return run_pam_hook(user, PSH_CLOSE_SESSION);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]