[mirror_lxcfs.git] / pam / pam_cgfs.c

/* pam-cgfs
 *
 * Copyright © 2016 Canonical, Inc
 * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
 *
 * When a user logs in, this pam module will create cgroups which the user
 * may administer, either for all controllers or for any controllers listed
 * on the command line (if any are listed).
 *
 * The cgroup created will be "user/$user/0" for the first session,
 * "user/$user/1" for the second, etc.
 *
 * name=systemd is handled specially.  If the host is an upstart system
 * or the login is noninteractive, then the logged in user does not get
 * a cgroup created.  On a systemd interactive login, one is created but
 * not chowned to the user.  In the former case, we create one as usual,
 * in the latter case we simply chown whatever cgroup the user is in.
 *
 * All requested cgroups must be mounted under /sys/fs/cgroup/$controller,
 * no messing around with finding mountpoints.
 *
 * See COPYING file for details.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <syslog.h>
#include <stdarg.h>
#include <errno.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <pwd.h>
#include <stdbool.h>
#include <dirent.h>

#define PAM_SM_SESSION
#include <security/_pam_macros.h>
#include <security/pam_modules.h>

#include <linux/unistd.h>

static bool initialized;

static void mysyslog(int err, const char *format, ...)
{
	va_list args;

	va_start(args, format);
	openlog("PAM-CGFS", LOG_CONS|LOG_PID, LOG_AUTH);
	vsyslog(err, format, args);
	va_end(args);
	closelog();
}

static char *must_strcat(const char *first, ...) __attribute__((sentinel));

static char *must_strcat(const char *first, ...)
{
	va_list args;
	char *dest, *cur, *new;
	size_t len;

	do {
		dest = strdup(first);
	} while (!dest);
	len = strlen(dest);

	va_start(args, first);

	while ((cur = va_arg(args, char *)) != NULL) {
		size_t newlen = len + strlen(cur);
		do {
			new = realloc(dest, newlen + 1);
		} while (!new);
		dest = new;
		strcat(dest, cur);
		len = newlen;
	}
	va_end(args);

	return dest;
}

static bool exists(const char *path)
{
	struct stat sb;
	int ret;

	ret = stat(path, &sb);
	return ret == 0;
}

static bool is_dir(const char *path)
{
	struct stat sb;

	if (stat(path, &sb) < 0)
		return false;
	if (S_ISDIR(sb.st_mode))
		return true;
	return false;
}

static bool mkdir_p(const char *root, char *path)
{
	char *b, orig, *e;

	if (strlen(path) < strlen(root))
		return false;
	if (strlen(path) == strlen(root))
		return true;

	b = path + strlen(root) + 1;
	while (1) {
		while (*b && *b == '/')
			b++;
		if (!*b)
			return true;
		e = b + 1;
		while (*e && *e != '/')
			e++;
		orig = *e;
		if (orig)
			*e = '\0';
		if (exists(path))
			goto next;
		if (mkdir(path, 0755) < 0) {
#if DEBUG
			fprintf(stderr, "Failed to create %s: %m\n", path);
#endif
			return false;
		}
next:
		if (!orig)
			return true;
		*e = orig;
		b = e + 1;
	}

}

struct controller {
	struct controller *next;
	int id;
	bool systemd_created;
	char *name;
	char *mount_path;
	char *init_path;
	char *cur_path;
};

#define MAXCONTROLLERS 20
static struct controller *controllers[MAXCONTROLLERS];

/*
 * if cpu and cpuacct are comounted, it's possible a mount
 * exists for only one.  Find it.
 */
static char *find_controller_path(struct controller *c)
{
	while (c) {
		char *path = must_strcat("/sys/fs/cgroup/", c->name, NULL);
		if (exists(path))
			return path;
		free(path);
		if (strncmp(c->name, "name=", 5) == 0) {
			path = must_strcat("/sys/fs/cgroup/", c->name + 5, NULL);
			if (exists(path))
				return path;
			free(path);
		}
		c = c->next;
	}
	return NULL;
}

/* Find the path at which each controller is mounted. */
static void get_mounted_paths(void)
{
	int i;
	struct controller *c;
	char *path;

	for (i = 0; i < MAXCONTROLLERS; i++) {
		c = controllers[i];
		if (!c || c->mount_path)
			continue;
		path = find_controller_path(c);
		if (!path)
			continue;
		while (c) {
			c->mount_path = path;
			c = c->next;
		}
	}
}

static void add_controller(int id, char *tok, char *cur_path)
{
	struct controller *c;

	do {
		c = malloc(sizeof(struct controller));
	} while (!c);
	do {
		c->name = strdup(tok);
	} while (!c->name);
	do {
		c->cur_path = strdup(cur_path);
	} while (!c->cur_path);
	c->id = id;
	c->next = controllers[id];
	c->mount_path = NULL;
	c->init_path = NULL;
	controllers[id] = c;
}

static void drop_controller(int which)
{
	struct controller *c = controllers[which];

	if (c) {
		free(c->init_path); // all comounts share this
		free(c->mount_path);
	}
	while (c) {
		struct controller *tmp = c->next;
		free(c->name);
		free(c->cur_path);
		free(c);
		c = tmp;
	}
	controllers[which] = NULL;
}

static bool single_in_filter(char *c, const char *filter)
{
	char *dup = strdupa(filter), *tok;
	for (tok = strtok(dup, ","); tok; tok = strtok(NULL, ",")) {
		if (strcmp(c, tok) == 0)
			return true;
	}
	return false;
}

static bool controller_in_filter(struct controller *controller, const char *filter)
{
	struct controller *c;

	for (c = controller; c; c = c->next) {
		if (single_in_filter(c->name, filter))
			return true;
	}
	return false;
}

