[thirdparty/systemd.git] / src / login / pam-module.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <fcntl.h>
#include <sys/file.h>
#include <pwd.h>
#include <endian.h>
#include <sys/capability.h>

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include <security/pam_misc.h>

#include "util.h"
#include "macro.h"
#include "sd-daemon.h"
#include "strv.h"
#include "dbus-common.h"
#include "def.h"
#include "socket-util.h"

static int parse_argv(pam_handle_t *handle,
                      int argc, const char **argv,
                      char ***controllers,
                      char ***reset_controllers,
                      bool *kill_processes,
                      char ***kill_only_users,
                      char ***kill_exclude_users,
                      bool *debug) {

        unsigned i;

        assert(argc >= 0);
        assert(argc == 0 || argv);

        for (i = 0; i < (unsigned) argc; i++) {
                int k;

                if (startswith(argv[i], "kill-session-processes=")) {
                        if ((k = parse_boolean(argv[i] + 23)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "kill-session=")) {
                        /* As compatibility for old versions */

                        if ((k = parse_boolean(argv[i] + 13)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "controllers=")) {

                        if (controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 12, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*controllers);
                                *controllers = l;
                        }

                } else if (startswith(argv[i], "reset-controllers=")) {

                        if (reset_controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 18, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*reset_controllers);
                                *reset_controllers = l;
                        }

                } else if (startswith(argv[i], "kill-only-users=")) {

                        if (kill_only_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 16, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_only_users);
                                *kill_only_users = l;
                        }

                } else if (startswith(argv[i], "kill-exclude-users=")) {

                        if (kill_exclude_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 19, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_exclude_users);
                                *kill_exclude_users = l;
                        }

                } else if (startswith(argv[i], "debug=")) {
                        if ((k = parse_boolean(argv[i] + 6)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
                                return k;
                        }

                        if (debug)
                                *debug = k;

                } else if (startswith(argv[i], "create-session=") ||
                           startswith(argv[i], "kill-user=")) {

                        pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);

                } else {
                        pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
                        return -EINVAL;
                }
        }

        return 0;
}

static int get_user_data(
                pam_handle_t *handle,
                const char **ret_username,
                struct passwd **ret_pw) {

        const char *username = NULL;
        struct passwd *pw = NULL;
        uid_t uid;
        int r;

        assert(handle);
        assert(ret_username);
        assert(ret_pw);

        r = audit_loginuid_from_pid(0, &uid);
        if (r >= 0)
                pw = pam_modutil_getpwuid(handle, uid);
        else {
                r = pam_get_user(handle, &username, NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                        return r;
                }

                if (isempty(username)) {
                        pam_syslog(handle, LOG_ERR, "User name not valid.");
                        return PAM_AUTH_ERR;
                }

                pw = pam_modutil_getpwnam(handle, username);
        }

        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;
        }

        *ret_pw = pw;
        *ret_username = username ? username : pw->pw_name;

        return PAM_SUCCESS;
}

static bool check_user_lists(
                pam_handle_t *handle,
                uid_t uid,
                char **kill_only_users,
                char **kill_exclude_users) {

        const char *name = NULL;
        char **l;

        assert(handle);

        if (uid == 0)
                name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
        else {
                struct passwd *pw;

                pw = pam_modutil_getpwuid(handle, uid);
                if (pw)
                        name = pw->pw_name;
        }

        STRV_FOREACH(l, kill_exclude_users) {
                uid_t u;

                if (parse_uid(*l, &u) >= 0)
                        if (u == uid)
                                return false;

                if (name && streq(name, *l))
                        return false;
        }

        if (strv_isempty(kill_only_users))
                return true;

        STRV_FOREACH(l, kill_only_users) {
                uid_t u;

                if (parse_uid(*l, &u) >= 0)
                        if (u == uid)
                                return true;

                if (name && streq(name, *l))
                        return true;
        }

        return false;
}

static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
        char *p = NULL;
        int r;
        int fd;
        union sockaddr_union sa;
        struct ucred ucred;
        socklen_t l;
        char *tty;
        int v;

        assert(display);
        assert(seat);
        assert(vtnr);

