[thirdparty/systemd.git] / src / login / pam-module.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <errno.h>
#include <fcntl.h>
#include <sys/file.h>
#include <pwd.h>
#include <endian.h>
#include <sys/capability.h>

#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include <security/pam_misc.h>

#include <systemd/sd-daemon.h>

#include "util.h"
#include "macro.h"
#include "strv.h"
#include "dbus-common.h"
#include "def.h"
#include "socket-util.h"

static int parse_argv(pam_handle_t *handle,
                      int argc, const char **argv,
                      char ***controllers,
                      char ***reset_controllers,
                      bool *kill_processes,
                      char ***kill_only_users,
                      char ***kill_exclude_users,
                      bool *debug) {

        unsigned i;

        assert(argc >= 0);
        assert(argc == 0 || argv);

        for (i = 0; i < (unsigned) argc; i++) {
                int k;

                if (startswith(argv[i], "kill-session-processes=")) {
                        if ((k = parse_boolean(argv[i] + 23)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "kill-session=")) {
                        /* As compatibility for old versions */

                        if ((k = parse_boolean(argv[i] + 13)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
                                return k;
                        }

                        if (kill_processes)
                                *kill_processes = k;

                } else if (startswith(argv[i], "controllers=")) {

                        if (controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 12, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*controllers);
                                *controllers = l;
                        }

                } else if (startswith(argv[i], "reset-controllers=")) {

                        if (reset_controllers) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 18, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*reset_controllers);
                                *reset_controllers = l;
                        }

                } else if (startswith(argv[i], "kill-only-users=")) {

                        if (kill_only_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 16, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_only_users);
                                *kill_only_users = l;
                        }

                } else if (startswith(argv[i], "kill-exclude-users=")) {

                        if (kill_exclude_users) {
                                char **l;

                                if (!(l = strv_split(argv[i] + 19, ","))) {
                                        pam_syslog(handle, LOG_ERR, "Out of memory.");
                                        return -ENOMEM;
                                }

                                strv_free(*kill_exclude_users);
                                *kill_exclude_users = l;
                        }

                } else if (startswith(argv[i], "debug=")) {
                        if ((k = parse_boolean(argv[i] + 6)) < 0) {
                                pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
                                return k;
                        }

                        if (debug)
                                *debug = k;

                } else if (startswith(argv[i], "create-session=") ||
                           startswith(argv[i], "kill-user=")) {

                        pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);

                } else {
                        pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
                        return -EINVAL;
                }
        }

        return 0;
}

static int get_user_data(
                pam_handle_t *handle,
                const char **ret_username,
                struct passwd **ret_pw) {

        const char *username = NULL;
        struct passwd *pw = NULL;
        uid_t uid;
        int r;

        assert(handle);
        assert(ret_username);
        assert(ret_pw);

        r = audit_loginuid_from_pid(0, &uid);
        if (r >= 0)
                pw = pam_modutil_getpwuid(handle, uid);
        else {
                r = pam_get_user(handle, &username, NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                        return r;
                }

                if (isempty(username)) {
                        pam_syslog(handle, LOG_ERR, "User name not valid.");
                        return PAM_AUTH_ERR;
                }

                pw = pam_modutil_getpwnam(handle, username);
        }

        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;
        }

        *ret_pw = pw;
        *ret_username = username ? username : pw->pw_name;

        return PAM_SUCCESS;
}

static bool check_user_lists(
                pam_handle_t *handle,
                uid_t uid,
                char **kill_only_users,
                char **kill_exclude_users) {

        const char *name = NULL;
        char **l;

        assert(handle);

        if (uid == 0)
                name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
        else {
                struct passwd *pw;

                pw = pam_modutil_getpwuid(handle, uid);
                if (pw)
                        name = pw->pw_name;
        }

        STRV_FOREACH(l, kill_exclude_users) {
                uid_t u;

                if (parse_uid(*l, &u) >= 0)
                        if (u == uid)
                                return false;

                if (name && streq(name, *l))
                        return false;
        }

        if (strv_isempty(kill_only_users))
                return true;