/*
 * Passed a comma-delimited list of requested controllers.
 * Pulls any controllers not in the list out of the
 * list of controllers
 */
static void filter_controllers(const char *filter)
{
	int i;
	for (i = 0; i < MAXCONTROLLERS; i++) {
		if (!controllers[i])
			continue;
		if (filter && !controller_in_filter(controllers[i], filter))
			drop_controller(i);
	}
}

#define INIT_SCOPE "/init.scope"
static void prune_init_scope(char *cg)
{
	char *point;
	size_t cg_len, initscope_len;

	if (!cg)
		return;

	cg_len = strlen(cg);
	initscope_len = strlen(INIT_SCOPE);
	if (cg_len < initscope_len)
		return;

	point = cg + cg_len - initscope_len;
	if (strcmp(point, INIT_SCOPE) == 0) {
		if (point == cg)
			*(point+1) = '\0';
		else
			*point = '\0';
	}
}

static bool fill_in_init_paths(void)
{
	FILE *f;
	char *line = NULL;
	size_t len = 0;
	struct controller *c;
	bool ret = false;

	f = fopen("/proc/1/cgroup", "r");
	if (!f)
		return false;
	while (getline(&line, &len, f) != -1) {
		int id;
		char *subsystems, *ip;
		if (sscanf(line, "%d:%m[^:]:%ms", &id, &subsystems, &ip) != 3) {
			mysyslog(LOG_ERR, "Corrupt /proc/1/cgroup\n");
			goto out;
		}
		free(subsystems);
		if (id < 0 || id > 20) {
			mysyslog(LOG_ERR, "Too many subsystems\n");
			free(ip);
			goto out;
		}
		if (ip[0] != '/') {
			free(ip);
			mysyslog(LOG_ERR, "ERROR: init cgroup path is not absolute!\n");
			goto out;
		}
		prune_init_scope(ip);
		for (c = controllers[id]; c; c = c->next) {
			if (strcmp(c->name, "name=systemd") == 0)
				c->systemd_created = strcmp(ip, c->cur_path) != 0;
			c->init_path = ip;
		}
	}
	ret = true;
out:
	fclose(f);
	free(line);
	return ret;
}

#if DEBUG
static void print_found_controllers(void) {
	struct controller *c;
	int i;

	for (i = 0; i < MAXCONTROLLERS; i++) {
		c = controllers[i];
		if (!c) {
			fprintf(stderr, "Nothing in controller %d\n", i);
			continue;
		}
		fprintf(stderr, "Controller %d:\n", i);
		while (c) {
			fprintf(stderr, " Next mount: index %d name %s\n", c->id, c->name);
			fprintf(stderr, "             mount path %s\n", c->mount_path ? c->mount_path : "(none)");
			fprintf(stderr, "             init task path %s\n", c->init_path);
			fprintf(stderr, "             login task path %s\n", c->cur_path);
			c = c->next;
		}
	}
}
#else
static inline void print_found_controllers(void) { };
#endif
/*
 * Get the list of cgroup controllers currently mounted.
 * This includes both kernel and named subsystems, so get the list from
 * /proc/self/cgroup rather than /proc/cgroups.
 */
static bool get_active_controllers(void)
{
	FILE *f;
	char *line = NULL, *tok, *cur_path;
	size_t len = 0;

	f = fopen("/proc/self/cgroup", "r");
	if (!f)
		return false;
	while (getline(&line, &len, f) != -1) {
		int id;
		char *subsystems;
		if (sscanf(line, "%d:%m[^:]:%ms", &id, &subsystems, &cur_path) != 3) {
			mysyslog(LOG_ERR, "Corrupt /proc/self/cgroup\n");
			fclose(f);
			free(line);
			return false;
		}
		if (id < 0 || id > 20) {
			mysyslog(LOG_ERR, "Too many subsystems\n");
			free(subsystems);
			free(cur_path);
			fclose(f);
			free(line);
			return false;
		}
		for (tok = strtok(subsystems, ","); tok; tok = strtok(NULL, ","))
			add_controller(id, tok, cur_path);
		free(subsystems);
		free(cur_path);
	}
	fclose(f);
	free(line);

	get_mounted_paths();

	if (!fill_in_init_paths()) {
		mysyslog(LOG_ERR, "Failed finding cgroups for init task\n");
		return false;
	}

	print_found_controllers();

	initialized = true;

