[thirdparty/systemd.git] / src / pam-module.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <fcntl.h>
#include <sys/file.h>
#include <pwd.h>
#include <endian.h>
#include <sys/capability.h>

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include <security/pam_misc.h>

#include "util.h"
#include "macro.h"
#include "sd-daemon.h"
#include "strv.h"
#include "dbus-common.h"
#include "def.h"
#include "socket-util.h"

static int parse_argv(pam_handle_t *handle,
                      int argc, const char **argv,
                      char ***controllers,
                      char ***reset_controllers,
                      bool *kill_processes,
                      char ***kill_only_users,
                      char ***kill_exclude_users,
                      bool *debug) {

        unsigned i;

        assert(argc >= 0);
        assert(argc == 0 || argv);

        for (i = 0; i < (unsigned) argc; i++) {
                int k;

                if (startswith(argv[i], "kill-session-processes=")) {
                        if ((k = parse_boolean(argv[i] + 23)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "kill-session=")) {
                        /* As compatibility for old versions */

                        if ((k = parse_boolean(argv[i] + 13)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "controllers=")) {

                        if (controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 12, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*controllers);
                                *controllers = l;
                        }

                } else if (startswith(argv[i], "reset-controllers=")) {

                        if (reset_controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 18, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*reset_controllers);
                                *reset_controllers = l;
                        }

                } else if (startswith(argv[i], "kill-only-users=")) {

                        if (kill_only_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 16, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_only_users);
                                *kill_only_users = l;
                        }

                } else if (startswith(argv[i], "kill-exclude-users=")) {

                        if (kill_exclude_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 19, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_exclude_users);
                                *kill_exclude_users = l;
                        }

                } else if (startswith(argv[i], "debug=")) {
                        if ((k = parse_boolean(argv[i] + 6)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
                                return k;
                        }

                        if (debug)
                                *debug = k;

                } else if (startswith(argv[i], "create-session=") ||
                           startswith(argv[i], "kill-user=")) {

                        pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);

                } else {
                        pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
                        return -EINVAL;
                }
        }

        return 0;
}

static int get_user_data(
                pam_handle_t *handle,
                const char **ret_username,
                struct passwd **ret_pw) {

        const char *username = NULL;
        struct passwd *pw = NULL;
        int r;
        bool have_loginuid = false;
        char *s;

        assert(handle);
        assert(ret_username);
        assert(ret_pw);

        if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) {
                /* Only use audit login uid if we are executed with
                 * sufficient capabilities so that pam_loginuid could
                 * do its job. If we are lacking the CAP_AUDIT_CONTROL
                 * capabality we most likely are being run in a
                 * container and /proc/self/loginuid is useless since
                 * it probably contains a uid of the host system. */

                if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
                        uint32_t u;

                        r = safe_atou32(s, &u);
                        free(s);

                        if (r >= 0 && u != (uint32_t) -1 && u > 0) {
                                have_loginuid = true;
                                pw = pam_modutil_getpwuid(handle, u);
                        }
                }
        }

        if (!have_loginuid) {
                if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                        return r;
                }

                if (!username || !*username) {
                        pam_syslog(handle, LOG_ERR, "User name not valid.");
                        return PAM_AUTH_ERR;
                }

                pw = pam_modutil_getpwnam(handle, username);
        }

        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;
        }

        *ret_pw = pw;
        *ret_username = username ? username : pw->pw_name;

        return PAM_SUCCESS;
}

static bool check_user_lists(
                pam_handle_t *handle,
                uid_t uid,
                char **kill_only_users,
                char **kill_exclude_users) {

        const char *name = NULL;
        char **l;

        assert(handle);

        if (uid == 0)
                name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
        else {
                struct passwd *pw;

                pw = pam_modutil_getpwuid(handle, uid);
                if (pw)
                        name = pw->pw_name;
        }

        STRV_FOREACH(l, kill_exclude_users) {
                uint32_t id;

                if (safe_atou32(*l, &id) >= 0)
                        if ((uid_t) id == uid)
                                return false;

                if (name && streq(name, *l))
                        return false;
        }

        if (strv_isempty(kill_only_users))
                return true;

