[systemd.git] / src / login / pam_systemd.c

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <endian.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <security/_pam_macros.h>
#include <security/pam_ext.h>
#include <security/pam_misc.h>
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <sys/file.h>

#include "alloc-util.h"
#include "audit-util.h"
#include "bus-common-errors.h"
#include "bus-error.h"
#include "bus-util.h"
#include "def.h"
#include "fd-util.h"
#include "fileio.h"
#include "formats-util.h"
#include "hostname-util.h"
#include "login-util.h"
#include "macro.h"
#include "parse-util.h"
#include "socket-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "util.h"

static int parse_argv(
                pam_handle_t *handle,
                int argc, const char **argv,
                const char **class,
                const char **type,
                bool *debug) {

        unsigned i;

        assert(argc >= 0);
        assert(argc == 0 || argv);

        for (i = 0; i < (unsigned) argc; i++) {
                if (startswith(argv[i], "class=")) {
                        if (class)
                                *class = argv[i] + 6;

                } else if (startswith(argv[i], "type=")) {
                        if (type)
                                *type = argv[i] + 5;

                } else if (streq(argv[i], "debug")) {
                        if (debug)
                                *debug = true;

                } else if (startswith(argv[i], "debug=")) {
                        int k;

                        k = parse_boolean(argv[i] + 6);
                        if (k < 0)
                                pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
                        else if (debug)
                                *debug = k;

                } else
                        pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring", argv[i]);
        }

        return 0;
}

static int get_user_data(
                pam_handle_t *handle,
                const char **ret_username,
                struct passwd **ret_pw) {

        const char *username = NULL;
        struct passwd *pw = NULL;
        int r;

        assert(handle);
        assert(ret_username);
        assert(ret_pw);

        r = pam_get_user(handle, &username, NULL);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                return r;
        }

        if (isempty(username)) {
                pam_syslog(handle, LOG_ERR, "User name not valid.");
                return PAM_AUTH_ERR;
        }

        pw = pam_modutil_getpwnam(handle, username);
        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;
        }

        *ret_pw = pw;
        *ret_username = username;

        return PAM_SUCCESS;
}

static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
        union sockaddr_union sa = {
                .un.sun_family = AF_UNIX,
        };
        _cleanup_free_ char *p = NULL, *tty = NULL;
        _cleanup_close_ int fd = -1;
        struct ucred ucred;
        int v, r;

        assert(display);
        assert(vtnr);

        /* We deduce the X11 socket from the display name, then use
         * SO_PEERCRED to determine the X11 server process, ask for
         * the controlling tty of that and if it's a VC then we know
         * the seat and the virtual terminal. Sounds ugly, is only
         * semi-ugly. */

        r = socket_from_display(display, &p);
        if (r < 0)
                return r;
        strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);

        fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
        if (fd < 0)
                return -errno;

        if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0)
                return -errno;

        r = getpeercred(fd, &ucred);
        if (r < 0)
                return r;

        r = get_ctty(ucred.pid, NULL, &tty);
        if (r < 0)
                return r;

        v = vtnr_from_tty(tty);
        if (v < 0)
                return v;
        else if (v == 0)
                return -ENOENT;

        if (seat)
                *seat = "seat0";
        *vtnr = (uint32_t) v;

        return 0;
}

static int export_legacy_dbus_address(
                pam_handle_t *handle,
                uid_t uid,
                const char *runtime) {

        _cleanup_free_ char *s = NULL;
        int r = PAM_BUF_ERR;

        if (is_kdbus_available()) {
                if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0)
                        goto error;
        } else {
                /* FIXME: We *really* should move the access() check into the
                 * daemons that spawn dbus-daemon, instead of forcing
                 * DBUS_SESSION_BUS_ADDRESS= here. */

                s = strjoin(runtime, "/bus", NULL);
                if (!s)
                        goto error;

                if (access(s, F_OK) < 0)
                        return PAM_SUCCESS;

                s = mfree(s);
                if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
                        goto error;
        }

        r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
        if (r != PAM_SUCCESS)
                goto error;

        return PAM_SUCCESS;

error:
        pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
        return r;
}