	return true;
}

/*
 * the systemd-created path is: user-$uid.slice/session-c$session.scope
 * If that is not the end of our systemd path, then we're not part of
 * the PAM call that created that path.
 *
 * The last piece is chowned to $uid, the user- part not.
 * Note - if the user creates paths that look like what we're looking for
 * to 'fool' us, either
 *   . they fool us, we create new cgroups, and they get auto-logged-out.
 *   . they fool a root sudo, systemd cgroup is not changed but chowned,
 *     and they lose ownership of their cgroups
 */
static bool systemd_created_slice_for_us(struct controller *c, const char *in, uid_t uid)
{
	char *p, *copy = strdupa(in);
	size_t len;
	int id;

	if (!copy || strlen(copy) < strlen("/user-0.slice/session-0.scope"))
		return false;
	p = copy + strlen(copy) - 1;
	/* skip any trailing '/' (shouldn't be any, but be sure) */
	while (p >= copy && *p == '/')
		*(p--) = '\0';
	if (p < copy)
		return false;

	/* Get last path element */
	while (p >= copy && *p != '/')
		p--;
	if (p < copy)
		return false;
	/* make sure it is session-something.scope */
	len = strlen(p+1);
	if (strncmp(p+1, "session-", strlen("session-")) != 0 ||
			strncmp(p+1 + len - 6, ".scope", 6) != 0)
		return false;

	/* ok last path piece checks out, now check the second to last */
	*(p+1) = '\0';
	while (p >= copy && *(--p) != '/');
	if (sscanf(p+1, "user-%d.slice/", &id) != 1)
		return false;

	if (id != (int)uid)
		return false;

	return true;
}
/*
 * Handle systemd creation.  Return true if all's done.  Returns false if
 * the caller needs to create=chown a cgroup
 */
static bool handle_systemd_create(struct controller *c, uid_t uid, gid_t gid)
{
	char *user_path;

	if (!c->systemd_created)
		return false;

	user_path = must_strcat(c->mount_path, c->cur_path, NULL);

	// Is this actually our cgroup, or was it created for someone
	// else?
	if (!systemd_created_slice_for_us(c, user_path, uid)) {
		c->systemd_created = false;
		free(user_path);
		return false;
	}

	// a name=systemd cgroup has already been created, just chown it
	if (chown(user_path, uid, gid) < 0)
		mysyslog(LOG_WARNING, "Failed to chown %s to %d:%d: %m\n",
				user_path, (int)uid, (int)gid);
	free(user_path);
	return true;
}

static bool cgfs_create_forone(struct controller *c, uid_t uid, gid_t gid, const char *cg, bool *existed)
{
	while (c) {
		if (!c->mount_path || !c->init_path)
			goto next;

		if (strcmp(c->name, "name=systemd") == 0 && handle_systemd_create(c, uid, gid))
			return true;

		char *path = must_strcat(c->mount_path, c->init_path, cg, NULL);
#if DEBUG
		fprintf(stderr, "Creating %s for %s\n", path, c->name);
#endif
		if (exists(path)) {
			free(path);
			*existed = true;
#if DEBUG
			fprintf(stderr, "%s existed\n", path);
#endif
			return true;
		}

		bool pass = mkdir_p(c->mount_path, path);
#if DEBUG
		fprintf(stderr, "Creating %s %s\n", path, pass ? "succeeded" : "failed");
#endif
		if (pass) {
			if (chown(path, uid, gid) < 0)
				mysyslog(LOG_WARNING, "Failed to chown %s to %d:%d: %m\n",
					path, (int)uid, (int)gid);
		}
		free(path);
		if (pass)
			return true;
next:
		c = c->next;
	}
	return false;
}

static void recursive_rmdir(const char *path)
{
	struct dirent *direntp;
	DIR *dir;

	dir = opendir(path);
	if (!dir)
		return;
	while ((direntp = readdir(dir))!= NULL) {
		if (!strcmp(direntp->d_name, ".") ||
				!strcmp(direntp->d_name, ".."))
			continue;

		char *dpath = must_strcat(path, "/", direntp->d_name, NULL);
		if (is_dir(dpath)) {
			recursive_rmdir(dpath);
#if DEBUG
			fprintf(stderr, "attempting to remove %s\n", dpath);
#endif
			if (rmdir(dpath) < 0) {
#if DEBUG
				fprintf(stderr, "Failed removing %s: %m\n", dpath);
#endif
			}
		}
		free(dpath);
	}

	closedir(dir);
}

/*
 * Try to remove a cgroup in a controller to cleanup during failure.
 * All mounts of comounted controllers are the same, so we just look
 * for the first mount which exists, try to remove the directory, and
 * return.
 */
static void cgfs_remove_forone(int idx, const char *cg)
{
	struct controller *c = controllers[idx];
	char *path;

	while (c) {
		if (c->mount_path) {
			path = must_strcat(c->mount_path, cg, NULL);
			recursive_rmdir(path);
			free(path);
		}
		c = c->next;
	}
}

static bool cgfs_create(const char *cg, uid_t uid, gid_t gid, bool *existed)
{
	*existed = false;
	int i, j;

