[thirdparty/systemd.git] / src / login / pam-module.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <fcntl.h>
#include <sys/file.h>
#include <pwd.h>
#include <endian.h>
#include <sys/capability.h>

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include <security/pam_misc.h>

#include "util.h"
#include "audit.h"
#include "macro.h"
#include "strv.h"
#include "bus-util.h"
#include "def.h"
#include "socket-util.h"
#include "fileio.h"
#include "bus-error.h"

static int parse_argv(
                pam_handle_t *handle,
                int argc, const char **argv,
                const char **class,
                const char **type,
                bool *debug) {

        unsigned i;

        assert(argc >= 0);
        assert(argc == 0 || argv);

        for (i = 0; i < (unsigned) argc; i++) {
                if (startswith(argv[i], "class=")) {
                        if (class)
                                *class = argv[i] + 6;

                } else if (startswith(argv[i], "type=")) {
                        if (type)
                                *type = argv[i] + 5;

                } else if (streq(argv[i], "debug")) {
                        if (debug)
                                *debug = true;

                } else if (startswith(argv[i], "debug=")) {
                        int k;

                        k = parse_boolean(argv[i] + 6);
                        if (k < 0)
                                pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
                        else if (debug)
                                *debug = k;

                } else
                        pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring", argv[i]);
        }

        return 0;
}

static int get_user_data(
                pam_handle_t *handle,
                const char **ret_username,
                struct passwd **ret_pw) {

        const char *username = NULL;
        struct passwd *pw = NULL;
        int r;

        assert(handle);
        assert(ret_username);
        assert(ret_pw);

        r = pam_get_user(handle, &username, NULL);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                return r;
        }

        if (isempty(username)) {
                pam_syslog(handle, LOG_ERR, "User name not valid.");
                return PAM_AUTH_ERR;
        }

        pw = pam_modutil_getpwnam(handle, username);
        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;
        }

        *ret_pw = pw;
        *ret_username = username ? username : pw->pw_name;

        return PAM_SUCCESS;
}

static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
        union sockaddr_union sa = {
                .un.sun_family = AF_UNIX,
        };
        _cleanup_free_ char *p = NULL, *tty = NULL;
        _cleanup_close_ int fd = -1;
        struct ucred ucred;
        int v, r;

        assert(display);
        assert(vtnr);

        /* We deduce the X11 socket from the display name, then use
         * SO_PEERCRED to determine the X11 server process, ask for
         * the controlling tty of that and if it's a VC then we know
         * the seat and the virtual terminal. Sounds ugly, is only
         * semi-ugly. */

        r = socket_from_display(display, &p);
        if (r < 0)
                return r;
        strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);

        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0)
                return -errno;

        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0)
                return -errno;

        r = getpeercred(fd, &ucred);
        if (r < 0)
                return r;

        r = get_ctty(ucred.pid, NULL, &tty);
        if (r < 0)
                return r;

        v = vtnr_from_tty(tty);
        if (v < 0)
                return v;
        else if (v == 0)
                return -ENOENT;

        if (seat)
                *seat = "seat0";
        *vtnr = (uint32_t) v;

        return 0;
}

static int export_legacy_dbus_address(
                pam_handle_t *handle,
                uid_t uid,
                const char *runtime) {

#ifdef ENABLE_KDBUS
        _cleanup_free_ char *s = NULL;
        int r;

        /* skip export if kdbus is not active */
        if (access("/dev/kdbus", F_OK) < 0)
                return PAM_SUCCESS;

        if (asprintf(&s, KERNEL_USER_BUS_FMT ";" UNIX_USER_BUS_FMT,
                     (unsigned long) uid, runtime) < 0) {
                pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
                return PAM_BUF_ERR;
        }

        r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
                return r;
        }
#endif
        return PAM_SUCCESS;
}

_public_ PAM_EXTERN int pam_sm_open_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
        const char
                *username, *id, *object_path, *runtime_path,
                *service = NULL,
                *tty = NULL, *display = NULL,
                *remote_user = NULL, *remote_host = NULL,
                *seat = NULL,
                *type = NULL, *class = NULL,
                *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL;
        _cleanup_bus_unref_ sd_bus *bus = NULL;
        int session_fd = -1, existing, r;
        bool debug = false, remote;
        struct passwd *pw;
        uint32_t vtnr = 0;
        uid_t original_uid;

        assert(handle);

