[thirdparty/systemd.git] / src / pam-module.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <fcntl.h>
#include <sys/file.h>
#include <pwd.h>
#include <endian.h>
#include <sys/capability.h>

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include <security/pam_misc.h>

#include "util.h"
#include "macro.h"
#include "sd-daemon.h"
#include "strv.h"
#include "dbus-common.h"
#include "def.h"

static int parse_argv(pam_handle_t *handle,
                      int argc, const char **argv,
                      char ***controllers,
                      char ***reset_controllers,
                      bool *kill_processes,
                      char ***kill_only_users,
                      char ***kill_exclude_users,
                      bool *debug) {

        unsigned i;
        bool reset_controller_set = false;
        bool kill_exclude_users_set = false;

        assert(argc >= 0);
        assert(argc == 0 || argv);

        for (i = 0; i < (unsigned) argc; i++) {
                int k;

                if (startswith(argv[i], "kill-processes=")) {
                        if ((k = parse_boolean(argv[i] + 15)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-processes= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "kill-session=")) {
                        /* As compatibility for old versions */

                        if ((k = parse_boolean(argv[i] + 13)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "controllers=")) {

                        if (controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 12, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*controllers);
                                *controllers = l;
                        }

                } else if (startswith(argv[i], "reset-controllers=")) {

                        if (reset_controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 18, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*reset_controllers);
                                *reset_controllers = l;
                        }

                        reset_controller_set = true;

                } else if (startswith(argv[i], "kill-only-users=")) {

                        if (kill_only_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 16, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_only_users);
                                *kill_only_users = l;
                        }

                } else if (startswith(argv[i], "kill-exclude-users=")) {

                        if (kill_exclude_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 19, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_exclude_users);
                                *kill_exclude_users = l;
                        }

                        kill_exclude_users_set = true;

                } else if (startswith(argv[i], "debug=")) {
                        if ((k = parse_boolean(argv[i] + 6)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
                                return k;
                        }

                        if (debug)
                                *debug = k;

                } else if (startswith(argv[i], "create-session=") ||
                           startswith(argv[i], "kill-user=")) {

                        pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);

                } else {
                        pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
                        return -EINVAL;
                }
        }

        if (!reset_controller_set && reset_controllers) {
                char **l;

                if (!(l = strv_new("cpu", NULL))) {
                        pam_syslog(handle, LOG_ERR, "Out of memory");
                        return -ENOMEM;
                }

                *reset_controllers = l;
        }

        if (controllers)
                strv_remove(*controllers, SYSTEMD_CGROUP_CONTROLLER);

        if (reset_controllers)
                strv_remove(*reset_controllers, SYSTEMD_CGROUP_CONTROLLER);

        if (!kill_exclude_users_set && kill_exclude_users) {
                char **l;

                if (!(l = strv_new("root", NULL))) {
                        pam_syslog(handle, LOG_ERR, "Out of memory");
                        return -ENOMEM;
                }

                *kill_exclude_users = l;
        }

        return 0;
}

static int get_user_data(
                pam_handle_t *handle,
                const char **ret_username,
                struct passwd **ret_pw) {

        const char *username = NULL;
        struct passwd *pw = NULL;
        int r;
        bool have_loginuid = false;
        char *s;

        assert(handle);
        assert(ret_username);
        assert(ret_pw);

        if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) {
                /* Only use audit login uid if we are executed with
                 * sufficient capabilities so that pam_loginuid could
                 * do its job. If we are lacking the CAP_AUDIT_CONTROL
                 * capabality we most likely are being run in a
                 * container and /proc/self/loginuid is useless since
                 * it probably contains a uid of the host system. */

                if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
                        uint32_t u;

                        r = safe_atou32(s, &u);
                        free(s);