_public_ PAM_EXTERN int pam_sm_open_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
        const char
                *username, *id, *object_path, *runtime_path,
                *service = NULL,
                *tty = NULL, *display = NULL,
                *remote_user = NULL, *remote_host = NULL,
                *seat = NULL,
                *type = NULL, *class = NULL,
                *class_pam = NULL, *type_pam = NULL, *cvtnr = NULL, *desktop = NULL;
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
        int session_fd = -1, existing, r;
        bool debug = false, remote;
        struct passwd *pw;
        uint32_t vtnr = 0;
        uid_t original_uid;

        assert(handle);

        /* Make this a NOP on non-logind systems */
        if (!logind_running())
                return PAM_SUCCESS;

        if (parse_argv(handle,
                       argc, argv,
                       &class_pam,
                       &type_pam,
                       &debug) < 0)
                return PAM_SESSION_ERR;

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return r;
        }

        /* Make sure we don't enter a loop by talking to
         * systemd-logind when it is actually waiting for the
         * background to finish start-up. If the service is
         * "systemd-user" we simply set XDG_RUNTIME_DIR and
         * leave. */

        pam_get_item(handle, PAM_SERVICE, (const void**) &service);
        if (streq_ptr(service, "systemd-user")) {
                _cleanup_free_ char *rt = NULL;

                if (asprintf(&rt, "/run/user/"UID_FMT, pw->pw_uid) < 0)
                        return PAM_BUF_ERR;

                r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                        return r;
                }

                r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
                if (r != PAM_SUCCESS)
                        return r;

                return PAM_SUCCESS;
        }

        /* Otherwise, we ask logind to create a session for us */

        pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
        pam_get_item(handle, PAM_TTY, (const void**) &tty);
        pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
        pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);

        seat = pam_getenv(handle, "XDG_SEAT");
        if (isempty(seat))
                seat = getenv("XDG_SEAT");

        cvtnr = pam_getenv(handle, "XDG_VTNR");
        if (isempty(cvtnr))
                cvtnr = getenv("XDG_VTNR");

        type = pam_getenv(handle, "XDG_SESSION_TYPE");
        if (isempty(type))
                type = getenv("XDG_SESSION_TYPE");
        if (isempty(type))
                type = type_pam;

        class = pam_getenv(handle, "XDG_SESSION_CLASS");
        if (isempty(class))
                class = getenv("XDG_SESSION_CLASS");
        if (isempty(class))
                class = class_pam;

        desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP");
        if (isempty(desktop))
                desktop = getenv("XDG_SESSION_DESKTOP");

        tty = strempty(tty);

        if (strchr(tty, ':')) {
                /* A tty with a colon is usually an X11 display,
                 * placed there to show up in utmp. We rearrange
                 * things and don't pretend that an X display was a
                 * tty. */

                if (isempty(display))
                        display = tty;
                tty = NULL;
        } else if (streq(tty, "cron")) {
                /* cron has been setting PAM_TTY to "cron" for a very
                 * long time and it probably shouldn't stop doing that
                 * for compatibility reasons. */
                type = "unspecified";
                class = "background";
                tty = NULL;
        } else if (streq(tty, "ssh")) {
                /* ssh has been setting PAM_TTY to "ssh" for a very
                 * long time and probably shouldn't stop doing that
                 * for compatibility reasons. */
                type ="tty";
                class = "user";
                tty = NULL;
        }

        /* If this fails vtnr will be 0, that's intended */
        if (!isempty(cvtnr))
                (void) safe_atou32(cvtnr, &vtnr);

        if (!isempty(display) && !vtnr) {
                if (isempty(seat))
                        get_seat_from_display(display, &seat, &vtnr);
                else if (streq(seat, "seat0"))
                        get_seat_from_display(display, NULL, &vtnr);
        }

        if (seat && !streq(seat, "seat0") && vtnr != 0) {
                pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
                vtnr = 0;
        }

        if (isempty(type))
                type = !isempty(display) ? "x11" :
                           !isempty(tty) ? "tty" : "unspecified";

        if (isempty(class))
                class = streq(type, "unspecified") ? "background" : "user";

        remote = !isempty(remote_host) && !is_localhost(remote_host);