        /* We deduce the X11 socket from the display name, then use
         * SO_PEERCRED to determine the X11 server process, ask for
         * the controlling tty of that and if it's a VC then we know
         * the seat and the virtual terminal. Sounds ugly, is only
         * semi-ugly. */

        r = socket_from_display(display, &p);
        if (r < 0)
                return r;

        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0) {
                free(p);
                return -errno;
        }

        zero(sa);
        sa.un.sun_family = AF_UNIX;
        strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
        free(p);

        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
                close_nointr_nofail(fd);
                return -errno;
        }

        l = sizeof(ucred);
        r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
        close_nointr_nofail(fd);

        if (r < 0)
                return -errno;

        r = get_ctty(ucred.pid, NULL, &tty);
        if (r < 0)
                return r;

        v = vtnr_from_tty(tty);
        free(tty);

        if (v < 0)
                return v;
        else if (v == 0)
                return -ENOENT;

        *seat = "seat0";
        *vtnr = (uint32_t) v;

        return 0;
}

_public_ PAM_EXTERN int pam_sm_open_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        struct passwd *pw;
        bool kill_processes = false, debug = false;
        const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type, *cvtnr = NULL;
        char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL;
        DBusError error;
        uint32_t uid, pid;
        DBusMessageIter iter;
        dbus_bool_t kp;
        int session_fd = -1;
        DBusConnection *bus = NULL;
        DBusMessage *m = NULL, *reply = NULL;
        dbus_bool_t remote;
        int r;
        uint32_t vtnr = 0;

        assert(handle);

        dbus_error_init(&error);

        /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */

        /* Make this a NOP on non-systemd systems */
        if (sd_booted() <= 0)
                return PAM_SUCCESS;

        if (parse_argv(handle,
                       argc, argv,
                       &controllers, &reset_controllers,
                       &kill_processes, &kill_only_users, &kill_exclude_users,
                       &debug) < 0) {
                r = PAM_SESSION_ERR;
                goto finish;
        }

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS)
                goto finish;

        /* Make sure we don't enter a loop by talking to
         * systemd-logind when it is actually waiting for the
         * background to finish start-up. If the service is
         * "systemd-shared" we simply set XDG_RUNTIME_DIR and
         * leave. */

        pam_get_item(handle, PAM_SERVICE, (const void**) &service);
        if (streq_ptr(service, "systemd-shared")) {
                char *p, *rt = NULL;

                if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
                        r = PAM_BUF_ERR;
                        goto finish;
                }

                r = parse_env_file(p, NEWLINE,
                                   "RUNTIME", &rt,
                                   NULL);
                free(p);

                if (r < 0 && r != -ENOENT) {
                        r = PAM_SESSION_ERR;
                        free(rt);
                        goto finish;
                }

                if (rt)  {
                        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
                        free(rt);

                        if (r != PAM_SUCCESS) {
                                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                                goto finish;
                        }
                }

                r = PAM_SUCCESS;
                goto finish;
        }

        if (kill_processes)
                kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);

        dbus_connection_set_change_sigpipe(FALSE);

        bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
        if (!bus) {
                pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        m = dbus_message_new_method_call(
                        "org.freedesktop.login1",
                        "/org/freedesktop/login1",
                        "org.freedesktop.login1.Manager",
                        "CreateSession");

        if (!m) {
                pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        uid = pw->pw_uid;
        pid = getpid();

        pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
        pam_get_item(handle, PAM_TTY, (const void**) &tty);
        pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
        pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
        seat = pam_getenv(handle, "XDG_SEAT");
        cvtnr = pam_getenv(handle, "XDG_VTNR");

        service = strempty(service);
        tty = strempty(tty);
        display = strempty(display);
        remote_user = strempty(remote_user);
        remote_host = strempty(remote_host);
        seat = strempty(seat);

        if (strchr(tty, ':')) {
                /* A tty with a colon is usually an X11 display, place
                 * there to show up in utmp. We rearrange things and
                 * don't pretend that an X display was a tty */

