static void source_agent_env(enum agent id)
{
struct agent_data_t data;
int ret = envoy_get_agent(id, &data, AGENT_ENVIRON);
if (ret < 0)
warn("failed to fetch envoy agent");
switch (data.status) {
case ENVOY_STOPPED:
case ENVOY_STARTED:
case ENVOY_RUNNING:
break;
case ENVOY_FAILED:
warnx("agent failed to start, check envoyd's log");
case ENVOY_BADUSER:
warnx("connection rejected, user is unauthorized to use this agent");
}
if (data.type == AGENT_GPG_AGENT) {
_cleanup_gpg_ struct gpg_t *agent = gpg_agent_connection(data.gpg, NULL);
gpg_update_tty(agent);
}
if (data.gpg[0]) {
putenvf("GPG_AGENT_INFO=%s", data.gpg);
} else {
unsetenv("GPG_AGENT_INFO");
}
putenvf("SSH_AUTH_SOCK=%s", data.sock);
}
static int get_agent(struct agent_data_t *data, enum agent id, bool start)
{
int ret = envoy_get_agent(id, data, start ? AGENT_DEFAULTS : AGENT_STATUS);
if (ret < 0)
err(EXIT_FAILURE, "failed to fetch agent");
switch (data->status) {
case ENVOY_STOPPED:
case ENVOY_STARTED:
case ENVOY_RUNNING:
break;
case ENVOY_FAILED:
errx(EXIT_FAILURE, "agent failed to start, check envoyd's log");
case ENVOY_BADUSER:
errx(EXIT_FAILURE, "connection rejected, user is unauthorized to use this agent");
}
return ret;
}
static int pam_get_agent(struct agent_data_t *data, enum agent id, uid_t uid, gid_t gid)
{
bool dropped = set_privileges(true, &uid, &gid);
int ret = envoy_get_agent(id, data, AGENT_ENVIRON);
if (ret < 0)
syslog(PAM_LOG_ERR, "failed to fetch agent: %s", strerror(errno));
switch (data->status) {
case ENVOY_STOPPED:
case ENVOY_STARTED:
case ENVOY_RUNNING:
break;
case ENVOY_FAILED:
syslog(PAM_LOG_ERR, "agent failed to start, check envoyd's log");
case ENVOY_BADUSER:
syslog(PAM_LOG_ERR, "connection rejected, user is unauthorized to use this agent");
}
if (dropped)
set_privileges(false, &uid, &gid);
return ret;
}
