2010-06-21 23:27:18 +02:00
|
|
|
/***
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
2012-04-12 00:20:58 +02:00
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
2010-06-21 23:27:18 +02:00
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
2012-04-12 00:20:58 +02:00
|
|
|
Lesser General Public License for more details.
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2012-04-12 00:20:58 +02:00
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
2010-06-21 23:27:18 +02:00
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
***/
|
|
|
|
|
2015-10-24 23:30:40 +02:00
|
|
|
#include <endian.h>
|
2010-06-21 23:27:18 +02:00
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <security/_pam_macros.h>
|
|
|
|
#include <security/pam_ext.h>
|
|
|
|
#include <security/pam_misc.h>
|
2015-10-24 23:30:40 +02:00
|
|
|
#include <security/pam_modules.h>
|
|
|
|
#include <security/pam_modutil.h>
|
|
|
|
#include <sys/file.h>
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-26 23:32:16 +01:00
|
|
|
#include "audit-util.h"
|
2015-10-24 23:30:40 +02:00
|
|
|
#include "bus-common-errors.h"
|
|
|
|
#include "bus-error.h"
|
2013-11-05 06:01:12 +01:00
|
|
|
#include "bus-util.h"
|
2011-06-24 18:50:50 +02:00
|
|
|
#include "def.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2013-02-14 12:26:13 +01:00
|
|
|
#include "fileio.h"
|
2015-04-10 20:43:52 +02:00
|
|
|
#include "formats-util.h"
|
2015-05-18 17:10:07 +02:00
|
|
|
#include "hostname-util.h"
|
2015-10-24 23:30:40 +02:00
|
|
|
#include "login-util.h"
|
|
|
|
#include "macro.h"
|
2015-10-26 16:18:16 +01:00
|
|
|
#include "parse-util.h"
|
2015-10-24 23:30:40 +02:00
|
|
|
#include "socket-util.h"
|
|
|
|
#include "strv.h"
|
|
|
|
#include "terminal-util.h"
|
|
|
|
#include "util.h"
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2013-11-26 05:05:00 +01:00
|
|
|
static int parse_argv(
|
|
|
|
pam_handle_t *handle,
|
|
|
|
int argc, const char **argv,
|
|
|
|
const char **class,
|
2014-02-05 18:55:18 +01:00
|
|
|
const char **type,
|
2013-11-26 05:05:00 +01:00
|
|
|
bool *debug) {
|
2010-06-21 23:27:18 +02:00
|
|
|
|
|
|
|
unsigned i;
|
|
|
|
|
|
|
|
assert(argc >= 0);
|
|
|
|
assert(argc == 0 || argv);
|
|
|
|
|
2014-02-05 18:55:18 +01:00
|
|
|
for (i = 0; i < (unsigned) argc; i++) {
|
2013-07-02 01:46:30 +02:00
|
|
|
if (startswith(argv[i], "class=")) {
|
2012-12-24 14:25:58 +01:00
|
|
|
if (class)
|
|
|
|
*class = argv[i] + 6;
|
|
|
|
|
2014-02-05 18:55:18 +01:00
|
|
|
} else if (startswith(argv[i], "type=")) {
|
|
|
|
if (type)
|
|
|
|
*type = argv[i] + 5;
|
|
|
|
|
2013-10-31 05:58:25 +01:00
|
|
|
} else if (streq(argv[i], "debug")) {
|
|
|
|
if (debug)
|
|
|
|
*debug = true;
|
2013-07-02 01:46:30 +02:00
|
|
|
|
2013-10-31 05:58:25 +01:00
|
|
|
} else if (startswith(argv[i], "debug=")) {
|
|
|
|
int k;
|
2011-05-27 01:29:34 +02:00
|
|
|
|
2013-10-31 05:58:25 +01:00
|
|
|
k = parse_boolean(argv[i] + 6);
|
|
|
|
if (k < 0)
|
|
|
|
pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
|
|
|
|
else if (debug)
|
2011-05-27 01:29:34 +02:00
|
|
|
*debug = k;
|
|
|
|
|
2013-10-31 05:58:25 +01:00
|
|
|
} else
|
2013-07-02 01:46:30 +02:00
|
|
|
pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring", argv[i]);
|
2014-02-05 18:55:18 +01:00
|
|
|
}
|
2010-06-21 23:27:18 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int get_user_data(
|
|
|
|
pam_handle_t *handle,
|
|
|
|
const char **ret_username,
|
|
|
|
struct passwd **ret_pw) {
|
|
|
|