        /* Make this a NOP on non-logind systems */
        if (!logind_running())
                return PAM_SUCCESS;

        if (parse_argv(handle,
                       argc, argv,
                       &class_pam,
                       &type_pam,
                       &debug) < 0)
                return PAM_SESSION_ERR;

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return r;
        }

        /* Make sure we don't enter a loop by talking to
         * systemd-logind when it is actually waiting for the
         * background to finish start-up. If the service is
         * "systemd-user" we simply set XDG_RUNTIME_DIR and
         * leave. */

        pam_get_item(handle, PAM_SERVICE, (const void**) &service);
        if (streq_ptr(service, "systemd-user")) {
                _cleanup_free_ char *p = NULL, *rt = NULL;

                if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0)
                        return PAM_BUF_ERR;

                r = parse_env_file(p, NEWLINE,
                                   "RUNTIME", &rt,
                                   NULL);
                if (r < 0 && r != -ENOENT)
                        return PAM_SESSION_ERR;

                if (rt)  {
                        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
                        if (r != PAM_SUCCESS) {
                                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                                return r;
                        }

                        r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
                        if (r != PAM_SUCCESS)
                                return r;
                }

                return PAM_SUCCESS;
        }

        /* Otherwise, we ask logind to create a session for us */

        pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
        pam_get_item(handle, PAM_TTY, (const void**) &tty);
        pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
        pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);

        seat = pam_getenv(handle, "XDG_SEAT");
        if (isempty(seat))
                seat = getenv("XDG_SEAT");

        cvtnr = pam_getenv(handle, "XDG_VTNR");
        if (isempty(cvtnr))
                cvtnr = getenv("XDG_VTNR");

        type = pam_getenv(handle, "XDG_SESSION_TYPE");
        if (isempty(type))
                type = getenv("XDG_SESSION_TYPE");
        if (isempty(type))
                type = type_pam;

        class = pam_getenv(handle, "XDG_SESSION_CLASS");
        if (isempty(class))
                class = getenv("XDG_SESSION_CLASS");
        if (isempty(class))
                class = class_pam;

        desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP");
        if (isempty(desktop))
                desktop = getenv("XDG_SESSION_DESKTOP");

        tty = strempty(tty);

        if (strchr(tty, ':')) {
                /* A tty with a colon is usually an X11 display,
                 * placed there to show up in utmp. We rearrange
                 * things and don't pretend that an X display was a
                 * tty. */

                if (isempty(display))
                        display = tty;
                tty = NULL;
        } else if (streq(tty, "cron")) {
                /* cron has been setting PAM_TTY to "cron" for a very
                 * long time and it probably shouldn't stop doing that
                 * for compatibility reasons. */
                type = "unspecified";
                class = "background";
                tty = NULL;
        } else if (streq(tty, "ssh")) {
                /* ssh has been setting PAM_TTY to "ssh" for a very
                 * long time and probably shouldn't stop doing that
                 * for compatibility reasons. */
                type ="tty";
                class = "user";
                tty = NULL;
        }

        /* If this fails vtnr will be 0, that's intended */
        if (!isempty(cvtnr))
                safe_atou32(cvtnr, &vtnr);

        if (!isempty(display) && !vtnr) {
                if (isempty(seat))
                        get_seat_from_display(display, &seat, &vtnr);
                else if (streq(seat, "seat0"))
                        get_seat_from_display(display, NULL, &vtnr);
        }

        if (seat && !streq(seat, "seat0") && vtnr != 0) {
                pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %d for %s which is not seat0", vtnr, seat);
                vtnr = 0;
        }

        if (isempty(type))
                type = !isempty(display) ? "x11" :
                           !isempty(tty) ? "tty" : "unspecified";

        if (isempty(class))
                class = streq(type, "unspecified") ? "background" : "user";

        remote = !isempty(remote_host) &&
                !streq_ptr(remote_host, "localhost") &&
                !streq_ptr(remote_host, "localhost.localdomain");