                        if (r >= 0 && u != (uint32_t) -1 && u > 0) {
                                have_loginuid = true;
                                pw = pam_modutil_getpwuid(handle, u);
                        }
                }
        }

        if (!have_loginuid) {
                if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                        return r;
                }

                if (!username || !*username) {
                        pam_syslog(handle, LOG_ERR, "User name not valid.");
                        return PAM_AUTH_ERR;
                }

                pw = pam_modutil_getpwnam(handle, username);
        }

        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;
        }

        *ret_pw = pw;
        *ret_username = username ? username : pw->pw_name;

        return PAM_SUCCESS;
}

static bool check_user_lists(
                pam_handle_t *handle,
                uid_t uid,
                char **kill_only_users,
                char **kill_exclude_users) {

        const char *name = NULL;
        char **l;

        assert(handle);

        if (uid == 0)
                name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
        else {
                struct passwd *pw;

                pw = pam_modutil_getpwuid(handle, uid);
                if (pw)
                        name = pw->pw_name;
        }

        STRV_FOREACH(l, kill_exclude_users) {
                uint32_t id;

                if (safe_atou32(*l, &id) >= 0)
                        if ((uid_t) id == uid)
                                return false;

                if (name && streq(name, *l))
                        return false;
        }

        if (strv_isempty(kill_only_users))
                return true;

        STRV_FOREACH(l, kill_only_users) {
                uint32_t id;

                if (safe_atou32(*l, &id) >= 0)
                        if ((uid_t) id == uid)
                                return true;

                if (name && streq(name, *l))
                        return true;
        }

        return false;
}

_public_ PAM_EXTERN int pam_sm_open_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        struct passwd *pw;
        bool kill_processes = false, debug = false;
        const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type;
        char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL;
        DBusError error;
        uint32_t uid, pid;
        DBusMessageIter iter;
        dbus_bool_t kp;
        int session_fd = -1;
        DBusConnection *bus = NULL;
        DBusMessage *m = NULL, *reply = NULL;
        dbus_bool_t remote;
        int r;

        assert(handle);

        dbus_error_init(&error);

        /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */

        /* Make this a NOP on non-systemd systems */
        if (sd_booted() <= 0)
                return PAM_SUCCESS;

        if (parse_argv(handle,
                       argc, argv,
                       &controllers, &reset_controllers,
                       &kill_processes, &kill_only_users, &kill_exclude_users,
                       &debug) < 0) {
                r = PAM_SESSION_ERR;
                goto finish;
        }

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS)
                goto finish;

        if (kill_processes)
                kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);

        dbus_connection_set_change_sigpipe(FALSE);

        bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
        if (!bus) {
                pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        m = dbus_message_new_method_call(
                        "org.freedesktop.login1",
                        "/org/freedesktop/login1",
                        "org.freedesktop.login1.Manager",
                        "CreateSession");

        if (!m) {
                pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        uid = pw->pw_uid;
        pid = getpid();

        pam_get_item(handle, PAM_SERVICE, (const void**) &service);
        pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
        pam_get_item(handle, PAM_TTY, (const void**) &tty);
        pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
        pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
        seat = pam_getenv(handle, "XDG_SEAT");

        service = strempty(service);
        tty = strempty(tty);
        display = strempty(display);
        remote_user = strempty(remote_user);
        remote_host = strempty(remote_host);
        seat = strempty(seat);

        if (strchr(tty, ':')) {
                /* A tty with a colon is usually an X11 display, place
                 * there to show up in utmp. We rearrange things and
                 * don't pretend that an X display was a tty */

                if (isempty(display))
                        display = tty;
                tty = "";
        }

        type = !isempty(display) ? "x11" :
                   !isempty(tty) ? "tty" : "other";

        remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");

        if (!dbus_message_append_args(m,
                                      DBUS_TYPE_UINT32, &uid,
                                      DBUS_TYPE_UINT32, &pid,
                                      DBUS_TYPE_STRING, &service,
                                      DBUS_TYPE_STRING, &type,
                                      DBUS_TYPE_STRING, &seat,
                                      DBUS_TYPE_STRING, &tty,
                                      DBUS_TYPE_STRING, &display,
                                      DBUS_TYPE_BOOLEAN, &remote,
                                      DBUS_TYPE_STRING, &remote_user,
                                      DBUS_TYPE_STRING, &remote_host,
                                      DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        dbus_message_iter_init_append(m, &iter);

