src/pam-module.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2010 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU General Public License as published by
  10   the Free Software Foundation; either version 2 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   General Public License for more details.
  17
  18   You should have received a copy of the GNU General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include <errno.h>
  23 #include <fcntl.h>
  24 #include <sys/file.h>
  25 #include <pwd.h>
  26 #include <endian.h>
  27 #include <sys/capability.h>
  28
  29 #include <security/pam_modules.h>
  30 #include <security/_pam_macros.h>
  31 #include <security/pam_modutil.h>
  32 #include <security/pam_ext.h>
  33 #include <security/pam_misc.h>
  34
  35 #include "util.h"
  36 #include "macro.h"
  37 #include "sd-daemon.h"
  38 #include "strv.h"
  39 #include "dbus-common.h"
  40 #include "def.h"
  41
  42 static int parse_argv(pam_handle_t *handle,
  43                       int argc, const char **argv,
  44                       char ***controllers,
  45                       char ***reset_controllers,
  46                       bool *kill_processes,
  47                       char ***kill_only_users,
  48                       char ***kill_exclude_users,
  49                       bool *debug) {
  50
  51         unsigned i;
  52         bool reset_controller_set = false;
  53         bool kill_exclude_users_set = false;
  54
  55         assert(argc >= 0);
  56         assert(argc == 0 || argv);
  57
  58         for (i = 0; i < (unsigned) argc; i++) {
  59                 int k;
  60
  61                 if (startswith(argv[i], "kill-processes=")) {
  62                         if ((k = parse_boolean(argv[i] + 15)) < 0) {
  63                                 pam_syslog(handle, LOG_ERR, "Failed to parse kill-processes= argument.");
  64                                 return k;
  65                         }
  66
  67                         if (kill_processes)
  68                                 *kill_processes = k;
  69
  70                 } else if (startswith(argv[i], "kill-session=")) {
  71                         /* As compatibility for old versions */
  72
  73                         if ((k = parse_boolean(argv[i] + 13)) < 0) {
  74                                 pam_syslog(handle, LOG_ERR, "Failed to parse kill-session= argument.");
  75                                 return k;
  76                         }
  77
  78                         if (kill_processes)
  79                                 *kill_processes = k;
  80
  81                 } else if (startswith(argv[i], "controllers=")) {
  82
  83                         if (controllers) {
  84                                 char **l;
  85
  86                                 if (!(l = strv_split(argv[i] + 12, ","))) {
  87                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
  88                                         return -ENOMEM;
  89                                 }
  90
  91                                 strv_free(*controllers);
  92                                 *controllers = l;
  93                         }
  94
  95                 } else if (startswith(argv[i], "reset-controllers=")) {
  96
  97                         if (reset_controllers) {
  98                                 char **l;
  99
 100                                 if (!(l = strv_split(argv[i] + 18, ","))) {
 101                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
 102                                         return -ENOMEM;
 103                                 }
 104
 105                                 strv_free(*reset_controllers);
 106                                 *reset_controllers = l;
 107                         }
 108
 109                         reset_controller_set = true;
 110
 111                 } else if (startswith(argv[i], "kill-only-users=")) {
 112
 113                         if (kill_only_users) {
 114                                 char **l;
 115
 116                                 if (!(l = strv_split(argv[i] + 16, ","))) {
 117                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
 118                                         return -ENOMEM;
 119                                 }
 120
 121                                 strv_free(*kill_only_users);
 122                                 *kill_only_users = l;
 123                         }
 124
 125                 } else if (startswith(argv[i], "kill-exclude-users=")) {
 126
 127                         if (kill_exclude_users) {
 128                                 char **l;
 129
 130                                 if (!(l = strv_split(argv[i] + 19, ","))) {
 131                                         pam_syslog(handle, LOG_ERR, "Out of memory.");