#if DEBUG
	fprintf(stderr, "creating %s\n", cg);
#endif
	for (i = 0; i < MAXCONTROLLERS; i++) {
		struct controller *c = controllers[i];

		if (!c)
			continue;

		if (!cgfs_create_forone(c, uid, gid, cg, existed)) {
			for (j = 0; j < i; j++)
				cgfs_remove_forone(j, cg);
			return false;
		}
	}

	return true;
}

static bool write_int(char *path, int v)
{
	FILE *f = fopen(path, "w");
	bool ret = true;

	if (!f)
		return false;
	if (fprintf(f, "%d\n", v) < 0)
		ret = false;
	if (fclose(f) != 0)
		ret = false;
	return ret;
}

static bool do_enter(struct controller *c, const char *cg)
{
	char *path;
	bool pass;

	while (c) {
		if (!c->mount_path || !c->init_path)
			goto next;
		path = must_strcat(c->mount_path, c->init_path, cg, "/cgroup.procs", NULL);
		if (!exists(path)) {
			free(path);
			path = must_strcat(c->mount_path, c->init_path, cg, "/tasks", NULL);
		}
#if DEBUG
		fprintf(stderr, "Attempting to enter %s:%s using %s\n", c->name, cg, path);
#endif
		pass = write_int(path, (int)getpid());
		free(path);
		if (pass) /* only have to enter one of the comounts */
			return true;
#if DEBUG
		if (!pass)
			fprintf(stderr, "Failed to enter %s:%s\n", c->name, cg);
#endif
next:
		c = c->next;
	}

	return false;
}

static bool cgfs_enter(const char *cg, bool skip_systemd)
{
	int i;

	for (i = 0; i < MAXCONTROLLERS; i++) {
		struct controller *c = controllers[i];

		if (!c)
			continue;

		if (strcmp(c->name, "name=systemd") == 0) {
			if (skip_systemd)
				continue;
			if (c->systemd_created)
				continue;
		}

		if (!do_enter(c, cg))
			return false;
	}

	return true;
}

static void cgfs_escape(void)
{
	if (!cgfs_enter("/", true)) {
		mysyslog(LOG_WARNING, "Failed to escape to init's cgroup\n");
	}
}

static bool get_uid_gid(const char *user, uid_t *uid, gid_t *gid)
{
	struct passwd *pwent;

	pwent = getpwnam(user);
	if (!pwent)
		return false;
	*uid = pwent->pw_uid;
	*gid = pwent->pw_gid;

	return true;
}

#define DIRNAMSZ 200
static int handle_login(const char *user)
{
	int idx = 0, ret;
	bool existed;
	uid_t uid = 0;
	gid_t gid = 0;
	char cg[MAXPATHLEN];

	if (!get_uid_gid(user, &uid, &gid)) {
		mysyslog(LOG_ERR, "Failed to get uid and gid for %s\n", user);
		return PAM_SESSION_ERR;
	}

	cgfs_escape();

	while (idx >= 0) {
		ret = snprintf(cg, MAXPATHLEN, "/user/%s/%d", user, idx);
		if (ret < 0 || ret >= MAXPATHLEN) {
			mysyslog(LOG_ERR, "username too long\n");
			return PAM_SESSION_ERR;
		}

		if (!cgfs_create(cg, uid, gid, &existed)) {
			mysyslog(LOG_ERR, "Failed to create a cgroup for user %s\n", user);
			return PAM_SESSION_ERR;
		}

		if (existed == 1) {
			idx++;
			continue;
		}

		if (!cgfs_enter(cg, false)) {
			mysyslog(LOG_ERR, "Failed to enter user cgroup %s for user %s\n", cg, user);
			return PAM_SESSION_ERR;
		}
		break;
	}

	return PAM_SUCCESS;
}

int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
		const char **argv)
{
	const char *PAM_user = NULL;
	int ret;

	if (!get_active_controllers()) {
		mysyslog(LOG_ERR, "Failed to get list of controllers\n");
		return PAM_SESSION_ERR;
	}

	if (argc > 1 && strcmp(argv[0], "-c") == 0)
		filter_controllers(argv[1]);

	ret = pam_get_user(pamh, &PAM_user, NULL);
	if (ret != PAM_SUCCESS) {
		mysyslog(LOG_ERR, "PAM-CGFS: couldn't get user\n");
		return PAM_SESSION_ERR;
	}

	ret = handle_login(PAM_user);
	return ret;
}

static void prune_empty_cgroups(struct controller *c, const char *user)
{
	while (c) {
		if (!c->mount_path || !c->init_path)
			goto next;
		char *path = must_strcat(c->mount_path, c->init_path, "user/", user, NULL);
#if DEBUG
	fprintf(stderr, "Pruning %s\n", path);
#endif
		recursive_rmdir(path);
		free(path);
next:
		c = c->next;
	}
}