                if (isempty(display))
                        display = tty;
                tty = "";
        } else if (streq(tty, "cron")) {
                /* cron has been setting PAM_TTY to "cron" for a very long time
                 * and it cannot stop doing that for compatibility reasons. */
                tty = "";
        }

        if (!isempty(cvtnr))
                safe_atou32(cvtnr, &vtnr);

        if (!isempty(display) && isempty(seat) && vtnr <= 0)
                get_seat_from_display(display, &seat, &vtnr);

        type = !isempty(display) ? "x11" :
                   !isempty(tty) ? "tty" : "unspecified";

        remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");

        if (!dbus_message_append_args(m,
                                      DBUS_TYPE_UINT32, &uid,
                                      DBUS_TYPE_UINT32, &pid,
                                      DBUS_TYPE_STRING, &service,
                                      DBUS_TYPE_STRING, &type,
                                      DBUS_TYPE_STRING, &seat,
                                      DBUS_TYPE_UINT32, &vtnr,
                                      DBUS_TYPE_STRING, &tty,
                                      DBUS_TYPE_STRING, &display,
                                      DBUS_TYPE_BOOLEAN, &remote,
                                      DBUS_TYPE_STRING, &remote_user,
                                      DBUS_TYPE_STRING, &remote_host,
                                      DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        dbus_message_iter_init_append(m, &iter);

        r = bus_append_strv_iter(&iter, controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        r = bus_append_strv_iter(&iter, reset_controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        kp = kill_processes;
        if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
                           "uid=%u pid=%u service=%s type=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
                           uid, pid, service, type, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host);

        reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
        if (!reply) {
                pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        if (!dbus_message_get_args(reply, &error,
                                   DBUS_TYPE_STRING, &id,
                                   DBUS_TYPE_OBJECT_PATH, &object_path,
                                   DBUS_TYPE_STRING, &runtime_path,
                                   DBUS_TYPE_UNIX_FD, &session_fd,
                                   DBUS_TYPE_STRING, &seat,
                                   DBUS_TYPE_UINT32, &vtnr,
                                   DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
                           "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u",
                           id, object_path, runtime_path, session_fd, seat, vtnr);

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set session id.");
                goto finish;
        }

        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                goto finish;
        }

        if (!isempty(seat)) {
                r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set seat.");
                        goto finish;
                }
        }

        if (vtnr > 0) {
                char buf[11];
                snprintf(buf, sizeof(buf), "%u", vtnr);
                char_array_0(buf);

                r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
                        goto finish;
                }
        }

        if (session_fd >= 0) {
                r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
                        return r;
                }
        }

        session_fd = -1;

        r = PAM_SUCCESS;

finish:
        strv_free(controllers);
        strv_free(reset_controllers);
        strv_free(kill_only_users);
        strv_free(kill_exclude_users);

        dbus_error_free(&error);

        if (bus) {
                dbus_connection_close(bus);
                dbus_connection_unref(bus);
        }

        if (m)
                dbus_message_unref(m);

        if (reply)
                dbus_message_unref(reply);

        if (session_fd >= 0)
                close_nointr_nofail(session_fd);

        return r;
}

_public_ PAM_EXTERN int pam_sm_close_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        const void *p = NULL;

        pam_get_data(handle, "systemd.session-fd", &p);

        if (p)
                close_nointr(PTR_TO_INT(p) - 1);