        STRV_FOREACH(l, kill_only_users) {
                uid_t u;

                if (parse_uid(*l, &u) >= 0)
                        if (u == uid)
                                return true;

                if (name && streq(name, *l))
                        return true;
        }

        return false;
}

static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
        char *p = NULL;
        int r;
        int fd;
        union sockaddr_union sa;
        struct ucred ucred;
        socklen_t l;
        char *tty;
        int v;

        assert(display);
        assert(vtnr);

        /* We deduce the X11 socket from the display name, then use
         * SO_PEERCRED to determine the X11 server process, ask for
         * the controlling tty of that and if it's a VC then we know
         * the seat and the virtual terminal. Sounds ugly, is only
         * semi-ugly. */

        r = socket_from_display(display, &p);
        if (r < 0)
                return r;

        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0) {
                free(p);
                return -errno;
        }

        zero(sa);
        sa.un.sun_family = AF_UNIX;
        strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
        free(p);

        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
                close_nointr_nofail(fd);
                return -errno;
        }

        l = sizeof(ucred);
        r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
        close_nointr_nofail(fd);

        if (r < 0)
                return -errno;

        r = get_ctty(ucred.pid, NULL, &tty);
        if (r < 0)
                return r;

        v = vtnr_from_tty(tty);
        free(tty);

        if (v < 0)
                return v;
        else if (v == 0)
                return -ENOENT;

        if (seat)
                *seat = "seat0";
        *vtnr = (uint32_t) v;

        return 0;
}

_public_ PAM_EXTERN int pam_sm_open_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        struct passwd *pw;
        bool kill_processes = false, debug = false;
        const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type, *cvtnr = NULL;
        char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL;
        DBusError error;
        uint32_t uid, pid;
        DBusMessageIter iter;
        dbus_bool_t kp;
        int session_fd = -1;
        DBusConnection *bus = NULL;
        DBusMessage *m = NULL, *reply = NULL;
        dbus_bool_t remote;
        int r;
        uint32_t vtnr = 0;

        assert(handle);

        dbus_error_init(&error);

        /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */

        /* Make this a NOP on non-systemd systems */
        if (sd_booted() <= 0)
                return PAM_SUCCESS;

        if (parse_argv(handle,
                       argc, argv,
                       &controllers, &reset_controllers,
                       &kill_processes, &kill_only_users, &kill_exclude_users,
                       &debug) < 0) {
                r = PAM_SESSION_ERR;
                goto finish;
        }

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS)
                goto finish;

        /* Make sure we don't enter a loop by talking to
         * systemd-logind when it is actually waiting for the
         * background to finish start-up. If the service is
         * "systemd-shared" we simply set XDG_RUNTIME_DIR and
         * leave. */

        pam_get_item(handle, PAM_SERVICE, (const void**) &service);
        if (streq_ptr(service, "systemd-shared")) {
                char *p, *rt = NULL;

                if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
                        r = PAM_BUF_ERR;
                        goto finish;
                }

                r = parse_env_file(p, NEWLINE,
                                   "RUNTIME", &rt,
                                   NULL);
                free(p);

                if (r < 0 && r != -ENOENT) {
                        r = PAM_SESSION_ERR;
                        free(rt);
                        goto finish;
                }

                if (rt)  {
                        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
                        free(rt);

                        if (r != PAM_SUCCESS) {
                                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                                goto finish;
                        }
                }

                r = PAM_SUCCESS;
                goto finish;
        }

        if (kill_processes)
                kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);

        dbus_connection_set_change_sigpipe(FALSE);

        bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
        if (!bus) {
                pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        m = dbus_message_new_method_call(
                        "org.freedesktop.login1",
                        "/org/freedesktop/login1",
                        "org.freedesktop.login1.Manager",
                        "CreateSession");

        if (!m) {
                pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        uid = pw->pw_uid;
        pid = getpid();

        pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
        pam_get_item(handle, PAM_TTY, (const void**) &tty);
        pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
        pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
        seat = pam_getenv(handle, "XDG_SEAT");
        cvtnr = pam_getenv(handle, "XDG_VTNR");

        service = strempty(service);
        tty = strempty(tty);
        display = strempty(display);
        remote_user = strempty(remote_user);
        remote_host = strempty(remote_host);
        seat = strempty(seat);