        /* Talk to logind over the message bus */

        r = sd_bus_open_system(&bus);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
                return PAM_SESSION_ERR;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
                           "uid=%u pid=%u service=%s type=%s class=%s desktop=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
                           pw->pw_uid, getpid(),
                           strempty(service),
                           type, class, strempty(desktop),
                           strempty(seat), vtnr, strempty(tty), strempty(display),
                           yes_no(remote), strempty(remote_user), strempty(remote_host));

        r = sd_bus_call_method(bus,
                               "org.freedesktop.login1",
                               "/org/freedesktop/login1",
                               "org.freedesktop.login1.Manager",
                               "CreateSession",
                               &error,
                               &reply,
                               "uusssssussbssa(sv)",
                               (uint32_t) pw->pw_uid,
                               (uint32_t) getpid(),
                               service,
                               type,
                               class,
                               desktop,
                               seat,
                               vtnr,
                               tty,
                               display,
                               remote,
                               remote_user,
                               remote_host,
                               0);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
                return PAM_SYSTEM_ERR;
        }

        r = sd_bus_message_read(reply,
                                "soshusub",
                                &id,
                                &object_path,
                                &runtime_path,
                                &session_fd,
                                &original_uid,
                                &seat,
                                &vtnr,
                                &existing);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", strerror(-r));
                return PAM_SESSION_ERR;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
                           "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
                           id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set session id.");
                return r;
        }

        if (original_uid == pw->pw_uid) {
                /* Don't set $XDG_RUNTIME_DIR if the user we now
                 * authenticated for does not match the original user
                 * of the session. We do this in order not to result
                 * in privileged apps clobbering the runtime directory
                 * unnecessarily. */

                r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                        return r;
                }

                r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
                if (r != PAM_SUCCESS)
                        return r;
        }

        if (!isempty(seat)) {
                r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set seat.");
                        return r;
                }
        }

        if (vtnr > 0) {
                char buf[DECIMAL_STR_MAX(vtnr)];
                sprintf(buf, "%u", vtnr);

                r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
                        return r;
                }
        }

        r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
                return r;
        }

        if (session_fd >= 0) {
                session_fd = dup(session_fd);
                if (session_fd < 0) {
                        pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
                        return PAM_SESSION_ERR;
                }

                r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
                        close_nointr_nofail(session_fd);
                        return r;
                }
        }

        return PAM_SUCCESS;
}

_public_ PAM_EXTERN int pam_sm_close_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_bus_unref_ sd_bus *bus = NULL;
        const void *existing = NULL;
        const char *id;
        int r;

        assert(handle);

        /* Only release session if it wasn't pre-existing when we
         * tried to create it */
        pam_get_data(handle, "systemd.existing", &existing);

        id = pam_getenv(handle, "XDG_SESSION_ID");
        if (id && !existing) {

                /* Before we go and close the FIFO we need to tell
                 * logind that this is a clean session shutdown, so
                 * that it doesn't just go and slaughter us
                 * immediately after closing the fd */

                r = sd_bus_open_system(&bus);
                if (r < 0) {
                        pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
                        return PAM_SESSION_ERR;
                }

                r = sd_bus_call_method(bus,
                                       "org.freedesktop.login1",
                                       "/org/freedesktop/login1",
                                       "org.freedesktop.login1.Manager",
                                       "ReleaseSession",
                                       &error,
                                       NULL,
                                       "s",
                                       id);
                if (r < 0) {
                        pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error, r));
                        return PAM_SESSION_ERR;
                }
        }

        /* Note that we are knowingly leaking the FIFO fd here. This
         * way, logind can watch us die. If we closed it here it would
         * not have any clue when that is completed. Given that one
         * cannot really have multiple PAM sessions open from the same
         * process this means we will leak one FD at max. */