|
2010-11-16 00:10:57 +01:00
|
|
|
const char *username = NULL;
|
|
|
|
struct passwd *pw = NULL;
|
2010-06-21 23:27:18 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
assert(handle);
|
|
|
|
assert(ret_username);
|
|
|
|
assert(ret_pw);
|
|
|
|
|
2013-11-26 05:05:00 +01:00
|
|
|
r = pam_get_user(handle, &username, NULL);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to get user name.");
|
|
|
|
return r;
|
|
|
|
}
|
2010-11-16 00:10:57 +01:00
|
|
|
|
2013-11-26 05:05:00 +01:00
|
|
|
if (isempty(username)) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "User name not valid.");
|
|
|
|
return PAM_AUTH_ERR;
|
2010-06-21 23:27:18 +02:00
|
|
|
}
|
|
|
|
|
2013-11-26 05:05:00 +01:00
|
|
|
pw = pam_modutil_getpwnam(handle, username);
|
2010-11-16 00:10:57 +01:00
|
|
|
if (!pw) {
|
2010-06-21 23:27:18 +02:00
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to get user data.");
|
|
|
|
return PAM_USER_UNKNOWN;
|
|
|
|
}
|
|
|
|
|
|
|
|
*ret_pw = pw;
|
2014-11-15 23:43:09 +01:00
|
|
|
*ret_username = username;
|
2010-06-21 23:27:18 +02:00
|
|
|
|
|
|
|
return PAM_SUCCESS;
|
|
|
|
}
|
|
|
|
|
2011-06-27 22:44:12 +02:00
|
|
|
static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
|
2013-03-25 00:59:00 +01:00
|
|
|
union sockaddr_union sa = {
|
|
|
|
.un.sun_family = AF_UNIX,
|
|
|
|
};
|
2013-11-26 05:05:00 +01:00
|
|
|
_cleanup_free_ char *p = NULL, *tty = NULL;
|
|
|
|
_cleanup_close_ int fd = -1;
|
2011-06-27 22:44:12 +02:00
|
|
|
struct ucred ucred;
|
2013-11-26 05:05:00 +01:00
|
|
|
int v, r;
|
2011-06-27 22:44:12 +02:00
|
|
|
|
|
|
|
assert(display);
|
|
|
|
assert(vtnr);
|
|
|
|
|
|
|
|
/* We deduce the X11 socket from the display name, then use
|
|
|
|
* SO_PEERCRED to determine the X11 server process, ask for
|
|
|
|
* the controlling tty of that and if it's a VC then we know
|
|
|
|
* the seat and the virtual terminal. Sounds ugly, is only
|
|
|
|
* semi-ugly. */
|
|
|
|
|
|
|
|
r = socket_from_display(display, &p);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-03-25 00:59:00 +01:00
|
|
|
strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
|
2011-06-27 22:44:12 +02:00
|
|
|
|
|
|
|
fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
|
2013-03-25 00:59:00 +01:00
|
|
|
if (fd < 0)
|
2011-06-27 22:44:12 +02:00
|
|
|
return -errno;
|
|
|
|
|
2013-03-25 00:59:00 +01:00
|
|
|
if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0)
|
2011-06-27 22:44:12 +02:00
|
|
|
return -errno;
|
|
|
|
|
2013-12-24 15:53:04 +01:00
|
|
|
r = getpeercred(fd, &ucred);
|
2011-06-27 22:44:12 +02:00
|
|
|
if (r < 0)
|
2013-12-24 15:53:04 +01:00
|
|
|
return r;
|
2011-06-27 22:44:12 +02:00
|
|
|
|
|
|
|
r = get_ctty(ucred.pid, NULL, &tty);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
v = vtnr_from_tty(tty);
|
|
|
|
if (v < 0)
|
|
|
|
return v;
|
|
|
|
else if (v == 0)
|
|
|
|
return -ENOENT;
|
|
|
|
|
2012-01-13 20:51:58 +01:00
|
|
|
if (seat)
|
|
|
|
*seat = "seat0";
|
2011-06-27 22:44:12 +02:00
|
|
|
*vtnr = (uint32_t) v;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-01-06 05:00:16 +01:00
|
|
|
static int export_legacy_dbus_address(
|
|
|
|
pam_handle_t *handle,
|
|
|
|
uid_t uid,
|
|
|
|
const char *runtime) {
|
|
|
|
|
|
|
|
_cleanup_free_ char *s = NULL;
|
login: support user-bus on dbus1
dbus-1.10 was just released, including systemd units to run
`dbus-daemon --session` as systemd user unit. This allows using a
user-bus with dbus1, just like we do per default with kdbus.