        if (strchr(tty, ':')) {
                /* A tty with a colon is usually an X11 display, place
                 * there to show up in utmp. We rearrange things and
                 * don't pretend that an X display was a tty */

                if (isempty(display))
                        display = tty;
                tty = "";
        } else if (streq(tty, "cron")) {
                /* cron has been setting PAM_TTY to "cron" for a very long time
                 * and it cannot stop doing that for compatibility reasons. */
                tty = "";
        }

        if (!isempty(cvtnr))
                safe_atou32(cvtnr, &vtnr);

        if (!isempty(display) && vtnr <= 0) {
                if (isempty(seat))
                        get_seat_from_display(handle, display, &seat, &vtnr);
                else if (streq(seat, "seat0"))
                        get_seat_from_display(handle, display, NULL, &vtnr);
        }

        type = !isempty(display) ? "x11" :
                   !isempty(tty) ? "tty" : "unspecified";

        remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");

        if (!dbus_message_append_args(m,
                                      DBUS_TYPE_UINT32, &uid,
                                      DBUS_TYPE_UINT32, &pid,
                                      DBUS_TYPE_STRING, &service,
                                      DBUS_TYPE_STRING, &type,
                                      DBUS_TYPE_STRING, &seat,
                                      DBUS_TYPE_UINT32, &vtnr,
                                      DBUS_TYPE_STRING, &tty,
                                      DBUS_TYPE_STRING, &display,
                                      DBUS_TYPE_BOOLEAN, &remote,
                                      DBUS_TYPE_STRING, &remote_user,
                                      DBUS_TYPE_STRING, &remote_host,
                                      DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        dbus_message_iter_init_append(m, &iter);

        r = bus_append_strv_iter(&iter, controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        r = bus_append_strv_iter(&iter, reset_controllers);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        kp = kill_processes;
        if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
                pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
                r = PAM_BUF_ERR;
                goto finish;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
                           "uid=%u pid=%u service=%s type=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
                           uid, pid, service, type, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host);

        reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
        if (!reply) {
                pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        if (!dbus_message_get_args(reply, &error,
                                   DBUS_TYPE_STRING, &id,
                                   DBUS_TYPE_OBJECT_PATH, &object_path,
                                   DBUS_TYPE_STRING, &runtime_path,
                                   DBUS_TYPE_UNIX_FD, &session_fd,
                                   DBUS_TYPE_STRING, &seat,
                                   DBUS_TYPE_UINT32, &vtnr,
                                   DBUS_TYPE_INVALID)) {
                pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
                r = PAM_SESSION_ERR;
                goto finish;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
                           "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u",
                           id, object_path, runtime_path, session_fd, seat, vtnr);

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set session id.");
                goto finish;
        }

        r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                goto finish;
        }

        if (!isempty(seat)) {
                r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set seat.");
                        goto finish;
                }
        }

        if (vtnr > 0) {
                char buf[11];
                snprintf(buf, sizeof(buf), "%u", vtnr);
                char_array_0(buf);

                r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
                        goto finish;
                }
        }

        if (session_fd >= 0) {
                r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
                        return r;
                }
        }

        session_fd = -1;

        r = PAM_SUCCESS;

finish:
        strv_free(controllers);
        strv_free(reset_controllers);
        strv_free(kill_only_users);
        strv_free(kill_exclude_users);

        dbus_error_free(&error);

        if (bus) {
                dbus_connection_close(bus);
                dbus_connection_unref(bus);
        }

        if (m)
                dbus_message_unref(m);

        if (reply)
                dbus_message_unref(reply);

        if (session_fd >= 0)
                close_nointr_nofail(session_fd);

        return r;
}

_public_ PAM_EXTERN int pam_sm_close_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        const void *p = NULL;

        pam_get_data(handle, "systemd.session-fd", &p);

        if (p)
                close_nointr(PTR_TO_INT(p) - 1);

