chiark / gitweb /
logind: add service for per-user shared systemd daemon
[elogind.git] / src / pam-module.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2010 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU General Public License as published by
10   the Free Software Foundation; either version 2 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   General Public License for more details.
17
18   You should have received a copy of the GNU General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <sys/file.h>
25 #include <pwd.h>
26 #include <endian.h>
27 #include <sys/capability.h>
28
29 #include <security/pam_modules.h>
30 #include <security/_pam_macros.h>
31 #include <security/pam_modutil.h>
32 #include <security/pam_ext.h>
33 #include <security/pam_misc.h>
34
35 #include "util.h"
36 #include "macro.h"
37 #include "sd-daemon.h"
38 #include "strv.h"
39 #include "dbus-common.h"
40 #include "def.h"
41 #include "socket-util.h"
42
43 static int parse_argv(pam_handle_t *handle,
44                       int argc, const char **argv,
45                       char ***controllers,
46                       char ***reset_controllers,
47                       bool *kill_processes,
48                       char ***kill_only_users,
49                       char ***kill_exclude_users,
50                       bool *debug) {
51
52         unsigned i;
53
54         assert(argc >= 0);
55         assert(argc == 0 || argv);
56
57         for (i = 0; i < (unsigned) argc; i++) {
58                 int k;
59
60                 if (startswith(argv[i], "kill-session-processes=")) {
61                         if ((k = parse_boolean(argv[i] + 23)) < 0) {
62                                 pam_syslog(handle, LOG_ERR, "Failed to parse kill-session-processes= argument.");
63                                 return k;
64                         }
65
66                         if (kill_processes)
67                                 *kill_processes = k;
68
69                 } else if (startswith(argv[i], "kill-session=")) {
70                         /* As compatibility for old versions */
71
72                         if ((k = parse_boolean(argv[i] + 13)) < 0) {
73                                 pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
74                                 return k;
75                         }
76
77                         if (kill_processes)
78                                 *kill_processes = k;
79
80                 } else if (startswith(argv[i], "controllers=")) {
81
82                         if (controllers) {
83                                 char **l;
84
85                                 if (!(l = strv_split(argv[i] + 12, ","))) {
86                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
87                                         return -ENOMEM;
88                                 }
89
90                                 strv_free(*controllers);
91                                 *controllers = l;
92                         }
93
94                 } else if (startswith(argv[i], "reset-controllers=")) {
95
96                         if (reset_controllers) {
97                                 char **l;
98
99                                 if (!(l = strv_split(argv[i] + 18, ","))) {
100                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
101                                         return -ENOMEM;
102                                 }
103
104                                 strv_free(*reset_controllers);
105                                 *reset_controllers = l;
106                         }
107
108                 } else if (startswith(argv[i], "kill-only-users=")) {
109
110                         if (kill_only_users) {
111                                 char **l;
112
113                                 if (!(l = strv_split(argv[i] + 16, ","))) {
114                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
115                                         return -ENOMEM;
116                                 }
117
118                                 strv_free(*kill_only_users);
119                                 *kill_only_users = l;
120                         }
121
122                 } else if (startswith(argv[i], "kill-exclude-users=")) {
123
124                         if (kill_exclude_users) {
125                                 char **l;
126
127                                 if (!(l = strv_split(argv[i] + 19, ","))) {
128                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
129                                         return -ENOMEM;
130                                 }
131
132                                 strv_free(*kill_exclude_users);
133                                 *kill_exclude_users = l;
134                         }
135
136                 } else if (startswith(argv[i], "debug=")) {
137                         if ((k = parse_boolean(argv[i] + 6)) < 0) {
138                                 pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