        return PAM_SUCCESS;
}
Commit	Line	Data
d6c9574f	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
8c6db833 LP	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
5430f7f2 LP	9	under the terms of the GNU Lesser General Public License as published by
5430f7f2 LP	10	the Free Software Foundation; either version 2.1 of the License, or
8c6db833 LP	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5430f7f2	16	Lesser General Public License for more details.
8c6db833	17
5430f7f2	18	You should have received a copy of the GNU Lesser General Public License
8c6db833 LP	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <sys/file.h>
	25	#include <pwd.h>
a838e6a1	26	#include <endian.h>
ac123445	27	#include <sys/capability.h>
8c6db833 LP	28
	29	#include <security/pam_modules.h>
	30	#include <security/_pam_macros.h>
	31	#include <security/pam_modutil.h>
	32	#include <security/pam_ext.h>
	33	#include <security/pam_misc.h>
	34
8c6db833	35	#include "util.h"
d7832d2c	36	#include "audit.h"
8c6db833	37	#include "macro.h"
74fe1fe3	38	#include "strv.h"
ffcfcb6b	39	#include "bus-util.h"
98a28fef	40	#include "def.h"
4d6d6518	41	#include "socket-util.h"
a5c32cff	42	#include "fileio.h"
8159d91a	43	#include "bus-error.h"
8c6db833	44
baae0358 LP	45	static int parse_argv(
	46	pam_handle_t *handle,
	47	int argc, const char **argv,
	48	const char **class,
49ebd11f	49	const char **type,
baae0358	50	bool *debug) {
8c6db833 LP	51
	52	unsigned i;
	53
	54	assert(argc >= 0);
	55	assert(argc == 0 \|\| argv);
	56
49ebd11f	57	for (i = 0; i < (unsigned) argc; i++) {
fb6becb4	58	if (startswith(argv[i], "class=")) {
485507b8 MM	59	if (class)
	60	*class = argv[i] + 6;
	61
49ebd11f LP	62	} else if (startswith(argv[i], "type=")) {
	63	if (type)
	64	*type = argv[i] + 5;
	65
05a049cc ZJS	66	} else if (streq(argv[i], "debug")) {
	67	if (debug)
	68	*debug = true;
fb6becb4	69
05a049cc ZJS	70	} else if (startswith(argv[i], "debug=")) {
05a049cc ZJS	71	int k;
0e318cad	72
05a049cc ZJS	73	k = parse_boolean(argv[i] + 6);
	74	if (k < 0)
	75	pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
	76	else if (debug)
0e318cad MS	77	*debug = k;
0e318cad MS	78
05a049cc	79	} else
fb6becb4	80	pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring", argv[i]);
49ebd11f	81	}
8c6db833	82
8c6db833 LP	83	return 0;
	84	}
	85
8c6db833 LP	86	static int get_user_data(
	87	pam_handle_t *handle,
	88	const char **ret_username,
	89	struct passwd **ret_pw) {
	90
d90b9d27 LP	91	const char *username = NULL;
d90b9d27 LP	92	struct passwd *pw = NULL;
8c6db833 LP	93	int r;
	94
	95	assert(handle);
	96	assert(ret_username);
	97	assert(ret_pw);
	98
baae0358 LP	99	r = pam_get_user(handle, &username, NULL);
	100	if (r != PAM_SUCCESS) {
	101	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
	102	return r;
	103	}
d90b9d27	104
baae0358 LP	105	if (isempty(username)) {
	106	pam_syslog(handle, LOG_ERR, "User name not valid.");
	107	return PAM_AUTH_ERR;
8c6db833 LP	108	}
8c6db833 LP	109
baae0358	110	pw = pam_modutil_getpwnam(handle, username);
d90b9d27	111	if (!pw) {
8c6db833 LP	112	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	113	return PAM_USER_UNKNOWN;
	114	}
	115
	116	*ret_pw = pw;
d90b9d27	117	*ret_username = username ? username : pw->pw_name;
8c6db833 LP	118
	119	return PAM_SUCCESS;
	120	}
	121
4d6d6518	122	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {
b92bea5d ZJS	123	union sockaddr_union sa = {
	124	.un.sun_family = AF_UNIX,
	125	};
baae0358 LP	126	_cleanup_free_ char p = NULL, tty = NULL;
baae0358 LP	127	_cleanup_close_ int fd = -1;
