[mirrors/Programs.git] / bash / ssh-jail / ssh-jail.sh

#!/bin/sh
#env; exit 0

jail_dir="/var/chroot-jails"
jail_system="/var/chroot-sys"

user="$PAM_USER"
home="$(getent passwd "$user" | cut -f6 -d:)"
home_system="$jail_system/$home"
home_chroot="$jail_dir/$user/$home";

echo "$PAM_USER, $PAM_SERVICE, $PAM_TTY, $PAM_RHOST, $PAM_TYPE"

[ "$user" = "root" ] && {
	echo "no chroots for roots"
	exit 0;
}

#TODO: test if $home is in /home/

mkdir -p "$home_system"
mkdir -p "$jail_dir/$user"
chown "$user:$user" "$home_system"
chown -R root:root "$jail_system"

function is_mounted() {
	dir=$(echo "$1" | sed -e 's/\/\/*/\//g; s/\/$//g;')
	cut -d ' ' -f 2 /proc/mounts  | grep "^$dir$" >/dev/null
}

function bind() {
	from="$1"
	to="$2"
	opt="$3"

	is_mounted "$to" || {
		echo "Mounting: $from to $to";
		mount -o bind "$from" "$to"
	}
	[ -n "$opt" ] && mount -o remount,bind,"$opt" "$to"
	is_mounted "$to" || {
		echo "Not mounted: $to"
		return 1
	}
	return 0
}

case "$PAM_TYPE" in
	close_session)
		#TODO: unmount if not busy
		#umount "$jail_dir/$user" && umount "$home_chroot"
		exit 0
		;;
	*)
		bind "$jail_system" "$jail_dir/$user" ',ro' || exit 1
		bind "$home" "$home_chroot" || exit 2
		;;
esac

exit 0
Commit	Line	Data
a4edb895 TM	1	#!/bin/sh
	2	#env; exit 0
	3
	4	jail_dir="/var/chroot-jails"
	5	jail_system="/var/chroot-sys"
	6
	7	user="$PAM_USER"
	8	home="$(getent passwd "$user" \| cut -f6 -d:)"
	9	home_system="$jail_system/$home"
	10	home_chroot="$jail_dir/$user/$home";
	11
	12	echo "$PAM_USER, $PAM_SERVICE, $PAM_TTY, $PAM_RHOST, $PAM_TYPE"
	13
	14	[ "$user" = "root" ] && {
	15	echo "no chroots for roots"
	16	exit 0;
	17	}
	18
	19	#TODO: test if $home is in /home/
	20
	21	mkdir -p "$home_system"
	22	mkdir -p "$jail_dir/$user"
	23	chown "$user:$user" "$home_system"
	24	chown -R root:root "$jail_system"
	25
	26	function is_mounted() {
	27	dir=$(echo "$1" \| sed -e 's/\/\/*/\//g; s/\/$//g;')
	28	cut -d ' ' -f 2 /proc/mounts \| grep "^$dir$" >/dev/null
	29	}
	30
	31	function bind() {
	32	from="$1"
	33	to="$2"
	34	opt="$3"
	35
	36	is_mounted "$to" \|\| {
	37	echo "Mounting: $from to $to";
	38	mount -o bind "$from" "$to"
	39	}
	40	[ -n "$opt" ] && mount -o remount,bind,"$opt" "$to"
	41	is_mounted "$to" \|\| {
	42	echo "Not mounted: $to"
	43	return 1
	44	}
	45	return 0
	46	}
	47
	48	case "$PAM_TYPE" in
	49	close_session)
	50	#TODO: unmount if not busy
	51	#umount "$jail_dir/$user" && umount "$home_chroot"
	52	exit 0
	53	;;
	54	*)
	55	bind "$jail_system" "$jail_dir/$user" ',ro' \|\| exit 1
	56	bind "$home" "$home_chroot" \|\| exit 2
	57	;;
	58	esac
	59
	60	exit 0