All the dbus libraries have already been fixed long ago to use the
user-bus as default. Hence, there's no need to set
DBUS_SESSION_BUS_ADDRESS= if we use the user-bus. However, gdm and
friends continue to spawn a session bus if this variable is not set
(instead of checking for the existence of the user-bus). Hence, we force
the user-bus, if it is available, in pam_systemd. Once gdm and friends
are fixed, we can continue to drop this again. However, that might take
a while.
With this in place, all that is needed to make the user-bus work is:
`systemctl --global enable dbus.socket`
If dbus.socket is not enabled, the legacy session-bus is still used.
Based on a patch by: Jan Alexander Steffens <jan.steffens@gmail.com>
2015-08-31 18:07:46 +02:00
|
|
|
int r = PAM_BUF_ERR;
|
|
|
|
|
|
|
|
if (is_kdbus_available()) {
|
|
|
|
if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0)
|
|
|
|
goto error;
|
|
|
|
} else {
|
2015-09-08 12:23:18 +02:00
|
|
|
/* FIXME: We *really* should move the access() check into the
|
login: support user-bus on dbus1
dbus-1.10 was just released, including systemd units to run
`dbus-daemon --session` as systemd user unit. This allows using a
user-bus with dbus1, just like we do per default with kdbus.
All the dbus libraries have already been fixed long ago to use the
user-bus as default. Hence, there's no need to set
DBUS_SESSION_BUS_ADDRESS= if we use the user-bus. However, gdm and
friends continue to spawn a session bus if this variable is not set
(instead of checking for the existence of the user-bus). Hence, we force
the user-bus, if it is available, in pam_systemd. Once gdm and friends
are fixed, we can continue to drop this again. However, that might take
a while.
With this in place, all that is needed to make the user-bus work is:
`systemctl --global enable dbus.socket`
If dbus.socket is not enabled, the legacy session-bus is still used.
Based on a patch by: Jan Alexander Steffens <jan.steffens@gmail.com>
2015-08-31 18:07:46 +02:00
|
|
|
* daemons that spawn dbus-daemon, instead of forcing
|
|
|
|
* DBUS_SESSION_BUS_ADDRESS= here. */
|
|
|
|
|
|
|
|
s = strjoin(runtime, "/bus", NULL);
|
|
|
|
if (!s)
|
|
|
|
goto error;
|
|
|
|
|
|
|
|
if (access(s, F_OK) < 0)
|
|
|
|
return PAM_SUCCESS;
|
|
|
|
|
|
|
|
s = mfree(s);
|
|
|
|
if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
|
|
|
|
goto error;
|
2014-01-06 05:00:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
|
login: support user-bus on dbus1
dbus-1.10 was just released, including systemd units to run
`dbus-daemon --session` as systemd user unit. This allows using a
user-bus with dbus1, just like we do per default with kdbus.
All the dbus libraries have already been fixed long ago to use the
user-bus as default. Hence, there's no need to set
DBUS_SESSION_BUS_ADDRESS= if we use the user-bus. However, gdm and
friends continue to spawn a session bus if this variable is not set
(instead of checking for the existence of the user-bus). Hence, we force
the user-bus, if it is available, in pam_systemd. Once gdm and friends
are fixed, we can continue to drop this again. However, that might take
a while.
With this in place, all that is needed to make the user-bus work is:
`systemctl --global enable dbus.socket`
If dbus.socket is not enabled, the legacy session-bus is still used.