4d6d6518	128	struct ucred ucred;
baae0358	129	int v, r;
4d6d6518 LP	130
4d6d6518 LP	131	assert(display);
4d6d6518 LP	132	assert(vtnr);
	133
	134	/* We deduce the X11 socket from the display name, then use
	135	* SO_PEERCRED to determine the X11 server process, ask for
	136	* the controlling tty of that and if it's a VC then we know
	137	* the seat and the virtual terminal. Sounds ugly, is only
	138	* semi-ugly. */
	139
	140	r = socket_from_display(display, &p);
	141	if (r < 0)
	142	return r;
b92bea5d	143	strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
4d6d6518 LP	144
4d6d6518 LP	145	fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);
b92bea5d	146	if (fd < 0)
4d6d6518	147	return -errno;
4d6d6518	148
b92bea5d	149	if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0)
4d6d6518	150	return -errno;
4d6d6518	151
eff05270	152	r = getpeercred(fd, &ucred);
4d6d6518	153	if (r < 0)
eff05270	154	return r;
4d6d6518 LP	155
	156	r = get_ctty(ucred.pid, NULL, &tty);
	157	if (r < 0)
	158	return r;
	159
	160	v = vtnr_from_tty(tty);
4d6d6518 LP	161	if (v < 0)
	162	return v;
	163	else if (v == 0)
	164	return -ENOENT;
	165
fc7985ed LP	166	if (seat)
fc7985ed LP	167	*seat = "seat0";
4d6d6518 LP	168	*vtnr = (uint32_t) v;
	169
	170	return 0;
	171	}
	172
8b255ecd KS	173	static int export_legacy_dbus_address(
	174	pam_handle_t *handle,
	175	uid_t uid,
	176	const char *runtime) {
	177
5eecd85f	178	#ifdef ENABLE_KDBUS
8b255ecd KS	179	_cleanup_free_ char *s = NULL;
	180	int r;
	181
8042e377 KS	182	/* skip export if kdbus is not active */
	183	if (access("/dev/kdbus", F_OK) < 0)
	184	return PAM_SUCCESS;
	185
06150d90	186	if (asprintf(&s, KERNEL_USER_BUS_FMT ";" UNIX_USER_BUS_FMT,
8b255ecd KS	187	(unsigned long) uid, runtime) < 0) {
	188	pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
	189	return PAM_BUF_ERR;
	190	}
	191
	192	r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
	193	if (r != PAM_SUCCESS) {
	194	pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
	195	return r;
	196	}
5eecd85f	197	#endif
8b255ecd KS	198	return PAM_SUCCESS;
	199	}
	200
98a28fef	201	_public_ PAM_EXTERN int pam_sm_open_session(
8c6db833 LP	202	pam_handle_t *handle,
	203	int flags,
	204	int argc, const char **argv) {
	205
ffcfcb6b ZJS	206	_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
ffcfcb6b ZJS	207	_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
d1529c9e LP	208	const char
	209	username, id, object_path, runtime_path,
	210	*service = NULL,
	211	tty = NULL, display = NULL,
	212	remote_user = NULL, remote_host = NULL,
	213	*seat = NULL,
	214	type = NULL, class = NULL,
a4cd87e9	215	class_pam = NULL, type_pam = NULL, cvtnr = NULL, desktop = NULL;
d1529c9e LP	216	_cleanup_bus_unref_ sd_bus *bus = NULL;
d1529c9e LP	217	int session_fd = -1, existing, r;
d1529c9e LP	218	bool debug = false, remote;
d1529c9e LP	219	struct passwd *pw;
baae0358 LP	220	uint32_t vtnr = 0;
baae0358 LP	221	uid_t original_uid;
8c6db833	222
ffcfcb6b	223	assert(handle);
98a28fef	224
79d860fe MP	225	/* Make this a NOP on non-logind systems */
79d860fe MP	226	if (!logind_running())
8c6db833 LP	227	return PAM_SUCCESS;
8c6db833 LP	228
e9fbc77c LP	229	if (parse_argv(handle,
e9fbc77c LP	230	argc, argv,
fb6becb4	231	&class_pam,
49ebd11f	232	&type_pam,
5a330cda ZJS	233	&debug) < 0)
5a330cda ZJS	234	return PAM_SESSION_ERR;
74fe1fe3	235
baae0358	236	if (debug)
3831838a	237	pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
baae0358	238
98a28fef	239	r = get_user_data(handle, &username, &pw);
5a330cda ZJS	240	if (r != PAM_SUCCESS) {