        /* Talk to logind over the message bus */

        r = sd_bus_open_system(&bus);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
                return PAM_SESSION_ERR;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
                           "uid="UID_FMT" pid="PID_FMT" service=%s type=%s class=%s desktop=%s seat=%s vtnr=%"PRIu32" tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
                           pw->pw_uid, getpid(),
                           strempty(service),
                           type, class, strempty(desktop),
                           strempty(seat), vtnr, strempty(tty), strempty(display),
                           yes_no(remote), strempty(remote_user), strempty(remote_host));

        r = sd_bus_call_method(bus,
                               "org.freedesktop.login1",
                               "/org/freedesktop/login1",
                               "org.freedesktop.login1.Manager",
                               "CreateSession",
                               &error,
                               &reply,
                               "uusssssussbssa(sv)",
                               (uint32_t) pw->pw_uid,
                               (uint32_t) getpid(),
                               service,
                               type,
                               class,
                               desktop,
                               seat,
                               vtnr,
                               tty,
                               display,
                               remote,
                               remote_user,
                               remote_host,
                               0);
        if (r < 0) {
                if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
                        pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
                        return PAM_SUCCESS;
                } else {
                        pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
                        return PAM_SYSTEM_ERR;
                }
        }

        r = sd_bus_message_read(reply,
                                "soshusub",
                                &id,
                                &object_path,
                                &runtime_path,
                                &session_fd,
                                &original_uid,
                                &seat,
                                &vtnr,
                                &existing);
        if (r < 0) {
                pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", strerror(-r));
                return PAM_SESSION_ERR;
        }

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
                           "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
                           id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to set session id.");
                return r;
        }

        if (original_uid == pw->pw_uid) {
                /* Don't set $XDG_RUNTIME_DIR if the user we now
                 * authenticated for does not match the original user
                 * of the session. We do this in order not to result
                 * in privileged apps clobbering the runtime directory
                 * unnecessarily. */

                r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                        return r;
                }

                r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
                if (r != PAM_SUCCESS)
                        return r;
        }

        if (!isempty(seat)) {
                r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set seat.");
                        return r;
                }
        }

        if (vtnr > 0) {
                char buf[DECIMAL_STR_MAX(vtnr)];
                sprintf(buf, "%u", vtnr);

                r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
                        return r;
                }
        }

        r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
                return r;
        }

        if (session_fd >= 0) {
                session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
                if (session_fd < 0) {
                        pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
                        return PAM_SESSION_ERR;
                }

                r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
                        safe_close(session_fd);
                        return r;
                }
        }

        return PAM_SUCCESS;
}

_public_ PAM_EXTERN int pam_sm_close_session(
                pam_handle_t *handle,
                int flags,
                int argc, const char **argv) {

        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
        const void *existing = NULL;
        const char *id;
        int r;

        assert(handle);

        /* Only release session if it wasn't pre-existing when we
         * tried to create it */
        pam_get_data(handle, "systemd.existing", &existing);

        id = pam_getenv(handle, "XDG_SESSION_ID");
        if (id && !existing) {

                /* Before we go and close the FIFO we need to tell
                 * logind that this is a clean session shutdown, so
                 * that it doesn't just go and slaughter us
                 * immediately after closing the fd */

                r = sd_bus_open_system(&bus);
                if (r < 0) {
                        pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
                        return PAM_SESSION_ERR;
                }

                r = sd_bus_call_method(bus,
                                       "org.freedesktop.login1",
                                       "/org/freedesktop/login1",
                                       "org.freedesktop.login1.Manager",
                                       "ReleaseSession",
                                       &error,
                                       NULL,
                                       "s",
                                       id);
                if (r < 0) {
                        pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error, r));
                        return PAM_SESSION_ERR;
                }
        }