/*
 * Since we can't rely on kernel's autoremove, remove stale cgroups
 * any time the user logs out.
 */
static void prune_user_cgs(const char *user)
{
	int i;

	for (i = 0; i < MAXCONTROLLERS; i++)
		prune_empty_cgroups(controllers[i], user);
}

int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
		const char **argv)
{
	const char *PAM_user = NULL;
	int ret = pam_get_user(pamh, &PAM_user, NULL);

	if (ret != PAM_SUCCESS) {
		mysyslog(LOG_ERR, "PAM-CGFS: couldn't get user\n");
		return PAM_SESSION_ERR;
	}

	if (!initialized) {
		get_active_controllers();
		if (argc > 1 && strcmp(argv[0], "-c") == 0)
			filter_controllers(argv[1]);
	}

	prune_user_cgs(PAM_user);
	return PAM_SUCCESS;
}
Commit	Line	Data
df54106a SH	1	/* pam-cgfs
	2	*
	3	* Copyright © 2016 Canonical, Inc
	4	* Author: Serge Hallyn <serge.hallyn@ubuntu.com>
	5	*
edd25678 SH	6	* When a user logs in, this pam module will create cgroups which the user
	7	* may administer, either for all controllers or for any controllers listed
	8	* on the command line (if any are listed).
df54106a SH	9	*
	10	* The cgroup created will be "user/$user/0" for the first session,
	11	* "user/$user/1" for the second, etc.
	12	*
78a2a9f3 SH	13	* name=systemd is handled specially. If the host is an upstart system
	14	* or the login is noninteractive, then the logged in user does not get
	15	* a cgroup created. On a systemd interactive login, one is created but
	16	* not chowned to the user. In the former case, we create one as usual,
	17	* in the latter case we simply chown whatever cgroup the user is in.
edd25678	18	*
df54106a SH	19	* All requested cgroups must be mounted under /sys/fs/cgroup/$controller,
	20	* no messing around with finding mountpoints.
	21	*
	22	* See COPYING file for details.
	23	*/
	24
	25	#include <stdio.h>
	26	#include <stdlib.h>
	27	#include <unistd.h>
	28	#include <syslog.h>
	29	#include <stdarg.h>
	30	#include <errno.h>
	31	#include <sys/mount.h>
	32	#include <sys/types.h>
	33	#include <sys/stat.h>
	34	#include <sys/param.h>
	35	#include <pwd.h>
	36	#include <stdbool.h>
	37	#include <dirent.h>
	38
	39	#define PAM_SM_SESSION
	40	#include <security/_pam_macros.h>
	41	#include <security/pam_modules.h>
	42
	43	#include <linux/unistd.h>
	44
	45	static bool initialized;
	46
	47	static void mysyslog(int err, const char *format, ...)
	48	{
	49	va_list args;
	50
	51	va_start(args, format);
	52	openlog("PAM-CGFS", LOG_CONS\|LOG_PID, LOG_AUTH);
	53	vsyslog(err, format, args);
	54	va_end(args);
	55	closelog();
	56	}
	57
	58	static char must_strcat(const char first, ...) __attribute__((sentinel));
	59
	60	static char must_strcat(const char first, ...)
	61	{
	62	va_list args;
	63	char dest, cur, *new;
	64	size_t len;
	65
	66	do {
	67	dest = strdup(first);
	68	} while (!dest);
	69	len = strlen(dest);
	70
	71	va_start(args, first);
	72
	73	while ((cur = va_arg(args, char *)) != NULL) {
	74	size_t newlen = len + strlen(cur);
	75	do {
	76	new = realloc(dest, newlen + 1);
	77	} while (!new);
	78	dest = new;
	79	strcat(dest, cur);
	80	len = newlen;
	81	}
	82	va_end(args);
83
84	return dest;
85	}
86
87	static bool exists(const char *path)
88	{
89	struct stat sb;
90	int ret;
91
92	ret = stat(path, &sb);
93	return ret == 0;
94	}
95
96	static bool is_dir(const char *path)
97	{
98	struct stat sb;
99
100	if (stat(path, &sb) < 0)
101	return false;
102	if (S_ISDIR(sb.st_mode))
103	return true;
104	return false;
105	}
106
107	static bool mkdir_p(const char root, char path)
108	{
109	char b, orig, e;
110
111	if (strlen(path) < strlen(root))
112	return false;
113	if (strlen(path) == strlen(root))
114	return true;
115
116	b = path + strlen(root) + 1;
117	while (1) {
118	while (b && b == '/')
119	b++;
120	if (!*b)
121	return true;
122	e = b + 1;
123	while (e && e != '/')
124	e++;
125	orig = *e;
126	if (orig)
127	*e = '\0';
128	if (exists(path))
129	goto next;
130	if (mkdir(path, 0755) < 0) {
131	#if DEBUG
132	fprintf(stderr, "Failed to create %s: %m\n", path);
133	#endif
134	return false;
135	}
136	next:
137	if (!orig)
138	return true;
139	*e = orig;
140	b = e + 1;
141	}
78a2a9f3	142
df54106a SH	143	}
	144
	145	struct controller {
	146	struct controller *next;