        r = bus_append_strv_iter(&iter, controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        r = bus_append_strv_iter(&iter, reset_controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        kp = kill_processes;
        if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
        if (!reply) {
                pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        if (!dbus_message_get_args(reply, &error,
                                   DBUS_TYPE_STRING, &id,
                                   DBUS_TYPE_OBJECT_PATH, &object_path,
                                   DBUS_TYPE_STRING, &runtime_path,
                                   DBUS_TYPE_UNIX_FD, &session_fd,
                                   DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set session id.");
                goto finish;
        }

        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                goto finish;
        }

        if (session_fd >= 0) {
                r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
                        return r;
                }
        }

        session_fd = -1;

        r = PAM_SUCCESS;

finish:
        strv_free(controllers);
        strv_free(reset_controllers);
        strv_free(kill_only_users);
        strv_free(kill_exclude_users);

        dbus_error_free(&error);

        if (bus) {
                dbus_connection_close(bus);
                dbus_connection_unref(bus);
        }

        if (m)
                dbus_message_unref(m);

        if (reply)
                dbus_message_unref(reply);

        if (session_fd >= 0)
                close_nointr_nofail(session_fd);

        return r;
}

_public_ PAM_EXTERN int pam_sm_close_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        const void *p = NULL;

        pam_get_data(handle, "systemd.session-fd", &p);

        if (p)
                close_nointr(PTR_TO_INT(p) - 1);