        return PAM_SUCCESS;
}
Commit	Line	Data
d6c9574f	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
8c6db833 LP	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2010 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU General Public License as published by
	10	the Free Software Foundation; either version 2 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	General Public License for more details.
	17
	18	You should have received a copy of the GNU General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <errno.h>
	23	#include <fcntl.h>
	24	#include <sys/file.h>
	25	#include <pwd.h>
a838e6a1	26	#include <endian.h>
ac123445	27	#include <sys/capability.h>
8c6db833 LP	28
	29	#include <security/pam_modules.h>
	30	#include <security/_pam_macros.h>
	31	#include <security/pam_modutil.h>
	32	#include <security/pam_ext.h>
	33	#include <security/pam_misc.h>
	34
81527be1 LP	35	#include <systemd/sd-daemon.h>
81527be1 LP	36
8c6db833	37	#include "util.h"
8c6db833	38	#include "macro.h"
74fe1fe3	39	#include "strv.h"
98a28fef LP	40	#include "dbus-common.h"
98a28fef LP	41	#include "def.h"
4d6d6518	42	#include "socket-util.h"
8c6db833 LP	43
	44	static int parse_argv(pam_handle_t *handle,
	45	int argc, const char **argv,
b20c6be6	46	char ***controllers,
e9fbc77c	47	char ***reset_controllers,
98a28fef	48	bool *kill_processes,
e9fbc77c	49	char ***kill_only_users,
0e318cad MS	50	char ***kill_exclude_users,
0e318cad MS	51	bool *debug) {
8c6db833 LP	52
	53	unsigned i;
	54
	55	assert(argc >= 0);
	56	assert(argc == 0 \|\| argv);
	57
	58	for (i = 0; i < (unsigned) argc; i++) {
	59	int k;
	60
c36eecdf LP	61	if (startswith(argv[i], "kill-session-processes=")) {
	62	if ((k = parse_boolean(argv[i] + 23)) < 0) {
	63	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
8c6db833 LP	64	return k;
	65	}
	66
98a28fef LP	67	if (kill_processes)
98a28fef LP	68	*kill_processes = k;
74fe1fe3	69
8c6db833	70	} else if (startswith(argv[i], "kill-session=")) {
98a28fef LP	71	/* As compatibility for old versions */
98a28fef LP	72
8c6db833 LP	73	if ((k = parse_boolean(argv[i] + 13)) < 0) {
	74	pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
	75	return k;
	76	}
	77
98a28fef LP	78	if (kill_processes)
98a28fef LP	79	*kill_processes = k;
74fe1fe3 LP	80
	81	} else if (startswith(argv[i], "controllers=")) {
	82
	83	if (controllers) {
	84	char **l;
	85
	86	if (!(l = strv_split(argv[i] + 12, ","))) {
	87	pam_syslog(handle, LOG_ERR, "Out of memory.");
	88	return -ENOMEM;
	89	}
	90
	91	strv_free(*controllers);
	92	*controllers = l;
	93	}
	94
b20c6be6 LP	95	} else if (startswith(argv[i], "reset-controllers=")) {
	96
	97	if (reset_controllers) {
	98	char **l;
	99
	100	if (!(l = strv_split(argv[i] + 18, ","))) {
	101	pam_syslog(handle, LOG_ERR, "Out of memory.");
	102	return -ENOMEM;
	103	}
	104
	105	strv_free(*reset_controllers);
	106	*reset_controllers = l;
	107	}
	108
e9fbc77c LP	109	} else if (startswith(argv[i], "kill-only-users=")) {
	110
	111	if (kill_only_users) {
	112	char **l;
	113
	114	if (!(l = strv_split(argv[i] + 16, ","))) {
	115	pam_syslog(handle, LOG_ERR, "Out of memory.");
	116	return -ENOMEM;
	117	}
	118
	119	strv_free(*kill_only_users);
	120	*kill_only_users = l;
	121	}
	122
	123	} else if (startswith(argv[i], "kill-exclude-users=")) {
	124
	125	if (kill_exclude_users) {
	126	char **l;
	127
	128	if (!(l = strv_split(argv[i] + 19, ","))) {
	129	pam_syslog(handle, LOG_ERR, "Out of memory.");
	130	return -ENOMEM;
	131	}
	132
	133	strv_free(*kill_exclude_users);
