implements env handling using tty

Signed-off-by: ayushka11 <[email protected]>
sdslabs · Jan 23, 2025 · bcfccfc · bcfccfc
1 parent f8b5ed0
commit bcfccfc
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 7 deletions.
diff --git a/install/install.sh b/install/install.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 # Install all the files at right place
+mkdir -p /opt/watchdog/ssh_env
 mkdir -p /opt/watchdog/bin
 mkdir -p /opt/watchdog/logs
 touch /opt/watchdog/logs/sudo.logs

diff --git a/src/auth.rs b/src/auth.rs
@@ -1,4 +1,5 @@
 use std::fs;
+use std::env;
 
 use nix::unistd::{fork, ForkResult};
 
@@ -12,14 +13,18 @@ pub fn handle_auth(ssh_host_username: &str, ssh_key: &str) -> Result<()> {
     let config = read_config()?;
     init(&config)?;
 
-    match validate_user(&config, ssh_host_username.to_string(), ssh_key) {
+    let pam_tty = env::var("PAM_TTY") //gives terminal session
+                     .chain_err(|| "PAM_TTY not set. If you are running this by `watchdog sudo`, please don't. It's an internal command, intended to be used by PAM.")?;
+
+    match validate_user(&config, ssh_host_username.to_string(), ssh_key, pam_tty) {
         Ok(true) => {
             let data = format!(
-                "ssh_host_username = '{}'\nssh_key = '{}'\n",
+                "ssh_key = '{}'\n",
                 ssh_host_username, ssh_key
             );
-
-            fs::write("/opt/watchdog/ssh_env", data)
+            //file name is ssh_host_username_pam_tty
+            let file_name = ssh_host_username.to_string() + "_" + &pam_tty; //might cause problems due to String and &str
+            fs::write("/opt/watchdog/ssh_env/file_name", data)
                         .chain_err(|| "Cannot write temporary environment file. Please check if the watchdog `auth_keys_cmd` is run by the root user")?;
 
             println!("{}", ssh_key);

diff --git a/src/ssh.rs b/src/ssh.rs
@@ -15,19 +15,27 @@ pub fn handle_ssh() -> Result<()> {
     let pam_type = env::var("PAM_TYPE")
                     .chain_err(|| "PAM_TYPE not set. If you are running this by `watchdog ssh`, please don't. It's an internal command, intended to be used by PAM.")?;
 
+    let pam_tty = env::var("PAM_TTY") //gives terminal session
+                    .chain_err(|| "PAM_TTY not set. If you are running this by `watchdog ssh`, please don't. It's an internal command, intended to be used by PAM.")?;
+
+    let pam_ruser = env::var("PAM_RUSER") //gives ssh_host_username
+                    .chain_err(|| "PAM_RUSER not set. If you are running this by `watchdog ssh`, please don't. It's an internal command, intended to be used by PAM.")?;
+
     if pam_type == "open_session" {
         let config = read_config()?;
         init(&config)?;
+
+        let file_name = pam_ruser.to_string() + "_" + &pam_tty; //might cause problems due to String and &str
 
-        let env = read_temp_env("/opt/watchdog/ssh_env")?;
+        let env = read_temp_env("/opt/watchdog/ssh_env/file_name")?; //read appropriate env file
         let name = get_name(&config, &env.ssh_key)?;
 
         match fork() {
             Ok(ForkResult::Parent { .. }) => {
-                clear_file("/opt/watchdog/ssh_env")?;
+                clear_file("/opt/watchdog/ssh_env/file_name")?;
             }
             Ok(ForkResult::Child) => {
-                notifier::post_ssh_summary(&config, true, name, env.ssh_host_username)?;
+                notifier::post_ssh_summary(&config, true, name, pam_ruser)?;
             }
             Err(_) => println!("Fork failed"),
         }