        return PAM_SUCCESS;
}
Commit	Line	Data
d6c9574f	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
8c6db833 LP	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <sys/file.h>
	25	#include <pwd.h>
a838e6a1	26	#include <endian.h>
ac123445	27	#include <sys/capability.h>
8c6db833 LP	28
	29	#include <security/pam_modules.h>
	30	#include <security/_pam_macros.h>
	31	#include <security/pam_modutil.h>
	32	#include <security/pam_ext.h>
	33	#include <security/pam_misc.h>
	34
8c6db833	35	#include "util.h"
8c6db833 LP	36	#include "macro.h"
8c6db833 LP	37	#include "sd-daemon.h"
74fe1fe3	38	#include "strv.h"
98a28fef LP	39	#include "dbus-common.h"
98a28fef LP	40	#include "def.h"
4d6d6518	41	#include "socket-util.h"
8c6db833 LP	42
	43	static int parse_argv(pam_handle_t *handle,
	44	int argc, const char **argv,
b20c6be6	45	char ***controllers,
e9fbc77c	46	char ***reset_controllers,
98a28fef	47	bool *kill_processes,
e9fbc77c	48	char ***kill_only_users,
0e318cad MS	49	char ***kill_exclude_users,
0e318cad MS	50	bool *debug) {
8c6db833 LP	51
	52	unsigned i;
	53
	54	assert(argc >= 0);
	55	assert(argc == 0 \|\| argv);
	56
	57	for (i = 0; i < (unsigned) argc; i++) {
	58	int k;
	59
c36eecdf LP	60	if (startswith(argv[i], "kill-session-processes=")) {
	61	if ((k = parse_boolean(argv[i] + 23)) < 0) {
	62	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
8c6db833 LP	63	return k;
	64	}
	65
98a28fef LP	66	if (kill_processes)
98a28fef LP	67	*kill_processes = k;
74fe1fe3	68
8c6db833	69	} else if (startswith(argv[i], "kill-session=")) {
98a28fef LP	70	/* As compatibility for old versions */
98a28fef LP	71
8c6db833 LP	72	if ((k = parse_boolean(argv[i] + 13)) < 0) {
	73	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
	74	return k;
	75	}
	76
98a28fef LP	77	if (kill_processes)
98a28fef LP	78	*kill_processes = k;
74fe1fe3 LP	79
	80	} else if (startswith(argv[i], "controllers=")) {
	81
	82	if (controllers) {
	83	char **l;
	84
	85	if (!(l = strv_split(argv[i] + 12, ","))) {
	86	pam_syslog(handle, LOG_ERR, "Out of memory.");
	87	return -ENOMEM;
	88	}
	89
	90	strv_free(*controllers);
	91	*controllers = l;
	92	}
	93
b20c6be6 LP	94	} else if (startswith(argv[i], "reset-controllers=")) {
	95
	96	if (reset_controllers) {
	97	char **l;
	98
	99	if (!(l = strv_split(argv[i] + 18, ","))) {
	100	pam_syslog(handle, LOG_ERR, "Out of memory.");
	101	return -ENOMEM;
	102	}
	103
	104	strv_free(*reset_controllers);
	105	*reset_controllers = l;
	106	}
	107
e9fbc77c LP	108	} else if (startswith(argv[i], "kill-only-users=")) {
	109
	110	if (kill_only_users) {
	111	char **l;
	112
	113	if (!(l = strv_split(argv[i] + 16, ","))) {
	114	pam_syslog(handle, LOG_ERR, "Out of memory.");
	115	return -ENOMEM;
	116	}
	117
	118	strv_free(*kill_only_users);
	119	*kill_only_users = l;
	120	}
	121
	122	} else if (startswith(argv[i], "kill-exclude-users=")) {
	123
	124	if (kill_exclude_users) {
	125	char **l;
	126
	127	if (!(l = strv_split(argv[i] + 19, ","))) {
	128	pam_syslog(handle, LOG_ERR, "Out of memory.");
	129	return -ENOMEM;
	130	}
	131
	132	strv_free(*kill_exclude_users);
	133	*kill_exclude_users = l;
	134	}
	135
0e318cad MS	136	} else if (startswith(argv[i], "debug=")) {
	137	if ((k = parse_boolean(argv[i] + 6)) < 0) {
	138	pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
	139	return k;
	140	}
	141
	142	if (debug)
	143	*debug = k;
	144