	134	*kill_exclude_users = l;
	135	}
	136
0e318cad MS	137	} else if (startswith(argv[i], "debug=")) {
	138	if ((k = parse_boolean(argv[i] + 6)) < 0) {
	139	pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
	140	return k;
	141	}
	142
	143	if (debug)
	144	*debug = k;
	145
98a28fef LP	146	} else if (startswith(argv[i], "create-session=") \|\|
	147	startswith(argv[i], "kill-user=")) {
	148
	149	pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);
	150
8c6db833 LP	151	} else {
	152	pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
	153	return -EINVAL;
	154	}
	155	}
	156
8c6db833 LP	157	return 0;
	158	}
	159
8c6db833 LP	160	static int get_user_data(
	161	pam_handle_t *handle,
	162	const char **ret_username,
	163	struct passwd **ret_pw) {
	164
d90b9d27 LP	165	const char *username = NULL;
d90b9d27 LP	166	struct passwd *pw = NULL;
87d2c1ff	167	uid_t uid;
8c6db833 LP	168	int r;
	169
	170	assert(handle);
	171	assert(ret_username);
	172	assert(ret_pw);
	173
87d2c1ff LP	174	r = audit_loginuid_from_pid(0, &uid);
	175	if (r >= 0)
	176	pw = pam_modutil_getpwuid(handle, uid);
	177	else {
	178	r = pam_get_user(handle, &username, NULL);
	179	if (r != PAM_SUCCESS) {
d90b9d27 LP	180	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
	181	return r;
	182	}
	183
87d2c1ff	184	if (isempty(username)) {
d90b9d27 LP	185	pam_syslog(handle, LOG_ERR, "User name not valid.");
	186	return PAM_AUTH_ERR;
	187	}
	188
	189	pw = pam_modutil_getpwnam(handle, username);
8c6db833 LP	190	}
8c6db833 LP	191
d90b9d27	192	if (!pw) {
8c6db833 LP	193	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	194	return PAM_USER_UNKNOWN;
	195	}
	196
	197	*ret_pw = pw;
d90b9d27	198	*ret_username = username ? username : pw->pw_name;
8c6db833 LP	199
	200	return PAM_SUCCESS;
	201	}
	202
e9fbc77c LP	203	static bool check_user_lists(
	204	pam_handle_t *handle,
	205	uid_t uid,
	206	char **kill_only_users,
	207	char **kill_exclude_users) {
	208
	209	const char *name = NULL;
	210	char **l;
	211
	212	assert(handle);
	213
	214	if (uid == 0)
	215	name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
	216	else {
	217	struct passwd *pw;
	218
98a28fef LP	219	pw = pam_modutil_getpwuid(handle, uid);
98a28fef LP	220	if (pw)
e9fbc77c LP	221	name = pw->pw_name;
	222	}
	223
	224	STRV_FOREACH(l, kill_exclude_users) {
ddd88763	225	uid_t u;
e9fbc77c	226
ddd88763 LP	227	if (parse_uid(*l, &u) >= 0)
ddd88763 LP	228	if (u == uid)
e9fbc77c LP	229	return false;
	230
	231	if (name && streq(name, *l))
	232	return false;
	233	}
	234
	235	if (strv_isempty(kill_only_users))
	236	return true;
	237
	238	STRV_FOREACH(l, kill_only_users) {
ddd88763	239	uid_t u;
e9fbc77c	240
ddd88763 LP	241	if (parse_uid(*l, &u) >= 0)
ddd88763 LP	242	if (u == uid)
e9fbc77c LP	243	return true;
	244
	245	if (name && streq(name, *l))
	246	return true;
	247	}
	248
	249	return false;
	250	}
	251
4d6d6518 LP	252	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {
	253	char *p = NULL;
	254	int r;
	255	int fd;
	256	union sockaddr_union sa;
	257	struct ucred ucred;
	258	socklen_t l;
	259	char *tty;
	260	int v;
	261
	262	assert(display);
4d6d6518 LP	263	assert(vtnr);
	264
	265	/* We deduce the X11 socket from the display name, then use
	266	* SO_PEERCRED to determine the X11 server process, ask for
	267	* the controlling tty of that and if it's a VC then we know
	268	* the seat and the virtual terminal. Sounds ugly, is only
	269	* semi-ugly. */
	270
	271	r = socket_from_display(display, &p);
	272	if (r < 0)
	273	return r;
	274