        /* Note that we are knowingly leaking the FIFO fd here. This
         * way, logind can watch us die. If we closed it here it would
         * not have any clue when that is completed. Given that one
         * cannot really have multiple PAM sessions open from the same
         * process this means we will leak one FD at max. */

        return PAM_SUCCESS;
}
Commit	Line	Data
663996b3 MS	1	/***
	2	This file is part of systemd.
	3
	4	Copyright 2010 Lennart Poettering
	5
	6	systemd is free software; you can redistribute it and/or modify it
	7	under the terms of the GNU Lesser General Public License as published by
	8	the Free Software Foundation; either version 2.1 of the License, or
	9	(at your option) any later version.
	10
	11	systemd is distributed in the hope that it will be useful, but
	12	WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	Lesser General Public License for more details.
	15
	16	You should have received a copy of the GNU Lesser General Public License
	17	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	18	***/
	19
db2df898	20	#include <endian.h>
663996b3 MS	21	#include <errno.h>
663996b3 MS	22	#include <fcntl.h>
663996b3	23	#include <pwd.h>
663996b3	24	#include <security/_pam_macros.h>
663996b3 MS	25	#include <security/pam_ext.h>
663996b3 MS	26	#include <security/pam_misc.h>
db2df898 MP	27	#include <security/pam_modules.h>
	28	#include <security/pam_modutil.h>
	29	#include <sys/file.h>
663996b3	30
db2df898 MP	31	#include "alloc-util.h"
db2df898 MP	32	#include "audit-util.h"
fb183854	33	#include "bus-common-errors.h"
db2df898	34	#include "bus-error.h"
60f067b4	35	#include "bus-util.h"
663996b3	36	#include "def.h"
db2df898	37	#include "fd-util.h"
663996b3	38	#include "fileio.h"
e3bff60a	39	#include "formats-util.h"
e3bff60a	40	#include "hostname-util.h"
db2df898 MP	41	#include "login-util.h"
	42	#include "macro.h"
	43	#include "parse-util.h"
	44	#include "socket-util.h"
	45	#include "strv.h"
	46	#include "terminal-util.h"
	47	#include "util.h"
663996b3	48
60f067b4 JS	49	static int parse_argv(
	50	pam_handle_t *handle,
	51	int argc, const char **argv,
	52	const char **class,
	53	const char **type,
	54	bool *debug) {
663996b3 MS	55
	56	unsigned i;
	57
	58	assert(argc >= 0);
	59	assert(argc == 0 \|\| argv);
	60
	61	for (i = 0; i < (unsigned) argc; i++) {
14228c0d	62	if (startswith(argv[i], "class=")) {
663996b3 MS	63	if (class)
	64	*class = argv[i] + 6;
	65
60f067b4 JS	66	} else if (startswith(argv[i], "type=")) {
	67	if (type)
	68	*type = argv[i] + 5;
663996b3	69
60f067b4	70	} else if (streq(argv[i], "debug")) {
663996b3	71	if (debug)
60f067b4 JS	72	*debug = true;
	73
	74	} else if (startswith(argv[i], "debug=")) {
	75	int k;
	76
	77	k = parse_boolean(argv[i] + 6);
	78	if (k < 0)
	79	pam_syslog(handle, LOG_WARNING, "Failed to parse debug= argument, ignoring.");
	80	else if (debug)
663996b3 MS	81	*debug = k;
663996b3 MS	82
60f067b4	83	} else
14228c0d	84	pam_syslog(handle, LOG_WARNING, "Unknown parameter '%s', ignoring", argv[i]);
663996b3 MS	85	}
	86
	87	return 0;
	88	}
	89
	90	static int get_user_data(
	91	pam_handle_t *handle,
	92	const char **ret_username,
	93	struct passwd **ret_pw) {
	94
	95	const char *username = NULL;
	96	struct passwd *pw = NULL;
663996b3 MS	97	int r;
	98
	99	assert(handle);
	100	assert(ret_username);
	101	assert(ret_pw);
	102
60f067b4 JS	103	r = pam_get_user(handle, &username, NULL);
	104	if (r != PAM_SUCCESS) {
	105	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
	106	return r;
	107	}
663996b3	108
60f067b4 JS	109	if (isempty(username)) {