        return PAM_SUCCESS;
}
Commit	Line	Data
d6c9574f	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
8c6db833 LP	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <sys/file.h>
	25	#include <pwd.h>
a838e6a1	26	#include <endian.h>
ac123445	27	#include <sys/capability.h>
8c6db833 LP	28
	29	#include <security/pam_modules.h>
	30	#include <security/_pam_macros.h>
	31	#include <security/pam_modutil.h>
	32	#include <security/pam_ext.h>
	33	#include <security/pam_misc.h>
	34
8c6db833	35	#include "util.h"
8c6db833 LP	36	#include "macro.h"
8c6db833 LP	37	#include "sd-daemon.h"
74fe1fe3	38	#include "strv.h"
98a28fef LP	39	#include "dbus-common.h"
98a28fef LP	40	#include "def.h"
8c6db833 LP	41
	42	static int parse_argv(pam_handle_t *handle,
	43	int argc, const char **argv,
b20c6be6	44	char ***controllers,
e9fbc77c	45	char ***reset_controllers,
98a28fef	46	bool *kill_processes,
e9fbc77c	47	char ***kill_only_users,
0e318cad MS	48	char ***kill_exclude_users,
0e318cad MS	49	bool *debug) {
8c6db833 LP	50
8c6db833 LP	51	unsigned i;
b20c6be6	52	bool reset_controller_set = false;
e9fbc77c	53	bool kill_exclude_users_set = false;
8c6db833 LP	54
	55	assert(argc >= 0);
	56	assert(argc == 0 \|\| argv);
	57
	58	for (i = 0; i < (unsigned) argc; i++) {
	59	int k;
	60
98a28fef	61	if (startswith(argv[i], "kill-processes=")) {
8c6db833	62	if ((k = parse_boolean(argv[i] + 15)) < 0) {
ed18b08b	63	pam_syslog(handle, LOG_ERR, "Failed to parse kill-processes= argument.");
8c6db833 LP	64	return k;
	65	}
	66
98a28fef LP	67	if (kill_processes)
98a28fef LP	68	*kill_processes = k;
74fe1fe3	69
8c6db833	70	} else if (startswith(argv[i], "kill-session=")) {
98a28fef LP	71	/* As compatibility for old versions */
98a28fef LP	72
8c6db833 LP	73	if ((k = parse_boolean(argv[i] + 13)) < 0) {
	74	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
	75	return k;
	76	}
	77
98a28fef LP	78	if (kill_processes)
98a28fef LP	79	*kill_processes = k;
74fe1fe3 LP	80
	81	} else if (startswith(argv[i], "controllers=")) {
	82
	83	if (controllers) {
	84	char **l;
	85
	86	if (!(l = strv_split(argv[i] + 12, ","))) {
	87	pam_syslog(handle, LOG_ERR, "Out of memory.");
	88	return -ENOMEM;
	89	}
	90
	91	strv_free(*controllers);
	92	*controllers = l;
	93	}
	94
b20c6be6 LP	95	} else if (startswith(argv[i], "reset-controllers=")) {
	96
	97	if (reset_controllers) {
	98	char **l;
	99
	100	if (!(l = strv_split(argv[i] + 18, ","))) {
	101	pam_syslog(handle, LOG_ERR, "Out of memory.");
	102	return -ENOMEM;
	103	}
	104
	105	strv_free(*reset_controllers);
	106	*reset_controllers = l;
	107	}
	108
	109	reset_controller_set = true;
74fe1fe3	110
e9fbc77c LP	111	} else if (startswith(argv[i], "kill-only-users=")) {
	112
	113	if (kill_only_users) {
	114	char **l;
	115
	116	if (!(l = strv_split(argv[i] + 16, ","))) {
	117	pam_syslog(handle, LOG_ERR, "Out of memory.");
	118	return -ENOMEM;
	119	}
	120
	121	strv_free(*kill_only_users);
	122	*kill_only_users = l;
	123	}
	124
	125	} else if (startswith(argv[i], "kill-exclude-users=")) {
	126
	127	if (kill_exclude_users) {
	128	char **l;
	129
	130	if (!(l = strv_split(argv[i] + 19, ","))) {
	131	pam_syslog(handle, LOG_ERR, "Out of memory.");
	132	return -ENOMEM;
	133	}
	134
	135	strv_free(*kill_exclude_users);
	136	*kill_exclude_users = l;
	137	}
	138
	139	kill_exclude_users_set = true;
	140
0e318cad MS	141	} else if (startswith(argv[i], "debug=")) {
	142	if ((k = parse_boolean(argv[i] + 6)) < 0) {
	143	pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
	144	return k;
	145	}
	146
	147	if (debug)
	148	*debug = k;
	149
98a28fef LP	150	} else if (startswith(argv[i], "create-session=") \|\|