 132                                         return -ENOMEM;
 133                                 }
 134
 135                                 strv_free(*kill_exclude_users);
 136                                 *kill_exclude_users = l;
 137                         }
 138
 139                         kill_exclude_users_set = true;
 140
 141                 } else if (startswith(argv[i], "debug=")) {
 142                         if ((k = parse_boolean(argv[i] + 6)) < 0) {
 143                                 pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument.");
 144                                 return k;
 145                         }
 146
 147                         if (debug)
 148                                 *debug = k;
 149
 150                 } else if (startswith(argv[i], "create-session=") ||
 151                            startswith(argv[i], "kill-user=")) {
 152
 153                         pam_syslog(handle, LOG_WARNING, "Option %s not supported anymore, ignoring.", argv[i]);
 154
 155                 } else {
 156                         pam_syslog(handle, LOG_ERR, "Unknown parameter '%s'.", argv[i]);
 157                         return -EINVAL;
 158                 }
 159         }
 160
 161         if (!reset_controller_set && reset_controllers) {
 162                 char **l;
 163
 164                 if (!(l = strv_new("cpu", NULL))) {
 165                         pam_syslog(handle, LOG_ERR, "Out of memory");
 166                         return -ENOMEM;
 167                 }
 168
 169                 *reset_controllers = l;
 170         }
 171
 172         if (controllers)
 173                 strv_remove(*controllers, SYSTEMD_CGROUP_CONTROLLER);
 174
 175         if (reset_controllers)
 176                 strv_remove(*reset_controllers, SYSTEMD_CGROUP_CONTROLLER);
 177
 178         if (!kill_exclude_users_set && kill_exclude_users) {
 179                 char **l;
 180
 181                 if (!(l = strv_new("root", NULL))) {
 182                         pam_syslog(handle, LOG_ERR, "Out of memory");
 183                         return -ENOMEM;
 184                 }
 185
 186                 *kill_exclude_users = l;
 187         }
 188
 189         return 0;
 190 }
 191
 192 static int get_user_data(
 193                 pam_handle_t *handle,
 194                 const char **ret_username,
 195                 struct passwd **ret_pw) {
 196
 197         const char *username = NULL;
 198         struct passwd *pw = NULL;
 199         int r;
 200         bool have_loginuid = false;
 201         char *s;
 202
 203         assert(handle);
 204         assert(ret_username);
 205         assert(ret_pw);
 206
 207         if (have_effective_cap(CAP_AUDIT_CONTROL) > 0) {
 208                 /* Only use audit login uid if we are executed with
 209                  * sufficient capabilities so that pam_loginuid could
 210                  * do its job. If we are lacking the CAP_AUDIT_CONTROL
 211                  * capabality we most likely are being run in a
 212                  * container and /proc/self/loginuid is useless since
 213                  * it probably contains a uid of the host system. */
 214
 215                 if (read_one_line_file("/proc/self/loginuid", &s) >= 0) {
 216                         uint32_t u;
 217
 218                         r = safe_atou32(s, &u);
 219                         free(s);
 220
 221                         if (r >= 0 && u != (uint32_t) -1 && u > 0) {
 222                                 have_loginuid = true;
 223                                 pw = pam_modutil_getpwuid(handle, u);
 224                         }
 225                 }
 226         }
 227
 228         if (!have_loginuid) {
 229                 if ((r = pam_get_user(handle, &username, NULL)) != PAM_SUCCESS) {
 230                         pam_syslog(handle, LOG_ERR, "Failed to get user name.");
 231                         return r;
 232                 }
 233
 234                 if (!username || !*username) {
 235                         pam_syslog(handle, LOG_ERR, "User name not valid.");
 236                         return PAM_AUTH_ERR;
 237                 }
 238
 239                 pw = pam_modutil_getpwnam(handle, username);
 240         }
 241
 242         if (!pw) {
 243                 pam_syslog(handle, LOG_ERR, "Failed to get user data.");
 244                 return PAM_USER_UNKNOWN;
 245         }
 246
 247         *ret_pw = pw;
 248         *ret_username = username ? username : pw->pw_name;
 249
 250         return PAM_SUCCESS;
 251 }
 252
 253 static bool check_user_lists(
 254                 pam_handle_t *handle,
 255                 uid_t uid,
 256                 char **kill_only_users,
 257                 char **kill_exclude_users) {
 258
 259         const char *name = NULL;
 260         char **l;