139                                 return k;
140                         }
141
142                         if (debug)
143                                 *debug = k;
144
145                 } else if (startswith(argv[i], "create-session=") ||
146                            startswith(argv[i], "kill-user=")) {
147
148                         pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);
149
150                 } else {
151                         pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
152                         return -EINVAL;
153                 }
154         }
155
156         return 0;
157 }
158
159 static int get_user_data(
160                 pam_handle_t *handle,
161                 const char **ret_username,
162                 struct passwd **ret_pw) {
163
164         const char *username = NULL;
165         struct passwd *pw = NULL;
166         int r;
167         bool have_loginuid = false;
168         char *s;
169
170         assert(handle);
171         assert(ret_username);
172         assert(ret_pw);
173
174         if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) {
175                 /* Only use audit login uid if we are executed with
176                  * sufficient capabilities so that pam_loginuid could
177                  * do its job. If we are lacking the CAP_AUDIT_CONTROL
178                  * capabality we most likely are being run in a
179                  * container and /proc/self/loginuid is useless since
180                  * it probably contains a uid of the host system. */
181
182                 if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
183                         uint32_t u;
184
185                         r = safe_atou32(s, &u);
186                         free(s);
187
188                         if (r >= 0 && u != (uint32_t) -1 && u > 0) {
189                                 have_loginuid = true;
190                                 pw = pam_modutil_getpwuid(handle, u);
191                         }
192                 }
193         }
194
195         if (!have_loginuid) {
196                 if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) {
197                         pam_syslog(handle, LOG_ERR, "Failed to get user name.");
198                         return r;
199                 }
200
201                 if (!username || !*username) {
202                         pam_syslog(handle, LOG_ERR, "User name not valid.");
203                         return PAM_AUTH_ERR;
204                 }
205
206                 pw = pam_modutil_getpwnam(handle, username);
207         }
208
209         if (!pw) {
210                 pam_syslog(handle, LOG_ERR, "Failed to get user data.");
211                 return PAM_USER_UNKNOWN;
212         }
213
214         *ret_pw = pw;
215         *ret_username = username ? username : pw->pw_name;
216
217         return PAM_SUCCESS;
218 }
219
220 static bool check_user_lists(
221                 pam_handle_t *handle,
222                 uid_t uid,
223                 char **kill_only_users,
224                 char **kill_exclude_users) {
225
226         const char *name = NULL;
227         char **l;
228
229         assert(handle);
230
231         if (uid == 0)
232                 name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
233         else {
234                 struct passwd *pw;
235
236                 pw = pam_modutil_getpwuid(handle, uid);
237                 if (pw)
238                         name = pw->pw_name;
239         }
240
241         STRV_FOREACH(l, kill_exclude_users) {
242                 uint32_t id;
243
244                 if (safe_atou32(*l, &id) >= 0)
245                         if ((uid_t) id == uid)
246                                 return false;
247
248                 if (name && streq(name, *l))
249                         return false;
250         }
251
252         if (strv_isempty(kill_only_users))
253                 return true;
254
255         STRV_FOREACH(l, kill_only_users) {
256                 uint32_t id;
257
258                 if (safe_atou32(*l, &id) >= 0)
259                         if ((uid_t) id == uid)
260                                 return true;
261
262                 if (name && streq(name, *l))
263                         return true;
264         }
265
266         return false;
267 }
268
269 static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
270         char *p = NULL;
271         int r;
272         int fd;
273         union sockaddr_union sa;
274         struct ucred ucred;
275         socklen_t l;
276         char *tty;
277         int v;
278
279         assert(display);
280         assert(seat);
281         assert(vtnr);
282
283         /* We deduce the X11 socket from the display name, then use
284          * SO_PEERCRED to determine the X11 server process, ask for
285          * the controlling tty of that and if it's a VC then we know
286          * the seat and the virtual terminal. Sounds ugly, is only