Based on a patch by: Jan Alexander Steffens <jan.steffens@gmail.com>
2015-08-31 18:07:46 +02:00
|
|
|
if (r != PAM_SUCCESS)
|
|
|
|
goto error;
|
2015-06-17 16:37:55 +02:00
|
|
|
|
2014-01-06 05:00:16 +01:00
|
|
|
return PAM_SUCCESS;
|
login: support user-bus on dbus1
dbus-1.10 was just released, including systemd units to run
`dbus-daemon --session` as systemd user unit. This allows using a
user-bus with dbus1, just like we do per default with kdbus.
All the dbus libraries have already been fixed long ago to use the
user-bus as default. Hence, there's no need to set
DBUS_SESSION_BUS_ADDRESS= if we use the user-bus. However, gdm and
friends continue to spawn a session bus if this variable is not set
(instead of checking for the existence of the user-bus). Hence, we force
the user-bus, if it is available, in pam_systemd. Once gdm and friends
are fixed, we can continue to drop this again. However, that might take
a while.
With this in place, all that is needed to make the user-bus work is:
`systemctl --global enable dbus.socket`
If dbus.socket is not enabled, the legacy session-bus is still used.
Based on a patch by: Jan Alexander Steffens <jan.steffens@gmail.com>
2015-08-31 18:07:46 +02:00
|
|
|
|
|
|
|
error:
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
|
|
|
|
return r;
|
2014-01-06 05:00:16 +01:00
|
|
|
}
|
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
_public_ PAM_EXTERN int pam_sm_open_session(
|
2010-06-21 23:27:18 +02:00
|
|
|
pam_handle_t *handle,
|
|
|
|
int flags,
|
|
|
|
int argc, const char **argv) {
|
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
|
2013-11-07 00:20:11 +01:00
|
|
|
const char
|
|
|
|
*username, *id, *object_path, *runtime_path,
|
|
|
|
*service = NULL,
|
|
|
|
*tty = NULL, *display = NULL,
|
|
|
|
*remote_user = NULL, *remote_host = NULL,
|
|
|
|
*seat = NULL,
|
|
|
|
*type = NULL, *class = NULL,
|
2014-02-05 20:34:11 +01:00
|
|
|
*class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL;
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2013-11-07 00:20:11 +01:00
|
|
|
int session_fd = -1, existing, r;
|
|
|
|
bool debug = false, remote;
|
|
|
|
struct passwd *pw;
|
2013-11-26 05:05:00 +01:00
|
|
|
uint32_t vtnr = 0;
|
|
|
|
uid_t original_uid;
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
assert(handle);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-03-26 11:36:31 +01:00
|
|
|
/* Make this a NOP on non-logind systems */
|
|
|
|
if (!logind_running())
|
2010-06-21 23:27:18 +02:00
|
|
|
return PAM_SUCCESS;
|
|
|
|
|
2011-02-13 18:21:11 +01:00
|
|
|
if (parse_argv(handle,
|
|
|
|
argc, argv,
|
2013-07-02 01:46:30 +02:00
|
|
|
&class_pam,
|
2014-02-05 18:55:18 +01:00
|
|
|
&type_pam,
|
2013-11-06 23:24:16 +01:00
|
|
|
&debug) < 0)
|
|
|
|
return PAM_SESSION_ERR;
|
2010-11-17 20:22:07 +01:00
|
|
|
|
2013-11-26 05:05:00 +01:00
|
|
|
if (debug)
|
2014-02-10 16:37:09 +01:00
|
|
|
pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
|
2013-11-26 05:05:00 +01:00
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
r = get_user_data(handle, &username, &pw);
|
2013-11-06 23:24:16 +01:00
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to get user data.");
|
|
|
|
return r;
|
|
|
|
}
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2011-06-30 04:31:49 +02:00
|
|
|
/* Make sure we don't enter a loop by talking to
|
|
|
|
* systemd-logind when it is actually waiting for the
|
|
|
|
* background to finish start-up. If the service is
|
Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.
Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
2013-09-11 20:31:14 +02:00
|
|
|
* "systemd-user" we simply set XDG_RUNTIME_DIR and
|
2011-06-30 04:31:49 +02:00
|
|
|
* leave. */
|
|
|
|
|
|
|
|
pam_get_item(handle, PAM_SERVICE, (const void**) &service);
|
Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.
Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
2013-09-11 20:31:14 +02:00
|
|
|
if (streq_ptr(service, "systemd-user")) {
|
2015-09-28 12:53:42 +02:00
|
|
|
_cleanup_free_ char *rt = NULL;
|
2011-06-30 04:31:49 +02:00
|
|
|
|
2015-09-28 12:53:42 +02:00
|
|
|
if (asprintf(&rt, "/run/user/"UID_FMT, pw->pw_uid) < 0)
|
2013-11-05 06:01:12 +01:00
|
|
|
return PAM_BUF_ERR;
|
2011-06-30 04:31:49 +02:00
|
|
|
|
2015-09-28 12:53:42 +02:00
|
|
|
r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
|
|
|
|
return r;
|
2011-06-30 04:31:49 +02:00
|
|
|
}
|
|
|
|
|
2015-09-28 12:53:42 +02:00
|
|
|
r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
|
|
|
|
if (r != PAM_SUCCESS)
|
|
|
|
return r;
|
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
return PAM_SUCCESS;
|
2010-06-21 23:27:18 +02:00
|
|
|
}
|
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
/* Otherwise, we ask logind to create a session for us */
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
|
|
|
|
pam_get_item(handle, PAM_TTY, (const void**) &tty);
|
|
|
|
pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
|
|
|
|
pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
|
2012-10-01 20:50:00 +02:00
|
|
|
|
2011-07-26 23:09:34 +02:00
|
|
|
seat = pam_getenv(handle, "XDG_SEAT");
|
2012-10-01 20:50:00 +02:00
|
|
|
if (isempty(seat))
|
|
|
|
seat = getenv("XDG_SEAT");
|
|
|
|
|
2011-07-26 23:09:34 +02:00
|
|
|
cvtnr = pam_getenv(handle, "XDG_VTNR");
|
2012-10-01 20:50:00 +02:00
|
|
|
if (isempty(cvtnr))
|
|
|
|
cvtnr = getenv("XDG_VTNR");
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2014-02-05 18:55:18 +01:00
|
|
|
type = pam_getenv(handle, "XDG_SESSION_TYPE");
|
|
|
|
if (isempty(type))
|
|
|
|
type = getenv("XDG_SESSION_TYPE");
|
|
|
|
if (isempty(type))
|
|
|
|
type = type_pam;
|
|
|
|
|
|
|
|
class = pam_getenv(handle, "XDG_SESSION_CLASS");
|
|
|
|
if (isempty(class))
|
|
|
|
class = getenv("XDG_SESSION_CLASS");
|
|
|
|
if (isempty(class))
|
|
|
|
class = class_pam;
|
|
|
|
|
2014-02-05 20:34:11 +01:00
|
|
|
desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP");
|
|
|
|
if (isempty(desktop))
|
|
|
|
desktop = getenv("XDG_SESSION_DESKTOP");
|
|
|
|
|
2011-06-24 19:42:45 +02:00
|
|
|
tty = strempty(tty);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2011-06-24 23:51:49 +02:00
|
|
|
if (strchr(tty, ':')) {
|
2013-04-09 22:18:16 +02:00
|
|
|
/* A tty with a colon is usually an X11 display,
|
|
|
|
* placed there to show up in utmp. We rearrange
|
|
|
|
* things and don't pretend that an X display was a
|
|
|
|
* tty. */
|
2011-06-24 23:51:49 +02:00
|
|
|
|
|
|
|
if (isempty(display))
|
|
|
|
display = tty;
|
2014-02-05 20:34:11 +01:00
|
|
|
tty = NULL;
|
2011-11-19 01:17:46 +01:00
|
|
|
} else if (streq(tty, "cron")) {
|
2012-12-23 22:31:17 +01:00
|
|
|
/* cron has been setting PAM_TTY to "cron" for a very
|
|
|
|
* long time and it probably shouldn't stop doing that
|
|
|
|
* for compatibility reasons. */
|
|
|
|
type = "unspecified";
|
2014-02-05 18:55:18 +01:00
|
|
|
class = "background";
|
2014-02-05 20:34:11 +01:00
|
|
|
tty = NULL;
|
2012-12-23 22:31:17 +01:00
|
|
|
} else if (streq(tty, "ssh")) {
|
|
|
|
/* ssh has been setting PAM_TTY to "ssh" for a very