        STRV_FOREACH(l, kill_only_users) {
                uint32_t id;

                if (safe_atou32(*l, &id) >= 0)
                        if ((uid_t) id == uid)
                                return true;

                if (name && streq(name, *l))
                        return true;
        }

        return false;
}

static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
        char *p = NULL;
        int r;
        int fd;
        union sockaddr_union sa;
        struct ucred ucred;
        socklen_t l;
        char *tty;
        int v;

        assert(display);
        assert(seat);
        assert(vtnr);

        /* We deduce the X11 socket from the display name, then use
         * SO_PEERCRED to determine the X11 server process, ask for
         * the controlling tty of that and if it's a VC then we know
         * the seat and the virtual terminal. Sounds ugly, is only
         * semi-ugly. */

        r = socket_from_display(display, &p);
        if (r < 0)
                return r;

        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0) {
                free(p);
                return -errno;
        }

        zero(sa);
        sa.un.sun_family = AF_UNIX;
        strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
        free(p);

        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
                close_nointr_nofail(fd);
                return -errno;
        }

        l = sizeof(ucred);
        r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
        close_nointr_nofail(fd);

        if (r < 0)
                return -errno;

        r = get_ctty(ucred.pid, NULL, &tty);
        if (r < 0)
                return r;

        v = vtnr_from_tty(tty);
        free(tty);

        if (v < 0)
                return v;
        else if (v == 0)
                return -ENOENT;

        *seat = "seat0";
        *vtnr = (uint32_t) v;

        return 0;
}

_public_ PAM_EXTERN int pam_sm_open_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        struct passwd *pw;
        bool kill_processes = false, debug = false;
        const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type, *cvtnr = NULL;
        char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL;
        DBusError error;
        uint32_t uid, pid;
        DBusMessageIter iter;
        dbus_bool_t kp;
        int session_fd = -1;
        DBusConnection *bus = NULL;
        DBusMessage *m = NULL, *reply = NULL;
        dbus_bool_t remote;
        int r;
        uint32_t vtnr = 0;

        assert(handle);

        dbus_error_init(&error);

        /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */

        /* Make this a NOP on non-systemd systems */
        if (sd_booted() <= 0)
                return PAM_SUCCESS;

        /* Make sure we don't enter a loop by talking to
         * systemd-logind when it is actually waiting for the
         * background to finish start-up, */
        pam_get_item(handle, PAM_SERVICE, (const void**) &service);
        if (streq_ptr(service, "systemd-shared"))
                return PAM_SUCCESS;

        if (parse_argv(handle,
                       argc, argv,
                       &controllers, &reset_controllers,
                       &kill_processes, &kill_only_users, &kill_exclude_users,
                       &debug) < 0) {
                r = PAM_SESSION_ERR;
                goto finish;
        }

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS)
                goto finish;

        if (kill_processes)
                kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);

        dbus_connection_set_change_sigpipe(FALSE);

        bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
        if (!bus) {
                pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        m = dbus_message_new_method_call(
                        "org.freedesktop.login1",
                        "/org/freedesktop/login1",
                        "org.freedesktop.login1.Manager",
                        "CreateSession");

        if (!m) {
                pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        uid = pw->pw_uid;
        pid = getpid();

        pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
        pam_get_item(handle, PAM_TTY, (const void**) &tty);
        pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
        pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
        seat = pam_getenv(handle, "LOGIN_SEAT");
        cvtnr = pam_getenv(handle, "LOGIN_VTNR");

        service = strempty(service);
        tty = strempty(tty);
        display = strempty(display);
        remote_user = strempty(remote_user);
        remote_host = strempty(remote_host);
        seat = strempty(seat);

        if (strchr(tty, ':')) {
                /* A tty with a colon is usually an X11 display, place
                 * there to show up in utmp. We rearrange things and
                 * don't pretend that an X display was a tty */

                if (isempty(display))
                        display = tty;
                tty = "";
        }

        if (!isempty(cvtnr))
                safe_atou32(cvtnr, &vtnr);

        if (!isempty(display) && isempty(seat) && vtnr <= 0)
                get_seat_from_display(display, &seat, &vtnr);

        type = !isempty(display) ? "x11" :
                   !isempty(tty) ? "tty" : "other";

        remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");