	110	pam_syslog(handle, LOG_ERR, "User name not valid.");
	111	return PAM_AUTH_ERR;
663996b3 MS	112	}
663996b3 MS	113
60f067b4	114	pw = pam_modutil_getpwnam(handle, username);
663996b3 MS	115	if (!pw) {
	116	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	117	return PAM_USER_UNKNOWN;
	118	}
	119
	120	*ret_pw = pw;
f47781d8	121	*ret_username = username;
663996b3 MS	122
	123	return PAM_SUCCESS;
	124	}
	125
663996b3	126	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {
663996b3 MS	127	union sockaddr_union sa = {
	128	.un.sun_family = AF_UNIX,
	129	};
60f067b4 JS	130	_cleanup_free_ char p = NULL, tty = NULL;
60f067b4 JS	131	_cleanup_close_ int fd = -1;
663996b3	132	struct ucred ucred;
60f067b4	133	int v, r;
663996b3 MS	134
	135	assert(display);
	136	assert(vtnr);
	137
	138	/* We deduce the X11 socket from the display name, then use
	139	* SO_PEERCRED to determine the X11 server process, ask for
	140	* the controlling tty of that and if it's a VC then we know
	141	* the seat and the virtual terminal. Sounds ugly, is only
	142	* semi-ugly. */
	143
	144	r = socket_from_display(display, &p);
	145	if (r < 0)
	146	return r;
	147	strncpy(sa.un.sun_path, p, sizeof(sa.un.sun_path)-1);
	148
	149	fd = socket(AF_UNIX, SOCK_STREAM\|SOCK_CLOEXEC, 0);
	150	if (fd < 0)
	151	return -errno;
	152
	153	if (connect(fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + strlen(sa.un.sun_path)) < 0)
	154	return -errno;
	155
60f067b4	156	r = getpeercred(fd, &ucred);
663996b3	157	if (r < 0)
60f067b4	158	return r;
663996b3 MS	159
	160	r = get_ctty(ucred.pid, NULL, &tty);
	161	if (r < 0)
	162	return r;
	163
	164	v = vtnr_from_tty(tty);
	165	if (v < 0)
	166	return v;
	167	else if (v == 0)
	168	return -ENOENT;
	169
	170	if (seat)
	171	*seat = "seat0";
	172	*vtnr = (uint32_t) v;
	173
	174	return 0;
	175	}
	176
60f067b4 JS	177	static int export_legacy_dbus_address(
	178	pam_handle_t *handle,
	179	uid_t uid,
	180	const char *runtime) {
	181
60f067b4	182	_cleanup_free_ char *s = NULL;
d9dfd233 MP	183	int r = PAM_BUF_ERR;
	184
	185	if (is_kdbus_available()) {
	186	if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0)
	187	goto error;
	188	} else {
	189	/* FIXME: We really should move the access() check into the
	190	* daemons that spawn dbus-daemon, instead of forcing
	191	* DBUS_SESSION_BUS_ADDRESS= here. */
	192
	193	s = strjoin(runtime, "/bus", NULL);
	194	if (!s)
	195	goto error;
	196
	197	if (access(s, F_OK) < 0)
	198	return PAM_SUCCESS;
	199
	200	s = mfree(s);
	201	if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0)
	202	goto error;
60f067b4 JS	203	}
	204
	205	r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
d9dfd233 MP	206	if (r != PAM_SUCCESS)
d9dfd233 MP	207	goto error;
86f210e9	208
60f067b4	209	return PAM_SUCCESS;
d9dfd233 MP	210
	211	error:
	212	pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
	213	return r;
60f067b4 JS	214	}
60f067b4 JS	215
663996b3 MS	216	_public_ PAM_EXTERN int pam_sm_open_session(
	217	pam_handle_t *handle,
	218	int flags,
	219	int argc, const char **argv) {
	220
4c89c718 MP	221	_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
4c89c718 MP	222	_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
60f067b4 JS	223	const char
	224	username, id, object_path, runtime_path,
	225	*service = NULL,
	226	tty = NULL, display = NULL,
	227	remote_user = NULL, remote_host = NULL,
	228	*seat = NULL,
	229	type = NULL, class = NULL,
	230	class_pam = NULL, type_pam = NULL, cvtnr = NULL, desktop = NULL;
4c89c718	231	_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