	275	fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);
	276	if (fd < 0) {
	277	free(p);
	278	return -errno;
	279	}
	280
	281	zero(sa);
	282	sa.un.sun_family = AF_UNIX;
	283	strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
	284	free(p);
	285
	286	if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
	287	close_nointr_nofail(fd);
	288	return -errno;
	289	}
	290
	291	l = sizeof(ucred);
	292	r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
	293	close_nointr_nofail(fd);
	294
	295	if (r < 0)
	296	return -errno;
	297
	298	r = get_ctty(ucred.pid, NULL, &tty);
	299	if (r < 0)
	300	return r;
	301
	302	v = vtnr_from_tty(tty);
	303	free(tty);
	304
	305	if (v < 0)
	306	return v;
	307	else if (v == 0)
	308	return -ENOENT;
	309
fc7985ed LP	310	if (seat)
fc7985ed LP	311	*seat = "seat0";
4d6d6518 LP	312	*vtnr = (uint32_t) v;
	313
	314	return 0;
	315	}
	316
98a28fef	317	_public_ PAM_EXTERN int pam_sm_open_session(
8c6db833 LP	318	pam_handle_t *handle,
	319	int flags,
	320	int argc, const char **argv) {
	321
8c6db833	322	struct passwd *pw;
98a28fef	323	bool kill_processes = false, debug = false;
4d6d6518	324	const char username, id, object_path, runtime_path, service = NULL, tty = NULL, display = NULL, remote_user = NULL, remote_host = NULL, seat = NULL, type, cvtnr = NULL;
98a28fef	325	char controllers = NULL, reset_controllers = NULL, kill_only_users = NULL, kill_exclude_users = NULL;
98a28fef LP	326	DBusError error;
	327	uint32_t uid, pid;
	328	DBusMessageIter iter;
	329	dbus_bool_t kp;
98a28fef LP	330	int session_fd = -1;
	331	DBusConnection *bus = NULL;
	332	DBusMessage m = NULL, reply = NULL;
	333	dbus_bool_t remote;
ed18b08b	334	int r;
4d6d6518	335	uint32_t vtnr = 0;
8c6db833 LP	336
	337	assert(handle);
	338
98a28fef LP	339	dbus_error_init(&error);
98a28fef LP	340
ed18b08b	341	/* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
98a28fef	342
8c6db833 LP	343	/* Make this a NOP on non-systemd systems */
	344	if (sd_booted() <= 0)
	345	return PAM_SUCCESS;
	346
e9fbc77c LP	347	if (parse_argv(handle,
e9fbc77c LP	348	argc, argv,
98a28fef LP	349	&controllers, &reset_controllers,
98a28fef LP	350	&kill_processes, &kill_only_users, &kill_exclude_users,
ed18b08b LP	351	&debug) < 0) {
	352	r = PAM_SESSION_ERR;
	353	goto finish;
	354	}
74fe1fe3	355
98a28fef LP	356	r = get_user_data(handle, &username, &pw);
98a28fef LP	357	if (r != PAM_SUCCESS)
8c6db833 LP	358	goto finish;
8c6db833 LP	359
30b2c336 LP	360	/* Make sure we don't enter a loop by talking to
	361	* systemd-logind when it is actually waiting for the
	362	* background to finish start-up. If the service is
	363	* "systemd-shared" we simply set XDG_RUNTIME_DIR and
	364	* leave. */
	365
	366	pam_get_item(handle, PAM_SERVICE, (const void**) &service);
	367	if (streq_ptr(service, "systemd-shared")) {
	368	char p, rt = NULL;
	369
	370	if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
	371	r = PAM_BUF_ERR;
	372	goto finish;
	373	}
	374
	375	r = parse_env_file(p, NEWLINE,
	376	"RUNTIME", &rt,
	377	NULL);
	378	free(p);
	379
	380	if (r < 0 && r != -ENOENT) {
	381	r = PAM_SESSION_ERR;
	382	free(rt);
	383	goto finish;
	384	}
	385
	386	if (rt) {
	387	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
	388	free(rt);
	389
	390	if (r != PAM_SUCCESS) {
	391	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	392	goto finish;
	393	}
	394	}
	395
	396	r = PAM_SUCCESS;
	397	goto finish;
	398	}
	399
98a28fef LP	400	if (kill_processes)
98a28fef LP	401	kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
1f73f0f1	402