        if (!dbus_message_append_args(m,
                                      DBUS_TYPE_UINT32, &uid,
                                      DBUS_TYPE_UINT32, &pid,
                                      DBUS_TYPE_STRING, &service,
                                      DBUS_TYPE_STRING, &type,
                                      DBUS_TYPE_STRING, &seat,
                                      DBUS_TYPE_UINT32, &vtnr,
                                      DBUS_TYPE_STRING, &tty,
                                      DBUS_TYPE_STRING, &display,
                                      DBUS_TYPE_BOOLEAN, &remote,
                                      DBUS_TYPE_STRING, &remote_user,
                                      DBUS_TYPE_STRING, &remote_host,
                                      DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        dbus_message_iter_init_append(m, &iter);

        r = bus_append_strv_iter(&iter, controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        r = bus_append_strv_iter(&iter, reset_controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        kp = kill_processes;
        if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
        if (!reply) {
                pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        if (!dbus_message_get_args(reply, &error,
                                   DBUS_TYPE_STRING, &id,
                                   DBUS_TYPE_OBJECT_PATH, &object_path,
                                   DBUS_TYPE_STRING, &runtime_path,
                                   DBUS_TYPE_UNIX_FD, &session_fd,
                                   DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set session id.");
                goto finish;
        }

        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                goto finish;
        }

        if (session_fd >= 0) {
                r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
                        return r;
                }
        }

        session_fd = -1;

        r = PAM_SUCCESS;

finish:
        strv_free(controllers);
        strv_free(reset_controllers);
        strv_free(kill_only_users);
        strv_free(kill_exclude_users);

        dbus_error_free(&error);

        if (bus) {
                dbus_connection_close(bus);
                dbus_connection_unref(bus);
        }

        if (m)
                dbus_message_unref(m);

        if (reply)
                dbus_message_unref(reply);

        if (session_fd >= 0)
                close_nointr_nofail(session_fd);

        return r;
}

_public_ PAM_EXTERN int pam_sm_close_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        const void *p = NULL;

        pam_get_data(handle, "systemd.session-fd", &p);

        if (p)
                close_nointr(PTR_TO_INT(p) - 1);