98a28fef LP	145	} else if (startswith(argv[i], "create-session=") \|\|
	146	startswith(argv[i], "kill-user=")) {
	147
	148	pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);
	149
8c6db833 LP	150	} else {
	151	pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
	152	return -EINVAL;
	153	}
	154	}
	155
8c6db833 LP	156	return 0;
	157	}
	158
8c6db833 LP	159	static int get_user_data(
	160	pam_handle_t *handle,
	161	const char **ret_username,
	162	struct passwd **ret_pw) {
	163
d90b9d27 LP	164	const char *username = NULL;
d90b9d27 LP	165	struct passwd *pw = NULL;
87d2c1ff	166	uid_t uid;
8c6db833 LP	167	int r;
	168
	169	assert(handle);
	170	assert(ret_username);
	171	assert(ret_pw);
	172
87d2c1ff LP	173	r = audit_loginuid_from_pid(0, &uid);
	174	if (r >= 0)
	175	pw = pam_modutil_getpwuid(handle, uid);
	176	else {
	177	r = pam_get_user(handle, &username, NULL);
	178	if (r != PAM_SUCCESS) {
d90b9d27 LP	179	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
	180	return r;
	181	}
	182
87d2c1ff	183	if (isempty(username)) {
d90b9d27 LP	184	pam_syslog(handle, LOG_ERR, "User name not valid.");
	185	return PAM_AUTH_ERR;
	186	}
	187
	188	pw = pam_modutil_getpwnam(handle, username);
8c6db833 LP	189	}
8c6db833 LP	190
d90b9d27	191	if (!pw) {
8c6db833 LP	192	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	193	return PAM_USER_UNKNOWN;
	194	}
	195
	196	*ret_pw = pw;
d90b9d27	197	*ret_username = username ? username : pw->pw_name;
8c6db833 LP	198
	199	return PAM_SUCCESS;
	200	}
	201
e9fbc77c LP	202	static bool check_user_lists(
	203	pam_handle_t *handle,
	204	uid_t uid,
	205	char **kill_only_users,
	206	char **kill_exclude_users) {
	207
	208	const char *name = NULL;
	209	char **l;
	210
	211	assert(handle);
	212
	213	if (uid == 0)
	214	name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
	215	else {
	216	struct passwd *pw;
	217
98a28fef LP	218	pw = pam_modutil_getpwuid(handle, uid);
98a28fef LP	219	if (pw)
e9fbc77c LP	220	name = pw->pw_name;
	221	}
	222
	223	STRV_FOREACH(l, kill_exclude_users) {
ddd88763	224	uid_t u;
e9fbc77c	225
ddd88763 LP	226	if (parse_uid(*l, &u) >= 0)
ddd88763 LP	227	if (u == uid)
e9fbc77c LP	228	return false;
	229
	230	if (name && streq(name, *l))
	231	return false;
	232	}
	233
	234	if (strv_isempty(kill_only_users))
	235	return true;
	236
	237	STRV_FOREACH(l, kill_only_users) {
ddd88763	238	uid_t u;
e9fbc77c	239
ddd88763 LP	240	if (parse_uid(*l, &u) >= 0)
ddd88763 LP	241	if (u == uid)
e9fbc77c LP	242	return true;
	243
	244	if (name && streq(name, *l))
	245	return true;
	246	}
	247
	248	return false;
	249	}
	250
4d6d6518 LP	251	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {
	252	char *p = NULL;
	253	int r;
	254	int fd;
	255	union sockaddr_union sa;
	256	struct ucred ucred;
	257	socklen_t l;
	258	char *tty;
	259	int v;
	260
	261	assert(display);
	262	assert(seat);
	263	assert(vtnr);
	264
	265	/* We deduce the X11 socket from the display name, then use
	266	* SO_PEERCRED to determine the X11 server process, ask for
	267	* the controlling tty of that and if it's a VC then we know
	268	* the seat and the virtual terminal. Sounds ugly, is only
	269	* semi-ugly. */
	270
	271	r = socket_from_display(display, &p);
	272	if (r < 0)
	273	return r;
	274
	275	fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);
	276	if (fd < 0) {
	277	free(p);
	278	return -errno;
	279	}
	280
	281	zero(sa);
	282	sa.un.sun_family = AF_UNIX;
