static void source_agent_env(enum agent id) { struct agent_data_t data; int ret = envoy_get_agent(id, &data, AGENT_ENVIRON); if (ret < 0) warn("failed to fetch envoy agent"); switch (data.status) { case ENVOY_STOPPED: case ENVOY_STARTED: case ENVOY_RUNNING: break; case ENVOY_FAILED: warnx("agent failed to start, check envoyd's log"); case ENVOY_BADUSER: warnx("connection rejected, user is unauthorized to use this agent"); } if (data.type == AGENT_GPG_AGENT) { _cleanup_gpg_ struct gpg_t *agent = gpg_agent_connection(data.gpg, NULL); gpg_update_tty(agent); } if (data.gpg[0]) { putenvf("GPG_AGENT_INFO=%s", data.gpg); } else { unsetenv("GPG_AGENT_INFO"); } putenvf("SSH_AUTH_SOCK=%s", data.sock); }
static void source_env(struct agent_data_t *data) { if (data->type == AGENT_GPG_AGENT) { _cleanup_gpg_ struct gpg_t *agent = gpg_agent_connection(data->gpg); if (!agent) warn("failed to connect to GPG_AUTH_SOCK"); else gpg_update_tty(agent); } putenvf("SSH_AUTH_SOCK=%s", data->sock); }
/* PAM entry point for session creation */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *ph, int _unused_ flags, int argc, const char **argv) { struct agent_data_t data; const struct passwd *pwd; const char *user; enum agent id = AGENT_DEFAULT; int ret; ret = pam_get_user(ph, &user, NULL); if (ret != PAM_SUCCESS) { syslog(PAM_LOG_ERR, "pam-envoy: couldn't get the user name: %s", pam_strerror(ph, ret)); return PAM_SERVICE_ERR; } pwd = getpwnam(user); if (!pwd) { syslog(PAM_LOG_ERR, "pam-envoy: error looking up user information: %s", strerror(errno)); return PAM_SERVICE_ERR; } if (argc > 1) { syslog(PAM_LOG_WARN, "pam-envoy: too many arguments"); return PAM_SUCCESS; } else if (argc == 1) { id = lookup_agent(argv[0]); } if (pam_get_agent(&data, id, pwd->pw_uid, pwd->pw_gid) < 0) { syslog(PAM_LOG_WARN, "pam-envoy: failed to get agent for user"); return PAM_SUCCESS; } if (data.type == AGENT_GPG_AGENT) { _cleanup_gpg_ struct gpg_t *agent = gpg_agent_connection(data.gpg); gpg_update_tty(agent); pam_setenv(ph, "GPG_AGENT_INFO=%s", data.gpg); } pam_setenv(ph, "SSH_AUTH_SOCK=%s", data.sock); pam_setenv(ph, "SSH_AGENT_PID=%d", data.pid); return PAM_SUCCESS; }