 261
 262         assert(handle);
 263
 264         if (uid == 0)
 265                 name = "root"; /* Avoid obvious NSS requests, to suppress network traffic */
 266         else {
 267                 struct passwd *pw;
 268
 269                 pw = pam_modutil_getpwuid(handle, uid);
 270                 if (pw)
 271                         name = pw->pw_name;
 272         }
 273
 274         STRV_FOREACH(l, kill_exclude_users) {
 275                 uint32_t id;
 276
 277                 if (safe_atou32(*l, &id) >= 0)
 278                         if ((uid_t) id == uid)
 279                                 return false;
 280
 281                 if (name && streq(name, *l))
 282                         return false;
 283         }
 284
 285         if (strv_isempty(kill_only_users))
 286                 return true;
 287
 288         STRV_FOREACH(l, kill_only_users) {
 289                 uint32_t id;
 290
 291                 if (safe_atou32(*l, &id) >= 0)
 292                         if ((uid_t) id == uid)
 293                                 return true;
 294
 295                 if (name && streq(name, *l))
 296                         return true;
 297         }
 298
 299         return false;
 300 }
 301
 302 _public_ PAM_EXTERN int pam_sm_open_session(
 303                 pam_handle_t *handle,
 304                 int flags,
 305                 int argc, const char **argv) {
 306
 307         struct passwd *pw;
 308         bool kill_processes = false, debug = false;
 309         const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type;
 310         char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL;
 311         DBusError error;
 312         uint32_t uid, pid;
 313         DBusMessageIter iter;
 314         dbus_bool_t kp;
 315         int session_fd = -1;
 316         DBusConnection *bus = NULL;
 317         DBusMessage *m = NULL, *reply = NULL;
 318         dbus_bool_t remote;
 319         int r;
 320
 321         assert(handle);
 322
 323         dbus_error_init(&error);
 324
 325         /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
 326
 327         /* Make this a NOP on non-systemd systems */
 328         if (sd_booted() <= 0)
 329                 return PAM_SUCCESS;
 330
 331         if (parse_argv(handle,
 332                        argc, argv,
 333                        &controllers, &reset_controllers,
 334                        &kill_processes, &kill_only_users, &kill_exclude_users,
 335                        &debug) < 0) {
 336                 r = PAM_SESSION_ERR;
 337                 goto finish;
 338         }
 339
 340         r = get_user_data(handle, &username, &pw);
 341         if (r != PAM_SUCCESS)
 342                 goto finish;
 343
 344         if (kill_processes)
 345                 kill_processes = check_user_lists(handle, pw->pw_uid, kill_only_users, kill_exclude_users);
 346
 347         dbus_connection_set_change_sigpipe(FALSE);
 348
 349         bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
 350         if (!bus) {
 351                 pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
 352                 r = PAM_SESSION_ERR;
 353                 goto finish;
 354         }
 355
 356         m = dbus_message_new_method_call(
 357                         "org.freedesktop.login1",
 358                         "/org/freedesktop/login1",
 359                         "org.freedesktop.login1.Manager",
 360                         "CreateSession");
 361
 362         if (!m) {
 363                 pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
 364                 r = PAM_BUF_ERR;
 365                 goto finish;
 366         }
 367
 368         uid = pw->pw_uid;
 369         pid = getpid();
 370
 371         pam_get_item(handle, PAM_SERVICE, (const void**) &service);
 372         pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
 373         pam_get_item(handle, PAM_TTY, (const void**) &tty);
 374         pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
 375         pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
 376         seat = pam_getenv(handle, "XDG_SEAT");
 377
 378         service = strempty(service);
 379         tty = strempty(tty);
 380         display = strempty(display);
 381         remote_user = strempty(remote_user);
 382         remote_host = strempty(remote_host);
 383         seat = strempty(seat);
 384
 385         if (strchr(tty, ':')) {
 386                 /* A tty with a colon is usually an X11 display, place
 387                  * there to show up in utmp. We rearrange things and
 388                  * don't pretend that an X display was a tty */
 389
 390                 if (isempty(display))
 391                         display = tty;
 392                 tty = "";
 393         }
 394
 395         type = !isempty(display) ? "x11" :