	147	int id;
edd25678	148	bool systemd_created;
df54106a SH	149	char *name;
	150	char *mount_path;
	151	char *init_path;
edd25678	152	char *cur_path;
df54106a SH	153	};
	154
	155	#define MAXCONTROLLERS 20
	156	static struct controller *controllers[MAXCONTROLLERS];
	157
2be80971 SH	158	/*
	159	* if cpu and cpuacct are comounted, it's possible a mount
	160	* exists for only one. Find it.
	161	*/
	162	static char find_controller_path(struct controller c)
	163	{
	164	while (c) {
	165	char *path = must_strcat("/sys/fs/cgroup/", c->name, NULL);
	166	if (exists(path))
	167	return path;
	168	free(path);
edd25678 SH	169	if (strncmp(c->name, "name=", 5) == 0) {
	170	path = must_strcat("/sys/fs/cgroup/", c->name + 5, NULL);
	171	if (exists(path))
	172	return path;
	173	free(path);
	174	}
2be80971 SH	175	c = c->next;
	176	}
	177	return NULL;
	178	}
	179
df54106a SH	180	/* Find the path at which each controller is mounted. */
	181	static void get_mounted_paths(void)
	182	{
	183	int i;
	184	struct controller *c;
	185	char *path;
	186
	187	for (i = 0; i < MAXCONTROLLERS; i++) {
	188	c = controllers[i];
	189	if (!c \|\| c->mount_path)
	190	continue;
2be80971 SH	191	path = find_controller_path(c);
2be80971 SH	192	if (!path)
df54106a	193	continue;
df54106a SH	194	while (c) {
	195	c->mount_path = path;
	196	c = c->next;
	197	}
	198	}
	199	}
	200
edd25678	201	static void add_controller(int id, char tok, char cur_path)
df54106a SH	202	{
df54106a SH	203	struct controller *c;
78a2a9f3	204
215cfad6 SH	205	do {
	206	c = malloc(sizeof(struct controller));
	207	} while (!c);
	208	do {
	209	c->name = strdup(tok);
	210	} while (!c->name);
edd25678 SH	211	do {
	212	c->cur_path = strdup(cur_path);
	213	} while (!c->cur_path);
df54106a	214	c->id = id;
df54106a SH	215	c->next = controllers[id];
	216	c->mount_path = NULL;
	217	c->init_path = NULL;
	218	controllers[id] = c;
df54106a SH	219	}
	220
	221	static void drop_controller(int which)
	222	{
	223	struct controller *c = controllers[which];
	224
	225	if (c) {
	226	free(c->init_path); // all comounts share this
	227	free(c->mount_path);
	228	}
	229	while (c) {
	230	struct controller *tmp = c->next;
	231	free(c->name);
edd25678	232	free(c->cur_path);
df54106a SH	233	free(c);
	234	c = tmp;
	235	}
	236	controllers[which] = NULL;
	237	}
	238
	239	static bool single_in_filter(char c, const char filter)
	240	{
	241	char dup = strdupa(filter), tok;
	242	for (tok = strtok(dup, ","); tok; tok = strtok(NULL, ",")) {
	243	if (strcmp(c, tok) == 0)
	244	return true;
	245	}
	246	return false;
	247	}
	248
	249	static bool controller_in_filter(struct controller controller, const char filter)
	250	{
	251	struct controller *c;
	252
	253	for (c = controller; c; c = c->next) {
	254	if (single_in_filter(c->name, filter))
	255	return true;
	256	}
	257	return false;
	258	}
	259
	260	/*
	261	* Passed a comma-delimited list of requested controllers.
	262	* Pulls any controllers not in the list out of the
	263	* list of controllers
	264	*/
	265	static void filter_controllers(const char *filter)
	266	{
	267	int i;
	268	for (i = 0; i < MAXCONTROLLERS; i++) {
	269	if (!controllers[i])
	270	continue;
	271	if (filter && !controller_in_filter(controllers[i], filter))
	272	drop_controller(i);
	273	}
	274	}
	275
	276	#define INIT_SCOPE "/init.scope"
	277	static void prune_init_scope(char *cg)
	278	{
	279	char *point;
826297d7	280	size_t cg_len, initscope_len;
df54106a SH	281
	282	if (!cg)
	283	return;
	284
826297d7 SF	285	cg_len = strlen(cg);
	286	initscope_len = strlen(INIT_SCOPE);
	287	if (cg_len < initscope_len)
df54106a	288	return;
826297d7 SF	289
826297d7 SF	290	point = cg + cg_len - initscope_len;
df54106a SH	291	if (strcmp(point, INIT_SCOPE) == 0) {
	292	if (point == cg)
	293	*(point+1) = '\0';
	294	else
	295	*point = '\0';
	296	}
	297	}
	298
	299	static bool fill_in_init_paths(void)
	300	{
	301	FILE *f;
	302	char *line = NULL;
	303	size_t len = 0;
	304	struct controller *c;
c65c5956	305	bool ret = false;
df54106a SH	306
	307	f = fopen("/proc/1/cgroup", "r");
	308	if (!f)
	309	return false;
	310	while (getline(&line, &len, f) != -1) {
	311	int id;
	312	char subsystems, ip;