287          * semi-ugly. */
288
289         r = socket_from_display(display, &p);
290         if (r < 0)
291                 return r;
292
293         fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
294         if (fd < 0) {
295                 free(p);
296                 return -errno;
297         }
298
299         zero(sa);
300         sa.un.sun_family = AF_UNIX;
301         strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
302         free(p);
303
304         if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0) {
305                 close_nointr_nofail(fd);
306                 return -errno;
307         }
308
309         l = sizeof(ucred);
310         r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l);
311         close_nointr_nofail(fd);
312
313         if (r < 0)
314                 return -errno;
315
316         r = get_ctty(ucred.pid, NULL, &tty);
317         if (r < 0)
318                 return r;
319
320         v = vtnr_from_tty(tty);
321         free(tty);
322
323         if (v < 0)
324                 return v;
325         else if (v == 0)
326                 return -ENOENT;
327
328         *seat = "seat0";
329         *vtnr = (uint32_t) v;
330
331         return 0;
332 }
333
334 _public_ PAM_EXTERN int pam_sm_open_session(
335                 pam_handle_t *handle,
336                 int flags,
337                 int argc, const char **argv) {
338
339         struct passwd *pw;
340         bool kill_processes = false, debug = false;
341         const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type, *cvtnr = NULL;
342         char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL;
343         DBusError error;
344         uint32_t uid, pid;
345         DBusMessageIter iter;
346         dbus_bool_t kp;
347         int session_fd = -1;
348         DBusConnection *bus = NULL;
349         DBusMessage *m = NULL, *reply = NULL;
350         dbus_bool_t remote;
351         int r;
352         uint32_t vtnr = 0;
353
354         assert(handle);
355
356         dbus_error_init(&error);
357
358         /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
359
360         /* Make this a NOP on non-systemd systems */
361         if (sd_booted() <= 0)
362                 return PAM_SUCCESS;
363
364         /* Make sure we don't enter a loop by talking to
365          * systemd-logind when it is actually waiting for the
366          * background to finish start-up, */
367         pam_get_item(handle, PAM_SERVICE, (const void**) &service);
368         if (streq_ptr(service, "systemd-shared"))
369                 return PAM_SUCCESS;
370
371         if (parse_argv(handle,
372                        argc, argv,
373                        &controllers, &reset_controllers,
374                        &kill_processes, &kill_only_users, &kill_exclude_users,
375                        &debug) < 0) {
376                 r = PAM_SESSION_ERR;
377                 goto finish;
378         }
379
380         r = get_user_data(handle, &username, &pw);
381         if (r != PAM_SUCCESS)
382                 goto finish;
383
384         if (kill_processes)
385                 kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
386
387         dbus_connection_set_change_sigpipe(FALSE);
388
389         bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
390         if (!bus) {
391                 pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
392                 r = PAM_SESSION_ERR;
393                 goto finish;
394         }
395
396         m = dbus_message_new_method_call(
397                         "org.freedesktop.login1",
398                         "/org/freedesktop/login1",
399                         "org.freedesktop.login1.Manager",
400                         "CreateSession");
401
402         if (!m) {
403                 pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
404                 r = PAM_BUF_ERR;
405                 goto finish;
406         }
407
408         uid = pw->pw_uid;
409         pid = getpid();
410
411         pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
412         pam_get_item(handle, PAM_TTY, (const void**) &tty);
413         pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
414         pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
415         seat = pam_getenv(handle, "LOGIN_SEAT");
416         cvtnr = pam_getenv(handle, "LOGIN_VTNR");
417
418         service = strempty(service);
419         tty = strempty(tty);
420         display = strempty(display);
421         remote_user = strempty(remote_user);
422         remote_host = strempty(remote_host);
423         seat = strempty(seat);
424
425         if (strchr(tty, ':')) {
426                 /* A tty with a colon is usually an X11 display, place
427                  * there to show up in utmp. We rearrange things and
428                  * don't pretend that an X display was a tty */
429
430                 if (isempty(display))