	151	startswith(argv[i], "kill-user=")) {
	152
	153	pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);
	154
8c6db833 LP	155	} else {
	156	pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
	157	return -EINVAL;
	158	}
	159	}
	160
b20c6be6	161	if (!reset_controller_set && reset_controllers) {
74fe1fe3 LP	162	char **l;
	163
	164	if (!(l = strv_new("cpu", NULL))) {
	165	pam_syslog(handle, LOG_ERR, "Out of memory");
	166	return -ENOMEM;
	167	}
	168
b20c6be6	169	*reset_controllers = l;
74fe1fe3 LP	170	}
	171
	172	if (controllers)
98a28fef	173	strv_remove(*controllers, SYSTEMD_CGROUP_CONTROLLER);
74fe1fe3	174
b20c6be6	175	if (reset_controllers)
98a28fef	176	strv_remove(*reset_controllers, SYSTEMD_CGROUP_CONTROLLER);
8c6db833	177
e9fbc77c LP	178	if (!kill_exclude_users_set && kill_exclude_users) {
	179	char **l;
	180
	181	if (!(l = strv_new("root", NULL))) {
	182	pam_syslog(handle, LOG_ERR, "Out of memory");
	183	return -ENOMEM;
	184	}
	185
	186	*kill_exclude_users = l;
	187	}
	188
8c6db833 LP	189	return 0;
	190	}
	191
8c6db833 LP	192	static int get_user_data(
	193	pam_handle_t *handle,
	194	const char **ret_username,
	195	struct passwd **ret_pw) {
	196
d90b9d27 LP	197	const char *username = NULL;
d90b9d27 LP	198	struct passwd *pw = NULL;
8c6db833	199	int r;
d90b9d27 LP	200	bool have_loginuid = false;
d90b9d27 LP	201	char *s;
8c6db833 LP	202
	203	assert(handle);
	204	assert(ret_username);
	205	assert(ret_pw);
	206
81481c99	207	if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) {
ac123445 LP	208	/* Only use audit login uid if we are executed with
	209	* sufficient capabilities so that pam_loginuid could
	210	* do its job. If we are lacking the CAP_AUDIT_CONTROL
	211	* capabality we most likely are being run in a
	212	* container and /proc/self/loginuid is useless since
	213	* it probably contains a uid of the host system. */
d90b9d27	214
ac123445 LP	215	if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
ac123445 LP	216	uint32_t u;
d90b9d27	217
ac123445 LP	218	r = safe_atou32(s, &u);
	219	free(s);
	220
	221	if (r >= 0 && u != (uint32_t) -1 && u > 0) {
	222	have_loginuid = true;
	223	pw = pam_modutil_getpwuid(handle, u);
	224	}
d90b9d27	225	}
8c6db833 LP	226	}
8c6db833 LP	227
d90b9d27 LP	228	if (!have_loginuid) {
	229	if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) {
	230	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
	231	return r;
	232	}
	233
	234	if (!username \|\| !*username) {
	235	pam_syslog(handle, LOG_ERR, "User name not valid.");
	236	return PAM_AUTH_ERR;
	237	}
	238
	239	pw = pam_modutil_getpwnam(handle, username);
8c6db833 LP	240	}
8c6db833 LP	241
d90b9d27	242	if (!pw) {
8c6db833 LP	243	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	244	return PAM_USER_UNKNOWN;
	245	}
	246
	247	*ret_pw = pw;
d90b9d27	248	*ret_username = username ? username : pw->pw_name;
8c6db833 LP	249
	250	return PAM_SUCCESS;
	251	}
	252
e9fbc77c LP	253	static bool check_user_lists(
	254	pam_handle_t *handle,
	255	uid_t uid,
	256	char **kill_only_users,
	257	char **kill_exclude_users) {
	258
	259	const char *name = NULL;
	260	char **l;
	261
	262	assert(handle);
	263
	264	if (uid == 0)
	265	name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
	266	else {
	267	struct passwd *pw;
	268
98a28fef LP	269	pw = pam_modutil_getpwuid(handle, uid);
98a28fef LP	270	if (pw)
e9fbc77c LP	271	name = pw->pw_name;
	272	}
	273
	274	STRV_FOREACH(l, kill_exclude_users) {
	275	uint32_t id;
	276
	277	if (safe_atou32(*l, &id) >= 0)
	278	if ((uid_t) id == uid)
	279	return false;
	280
	281	if (name && streq(name, *l))
	282	return false;
	283	}
	284
