int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { const char *PAM_user = NULL; int ret; if (!cgm_dbus_connect()) { mysyslog(LOG_ERR, "Failed to connect to cgmanager\n"); return PAM_SESSION_ERR; } if (argc > 1 && strcmp(argv[0], "-c") == 0) ctrl_list = validate_and_dup(argv[1]); if (!ctrl_list) get_active_controllers(); cgm_escape(); ret = pam_get_user(pamh, &PAM_user, NULL); if (ret != PAM_SUCCESS) { cgm_dbus_disconnect(); mysyslog(LOG_ERR, "PAM-CGM: couldn't get user\n"); return PAM_SESSION_ERR; } ret = handle_login(PAM_user); cgm_dbus_disconnect(); return ret; }
/* * called during cgroup.c:cgroup_ops_init(), at startup. No threads. * We check whether we can talk to cgmanager, escape to root cgroup if * we are root, then close the connection. */ struct cgroup_ops *cgm_ops_init(void) { check_supports_multiple_controllers(-1); if (!collect_subsytems()) return NULL; if (api_version < CGM_SUPPORTS_MULT_CONTROLLERS) cgm_supports_multiple_controllers = false; // if root, try to escape to root cgroup if (geteuid() == 0 && !cgm_escape()) { free_subsystems(); return NULL; } return &cgmanager_ops; }