|
|
|
|
* long time and probably shouldn't stop doing that
|
|
|
|
* for compatibility reasons. */
|
|
|
|
type ="tty";
|
2014-02-05 18:55:18 +01:00
|
|
|
class = "user";
|
2014-02-05 20:34:11 +01:00
|
|
|
tty = NULL;
|
2011-06-24 23:51:49 +02:00
|
|
|
}
|
|
|
|
|
2012-09-21 16:17:22 +02:00
|
|
|
/* If this fails vtnr will be 0, that's intended */
|
2011-06-27 22:44:12 +02:00
|
|
|
if (!isempty(cvtnr))
|
2015-04-13 04:41:20 +02:00
|
|
|
(void) safe_atou32(cvtnr, &vtnr);
|
2011-06-27 22:44:12 +02:00
|
|
|
|
2013-11-28 17:05:34 +01:00
|
|
|
if (!isempty(display) && !vtnr) {
|
2012-01-13 20:51:58 +01:00
|
|
|
if (isempty(seat))
|
2012-01-13 20:52:45 +01:00
|
|
|
get_seat_from_display(display, &seat, &vtnr);
|
2012-01-13 20:51:58 +01:00
|
|
|
else if (streq(seat, "seat0"))
|
2012-01-13 20:52:45 +01:00
|
|
|
get_seat_from_display(display, NULL, &vtnr);
|
2012-01-13 20:51:58 +01:00
|
|
|
}
|
2011-06-27 22:44:12 +02:00
|
|
|
|
2014-02-05 18:55:18 +01:00
|
|
|
if (seat && !streq(seat, "seat0") && vtnr != 0) {
|
2015-01-21 04:22:15 +01:00
|
|
|
pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
|
2014-01-24 19:23:01 +01:00
|
|
|
vtnr = 0;
|
|
|
|
}
|
|
|
|
|
2014-02-05 18:55:18 +01:00
|
|
|
if (isempty(type))
|
2012-12-23 22:31:17 +01:00
|
|
|
type = !isempty(display) ? "x11" :
|
2014-02-05 18:55:18 +01:00
|
|
|
!isempty(tty) ? "tty" : "unspecified";
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2012-02-14 21:33:51 +01:00
|
|
|
if (isempty(class))
|
2013-04-09 22:18:16 +02:00
|
|
|
class = streq(type, "unspecified") ? "background" : "user";
|
2012-02-14 21:33:51 +01:00
|
|
|
|
2014-07-02 13:41:31 +02:00
|
|
|
remote = !isempty(remote_host) && !is_localhost(remote_host);
|
2011-06-24 18:50:50 +02:00
|
|
|
|
2013-11-07 00:03:54 +01:00
|
|
|
/* Talk to logind over the message bus */
|
2013-11-06 23:24:16 +01:00
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
|
|
|
|
return PAM_SESSION_ERR;
|
2013-11-05 01:10:21 +01:00
|
|
|
}
|
|
|
|
|
2011-12-14 01:25:47 +01:00
|
|
|
if (debug)
|
|
|
|
pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
|
2015-01-21 04:22:15 +01:00
|
|
|
"uid="UID_FMT" pid="PID_FMT" service=%s type=%s class=%s desktop=%s seat=%s vtnr=%"PRIu32" tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
|
2013-11-26 05:05:00 +01:00
|
|
|
pw->pw_uid, getpid(),
|
|
|
|
strempty(service),
|
2014-02-08 18:12:20 +01:00
|
|
|
type, class, strempty(desktop),
|
2014-02-05 20:34:11 +01:00
|
|
|
strempty(seat), vtnr, strempty(tty), strempty(display),
|
2013-11-26 05:05:00 +01:00
|
|
|
yes_no(remote), strempty(remote_user), strempty(remote_host));
|
2011-12-14 01:25:47 +01:00
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.login1",
|
|
|
|
"/org/freedesktop/login1",
|
|
|
|
"org.freedesktop.login1.Manager",
|
|
|
|
"CreateSession",
|
|
|
|
&error,
|
|
|
|
&reply,
|
2014-02-05 20:34:11 +01:00
|
|
|
"uusssssussbssa(sv)",
|
2013-11-26 05:05:00 +01:00
|
|
|
(uint32_t) pw->pw_uid,
|
|
|
|
(uint32_t) getpid(),
|
2014-02-05 20:34:11 +01:00
|
|
|
service,
|
2013-11-05 06:01:12 +01:00
|
|
|
type,
|
|
|
|
class,
|
2014-02-05 20:34:11 +01:00
|
|
|
desktop,
|
|
|
|
seat,
|
2013-11-05 06:01:12 +01:00
|
|
|
vtnr,
|
|
|
|
tty,
|