	241	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	242	return r;
	243	}
8c6db833	244
30b2c336 LP	245	/* Make sure we don't enter a loop by talking to
	246	* systemd-logind when it is actually waiting for the
	247	* background to finish start-up. If the service is
5c390a4a	248	* "systemd-user" we simply set XDG_RUNTIME_DIR and
30b2c336 LP	249	* leave. */
	250
	251	pam_get_item(handle, PAM_SERVICE, (const void**) &service);
5c390a4a	252	if (streq_ptr(service, "systemd-user")) {
05a049cc	253	_cleanup_free_ char p = NULL, rt = NULL;
30b2c336	254
ffcfcb6b ZJS	255	if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0)
ffcfcb6b ZJS	256	return PAM_BUF_ERR;
30b2c336 LP	257
	258	r = parse_env_file(p, NEWLINE,
	259	"RUNTIME", &rt,
	260	NULL);
ffcfcb6b ZJS	261	if (r < 0 && r != -ENOENT)
ffcfcb6b ZJS	262	return PAM_SESSION_ERR;
30b2c336 LP	263
	264	if (rt) {
	265	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
30b2c336 LP	266	if (r != PAM_SUCCESS) {
30b2c336 LP	267	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
ffcfcb6b	268	return r;
30b2c336	269	}
8b255ecd KS	270
	271	r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
	272	if (r != PAM_SUCCESS)
	273	return r;
30b2c336 LP	274	}
30b2c336 LP	275
ffcfcb6b	276	return PAM_SUCCESS;
8c6db833 LP	277	}
8c6db833 LP	278
ffcfcb6b	279	/* Otherwise, we ask logind to create a session for us */
8c6db833	280
98a28fef LP	281	pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
	282	pam_get_item(handle, PAM_TTY, (const void**) &tty);
	283	pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
	284	pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
a8573ccc	285
bbc73283	286	seat = pam_getenv(handle, "XDG_SEAT");
a8573ccc LP	287	if (isempty(seat))
	288	seat = getenv("XDG_SEAT");
	289
bbc73283	290	cvtnr = pam_getenv(handle, "XDG_VTNR");
a8573ccc LP	291	if (isempty(cvtnr))
a8573ccc LP	292	cvtnr = getenv("XDG_VTNR");
98a28fef	293
49ebd11f LP	294	type = pam_getenv(handle, "XDG_SESSION_TYPE");
	295	if (isempty(type))
	296	type = getenv("XDG_SESSION_TYPE");
	297	if (isempty(type))
	298	type = type_pam;
	299
	300	class = pam_getenv(handle, "XDG_SESSION_CLASS");
	301	if (isempty(class))
	302	class = getenv("XDG_SESSION_CLASS");
	303	if (isempty(class))
	304	class = class_pam;
	305
a4cd87e9 LP	306	desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP");
	307	if (isempty(desktop))
	308	desktop = getenv("XDG_SESSION_DESKTOP");
	309
ed18b08b	310	tty = strempty(tty);
98a28fef	311
ee8545b0	312	if (strchr(tty, ':')) {
e2acb67b LP	313	/* A tty with a colon is usually an X11 display,
	314	* placed there to show up in utmp. We rearrange
	315	* things and don't pretend that an X display was a
	316	* tty. */
ee8545b0 LP	317
	318	if (isempty(display))
	319	display = tty;
a4cd87e9	320	tty = NULL;
1a4459d6	321	} else if (streq(tty, "cron")) {
0ad1271f LP	322	/* cron has been setting PAM_TTY to "cron" for a very
	323	* long time and it probably shouldn't stop doing that
	324	* for compatibility reasons. */
0ad1271f	325	type = "unspecified";
49ebd11f	326	class = "background";
a4cd87e9	327	tty = NULL;
0ad1271f LP	328	} else if (streq(tty, "ssh")) {
	329	/* ssh has been setting PAM_TTY to "ssh" for a very
	330	* long time and probably shouldn't stop doing that
	331	* for compatibility reasons. */
0ad1271f	332	type ="tty";
49ebd11f	333	class = "user";
a4cd87e9	334	tty = NULL;
ee8545b0 LP	335	}
ee8545b0 LP	336
8e7705e5	337	/* If this fails vtnr will be 0, that's intended */
4d6d6518 LP	338	if (!isempty(cvtnr))
	339	safe_atou32(cvtnr, &vtnr);
	340
92bd5ff3	341	if (!isempty(display) && !vtnr) {