60f067b4 JS	232	int session_fd = -1, existing, r;
60f067b4 JS	233	bool debug = false, remote;
663996b3	234	struct passwd *pw;
663996b3	235	uint32_t vtnr = 0;
60f067b4	236	uid_t original_uid;
663996b3 MS	237
	238	assert(handle);
	239
663996b3 MS	240	/* Make this a NOP on non-logind systems */
	241	if (!logind_running())
	242	return PAM_SUCCESS;
	243
	244	if (parse_argv(handle,
	245	argc, argv,
14228c0d	246	&class_pam,
60f067b4 JS	247	&type_pam,
	248	&debug) < 0)
	249	return PAM_SESSION_ERR;
	250
	251	if (debug)
	252	pam_syslog(handle, LOG_DEBUG, "pam-systemd initializing");
663996b3 MS	253
663996b3 MS	254	r = get_user_data(handle, &username, &pw);
60f067b4 JS	255	if (r != PAM_SUCCESS) {
	256	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
	257	return r;
	258	}
663996b3 MS	259
	260	/* Make sure we don't enter a loop by talking to
	261	* systemd-logind when it is actually waiting for the
	262	* background to finish start-up. If the service is
14228c0d	263	* "systemd-user" we simply set XDG_RUNTIME_DIR and
663996b3 MS	264	* leave. */
	265
	266	pam_get_item(handle, PAM_SERVICE, (const void**) &service);
14228c0d	267	if (streq_ptr(service, "systemd-user")) {
db2df898	268	_cleanup_free_ char *rt = NULL;
663996b3	269
db2df898	270	if (asprintf(&rt, "/run/user/"UID_FMT, pw->pw_uid) < 0)
60f067b4	271	return PAM_BUF_ERR;
663996b3	272
db2df898 MP	273	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", rt, 0);
	274	if (r != PAM_SUCCESS) {
	275	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	276	return r;
60f067b4	277	}
663996b3	278
db2df898 MP	279	r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
	280	if (r != PAM_SUCCESS)
	281	return r;
	282
60f067b4	283	return PAM_SUCCESS;
663996b3 MS	284	}
663996b3 MS	285
60f067b4	286	/* Otherwise, we ask logind to create a session for us */
663996b3 MS	287
	288	pam_get_item(handle, PAM_XDISPLAY, (const void**) &display);
	289	pam_get_item(handle, PAM_TTY, (const void**) &tty);
	290	pam_get_item(handle, PAM_RUSER, (const void**) &remote_user);
	291	pam_get_item(handle, PAM_RHOST, (const void**) &remote_host);
	292
	293	seat = pam_getenv(handle, "XDG_SEAT");
	294	if (isempty(seat))
	295	seat = getenv("XDG_SEAT");
	296
	297	cvtnr = pam_getenv(handle, "XDG_VTNR");
	298	if (isempty(cvtnr))
	299	cvtnr = getenv("XDG_VTNR");
	300
60f067b4 JS	301	type = pam_getenv(handle, "XDG_SESSION_TYPE");
	302	if (isempty(type))
	303	type = getenv("XDG_SESSION_TYPE");
	304	if (isempty(type))
	305	type = type_pam;
	306
	307	class = pam_getenv(handle, "XDG_SESSION_CLASS");
	308	if (isempty(class))
	309	class = getenv("XDG_SESSION_CLASS");
	310	if (isempty(class))
	311	class = class_pam;
	312
	313	desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP");
	314	if (isempty(desktop))
	315	desktop = getenv("XDG_SESSION_DESKTOP");
	316
663996b3	317	tty = strempty(tty);
663996b3 MS	318
	319	if (strchr(tty, ':')) {
	320	/* A tty with a colon is usually an X11 display,
	321	* placed there to show up in utmp. We rearrange
	322	* things and don't pretend that an X display was a
	323	* tty. */
	324
	325	if (isempty(display))
	326	display = tty;
60f067b4	327	tty = NULL;
663996b3 MS	328	} else if (streq(tty, "cron")) {
	329	/* cron has been setting PAM_TTY to "cron" for a very
	330	* long time and it probably shouldn't stop doing that
	331	* for compatibility reasons. */
663996b3	332	type = "unspecified";
60f067b4 JS	333	class = "background";
60f067b4 JS	334	tty = NULL;
663996b3 MS	335	} else if (streq(tty, "ssh")) {
	336	/* ssh has been setting PAM_TTY to "ssh" for a very