2014-02-05 20:34:11 +01:00
|
|
|
display,
|
2013-11-05 06:01:12 +01:00
|
|
|
remote,
|
2014-02-05 20:34:11 +01:00
|
|
|
remote_user,
|
|
|
|
remote_host,
|
2013-11-05 06:01:12 +01:00
|
|
|
0);
|
|
|
|
if (r < 0) {
|
2015-07-07 19:38:41 +02:00
|
|
|
if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
|
|
|
|
pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
|
|
|
|
return PAM_SUCCESS;
|
|
|
|
} else {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
|
|
|
|
return PAM_SYSTEM_ERR;
|
|
|
|
}
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
2010-11-17 20:22:07 +01:00
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
r = sd_bus_message_read(reply,
|
2013-11-26 05:05:00 +01:00
|
|
|
"soshusub",
|
2013-11-05 06:01:12 +01:00
|
|
|
&id,
|
|
|
|
&object_path,
|
|
|
|
&runtime_path,
|
|
|
|
&session_fd,
|
2013-11-26 05:05:00 +01:00
|
|
|
&original_uid,
|
2013-11-05 06:01:12 +01:00
|
|
|
&seat,
|
|
|
|
&vtnr,
|
|
|
|
&existing);
|
|
|
|
if (r < 0) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", strerror(-r));
|
2013-11-06 23:24:16 +01:00
|
|
|
return PAM_SESSION_ERR;
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
2010-11-17 20:22:07 +01:00
|
|
|
|
2011-12-14 01:25:47 +01:00
|
|
|
if (debug)
|
|
|
|
pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
|
2013-11-26 05:05:00 +01:00
|
|
|
"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
|
|
|
|
id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);
|
2011-12-14 01:25:47 +01:00
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to set session id.");
|
2013-11-06 23:24:16 +01:00
|
|
|
return r;
|
2010-06-21 23:27:18 +02:00
|
|
|
}
|
|
|
|
|
2013-11-26 05:05:00 +01:00
|
|
|
if (original_uid == pw->pw_uid) {
|
|
|
|
/* Don't set $XDG_RUNTIME_DIR if the user we now
|
|
|
|
* authenticated for does not match the original user
|
|
|
|
* of the session. We do this in order not to result
|
|
|
|
* in privileged apps clobbering the runtime directory
|
|
|
|
* unnecessarily. */
|
|
|
|
|
|
|
|
r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
|
|
|
|
return r;
|
|
|
|
}
|
2014-01-06 05:00:16 +01:00
|
|
|
|
|
|
|
r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
|
|
|
|
if (r != PAM_SUCCESS)
|
|
|
|
return r;
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2011-07-26 23:09:34 +02:00
|
|
|
if (!isempty(seat)) {
|
|
|
|
r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to set seat.");
|
2013-11-06 23:24:16 +01:00
|
|
|
return r;
|
2011-07-26 23:09:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (vtnr > 0) {
|
2013-11-07 16:42:36 +01:00
|
|
|
char buf[DECIMAL_STR_MAX(vtnr)];
|
2013-11-26 05:05:00 +01:00
|
|
|
sprintf(buf, "%u", vtnr);
|
2011-07-26 23:09:34 +02:00
|
|
|
|
|
|
|
r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
|
2013-11-06 23:24:16 +01:00
|
|
|
return r;
|
2011-07-26 23:09:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-10-16 19:21:21 +02:00
|
|
|
r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
|
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
|
2013-11-06 23:24:16 +01:00
|
|
|
return r;
|
2012-10-16 19:21:21 +02:00
|
|
|
}
|
|
|
|
|
2011-06-24 22:55:39 +02:00
|
|
|
if (session_fd >= 0) {
|
2014-05-13 16:35:34 +02:00
|
|
|