        return PAM_SUCCESS;
}
Commit	Line	Data
d6c9574f	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
8c6db833 LP	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <sys/file.h>
	25	#include <pwd.h>
a838e6a1	26	#include <endian.h>
ac123445	27	#include <sys/capability.h>
8c6db833 LP	28
	29	#include <security/pam_modules.h>
	30	#include <security/_pam_macros.h>
	31	#include <security/pam_modutil.h>
	32	#include <security/pam_ext.h>
	33	#include <security/pam_misc.h>
	34
8c6db833	35	#include "util.h"
8c6db833 LP	36	#include "macro.h"
8c6db833 LP	37	#include "sd-daemon.h"
74fe1fe3	38	#include "strv.h"
98a28fef LP	39	#include "dbus-common.h"
98a28fef LP	40	#include "def.h"
4d6d6518	41	#include "socket-util.h"
8c6db833 LP	42
	43	static int parse_argv(pam_handle_t *handle,
	44	int argc, const char **argv,
b20c6be6	45	char ***controllers,
e9fbc77c	46	char ***reset_controllers,
98a28fef	47	bool *kill_processes,
e9fbc77c	48	char ***kill_only_users,
0e318cad MS	49	char ***kill_exclude_users,
0e318cad MS	50	bool *debug) {
8c6db833 LP	51
	52	unsigned i;
	53
	54	assert(argc >= 0);
	55	assert(argc == 0 \|\| argv);
	56
	57	for (i = 0; i < (unsigned) argc; i++) {
	58	int k;
	59
c36eecdf LP	60	if (startswith(argv[i], "kill-session-processes=")) {
	61	if ((k = parse_boolean(argv[i] + 23)) < 0) {
	62	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
8c6db833 LP	63	return k;
	64	}
	65
98a28fef LP	66	if (kill_processes)
98a28fef LP	67	*kill_processes = k;
74fe1fe3	68
8c6db833	69	} else if (startswith(argv[i], "kill-session=")) {
98a28fef LP	70	/* As compatibility for old versions */
98a28fef LP	71
8c6db833 LP	72	if ((k = parse_boolean(argv[i] + 13)) < 0) {
	73	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
	74	return k;
	75	}
	76
98a28fef LP	77	if (kill_processes)
98a28fef LP	78	*kill_processes = k;
74fe1fe3 LP	79
	80	} else if (startswith(argv[i], "controllers=")) {
	81
	82	if (controllers) {
	83	char **l;
	84
	85	if (!(l = strv_split(argv[i] + 12, ","))) {
	86	pam_syslog(handle, LOG_ERR, "Out of memory.");
	87	return -ENOMEM;
	88	}
	89
	90	strv_free(*controllers);
	91	*controllers = l;
	92	}
	93
b20c6be6 LP	94	} else if (startswith(argv[i], "reset-controllers=")) {
	95
	96	if (reset_controllers) {
	97	char **l;
	98
	99	if (!(l = strv_split(argv[i] + 18, ","))) {
	100	pam_syslog(handle, LOG_ERR, "Out of memory.");
	101	return -ENOMEM;
	102	}
	103
	104	strv_free(*reset_controllers);
	105	*reset_controllers = l;
	106	}
	107
e9fbc77c LP	108	} else if (startswith(argv[i], "kill-only-users=")) {
	109
	110	if (kill_only_users) {
	111	char **l;
	112
	113	if (!(l = strv_split(argv[i] + 16, ","))) {
	114	pam_syslog(handle, LOG_ERR, "Out of memory.");
	115	return -ENOMEM;
	116	}
	117
	118	strv_free(*kill_only_users);
	119	*kill_only_users = l;
	120	}
	121
	122	} else if (startswith(argv[i], "kill-exclude-users=")) {
	123
	124	if (kill_exclude_users) {
	125	char **l;
	126
	127	if (!(l = strv_split(argv[i] + 19, ","))) {
	128	pam_syslog(handle, LOG_ERR, "Out of memory.");
	129	return -ENOMEM;
	130	}
	131
	132	strv_free(*kill_exclude_users);
	133	*kill_exclude_users = l;
	134	}
	135
0e318cad MS	136	} else if (startswith(argv[i], "debug=")) {
	137	if ((k = parse_boolean(argv[i] + 6)) < 0) {
	138	pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
	139	return k;
	140	}
	141
	142	if (debug)
	143	*debug = k;
	144
98a28fef LP	145	} else if (startswith(argv[i], "create-session=") \|\|
	146	startswith(argv[i], "kill-user=")) {
	147
	148	pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);
	149
8c6db833 LP	150	} else {
	151	pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
	152	return -EINVAL;
	153	}
	154	}
	155
8c6db833 LP	156	return 0;
	157	}
	158
8c6db833 LP	159	static int get_user_data(
	160	pam_handle_t *handle,
	161	const char **ret_username,
	162	struct passwd **ret_pw) {
	163
d90b9d27 LP	164	const char *username = NULL;