	337	* long time and probably shouldn't stop doing that
	338	* for compatibility reasons. */
663996b3	339	type ="tty";
60f067b4 JS	340	class = "user";
60f067b4 JS	341	tty = NULL;
663996b3 MS	342	}
	343
	344	/* If this fails vtnr will be 0, that's intended */
	345	if (!isempty(cvtnr))
e3bff60a	346	(void) safe_atou32(cvtnr, &vtnr);
663996b3	347
60f067b4	348	if (!isempty(display) && !vtnr) {
663996b3 MS	349	if (isempty(seat))
	350	get_seat_from_display(display, &seat, &vtnr);
	351	else if (streq(seat, "seat0"))
	352	get_seat_from_display(display, NULL, &vtnr);
	353	}
	354
60f067b4	355	if (seat && !streq(seat, "seat0") && vtnr != 0) {
e735f4d4	356	pam_syslog(handle, LOG_DEBUG, "Ignoring vtnr %"PRIu32" for %s which is not seat0", vtnr, seat);
60f067b4 JS	357	vtnr = 0;
	358	}
	359
	360	if (isempty(type))
663996b3	361	type = !isempty(display) ? "x11" :
60f067b4	362	!isempty(tty) ? "tty" : "unspecified";
663996b3	363
663996b3 MS	364	if (isempty(class))
	365	class = streq(type, "unspecified") ? "background" : "user";
	366
e842803a	367	remote = !isempty(remote_host) && !is_localhost(remote_host);
60f067b4 JS	368
60f067b4 JS	369	/* Talk to logind over the message bus */
663996b3	370
60f067b4 JS	371	r = sd_bus_open_system(&bus);
	372	if (r < 0) {
	373	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
	374	return PAM_SESSION_ERR;
	375	}
663996b3	376
663996b3 MS	377	if (debug)
663996b3 MS	378	pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
e735f4d4	379	"uid="UID_FMT" pid="PID_FMT" service=%s type=%s class=%s desktop=%s seat=%s vtnr=%"PRIu32" tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
60f067b4 JS	380	pw->pw_uid, getpid(),
	381	strempty(service),
	382	type, class, strempty(desktop),
	383	strempty(seat), vtnr, strempty(tty), strempty(display),
	384	yes_no(remote), strempty(remote_user), strempty(remote_host));
	385
	386	r = sd_bus_call_method(bus,
	387	"org.freedesktop.login1",
	388	"/org/freedesktop/login1",
	389	"org.freedesktop.login1.Manager",
	390	"CreateSession",
	391	&error,
	392	&reply,
	393	"uusssssussbssa(sv)",
	394	(uint32_t) pw->pw_uid,
	395	(uint32_t) getpid(),
	396	service,
	397	type,
	398	class,
	399	desktop,
	400	seat,
	401	vtnr,
	402	tty,
	403	display,
	404	remote,
	405	remote_user,
	406	remote_host,
	407	0);
	408	if (r < 0) {
fb183854 MP	409	if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
	410	pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
	411	return PAM_SUCCESS;
	412	} else {
	413	pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
	414	return PAM_SYSTEM_ERR;
	415	}
663996b3 MS	416	}
663996b3 MS	417
60f067b4 JS	418	r = sd_bus_message_read(reply,
	419	"soshusub",
	420	&id,
	421	&object_path,
	422	&runtime_path,
	423	&session_fd,
	424	&original_uid,
	425	&seat,
	426	&vtnr,
	427	&existing);
	428	if (r < 0) {
	429	pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", strerror(-r));
	430	return PAM_SESSION_ERR;
663996b3 MS	431	}
	432
	433	if (debug)
	434	pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
60f067b4 JS	435	"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
60f067b4 JS	436	id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);
663996b3 MS	437
	438	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
	439	if (r != PAM_SUCCESS) {
	440	pam_syslog(handle, LOG_ERR, "Failed to set session id.");
60f067b4	441	return r;
663996b3 MS	442	}
663996b3 MS	443
60f067b4 JS	444	if (original_uid == pw->pw_uid) {
	445	/* Don't set $XDG_RUNTIME_DIR if the user we now
	446	* authenticated for does not match the original user