ed18b08b LP	403	dbus_connection_set_change_sigpipe(FALSE);
ed18b08b LP	404
98a28fef LP	405	bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
	406	if (!bus) {
	407	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
	408	r = PAM_SESSION_ERR;
8c6db833 LP	409	goto finish;
	410	}
	411
98a28fef LP	412	m = dbus_message_new_method_call(
	413	"org.freedesktop.login1",
	414	"/org/freedesktop/login1",
	415	"org.freedesktop.login1.Manager",
	416	"CreateSession");
74fe1fe3	417
98a28fef LP	418	if (!m) {
98a28fef LP	419	pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
8c6db833 LP	420	r = PAM_BUF_ERR;
	421	goto finish;
	422	}
	423
98a28fef LP	424	uid = pw->pw_uid;
	425	pid = getpid();
	426
98a28fef LP	427	pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
	428	pam_get_item(handle, PAM_TTY, (const void**) &tty);
	429	pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
	430	pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
bbc73283 LP	431	seat = pam_getenv(handle, "XDG_SEAT");
bbc73283 LP	432	cvtnr = pam_getenv(handle, "XDG_VTNR");
98a28fef	433
ed18b08b LP	434	service = strempty(service);
	435	tty = strempty(tty);
	436	display = strempty(display);
	437	remote_user = strempty(remote_user);
	438	remote_host = strempty(remote_host);
	439	seat = strempty(seat);
98a28fef	440
ee8545b0 LP	441	if (strchr(tty, ':')) {
	442	/* A tty with a colon is usually an X11 display, place
	443	* there to show up in utmp. We rearrange things and
	444	* don't pretend that an X display was a tty */
	445
	446	if (isempty(display))
	447	display = tty;
cd58752a	448	tty = "";
1a4459d6 MS	449	} else if (streq(tty, "cron")) {
	450	/* cron has been setting PAM_TTY to "cron" for a very long time
	451	* and it cannot stop doing that for compatibility reasons. */
	452	tty = "";
ee8545b0 LP	453	}
ee8545b0 LP	454
4d6d6518 LP	455	if (!isempty(cvtnr))
	456	safe_atou32(cvtnr, &vtnr);
	457
fc7985ed LP	458	if (!isempty(display) && vtnr <= 0) {
	459	if (isempty(seat))
	460	get_seat_from_display(handle, display, &seat, &vtnr);
	461	else if (streq(seat, "seat0"))
	462	get_seat_from_display(handle, display, NULL, &vtnr);
	463	}
4d6d6518	464
98a28fef	465	type = !isempty(display) ? "x11" :
1dc99537	466	!isempty(tty) ? "tty" : "unspecified";
98a28fef LP	467
	468	remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
	469
	470	if (!dbus_message_append_args(m,
	471	DBUS_TYPE_UINT32, &uid,
	472	DBUS_TYPE_UINT32, &pid,
	473	DBUS_TYPE_STRING, &service,
	474	DBUS_TYPE_STRING, &type,
	475	DBUS_TYPE_STRING, &seat,
4d6d6518	476	DBUS_TYPE_UINT32, &vtnr,
98a28fef LP	477	DBUS_TYPE_STRING, &tty,
	478	DBUS_TYPE_STRING, &display,
	479	DBUS_TYPE_BOOLEAN, &remote,
	480	DBUS_TYPE_STRING, &remote_user,
	481	DBUS_TYPE_STRING, &remote_host,
	482	DBUS_TYPE_INVALID)) {
	483	pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
	484	r = PAM_BUF_ERR;
	485	goto finish;
	486	}
8c6db833	487
98a28fef	488	dbus_message_iter_init_append(m, &iter);
8c6db833	489
98a28fef LP	490	r = bus_append_strv_iter(&iter, controllers);
	491	if (r < 0) {
	492	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	493	r = PAM_BUF_ERR;
	494	goto finish;
	495	}
672c48cc	496
98a28fef LP	497	r = bus_append_strv_iter(&iter, reset_controllers);
	498	if (r < 0) {
	499	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	500	r = PAM_BUF_ERR;
	501	goto finish;
	502	}
672c48cc	503
98a28fef LP	504	kp = kill_processes;
	505	if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
	506	pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