fc7985ed	342	if (isempty(seat))
6ef25fb6	343	get_seat_from_display(display, &seat, &vtnr);
fc7985ed	344	else if (streq(seat, "seat0"))
6ef25fb6	345	get_seat_from_display(display, NULL, &vtnr);
fc7985ed	346	}
4d6d6518	347
49ebd11f LP	348	if (seat && !streq(seat, "seat0") && vtnr != 0) {
49ebd11f LP	349	pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %d for %s which is not seat0", vtnr, seat);
d7353ef6 MM	350	vtnr = 0;
	351	}
	352
49ebd11f	353	if (isempty(type))
0ad1271f	354	type = !isempty(display) ? "x11" :
49ebd11f	355	!isempty(tty) ? "tty" : "unspecified";
98a28fef	356
55efac6c	357	if (isempty(class))
e2acb67b	358	class = streq(type, "unspecified") ? "background" : "user";
55efac6c LP	359
55efac6c LP	360	remote = !isempty(remote_host) &&
baae0358 LP	361	!streq_ptr(remote_host, "localhost") &&
baae0358 LP	362	!streq_ptr(remote_host, "localhost.localdomain");
98a28fef	363
4d49b48c	364	/* Talk to logind over the message bus */
5a330cda	365
ffcfcb6b ZJS	366	r = sd_bus_open_system(&bus);
	367	if (r < 0) {
	368	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
	369	return PAM_SESSION_ERR;
cc377381 LP	370	}
cc377381 LP	371
ce959314 MS	372	if (debug)
ce959314 MS	373	pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
a4cd87e9	374	"uid=%u pid=%u service=%s type=%s class=%s desktop=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
baae0358 LP	375	pw->pw_uid, getpid(),
baae0358 LP	376	strempty(service),
cda7ecb0	377	type, class, strempty(desktop),
a4cd87e9	378	strempty(seat), vtnr, strempty(tty), strempty(display),
baae0358	379	yes_no(remote), strempty(remote_user), strempty(remote_host));
ce959314	380
ffcfcb6b ZJS	381	r = sd_bus_call_method(bus,
	382	"org.freedesktop.login1",
	383	"/org/freedesktop/login1",
	384	"org.freedesktop.login1.Manager",
	385	"CreateSession",
	386	&error,
	387	&reply,
a4cd87e9	388	"uusssssussbssa(sv)",
baae0358 LP	389	(uint32_t) pw->pw_uid,
baae0358 LP	390	(uint32_t) getpid(),
a4cd87e9	391	service,
ffcfcb6b ZJS	392	type,
ffcfcb6b ZJS	393	class,
a4cd87e9 LP	394	desktop,
a4cd87e9 LP	395	seat,
ffcfcb6b ZJS	396	vtnr,
ffcfcb6b ZJS	397	tty,
a4cd87e9	398	display,
ffcfcb6b	399	remote,
a4cd87e9 LP	400	remote_user,
a4cd87e9 LP	401	remote_host,
ffcfcb6b ZJS	402	0);
ffcfcb6b ZJS	403	if (r < 0) {
8159d91a	404	pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
ffcfcb6b	405	return PAM_SYSTEM_ERR;
98a28fef	406	}
74fe1fe3	407
ffcfcb6b	408	r = sd_bus_message_read(reply,
baae0358	409	"soshusub",
ffcfcb6b ZJS	410	&id,
	411	&object_path,
	412	&runtime_path,
	413	&session_fd,
baae0358	414	&original_uid,
ffcfcb6b ZJS	415	&seat,
	416	&vtnr,
	417	&existing);
	418	if (r < 0) {
	419	pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", strerror(-r));
5a330cda	420	return PAM_SESSION_ERR;
98a28fef	421	}
74fe1fe3	422
ce959314 MS	423	if (debug)
ce959314 MS	424	pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
baae0358 LP	425	"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
baae0358 LP	426	id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);
ce959314	427
98a28fef LP	428	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
	429	if (r != PAM_SUCCESS) {
	430	pam_syslog(handle, LOG_ERR, "Failed to set session id.");
5a330cda	431	return r;
8c6db833 LP	432	}
8c6db833 LP	433
baae0358 LP	434	if (original_uid == pw->pw_uid) {
	435	/* Don't set $XDG_RUNTIME_DIR if the user we now
	436	* authenticated for does not match the original user
	437	* of the session. We do this in order not to result
	438	* in privileged apps clobbering the runtime directory
	439	* unnecessarily. */
