mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 10:13:21 +00:00
f75a80c1f9
Refactored launching of shell to call PAM first. This allows a PAM module to create the user and home directory before attempting to launch a shell for said user. To do this the command passed to Teleport during re-exec has changed. Before the Teleport master process would resolve the user fully (UID, GUID, supplementary groups, shell, home directory) before re-launching itself to then launch a shell. However, if PAM is used to create the user on the fly and PAM has not been called yet, this will fail. Instead that work has now been pushed to occur in the child process. This means the Teleport master process now creates a payload with the minimum needed from *srv.ServerContext and will then re-exec itself. The child process will call PAM and then attempt to resolve the user (UID, GUID, supplementary groups, shell, home directory).
57 lines
1.5 KiB
Go
57 lines
1.5 KiB
Go
// +build !pam,cgo
|
|
|
|
/*
|
|
Copyright 2018 Gravitational, Inc.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package pam
|
|
|
|
var buildHasPAM bool = false
|
|
var systemHasPAM bool = false
|
|
|
|
// PAM is used to create a PAM context and initiate PAM transactions to checks
|
|
// the users account and open/close a session.
|
|
type PAM struct {
|
|
}
|
|
|
|
// Open creates a PAM context and initiates a PAM transaction to check the
|
|
// account and then opens a session.
|
|
func Open(config *Config) (*PAM, error) {
|
|
return &PAM{}, nil
|
|
}
|
|
|
|
// Close will close the session, the PAM context, and release any allocated
|
|
// memory.
|
|
func (p *PAM) Close() error {
|
|
return nil
|
|
}
|
|
|
|
// Environment returns the PAM environment variables associated with a PAM
|
|
// handle.
|
|
func (p *PAM) Environment() []string {
|
|
return nil
|
|
}
|
|
|
|
// BuildHasPAM returns true if the binary was build with support for PAM
|
|
// compiled in.
|
|
func BuildHasPAM() bool {
|
|
return buildHasPAM
|
|
}
|
|
|
|
// SystemHasPAM returns true if the PAM library exists on the system.
|
|
func SystemHasPAM() bool {
|
|
return systemHasPAM
|
|
}
|