431                         display = tty;
432                 tty = "";
433         }
434
435         if (!isempty(cvtnr))
436                 safe_atou32(cvtnr, &vtnr);
437
438         if (!isempty(display) && isempty(seat) && vtnr <= 0)
439                 get_seat_from_display(display, &seat, &vtnr);
440
441         type = !isempty(display) ? "x11" :
442                    !isempty(tty) ? "tty" : "other";
443
444         remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
445
446         if (!dbus_message_append_args(m,
447                                       DBUS_TYPE_UINT32, &uid,
448                                       DBUS_TYPE_UINT32, &pid,
449                                       DBUS_TYPE_STRING, &service,
450                                       DBUS_TYPE_STRING, &type,
451                                       DBUS_TYPE_STRING, &seat,
452                                       DBUS_TYPE_UINT32, &vtnr,
453                                       DBUS_TYPE_STRING, &tty,
454                                       DBUS_TYPE_STRING, &display,
455                                       DBUS_TYPE_BOOLEAN, &remote,
456                                       DBUS_TYPE_STRING, &remote_user,
457                                       DBUS_TYPE_STRING, &remote_host,
458                                       DBUS_TYPE_INVALID)) {
459                 pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
460                 r = PAM_BUF_ERR;
461                 goto finish;
462         }
463
464         dbus_message_iter_init_append(m, &iter);
465
466         r = bus_append_strv_iter(&iter, controllers);
467         if (r < 0) {
468                 pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
469                 r = PAM_BUF_ERR;
470                 goto finish;
471         }
472
473         r = bus_append_strv_iter(&iter, reset_controllers);
474         if (r < 0) {
475                 pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
476                 r = PAM_BUF_ERR;
477                 goto finish;
478         }
479
480         kp = kill_processes;
481         if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
482                 pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
483                 r = PAM_BUF_ERR;
484                 goto finish;
485         }
486
487         reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
488         if (!reply) {
489                 pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
490                 r = PAM_SESSION_ERR;
491                 goto finish;
492         }
493
494         if (!dbus_message_get_args(reply, &error,
495                                    DBUS_TYPE_STRING, &id,
496                                    DBUS_TYPE_OBJECT_PATH, &object_path,
497                                    DBUS_TYPE_STRING, &runtime_path,
498                                    DBUS_TYPE_UNIX_FD, &session_fd,
499                                    DBUS_TYPE_INVALID)) {
500                 pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
501                 r = PAM_SESSION_ERR;
502                 goto finish;
503         }
504
505         r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
506         if (r != PAM_SUCCESS) {
507                 pam_syslog(handle, LOG_ERR, "Failed to set session id.");
508                 goto finish;
509         }
510
511         r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
512         if (r != PAM_SUCCESS) {
513                 pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
514                 goto finish;
515         }
516
517         if (session_fd >= 0) {
518                 r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
519                 if (r != PAM_SUCCESS) {
520                         pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
521                         return r;
522                 }
523         }
524
525         session_fd = -1;
526
527         r = PAM_SUCCESS;
528
529 finish:
530         strv_free(controllers);
531         strv_free(reset_controllers);
532         strv_free(kill_only_users);
533         strv_free(kill_exclude_users);
534
535         dbus_error_free(&error);
536
537         if (bus) {
538                 dbus_connection_close(bus);
539                 dbus_connection_unref(bus);
540         }
541
542         if (m)
543                 dbus_message_unref(m);
544
545         if (reply)
546                 dbus_message_unref(reply);
547
548         if (session_fd >= 0)
549                 close_nointr_nofail(session_fd);
550
551         return r;
552 }
553
554 _public_ PAM_EXTERN int pam_sm_close_session(
555                 pam_handle_t *handle,
556                 int flags,
557                 int argc, const char **argv) {
558
559         const void *p = NULL;
560
561         pam_get_data(handle, "systemd.session-fd", &p);
562
563         if (p)
564                 close_nointr(PTR_TO_INT(p) - 1);
565
566         return PAM_SUCCESS;
567 }