	283	strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
	284	free(p);
	285
	286	if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
	287	close_nointr_nofail(fd);
	288	return -errno;
	289	}
	290
	291	l = sizeof(ucred);
	292	r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
	293	close_nointr_nofail(fd);
	294
	295	if (r < 0)
	296	return -errno;
	297
	298	r = get_ctty(ucred.pid, NULL, &tty);
	299	if (r < 0)
	300	return r;
	301
	302	v = vtnr_from_tty(tty);
	303	free(tty);
	304
	305	if (v < 0)
	306	return v;
	307	else if (v == 0)
	308	return -ENOENT;
	309
	310	*seat = "seat0";
	311	*vtnr = (uint32_t) v;
	312
	313	return 0;
	314	}
315
98a28fef	316	_public_ PAM_EXTERN int pam_sm_open_session(
8c6db833 LP	317	pam_handle_t *handle,
	318	int flags,
	319	int argc, const char **argv) {
	320
8c6db833	321	struct passwd *pw;
98a28fef	322	bool kill_processes = false, debug = false;
4d6d6518	323	const char username, id, object_path, runtime_path, service = NULL, tty = NULL, display = NULL, remote_user = NULL, remote_host = NULL, seat = NULL, type, cvtnr = NULL;
98a28fef	324	char controllers = NULL, reset_controllers = NULL, kill_only_users = NULL, kill_exclude_users = NULL;
98a28fef LP	325	DBusError error;
	326	uint32_t uid, pid;
	327	DBusMessageIter iter;
	328	dbus_bool_t kp;
98a28fef LP	329	int session_fd = -1;
	330	DBusConnection *bus = NULL;
	331	DBusMessage m = NULL, reply = NULL;
	332	dbus_bool_t remote;
ed18b08b	333	int r;
4d6d6518	334	uint32_t vtnr = 0;
8c6db833 LP	335
	336	assert(handle);
	337
98a28fef LP	338	dbus_error_init(&error);
98a28fef LP	339
ed18b08b	340	/* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
98a28fef	341
8c6db833 LP	342	/* Make this a NOP on non-systemd systems */
	343	if (sd_booted() <= 0)
	344	return PAM_SUCCESS;
	345
e9fbc77c LP	346	if (parse_argv(handle,
e9fbc77c LP	347	argc, argv,
98a28fef LP	348	&controllers, &reset_controllers,
98a28fef LP	349	&kill_processes, &kill_only_users, &kill_exclude_users,
ed18b08b LP	350	&debug) < 0) {
	351	r = PAM_SESSION_ERR;
	352	goto finish;
	353	}
74fe1fe3	354
98a28fef LP	355	r = get_user_data(handle, &username, &pw);
98a28fef LP	356	if (r != PAM_SUCCESS)
8c6db833 LP	357	goto finish;
8c6db833 LP	358
30b2c336 LP	359	/* Make sure we don't enter a loop by talking to
	360	* systemd-logind when it is actually waiting for the
	361	* background to finish start-up. If the service is
	362	* "systemd-shared" we simply set XDG_RUNTIME_DIR and
	363	* leave. */
	364
	365	pam_get_item(handle, PAM_SERVICE, (const void**) &service);
	366	if (streq_ptr(service, "systemd-shared")) {
	367	char p, rt = NULL;
	368
	369	if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
	370	r = PAM_BUF_ERR;
	371	goto finish;
	372	}
	373
	374	r = parse_env_file(p, NEWLINE,
	375	"RUNTIME", &rt,
	376	NULL);
	377	free(p);
	378
	379	if (r < 0 && r != -ENOENT) {
	380	r = PAM_SESSION_ERR;
	381	free(rt);
	382	goto finish;
	383	}
	384
	385	if (rt) {
	386	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
	387	free(rt);
	388
	389	if (r != PAM_SUCCESS) {
	390	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	391	goto finish;
	392	}
	393	}
	394
	395	r = PAM_SUCCESS;
	396	goto finish;
	397	}
	398
98a28fef LP	399	if (kill_processes)
98a28fef LP	400	kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
1f73f0f1	401
ed18b08b LP	402	dbus_connection_set_change_sigpipe(FALSE);
ed18b08b LP	403