d90b9d27 LP	165	struct passwd *pw = NULL;
8c6db833	166	int r;
d90b9d27 LP	167	bool have_loginuid = false;
d90b9d27 LP	168	char *s;
8c6db833 LP	169
	170	assert(handle);
	171	assert(ret_username);
	172	assert(ret_pw);
	173
81481c99	174	if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) {
ac123445 LP	175	/* Only use audit login uid if we are executed with
	176	* sufficient capabilities so that pam_loginuid could
	177	* do its job. If we are lacking the CAP_AUDIT_CONTROL
	178	* capabality we most likely are being run in a
	179	* container and /proc/self/loginuid is useless since
	180	* it probably contains a uid of the host system. */
d90b9d27	181
ac123445 LP	182	if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
ac123445 LP	183	uint32_t u;
d90b9d27	184
ac123445 LP	185	r = safe_atou32(s, &u);
	186	free(s);
	187
	188	if (r >= 0 && u != (uint32_t) -1 && u > 0) {
	189	have_loginuid = true;
	190	pw = pam_modutil_getpwuid(handle, u);
	191	}
d90b9d27	192	}
8c6db833 LP	193	}
8c6db833 LP	194
d90b9d27 LP	195	if (!have_loginuid) {
	196	if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) {
	197	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
	198	return r;
	199	}
	200
	201	if (!username \|\| !*username) {
	202	pam_syslog(handle, LOG_ERR, "User name not valid.");
	203	return PAM_AUTH_ERR;
	204	}
	205
	206	pw = pam_modutil_getpwnam(handle, username);
8c6db833 LP	207	}
8c6db833 LP	208
d90b9d27	209	if (!pw) {
8c6db833 LP	210	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	211	return PAM_USER_UNKNOWN;
	212	}
	213
	214	*ret_pw = pw;
d90b9d27	215	*ret_username = username ? username : pw->pw_name;
8c6db833 LP	216
	217	return PAM_SUCCESS;
	218	}
	219
e9fbc77c LP	220	static bool check_user_lists(
	221	pam_handle_t *handle,
	222	uid_t uid,
	223	char **kill_only_users,
	224	char **kill_exclude_users) {
	225
	226	const char *name = NULL;
	227	char **l;
	228
	229	assert(handle);
	230
	231	if (uid == 0)
	232	name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
	233	else {
	234	struct passwd *pw;
	235
98a28fef LP	236	pw = pam_modutil_getpwuid(handle, uid);
98a28fef LP	237	if (pw)
e9fbc77c LP	238	name = pw->pw_name;
	239	}
	240
	241	STRV_FOREACH(l, kill_exclude_users) {
	242	uint32_t id;
	243
	244	if (safe_atou32(*l, &id) >= 0)
	245	if ((uid_t) id == uid)
	246	return false;
	247
	248	if (name && streq(name, *l))
	249	return false;
	250	}
	251
	252	if (strv_isempty(kill_only_users))
	253	return true;
	254
	255	STRV_FOREACH(l, kill_only_users) {
	256	uint32_t id;
	257
	258	if (safe_atou32(*l, &id) >= 0)
	259	if ((uid_t) id == uid)
	260	return true;
	261
	262	if (name && streq(name, *l))
	263	return true;
	264	}
	265
	266	return false;
	267	}
	268
4d6d6518 LP	269	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {
	270	char *p = NULL;
	271	int r;
	272	int fd;
	273	union sockaddr_union sa;
	274	struct ucred ucred;
	275	socklen_t l;
	276	char *tty;
	277	int v;
	278
	279	assert(display);
	280	assert(seat);
	281	assert(vtnr);
	282
	283	/* We deduce the X11 socket from the display name, then use
	284	* SO_PEERCRED to determine the X11 server process, ask for
	285	* the controlling tty of that and if it's a VC then we know
	286	* the seat and the virtual terminal. Sounds ugly, is only
	287	* semi-ugly. */
	288
	289	r = socket_from_display(display, &p);
	290	if (r < 0)
	291	return r;
	292
	293	fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);
	294	if (fd < 0) {
	295	free(p);
	296	return -errno;
	297	}
	298
	299	zero(sa);
	300	sa.un.sun_family = AF_UNIX;
	301	strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
	302	free(p);
	303
	304	if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
	305	close_nointr_nofail(fd);
	306	return -errno;
	307	}
	308
	309	l = sizeof(ucred);
	310	r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
	311	close_nointr_nofail(fd);
	312
	313	if (r < 0)
	314	return -errno;
	315
	316	r = get_ctty(ucred.pid, NULL, &tty);