	285	if (strv_isempty(kill_only_users))
	286	return true;
	287
	288	STRV_FOREACH(l, kill_only_users) {
	289	uint32_t id;
	290
	291	if (safe_atou32(*l, &id) >= 0)
	292	if ((uid_t) id == uid)
	293	return true;
	294
	295	if (name && streq(name, *l))
	296	return true;
	297	}
	298
	299	return false;
	300	}
	301
98a28fef	302	_public_ PAM_EXTERN int pam_sm_open_session(
8c6db833 LP	303	pam_handle_t *handle,
	304	int flags,
	305	int argc, const char **argv) {
	306
8c6db833	307	struct passwd *pw;
98a28fef	308	bool kill_processes = false, debug = false;
ed18b08b	309	const char username, id, object_path, runtime_path, service = NULL, tty = NULL, display = NULL, remote_user = NULL, remote_host = NULL, seat = NULL, *type;
98a28fef	310	char controllers = NULL, reset_controllers = NULL, kill_only_users = NULL, kill_exclude_users = NULL;
98a28fef LP	311	DBusError error;
	312	uint32_t uid, pid;
	313	DBusMessageIter iter;
	314	dbus_bool_t kp;
98a28fef LP	315	int session_fd = -1;
	316	DBusConnection *bus = NULL;
	317	DBusMessage m = NULL, reply = NULL;
	318	dbus_bool_t remote;
ed18b08b	319	int r;
8c6db833 LP	320
	321	assert(handle);
	322
98a28fef LP	323	dbus_error_init(&error);
98a28fef LP	324
ed18b08b	325	/* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
98a28fef	326
8c6db833 LP	327	/* Make this a NOP on non-systemd systems */
	328	if (sd_booted() <= 0)
	329	return PAM_SUCCESS;
	330
e9fbc77c LP	331	if (parse_argv(handle,
e9fbc77c LP	332	argc, argv,
98a28fef LP	333	&controllers, &reset_controllers,
98a28fef LP	334	&kill_processes, &kill_only_users, &kill_exclude_users,
ed18b08b LP	335	&debug) < 0) {
	336	r = PAM_SESSION_ERR;
	337	goto finish;
	338	}
74fe1fe3	339
98a28fef LP	340	r = get_user_data(handle, &username, &pw);
98a28fef LP	341	if (r != PAM_SUCCESS)
8c6db833 LP	342	goto finish;
8c6db833 LP	343
98a28fef LP	344	if (kill_processes)
98a28fef LP	345	kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
1f73f0f1	346
ed18b08b LP	347	dbus_connection_set_change_sigpipe(FALSE);
ed18b08b LP	348
98a28fef LP	349	bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
	350	if (!bus) {
	351	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
	352	r = PAM_SESSION_ERR;
8c6db833 LP	353	goto finish;
	354	}
	355
98a28fef LP	356	m = dbus_message_new_method_call(
	357	"org.freedesktop.login1",
	358	"/org/freedesktop/login1",
	359	"org.freedesktop.login1.Manager",
	360	"CreateSession");
74fe1fe3	361
98a28fef LP	362	if (!m) {
98a28fef LP	363	pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
8c6db833 LP	364	r = PAM_BUF_ERR;
	365	goto finish;
	366	}
	367
98a28fef LP	368	uid = pw->pw_uid;
	369	pid = getpid();
	370
	371	pam_get_item(handle, PAM_SERVICE, (const void**) &service);
	372	pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
	373	pam_get_item(handle, PAM_TTY, (const void**) &tty);
	374	pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
	375	pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
ed18b08b	376	seat = pam_getenv(handle, "XDG_SEAT");
98a28fef	377
ed18b08b LP	378	service = strempty(service);
	379	tty = strempty(tty);
	380	display = strempty(display);
	381	remote_user = strempty(remote_user);
	382	remote_host = strempty(remote_host);
	383	seat = strempty(seat);
98a28fef	384
ee8545b0 LP	385	if (strchr(tty, ':')) {
	386	/* A tty with a colon is usually an X11 display, place
	387	* there to show up in utmp. We rearrange things and
	388	* don't pretend that an X display was a tty */
	389
	390	if (isempty(display))
	391	display = tty;
cd58752a	392	tty = "";
ee8545b0 LP	393	}
ee8545b0 LP	394
98a28fef LP	395	type = !isempty(display) ? "x11" :
	396	!isempty(tty) ? "tty" : "other";