98a28fef LP	404	bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
	405	if (!bus) {
	406	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
	407	r = PAM_SESSION_ERR;
8c6db833 LP	408	goto finish;
	409	}
	410
98a28fef LP	411	m = dbus_message_new_method_call(
	412	"org.freedesktop.login1",
	413	"/org/freedesktop/login1",
	414	"org.freedesktop.login1.Manager",
	415	"CreateSession");
74fe1fe3	416
98a28fef LP	417	if (!m) {
98a28fef LP	418	pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
8c6db833 LP	419	r = PAM_BUF_ERR;
	420	goto finish;
	421	}
	422
98a28fef LP	423	uid = pw->pw_uid;
	424	pid = getpid();
	425
98a28fef LP	426	pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
	427	pam_get_item(handle, PAM_TTY, (const void**) &tty);
	428	pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
	429	pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
bbc73283 LP	430	seat = pam_getenv(handle, "XDG_SEAT");
bbc73283 LP	431	cvtnr = pam_getenv(handle, "XDG_VTNR");
98a28fef	432
ed18b08b LP	433	service = strempty(service);
	434	tty = strempty(tty);
	435	display = strempty(display);
	436	remote_user = strempty(remote_user);
	437	remote_host = strempty(remote_host);
	438	seat = strempty(seat);
98a28fef	439
ee8545b0 LP	440	if (strchr(tty, ':')) {
	441	/* A tty with a colon is usually an X11 display, place
	442	* there to show up in utmp. We rearrange things and
	443	* don't pretend that an X display was a tty */
	444
	445	if (isempty(display))
	446	display = tty;
cd58752a	447	tty = "";
1a4459d6 MS	448	} else if (streq(tty, "cron")) {
	449	/* cron has been setting PAM_TTY to "cron" for a very long time
	450	* and it cannot stop doing that for compatibility reasons. */
	451	tty = "";
ee8545b0 LP	452	}
ee8545b0 LP	453
4d6d6518 LP	454	if (!isempty(cvtnr))
	455	safe_atou32(cvtnr, &vtnr);
	456
	457	if (!isempty(display) && isempty(seat) && vtnr <= 0)
	458	get_seat_from_display(display, &seat, &vtnr);
	459
98a28fef	460	type = !isempty(display) ? "x11" :
1dc99537	461	!isempty(tty) ? "tty" : "unspecified";
98a28fef LP	462
	463	remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
	464
	465	if (!dbus_message_append_args(m,
	466	DBUS_TYPE_UINT32, &uid,
	467	DBUS_TYPE_UINT32, &pid,
	468	DBUS_TYPE_STRING, &service,
	469	DBUS_TYPE_STRING, &type,
	470	DBUS_TYPE_STRING, &seat,
4d6d6518	471	DBUS_TYPE_UINT32, &vtnr,
98a28fef LP	472	DBUS_TYPE_STRING, &tty,
	473	DBUS_TYPE_STRING, &display,
	474	DBUS_TYPE_BOOLEAN, &remote,
	475	DBUS_TYPE_STRING, &remote_user,
	476	DBUS_TYPE_STRING, &remote_host,
	477	DBUS_TYPE_INVALID)) {
	478	pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
	479	r = PAM_BUF_ERR;
	480	goto finish;
	481	}
8c6db833	482
98a28fef	483	dbus_message_iter_init_append(m, &iter);
8c6db833	484
98a28fef LP	485	r = bus_append_strv_iter(&iter, controllers);
	486	if (r < 0) {
	487	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	488	r = PAM_BUF_ERR;
	489	goto finish;
	490	}
672c48cc	491
98a28fef LP	492	r = bus_append_strv_iter(&iter, reset_controllers);
	493	if (r < 0) {
	494	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	495	r = PAM_BUF_ERR;
	496	goto finish;
	497	}
672c48cc	498
98a28fef LP	499	kp = kill_processes;
	500	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
	501	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	502	r = PAM_BUF_ERR;
	503	goto finish;
	504	}
8c6db833	505
ce959314 MS	506	if (debug)
	507	pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