session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
|
2013-11-06 23:24:16 +01:00
|
|
|
if (session_fd < 0) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
|
|
|
|
return PAM_SESSION_ERR;
|
|
|
|
}
|
|
|
|
|
2015-11-17 00:51:24 +01:00
|
|
|
r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
|
2011-06-24 22:55:39 +02:00
|
|
|
if (r != PAM_SUCCESS) {
|
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
|
2014-03-18 19:22:43 +01:00
|
|
|
safe_close(session_fd);
|
2013-11-06 23:24:16 +01:00
|
|
|
return r;
|
2011-06-24 22:55:39 +02:00
|
|
|
}
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
return PAM_SUCCESS;
|
2011-06-24 18:50:50 +02:00
|
|
|
}
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2011-06-24 18:50:50 +02:00
|
|
|
_public_ PAM_EXTERN int pam_sm_close_session(
|
|
|
|
pam_handle_t *handle,
|
|
|
|
int flags,
|
|
|
|
int argc, const char **argv) {
|
2010-06-21 23:27:18 +02:00
|
|
|
|
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.
2015-11-27 19:13:45 +01:00
|
|
|
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
|
|
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
|
2014-02-06 18:32:14 +01:00
|
|
|
const void *existing = NULL;
|
2012-03-22 02:06:40 +01:00
|
|
|
const char *id;
|
|
|
|
int r;
|
2010-06-21 23:27:18 +02:00
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
assert(handle);
|
2012-03-22 02:06:40 +01:00
|
|
|
|
2012-10-16 19:21:21 +02:00
|
|
|
/* Only release session if it wasn't pre-existing when we
|
|
|
|
* tried to create it */
|
|
|
|
pam_get_data(handle, "systemd.existing", &existing);
|
|
|
|
|
2012-03-22 02:06:40 +01:00
|
|
|
id = pam_getenv(handle, "XDG_SESSION_ID");
|
2012-10-16 19:21:21 +02:00
|
|
|
if (id && !existing) {
|
2012-03-22 02:06:40 +01:00
|
|
|
|
|
|
|
/* Before we go and close the FIFO we need to tell
|
|
|
|
* logind that this is a clean session shutdown, so
|
|
|
|
* that it doesn't just go and slaughter us
|
|
|
|
* immediately after closing the fd */
|
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
r = sd_bus_open_system(&bus);
|
|
|
|
if (r < 0) {
|
2014-02-06 18:32:14 +01:00
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
|
|
|
|
return PAM_SESSION_ERR;
|
2012-03-22 02:06:40 +01:00
|
|
|
}
|
|
|
|
|
2013-11-05 06:01:12 +01:00
|
|
|
r = sd_bus_call_method(bus,
|
|
|
|
"org.freedesktop.login1",
|
|
|
|
"/org/freedesktop/login1",
|
|
|
|
"org.freedesktop.login1.Manager",
|
|
|
|
"ReleaseSession",
|
|
|
|
&error,
|
|
|
|
NULL,
|
|
|
|
"s",
|
|
|
|
id);
|
|
|
|
if (r < 0) {
|
2014-02-06 18:32:14 +01:00
|
|
|
pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error, r));
|
|
|
|
return PAM_SESSION_ERR;
|
2012-03-22 02:06:40 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-02-06 18:32:14 +01:00
|
|
|
/* Note that we are knowingly leaking the FIFO fd here. This
|
|
|
|
* way, logind can watch us die. If we closed it here it would
|
|
|
|
* not have any clue when that is completed. Given that one
|
|
|
|
* cannot really have multiple PAM sessions open from the same
|
|
|
|
* process this means we will leak one FD at max. */
|
2012-03-22 02:06:40 +01:00
|
|
|
|
2014-02-06 18:32:14 +01:00
|
|
|
return PAM_SUCCESS;
|
2010-06-21 23:27:18 +02:00
|
|
|
}
|