 396                    !isempty(tty) ? "tty" : "other";
 397
 398         remote = !isempty(remote_host) && !streq(remote_host, "localhost") && !streq(remote_host, "localhost.localdomain");
 399
 400         if (!dbus_message_append_args(m,
 401                                       DBUS_TYPE_UINT32, &uid,
 402                                       DBUS_TYPE_UINT32, &pid,
 403                                       DBUS_TYPE_STRING, &service,
 404                                       DBUS_TYPE_STRING, &type,
 405                                       DBUS_TYPE_STRING, &seat,
 406                                       DBUS_TYPE_STRING, &tty,
 407                                       DBUS_TYPE_STRING, &display,
 408                                       DBUS_TYPE_BOOLEAN, &remote,
 409                                       DBUS_TYPE_STRING, &remote_user,
 410                                       DBUS_TYPE_STRING, &remote_host,
 411                                       DBUS_TYPE_INVALID)) {
 412                 pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
 413                 r = PAM_BUF_ERR;
 414                 goto finish;
 415         }
 416
 417         dbus_message_iter_init_append(m, &iter);
 418
 419         r = bus_append_strv_iter(&iter, controllers);
 420         if (r < 0) {
 421                 pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
 422                 r = PAM_BUF_ERR;
 423                 goto finish;
 424         }
 425
 426         r = bus_append_strv_iter(&iter, reset_controllers);
 427         if (r < 0) {
 428                 pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
 429                 r = PAM_BUF_ERR;
 430                 goto finish;
 431         }
 432
 433         kp = kill_processes;
 434         if (!dbus_message_iter_append_basic(&iter, DBUS_TYPE_BOOLEAN, &kp)) {
 435                 pam_syslog(handle, LOG_ERR, "Could not attach parameter to message.");
 436                 r = PAM_BUF_ERR;
 437                 goto finish;
 438         }
 439
 440         reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
 441         if (!reply) {
 442                 pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error));
 443                 r = PAM_SESSION_ERR;
 444                 goto finish;
 445         }
 446
 447         if (!dbus_message_get_args(reply, &error,
 448                                    DBUS_TYPE_STRING, &id,
 449                                    DBUS_TYPE_OBJECT_PATH, &object_path,
 450                                    DBUS_TYPE_STRING, &runtime_path,
 451                                    DBUS_TYPE_UNIX_FD, &session_fd,
 452                                    DBUS_TYPE_INVALID)) {
 453                 pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error));
 454                 r = PAM_SESSION_ERR;
 455                 goto finish;
 456         }
 457
 458         r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
 459         if (r != PAM_SUCCESS) {
 460                 pam_syslog(handle, LOG_ERR, "Failed to set session id.");
 461                 goto finish;
 462         }
 463
 464         r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
 465         if (r != PAM_SUCCESS) {
 466                 pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
 467                 goto finish;
 468         }
 469
 470         if (session_fd >= 0) {
 471                 r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
 472                 if (r != PAM_SUCCESS) {
 473                         pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
 474                         return r;
 475                 }
 476         }
 477
 478         session_fd = -1;
 479
 480         r = PAM_SUCCESS;
 481
 482 finish:
 483         strv_free(controllers);
 484         strv_free(reset_controllers);
 485         strv_free(kill_only_users);
 486         strv_free(kill_exclude_users);
 487
 488         dbus_error_free(&error);
 489
 490         if (bus) {
 491                 dbus_connection_close(bus);
 492                 dbus_connection_unref(bus);
 493         }
 494
 495         if (m)
 496                 dbus_message_unref(m);
 497
 498         if (reply)
 499                 dbus_message_unref(reply);
 500
 501         if (session_fd >= 0)
 502                 close_nointr_nofail(session_fd);
 503
 504         return r;
 505 }
 506
 507 _public_ PAM_EXTERN int pam_sm_close_session(
 508                 pam_handle_t *handle,
 509                 int flags,
 510                 int argc, const char **argv) {
 511
 512         const void *p = NULL;
 513
 514         pam_get_data(handle, "systemd.session-fd", &p);
 515
 516         if (p)
 517                 close_nointr(PTR_TO_INT(p) - 1);
 518
 519         return PAM_SUCCESS;
 520 }