	317	if (r < 0)
	318	return r;
	319
	320	v = vtnr_from_tty(tty);
	321	free(tty);
	322
	323	if (v < 0)
	324	return v;
	325	else if (v == 0)
	326	return -ENOENT;
	327
	328	*seat = "seat0";
	329	*vtnr = (uint32_t) v;
	330
	331	return 0;
	332	}
333
98a28fef	334	_public_ PAM_EXTERN int pam_sm_open_session(
8c6db833 LP	335	pam_handle_t *handle,
	336	int flags,
	337	int argc, const char **argv) {
	338
8c6db833	339	struct passwd *pw;
98a28fef	340	bool kill_processes = false, debug = false;
4d6d6518	341	const char username, id, object_path, runtime_path, service = NULL, tty = NULL, display = NULL, remote_user = NULL, remote_host = NULL, seat = NULL, type, cvtnr = NULL;
98a28fef	342	char controllers = NULL, reset_controllers = NULL, kill_only_users = NULL, kill_exclude_users = NULL;
98a28fef LP	343	DBusError error;
	344	uint32_t uid, pid;
	345	DBusMessageIter iter;
	346	dbus_bool_t kp;
98a28fef LP	347	int session_fd = -1;
	348	DBusConnection *bus = NULL;
	349	DBusMessage m = NULL, reply = NULL;
	350	dbus_bool_t remote;
ed18b08b	351	int r;
4d6d6518	352	uint32_t vtnr = 0;
8c6db833 LP	353
	354	assert(handle);
	355
98a28fef LP	356	dbus_error_init(&error);
98a28fef LP	357
ed18b08b	358	/* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
98a28fef	359
8c6db833 LP	360	/* Make this a NOP on non-systemd systems */
	361	if (sd_booted() <= 0)
	362	return PAM_SUCCESS;
	363
d42d27ea LP	364	/* Make sure we don't enter a loop by talking to
	365	* systemd-logind when it is actually waiting for the
	366	* background to finish start-up, */
	367	pam_get_item(handle, PAM_SERVICE, (const void**) &service);
	368	if (streq_ptr(service, "systemd-shared"))
	369	return PAM_SUCCESS;
	370
e9fbc77c LP	371	if (parse_argv(handle,
e9fbc77c LP	372	argc, argv,
98a28fef LP	373	&controllers, &reset_controllers,
98a28fef LP	374	&kill_processes, &kill_only_users, &kill_exclude_users,
ed18b08b LP	375	&debug) < 0) {
	376	r = PAM_SESSION_ERR;
	377	goto finish;
	378	}
74fe1fe3	379
98a28fef LP	380	r = get_user_data(handle, &username, &pw);
98a28fef LP	381	if (r != PAM_SUCCESS)
8c6db833 LP	382	goto finish;
8c6db833 LP	383
98a28fef LP	384	if (kill_processes)
98a28fef LP	385	kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
1f73f0f1	386
ed18b08b LP	387	dbus_connection_set_change_sigpipe(FALSE);
ed18b08b LP	388
98a28fef LP	389	bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
	390	if (!bus) {
	391	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
	392	r = PAM_SESSION_ERR;
8c6db833 LP	393	goto finish;
	394	}
	395
98a28fef LP	396	m = dbus_message_new_method_call(
	397	"org.freedesktop.login1",
	398	"/org/freedesktop/login1",
	399	"org.freedesktop.login1.Manager",
	400	"CreateSession");
74fe1fe3	401
98a28fef LP	402	if (!m) {
98a28fef LP	403	pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
8c6db833 LP	404	r = PAM_BUF_ERR;
	405	goto finish;
	406	}
	407
98a28fef LP	408	uid = pw->pw_uid;
	409	pid = getpid();
	410
98a28fef LP	411	pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
	412	pam_get_item(handle, PAM_TTY, (const void**) &tty);
	413	pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
	414	pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
4d6d6518 LP	415	seat = pam_getenv(handle, "LOGIN_SEAT");
4d6d6518 LP	416	cvtnr = pam_getenv(handle, "LOGIN_VTNR");
98a28fef	417
ed18b08b LP	418	service = strempty(service);
	419	tty = strempty(tty);
	420	display = strempty(display);
	421	remote_user = strempty(remote_user);
	422	remote_host = strempty(remote_host);
	423	seat = strempty(seat);
98a28fef	424
ee8545b0 LP	425	if (strchr(tty, ':')) {
	426	/* A tty with a colon is usually an X11 display, place
	427	* there to show up in utmp. We rearrange things and
	428	* don't pretend that an X display was a tty */
	429
	430	if (isempty(display))
	431	display = tty;
cd58752a	432	tty = "";
ee8545b0 LP	433	}
ee8545b0 LP	434
4d6d6518 LP	435	if (!isempty(cvtnr))