	507	r = PAM_BUF_ERR;
	508	goto finish;
	509	}
8c6db833	510
ce959314 MS	511	if (debug)
	512	pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
	513	"uid=%u pid=%u service=%s type=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
	514	uid, pid, service, type, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host);
	515
98a28fef LP	516	reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
	517	if (!reply) {
	518	pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
	519	r = PAM_SESSION_ERR;
	520	goto finish;
	521	}
74fe1fe3	522
98a28fef LP	523	if (!dbus_message_get_args(reply, &error,
	524	DBUS_TYPE_STRING, &id,
	525	DBUS_TYPE_OBJECT_PATH, &object_path,
	526	DBUS_TYPE_STRING, &runtime_path,
	527	DBUS_TYPE_UNIX_FD, &session_fd,
bbc73283 LP	528	DBUS_TYPE_STRING, &seat,
bbc73283 LP	529	DBUS_TYPE_UINT32, &vtnr,
98a28fef LP	530	DBUS_TYPE_INVALID)) {
	531	pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
	532	r = PAM_SESSION_ERR;
	533	goto finish;
	534	}
74fe1fe3	535
ce959314 MS	536	if (debug)
	537	pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
	538	"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u",
	539	id, object_path, runtime_path, session_fd, seat, vtnr);
	540
98a28fef LP	541	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
	542	if (r != PAM_SUCCESS) {
	543	pam_syslog(handle, LOG_ERR, "Failed to set session id.");
	544	goto finish;
8c6db833 LP	545	}
8c6db833 LP	546
98a28fef LP	547	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
	548	if (r != PAM_SUCCESS) {
	549	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	550	goto finish;
	551	}
8c6db833	552
bbc73283 LP	553	if (!isempty(seat)) {
	554	r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
	555	if (r != PAM_SUCCESS) {
	556	pam_syslog(handle, LOG_ERR, "Failed to set seat.");
	557	goto finish;
	558	}
	559	}
	560
	561	if (vtnr > 0) {
	562	char buf[11];
	563	snprintf(buf, sizeof(buf), "%u", vtnr);
	564	char_array_0(buf);
	565
	566	r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
	567	if (r != PAM_SUCCESS) {
	568	pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
	569	goto finish;
	570	}
	571	}
	572
21c390cc LP	573	if (session_fd >= 0) {
	574	r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
	575	if (r != PAM_SUCCESS) {
	576	pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
	577	return r;
	578	}
98a28fef	579	}
8c6db833	580
98a28fef	581	session_fd = -1;
8c6db833	582
98a28fef	583	r = PAM_SUCCESS;
8c6db833	584
98a28fef LP	585	finish:
	586	strv_free(controllers);
	587	strv_free(reset_controllers);
	588	strv_free(kill_only_users);
	589	strv_free(kill_exclude_users);
8c6db833	590
98a28fef	591	dbus_error_free(&error);
35d2e7ec	592
98a28fef LP	593	if (bus) {
	594	dbus_connection_close(bus);
	595	dbus_connection_unref(bus);
8c6db833 LP	596	}
8c6db833 LP	597
98a28fef LP	598	if (m)
98a28fef LP	599	dbus_message_unref(m);
8c6db833	600
ed18b08b LP	601	if (reply)
	602	dbus_message_unref(reply);
	603
98a28fef LP	604	if (session_fd >= 0)
98a28fef LP	605	close_nointr_nofail(session_fd);
672c48cc	606
98a28fef LP	607	return r;
98a28fef LP	608	}
8c6db833	609
98a28fef LP	610	_public_ PAM_EXTERN int pam_sm_close_session(
	611	pam_handle_t *handle,
	612	int flags,
	613	int argc, const char **argv) {
8c6db833	614
98a28fef	615	const void *p = NULL;
8c6db833	616
98a28fef	617	pam_get_data(handle, "systemd.session-fd", &p);
74fe1fe3	618
98a28fef LP	619	if (p)
98a28fef LP	620	close_nointr(PTR_TO_INT(p) - 1);
1f73f0f1	621
98a28fef	622	return PAM_SUCCESS;
8c6db833	623	}