	440
	441	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
	442	if (r != PAM_SUCCESS) {
	443	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	444	return r;
	445	}
8b255ecd KS	446
	447	r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
	448	if (r != PAM_SUCCESS)
	449	return r;
98a28fef	450	}
8c6db833	451
bbc73283 LP	452	if (!isempty(seat)) {
	453	r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
	454	if (r != PAM_SUCCESS) {
	455	pam_syslog(handle, LOG_ERR, "Failed to set seat.");
5a330cda	456	return r;
bbc73283 LP	457	}
	458	}
	459
	460	if (vtnr > 0) {
29d230f6	461	char buf[DECIMAL_STR_MAX(vtnr)];
baae0358	462	sprintf(buf, "%u", vtnr);
bbc73283 LP	463
	464	r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
	465	if (r != PAM_SUCCESS) {
	466	pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
5a330cda	467	return r;
bbc73283 LP	468	}
	469	}
	470
77085881 LP	471	r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
	472	if (r != PAM_SUCCESS) {
	473	pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
5a330cda	474	return r;
77085881 LP	475	}
77085881 LP	476
21c390cc	477	if (session_fd >= 0) {
5a330cda ZJS	478	session_fd = dup(session_fd);
	479	if (session_fd < 0) {
	480	pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
	481	return PAM_SESSION_ERR;
	482	}
	483
21c390cc LP	484	r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
	485	if (r != PAM_SUCCESS) {
	486	pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
5a330cda ZJS	487	close_nointr_nofail(session_fd);
5a330cda ZJS	488	return r;
21c390cc	489	}
98a28fef	490	}
8c6db833	491
ffcfcb6b	492	return PAM_SUCCESS;
98a28fef	493	}
8c6db833	494
98a28fef LP	495	_public_ PAM_EXTERN int pam_sm_close_session(
	496	pam_handle_t *handle,
	497	int flags,
	498	int argc, const char **argv) {
8c6db833	499
29d230f6	500	_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
29d230f6	501	_cleanup_bus_unref_ sd_bus *bus = NULL;
5f41d1f1	502	const void *existing = NULL;
75c8e3cf	503	const char *id;
75c8e3cf	504	int r;
8c6db833	505
ffcfcb6b	506	assert(handle);
75c8e3cf	507
77085881 LP	508	/* Only release session if it wasn't pre-existing when we
	509	* tried to create it */
	510	pam_get_data(handle, "systemd.existing", &existing);
	511
75c8e3cf	512	id = pam_getenv(handle, "XDG_SESSION_ID");
77085881	513	if (id && !existing) {
75c8e3cf LP	514
	515	/* Before we go and close the FIFO we need to tell
	516	* logind that this is a clean session shutdown, so
	517	* that it doesn't just go and slaughter us
	518	* immediately after closing the fd */
	519
ffcfcb6b ZJS	520	r = sd_bus_open_system(&bus);
ffcfcb6b ZJS	521	if (r < 0) {
5f41d1f1 LP	522	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
5f41d1f1 LP	523	return PAM_SESSION_ERR;
75c8e3cf LP	524	}
75c8e3cf LP	525
ffcfcb6b ZJS	526	r = sd_bus_call_method(bus,
	527	"org.freedesktop.login1",
	528	"/org/freedesktop/login1",
	529	"org.freedesktop.login1.Manager",
	530	"ReleaseSession",
	531	&error,
	532	NULL,
	533	"s",
	534	id);
	535	if (r < 0) {
5f41d1f1 LP	536	pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error, r));
5f41d1f1 LP	537	return PAM_SESSION_ERR;
75c8e3cf LP	538	}
	539	}
	540
5f41d1f1 LP	541	/* Note that we are knowingly leaking the FIFO fd here. This
	542	* way, logind can watch us die. If we closed it here it would
	543	* not have any clue when that is completed. Given that one
	544	* cannot really have multiple PAM sessions open from the same
	545	* process this means we will leak one FD at max. */
75c8e3cf	546
5f41d1f1	547	return PAM_SUCCESS;
8c6db833	548	}