	397
	398	remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
	399
	400	if (!dbus_message_append_args(m,
	401	DBUS_TYPE_UINT32, &uid,
	402	DBUS_TYPE_UINT32, &pid,
	403	DBUS_TYPE_STRING, &service,
	404	DBUS_TYPE_STRING, &type,
	405	DBUS_TYPE_STRING, &seat,
	406	DBUS_TYPE_STRING, &tty,
	407	DBUS_TYPE_STRING, &display,
	408	DBUS_TYPE_BOOLEAN, &remote,
	409	DBUS_TYPE_STRING, &remote_user,
	410	DBUS_TYPE_STRING, &remote_host,
	411	DBUS_TYPE_INVALID)) {
	412	pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
	413	r = PAM_BUF_ERR;
	414	goto finish;
	415	}
8c6db833	416
98a28fef	417	dbus_message_iter_init_append(m, &iter);
8c6db833	418
98a28fef LP	419	r = bus_append_strv_iter(&iter, controllers);
	420	if (r < 0) {
	421	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	422	r = PAM_BUF_ERR;
	423	goto finish;
	424	}
672c48cc	425
98a28fef LP	426	r = bus_append_strv_iter(&iter, reset_controllers);
	427	if (r < 0) {
	428	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	429	r = PAM_BUF_ERR;
	430	goto finish;
	431	}
672c48cc	432
98a28fef LP	433	kp = kill_processes;
	434	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
	435	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	436	r = PAM_BUF_ERR;
	437	goto finish;
	438	}
8c6db833	439
98a28fef LP	440	reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
	441	if (!reply) {
	442	pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
	443	r = PAM_SESSION_ERR;
	444	goto finish;
	445	}
74fe1fe3	446
98a28fef LP	447	if (!dbus_message_get_args(reply, &error,
	448	DBUS_TYPE_STRING, &id,
	449	DBUS_TYPE_OBJECT_PATH, &object_path,
	450	DBUS_TYPE_STRING, &runtime_path,
	451	DBUS_TYPE_UNIX_FD, &session_fd,
	452	DBUS_TYPE_INVALID)) {
	453	pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
	454	r = PAM_SESSION_ERR;
	455	goto finish;
	456	}
74fe1fe3	457
98a28fef LP	458	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
	459	if (r != PAM_SUCCESS) {
	460	pam_syslog(handle, LOG_ERR, "Failed to set session id.");
	461	goto finish;
8c6db833 LP	462	}
8c6db833 LP	463
98a28fef LP	464	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
	465	if (r != PAM_SUCCESS) {
	466	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	467	goto finish;
	468	}
8c6db833	469
21c390cc LP	470	if (session_fd >= 0) {
	471	r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
	472	if (r != PAM_SUCCESS) {
	473	pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
	474	return r;
	475	}
98a28fef	476	}
8c6db833	477
98a28fef	478	session_fd = -1;
8c6db833	479
98a28fef	480	r = PAM_SUCCESS;
8c6db833	481
98a28fef LP	482	finish:
	483	strv_free(controllers);
	484	strv_free(reset_controllers);
	485	strv_free(kill_only_users);
	486	strv_free(kill_exclude_users);
8c6db833	487
98a28fef	488	dbus_error_free(&error);
35d2e7ec	489
98a28fef LP	490	if (bus) {
	491	dbus_connection_close(bus);
	492	dbus_connection_unref(bus);
8c6db833 LP	493	}
8c6db833 LP	494
98a28fef LP	495	if (m)
98a28fef LP	496	dbus_message_unref(m);
8c6db833	497
ed18b08b LP	498	if (reply)
	499	dbus_message_unref(reply);
	500
98a28fef LP	501	if (session_fd >= 0)
98a28fef LP	502	close_nointr_nofail(session_fd);
672c48cc	503
98a28fef LP	504	return r;
98a28fef LP	505	}
8c6db833	506
98a28fef LP	507	_public_ PAM_EXTERN int pam_sm_close_session(
	508	pam_handle_t *handle,
	509	int flags,
	510	int argc, const char **argv) {
8c6db833	511
98a28fef	512	const void *p = NULL;
8c6db833	513
98a28fef	514	pam_get_data(handle, "systemd.session-fd", &p);
74fe1fe3	515
98a28fef LP	516	if (p)
98a28fef LP	517	close_nointr(PTR_TO_INT(p) - 1);
1f73f0f1	518
98a28fef	519	return PAM_SUCCESS;
8c6db833	520	}