	313	if (sscanf(line, "%d:%m[^:]:%ms", &id, &subsystems, &ip) != 3) {
	314	mysyslog(LOG_ERR, "Corrupt /proc/1/cgroup\n");
c65c5956	315	goto out;
df54106a SH	316	}
	317	free(subsystems);
	318	if (id < 0 \|\| id > 20) {
	319	mysyslog(LOG_ERR, "Too many subsystems\n");
	320	free(ip);
c65c5956	321	goto out;
df54106a SH	322	}
	323	if (ip[0] != '/') {
	324	free(ip);
	325	mysyslog(LOG_ERR, "ERROR: init cgroup path is not absolute!\n");
c65c5956	326	goto out;
df54106a SH	327	}
df54106a SH	328	prune_init_scope(ip);
edd25678 SH	329	for (c = controllers[id]; c; c = c->next) {
	330	if (strcmp(c->name, "name=systemd") == 0)
	331	c->systemd_created = strcmp(ip, c->cur_path) != 0;
df54106a	332	c->init_path = ip;
edd25678	333	}
df54106a	334	}
c65c5956 SH	335	ret = true;
c65c5956 SH	336	out:
df54106a	337	fclose(f);
c65c5956 SH	338	free(line);
c65c5956 SH	339	return ret;
df54106a SH	340	}
	341
	342	#if DEBUG
	343	static void print_found_controllers(void) {
	344	struct controller *c;
	345	int i;
	346
	347	for (i = 0; i < MAXCONTROLLERS; i++) {
	348	c = controllers[i];
	349	if (!c) {
	350	fprintf(stderr, "Nothing in controller %d\n", i);
	351	continue;
	352	}
	353	fprintf(stderr, "Controller %d:\n", i);
	354	while (c) {
	355	fprintf(stderr, " Next mount: index %d name %s\n", c->id, c->name);
	356	fprintf(stderr, " mount path %s\n", c->mount_path ? c->mount_path : "(none)");
	357	fprintf(stderr, " init task path %s\n", c->init_path);
edd25678	358	fprintf(stderr, " login task path %s\n", c->cur_path);
df54106a SH	359	c = c->next;
	360	}
	361	}
	362	}
	363	#else
	364	static inline void print_found_controllers(void) { };
	365	#endif
	366	/*
	367	* Get the list of cgroup controllers currently mounted.
	368	* This includes both kernel and named subsystems, so get the list from
	369	* /proc/self/cgroup rather than /proc/cgroups.
	370	*/
	371	static bool get_active_controllers(void)
	372	{
	373	FILE *f;
edd25678	374	char line = NULL, tok, *cur_path;
df54106a SH	375	size_t len = 0;
	376
	377	f = fopen("/proc/self/cgroup", "r");
	378	if (!f)
	379	return false;
	380	while (getline(&line, &len, f) != -1) {
	381	int id;
	382	char *subsystems;
edd25678	383	if (sscanf(line, "%d:%m[^:]:%ms", &id, &subsystems, &cur_path) != 3) {
df54106a SH	384	mysyslog(LOG_ERR, "Corrupt /proc/self/cgroup\n");
df54106a SH	385	fclose(f);
c65c5956	386	free(line);
df54106a SH	387	return false;
	388	}
	389	if (id < 0 \|\| id > 20) {
	390	mysyslog(LOG_ERR, "Too many subsystems\n");
	391	free(subsystems);
edd25678	392	free(cur_path);
df54106a	393	fclose(f);
c65c5956	394	free(line);
df54106a SH	395	return false;
df54106a SH	396	}
df54106a	397	for (tok = strtok(subsystems, ","); tok; tok = strtok(NULL, ","))
edd25678	398	add_controller(id, tok, cur_path);
df54106a	399	free(subsystems);
edd25678	400	free(cur_path);
df54106a SH	401	}
df54106a SH	402	fclose(f);
c65c5956	403	free(line);
df54106a SH	404
	405	get_mounted_paths();
	406
	407	if (!fill_in_init_paths()) {
	408	mysyslog(LOG_ERR, "Failed finding cgroups for init task\n");
	409	return false;
	410	}
	411
	412	print_found_controllers();
	413
	414	initialized = true;
	415
	416	return true;
	417	}
	418
78a2a9f3 SH	419	/*
	420	* the systemd-created path is: user-$uid.slice/session-c$session.scope
	421	* If that is not the end of our systemd path, then we're not part of
	422	* the PAM call that created that path.
	423	*
	424	* The last piece is chowned to $uid, the user- part not.
	425	* Note - if the user creates paths that look like what we're looking for
	426	* to 'fool' us, either
	427	* . they fool us, we create new cgroups, and they get auto-logged-out.
	428	* . they fool a root sudo, systemd cgroup is not changed but chowned,
	429	* and they lose ownership of their cgroups
	430	*/
	431	static bool systemd_created_slice_for_us(struct controller c, const char in, uid_t uid)
	432	{
	433	char p, copy = strdupa(in);
	434	size_t len;
	435	int id;
	436
	437	if (!copy \|\| strlen(copy) < strlen("/user-0.slice/session-0.scope"))
	438	return false;
	439	p = copy + strlen(copy) - 1;
	440	/* skip any trailing '/' (shouldn't be any, but be sure) */
	441	while (p >= copy && *p == '/')
	442	*(p--) = '\0';