	436	safe_atou32(cvtnr, &vtnr);
	437
	438	if (!isempty(display) && isempty(seat) && vtnr <= 0)
	439	get_seat_from_display(display, &seat, &vtnr);
	440
98a28fef LP	441	type = !isempty(display) ? "x11" :
	442	!isempty(tty) ? "tty" : "other";
	443
	444	remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
	445
	446	if (!dbus_message_append_args(m,
	447	DBUS_TYPE_UINT32, &uid,
	448	DBUS_TYPE_UINT32, &pid,
	449	DBUS_TYPE_STRING, &service,
	450	DBUS_TYPE_STRING, &type,
	451	DBUS_TYPE_STRING, &seat,
4d6d6518	452	DBUS_TYPE_UINT32, &vtnr,
98a28fef LP	453	DBUS_TYPE_STRING, &tty,
	454	DBUS_TYPE_STRING, &display,
	455	DBUS_TYPE_BOOLEAN, &remote,
	456	DBUS_TYPE_STRING, &remote_user,
	457	DBUS_TYPE_STRING, &remote_host,
	458	DBUS_TYPE_INVALID)) {
	459	pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
	460	r = PAM_BUF_ERR;
	461	goto finish;
	462	}
8c6db833	463
98a28fef	464	dbus_message_iter_init_append(m, &iter);
8c6db833	465
98a28fef LP	466	r = bus_append_strv_iter(&iter, controllers);
	467	if (r < 0) {
	468	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	469	r = PAM_BUF_ERR;
	470	goto finish;
	471	}
672c48cc	472
98a28fef LP	473	r = bus_append_strv_iter(&iter, reset_controllers);
	474	if (r < 0) {
	475	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	476	r = PAM_BUF_ERR;
	477	goto finish;
	478	}
672c48cc	479
98a28fef LP	480	kp = kill_processes;
	481	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
	482	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	483	r = PAM_BUF_ERR;
	484	goto finish;
	485	}
8c6db833	486
98a28fef LP	487	reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
	488	if (!reply) {
	489	pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
	490	r = PAM_SESSION_ERR;
	491	goto finish;
	492	}
74fe1fe3	493
98a28fef LP	494	if (!dbus_message_get_args(reply, &error,
	495	DBUS_TYPE_STRING, &id,
	496	DBUS_TYPE_OBJECT_PATH, &object_path,
	497	DBUS_TYPE_STRING, &runtime_path,
	498	DBUS_TYPE_UNIX_FD, &session_fd,
	499	DBUS_TYPE_INVALID)) {
	500	pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
	501	r = PAM_SESSION_ERR;
	502	goto finish;
	503	}
74fe1fe3	504
98a28fef LP	505	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
	506	if (r != PAM_SUCCESS) {
	507	pam_syslog(handle, LOG_ERR, "Failed to set session id.");
	508	goto finish;
8c6db833 LP	509	}
8c6db833 LP	510
98a28fef LP	511	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
	512	if (r != PAM_SUCCESS) {
	513	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	514	goto finish;
	515	}
8c6db833	516
21c390cc LP	517	if (session_fd >= 0) {
	518	r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
	519	if (r != PAM_SUCCESS) {
	520	pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
	521	return r;
	522	}
98a28fef	523	}
8c6db833	524
98a28fef	525	session_fd = -1;
8c6db833	526
98a28fef	527	r = PAM_SUCCESS;
8c6db833	528
98a28fef LP	529	finish:
	530	strv_free(controllers);
	531	strv_free(reset_controllers);
	532	strv_free(kill_only_users);
	533	strv_free(kill_exclude_users);
8c6db833	534
98a28fef	535	dbus_error_free(&error);
35d2e7ec	536
98a28fef LP	537	if (bus) {
	538	dbus_connection_close(bus);
	539	dbus_connection_unref(bus);
8c6db833 LP	540	}
8c6db833 LP	541
98a28fef LP	542	if (m)
98a28fef LP	543	dbus_message_unref(m);
8c6db833	544
ed18b08b LP	545	if (reply)
	546	dbus_message_unref(reply);
	547
98a28fef LP	548	if (session_fd >= 0)
98a28fef LP	549	close_nointr_nofail(session_fd);
672c48cc	550
98a28fef LP	551	return r;
98a28fef LP	552	}
8c6db833	553
98a28fef LP	554	_public_ PAM_EXTERN int pam_sm_close_session(
	555	pam_handle_t *handle,
	556	int flags,
	557	int argc, const char **argv) {
8c6db833	558
98a28fef	559	const void *p = NULL;
8c6db833	560
98a28fef	561	pam_get_data(handle, "systemd.session-fd", &p);
74fe1fe3	562
98a28fef LP	563	if (p)
98a28fef LP	564	close_nointr(PTR_TO_INT(p) - 1);
1f73f0f1	565
98a28fef	566	return PAM_SUCCESS;
8c6db833	567	}