	447	* of the session. We do this in order not to result
	448	* in privileged apps clobbering the runtime directory
	449	* unnecessarily. */
	450
	451	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
	452	if (r != PAM_SUCCESS) {
	453	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
	454	return r;
	455	}
	456
	457	r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
	458	if (r != PAM_SUCCESS)
	459	return r;
663996b3 MS	460	}
	461
	462	if (!isempty(seat)) {
	463	r = pam_misc_setenv(handle, "XDG_SEAT", seat, 0);
	464	if (r != PAM_SUCCESS) {
	465	pam_syslog(handle, LOG_ERR, "Failed to set seat.");
60f067b4	466	return r;
663996b3 MS	467	}
	468	}
	469
	470	if (vtnr > 0) {
60f067b4 JS	471	char buf[DECIMAL_STR_MAX(vtnr)];
60f067b4 JS	472	sprintf(buf, "%u", vtnr);
663996b3 MS	473
	474	r = pam_misc_setenv(handle, "XDG_VTNR", buf, 0);
	475	if (r != PAM_SUCCESS) {
	476	pam_syslog(handle, LOG_ERR, "Failed to set virtual terminal number.");
60f067b4	477	return r;
663996b3 MS	478	}
	479	}
	480
	481	r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL);
	482	if (r != PAM_SUCCESS) {
	483	pam_syslog(handle, LOG_ERR, "Failed to install existing flag.");
	484	return r;
	485	}
	486
	487	if (session_fd >= 0) {
60f067b4 JS	488	session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
	489	if (session_fd < 0) {
	490	pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
	491	return PAM_SESSION_ERR;
	492	}
	493
db2df898	494	r = pam_set_data(handle, "systemd.session-fd", FD_TO_PTR(session_fd), NULL);
663996b3 MS	495	if (r != PAM_SUCCESS) {
663996b3 MS	496	pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
60f067b4	497	safe_close(session_fd);
663996b3 MS	498	return r;
	499	}
	500	}
	501
60f067b4	502	return PAM_SUCCESS;
663996b3 MS	503	}
	504
	505	_public_ PAM_EXTERN int pam_sm_close_session(
	506	pam_handle_t *handle,
	507	int flags,
	508	int argc, const char **argv) {
	509
4c89c718 MP	510	_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
4c89c718 MP	511	_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
60f067b4	512	const void *existing = NULL;
663996b3	513	const char *id;
663996b3 MS	514	int r;
	515
	516	assert(handle);
	517
663996b3 MS	518	/* Only release session if it wasn't pre-existing when we
	519	* tried to create it */
	520	pam_get_data(handle, "systemd.existing", &existing);
	521
	522	id = pam_getenv(handle, "XDG_SESSION_ID");
	523	if (id && !existing) {
	524
	525	/* Before we go and close the FIFO we need to tell
	526	* logind that this is a clean session shutdown, so
	527	* that it doesn't just go and slaughter us
	528	* immediately after closing the fd */
	529
60f067b4 JS	530	r = sd_bus_open_system(&bus);
	531	if (r < 0) {
	532	pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", strerror(-r));
	533	return PAM_SESSION_ERR;
663996b3 MS	534	}
663996b3 MS	535
60f067b4 JS	536	r = sd_bus_call_method(bus,
	537	"org.freedesktop.login1",
	538	"/org/freedesktop/login1",
	539	"org.freedesktop.login1.Manager",
	540	"ReleaseSession",
	541	&error,
	542	NULL,
	543	"s",
	544	id);
	545	if (r < 0) {
	546	pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error, r));
	547	return PAM_SESSION_ERR;
663996b3 MS	548	}
	549	}
	550
60f067b4 JS	551	/* Note that we are knowingly leaking the FIFO fd here. This
	552	* way, logind can watch us die. If we closed it here it would
	553	* not have any clue when that is completed. Given that one
	554	* cannot really have multiple PAM sessions open from the same
	555	* process this means we will leak one FD at max. */
663996b3	556
60f067b4	557	return PAM_SUCCESS;
663996b3	558	}