	508	"uid=%u pid=%u service=%s type=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
	509	uid, pid, service, type, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host);
	510
98a28fef LP	511	reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
	512	if (!reply) {
	513	pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
	514	r = PAM_SESSION_ERR;
	515	goto finish;
	516	}
74fe1fe3	517
98a28fef LP	518	if (!dbus_message_get_args(reply, &error,
	519	DBUS_TYPE_STRING, &id,
	520	DBUS_TYPE_OBJECT_PATH, &object_path,
	521	DBUS_TYPE_STRING, &runtime_path,
	522	DBUS_TYPE_UNIX_FD, &session_fd,
bbc73283 LP	523	DBUS_TYPE_STRING, &seat,
bbc73283 LP	524	DBUS_TYPE_UINT32, &vtnr,
98a28fef LP	525	DBUS_TYPE_INVALID)) {
	526	pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
	527	r = PAM_SESSION_ERR;
	528	goto finish;
	529	}
74fe1fe3	530
ce959314 MS	531	if (debug)
	532	pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
	533	"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u",
	534	id, object_path, runtime_path, session_fd, seat, vtnr);
	535
98a28fef LP	536	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
	537	if (r != PAM_SUCCESS) {
	538	pam_syslog(handle, LOG_ERR, "Failed to set session id.");
	539	goto finish;
8c6db833 LP	540	}
8c6db833 LP	541
98a28fef LP	542	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
	543	if (r != PAM_SUCCESS) {
	544	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	545	goto finish;
	546	}
8c6db833	547
bbc73283 LP	548	if (!isempty(seat)) {
	549	r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
	550	if (r != PAM_SUCCESS) {
	551	pam_syslog(handle, LOG_ERR, "Failed to set seat.");
	552	goto finish;
	553	}
	554	}
	555
	556	if (vtnr > 0) {
	557	char buf[11];
	558	snprintf(buf, sizeof(buf), "%u", vtnr);
	559	char_array_0(buf);
	560
	561	r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
	562	if (r != PAM_SUCCESS) {
	563	pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
	564	goto finish;
	565	}
	566	}
	567
21c390cc LP	568	if (session_fd >= 0) {
	569	r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
	570	if (r != PAM_SUCCESS) {
	571	pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
	572	return r;
	573	}
98a28fef	574	}
8c6db833	575
98a28fef	576	session_fd = -1;
8c6db833	577
98a28fef	578	r = PAM_SUCCESS;
8c6db833	579
98a28fef LP	580	finish:
	581	strv_free(controllers);
	582	strv_free(reset_controllers);
	583	strv_free(kill_only_users);
	584	strv_free(kill_exclude_users);
8c6db833	585
98a28fef	586	dbus_error_free(&error);
35d2e7ec	587
98a28fef LP	588	if (bus) {
	589	dbus_connection_close(bus);
	590	dbus_connection_unref(bus);
8c6db833 LP	591	}
8c6db833 LP	592
98a28fef LP	593	if (m)
98a28fef LP	594	dbus_message_unref(m);
8c6db833	595
ed18b08b LP	596	if (reply)
	597	dbus_message_unref(reply);
	598
98a28fef LP	599	if (session_fd >= 0)
98a28fef LP	600	close_nointr_nofail(session_fd);
672c48cc	601
98a28fef LP	602	return r;
98a28fef LP	603	}
8c6db833	604
98a28fef LP	605	_public_ PAM_EXTERN int pam_sm_close_session(
	606	pam_handle_t *handle,
	607	int flags,
	608	int argc, const char **argv) {
8c6db833	609
98a28fef	610	const void *p = NULL;
8c6db833	611
98a28fef	612	pam_get_data(handle, "systemd.session-fd", &p);
74fe1fe3	613
98a28fef LP	614	if (p)
98a28fef LP	615	close_nointr(PTR_TO_INT(p) - 1);
1f73f0f1	616
98a28fef	617	return PAM_SUCCESS;
8c6db833	618	}