RDEV-2529

nowa opcja w pliku konfiguracyjnym enablePasswdEmail
dodana funkcja getPasswdUserEmail

SSH/PAM/rublon.config

@@ -4,4 +4,5 @@ userDomain=
 rublonApiServer=https://core.rublon.net
 failmode=safe
 prompt=1
-logging=true
+logging=true
+enablePasswdEmail=true

SSH/PAM/src/misc.h

@@ -46,4 +46,8 @@ char *signData(pam_handle_t *pamh, char *data, char *secretKey);
 int verifyData(pam_handle_t *pamh, char *data, char *secretKey, char *sign);
 int postCredentials(pam_handle_t *pamh, char *systemToken, char *accessToken, char *rublonApiServer, char *secretKey);
 char *getConfigValue(const char * value);
-void debugLog(const char *message1, const char *message2);
+void debugLog(const char *message1, const char *message2);
+
+char *getPasswdUserEmail(const char * pamUser);
+FILE *popen(const char *command, const char *mode);
+int pclose(FILE *stream);

SSH/PAM/src/pamApp.c

@@ -25,7 +25,7 @@ struct args {
 
 pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
-void* usersThread(void* input) {
+void * usersThread(void* input) {
    int out = -1;
     char *script;
     asprintf(&script,"python3 /usr/share/rublon-ssh/confirmUser.py %s %s",((struct args*)input)->rublonApiServer ,((struct args*)input)->transactionId);
@@ -41,7 +41,7 @@ void* usersThread(void* input) {
     }
 }
 
-void* methodsThread(void* input) {
+void * methodsThread(void* input) {
     char *jsonObj;
     char *url;
     char *status;
@@ -67,7 +67,7 @@ void* methodsThread(void* input) {
     } 
 }
 
-char *getConfigValue(const char * value) {
+char * getConfigValue(const char* value) {
     struct cfg_struct* cfg;
     cfg = cfg_init();
     if (cfg_load(cfg,"/etc/rublon.config") < 0)
@@ -76,11 +76,30 @@ char *getConfigValue(const char * value) {
 		return (char*)cfg_get(cfg,value);
 }
 
+char * getPasswdUserEmail(const char* pamUser) {
+    FILE *cmd;
+    char result[1024];
+    char *query;
+    asprintf(&query, "getent passwd %s  | grep -E -o '\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,6}\\b'", pamUser);
+      cmd = popen(query, "r");
+    if (cmd == NULL) {
+        result[0] = NULL;
+    }
+    while (fgets(result, sizeof(result), cmd)) {
+        pclose(cmd);
+        return result;
+    }
+    pclose(cmd);
+    result[0] = NULL;
+    return (char*)result;
+}
+
 int startRublon(pam_handle_t *pamh) {
     char *systemToken;
     char *secretKey;
     const char *appUserId;
     char *userEmail;
+    char *passwdUserEmail = NULL;
     char *userDomain;  
     char *rublonApiServer;  
     char *transactionId;
@@ -93,19 +112,29 @@ int startRublon(pam_handle_t *pamh) {
     appInfo.companyName = NULL;
     appInfo.applicationName = NULL;
 
-    struct args *threadArgs = (struct args *)malloc(sizeof(struct args));
+   struct args *threadArgs = (struct args *)malloc(sizeof(struct args));
     pam_get_user(pamh, &pamUser, NULL);
     
+    char *passwdEmail = getConfigValue("enablePasswdEmail");
+    if((passwdEmail != NULL) && (strcmp(passwdEmail,"true") == 0)) {
+        passwdUserEmail = getPasswdUserEmail(pamUser);
+        asprintf(&userEmail, "%s", passwdUserEmail);
+    }
+    
     systemToken     = getConfigValue("systemToken");
     secretKey       = getConfigValue("secretKey");
     appUserId       = pamUser;
     userEmail       = getConfigValue("userEmail");
     userDomain      = getConfigValue("userDomain");
     rublonApiServer = getConfigValue("rublonApiServer");
-    asprintf(&userEmail, "%s%s%s", pamUser,"@",userDomain);
+    if(userEmail != NULL)
+        asprintf(&userEmail, "%s%s%s", pamUser,"@",userDomain);
     transactionId   = NULL; 
 
-    debugLog("module initialization for user:", pamUser);  
+    pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "email user %s", userEmail );
+
+    debugLog("module initialization for user:", pamUser);
+    debugLog("module initialization for user email:", userEmail);  
     if(systemToken[0] == '\0')
         debugLog("No systemToken", "");
     if(secretKey[0] == '\0')