	443	if (p < copy)
	444	return false;
	445
	446	/* Get last path element */
	447	while (p >= copy && *p != '/')
	448	p--;
	449	if (p < copy)
	450	return false;
	451	/* make sure it is session-something.scope */
	452	len = strlen(p+1);
	453	if (strncmp(p+1, "session-", strlen("session-")) != 0 \|\|
	454	strncmp(p+1 + len - 6, ".scope", 6) != 0)
	455	return false;
	456
	457	/* ok last path piece checks out, now check the second to last */
	458	*(p+1) = '\0';
	459	while (p >= copy && *(--p) != '/');
	460	if (sscanf(p+1, "user-%d.slice/", &id) != 1)
	461	return false;
	462
	463	if (id != (int)uid)
	464	return false;
	465
	466	return true;
	467	}
edd25678 SH	468	/*
	469	* Handle systemd creation. Return true if all's done. Returns false if
	470	* the caller needs to create=chown a cgroup
	471	*/
78a2a9f3	472	static bool handle_systemd_create(struct controller *c, uid_t uid, gid_t gid)
edd25678 SH	473	{
	474	char *user_path;
	475
	476	if (!c->systemd_created)
	477	return false;
	478
	479	user_path = must_strcat(c->mount_path, c->cur_path, NULL);
	480
78a2a9f3 SH	481	// Is this actually our cgroup, or was it created for someone
	482	// else?
	483	if (!systemd_created_slice_for_us(c, user_path, uid)) {
	484	c->systemd_created = false;
	485	free(user_path);
	486	return false;
	487	}
	488
edd25678 SH	489	// a name=systemd cgroup has already been created, just chown it
	490	if (chown(user_path, uid, gid) < 0)
	491	mysyslog(LOG_WARNING, "Failed to chown %s to %d:%d: %m\n",
	492	user_path, (int)uid, (int)gid);
	493	free(user_path);
	494	return true;
	495	}
	496
78a2a9f3	497	static bool cgfs_create_forone(struct controller c, uid_t uid, gid_t gid, const char cg, bool *existed)
df54106a SH	498	{
	499	while (c) {
	500	if (!c->mount_path \|\| !c->init_path)
	501	goto next;
edd25678 SH	502
	503	if (strcmp(c->name, "name=systemd") == 0 && handle_systemd_create(c, uid, gid))
	504	return true;
	505
df54106a SH	506	char *path = must_strcat(c->mount_path, c->init_path, cg, NULL);
	507	#if DEBUG
	508	fprintf(stderr, "Creating %s for %s\n", path, c->name);
	509	#endif
	510	if (exists(path)) {
	511	free(path);
	512	*existed = true;
	513	#if DEBUG
edd25678	514	fprintf(stderr, "%s existed\n", path);
df54106a SH	515	#endif
	516	return true;
	517	}
edd25678	518
df54106a SH	519	bool pass = mkdir_p(c->mount_path, path);
	520	#if DEBUG
	521	fprintf(stderr, "Creating %s %s\n", path, pass ? "succeeded" : "failed");
	522	#endif
79ab1116 SH	523	if (pass) {
	524	if (chown(path, uid, gid) < 0)
	525	mysyslog(LOG_WARNING, "Failed to chown %s to %d:%d: %m\n",
	526	path, (int)uid, (int)gid);
	527	}
df54106a SH	528	free(path);
	529	if (pass)
	530	return true;
	531	next:
	532	c = c->next;
	533	}
	534	return false;
	535	}
	536
	537	static void recursive_rmdir(const char *path)
	538	{
	539	struct dirent *direntp;
	540	DIR *dir;
	541
	542	dir = opendir(path);
	543	if (!dir)
	544	return;
	545	while ((direntp = readdir(dir))!= NULL) {
	546	if (!strcmp(direntp->d_name, ".") \|\|
	547	!strcmp(direntp->d_name, ".."))
	548	continue;
	549
	550	char *dpath = must_strcat(path, "/", direntp->d_name, NULL);
	551	if (is_dir(dpath)) {
	552	recursive_rmdir(dpath);
	553	#if DEBUG
	554	fprintf(stderr, "attempting to remove %s\n", dpath);
	555	#endif
	556	if (rmdir(dpath) < 0) {
	557	#if DEBUG
	558	fprintf(stderr, "Failed removing %s: %m\n", dpath);
	559	#endif
	560	}
	561	}
	562	free(dpath);
	563	}
	564
	565	closedir(dir);
	566	}
	567
	568	/*
	569	* Try to remove a cgroup in a controller to cleanup during failure.
	570	* All mounts of comounted controllers are the same, so we just look
	571	* for the first mount which exists, try to remove the directory, and
	572	* return.
	573	*/
	574	static void cgfs_remove_forone(int idx, const char *cg)
	575	{
	576	struct controller *c = controllers[idx];
	577	char *path;
	578
	579	while (c) {
	580	if (c->mount_path) {
	581	path = must_strcat(c->mount_path, cg, NULL);
	582	recursive_rmdir(path);
	583	free(path);
	584	}
	585	c = c->next;
	586	}
	587	}
	588
79ab1116	589	static bool cgfs_create(const char cg, uid_t uid, gid_t gid, bool existed)
df54106a SH	590	{
	591	*existed = false;
	592	int i, j;
	593
	594	#if DEBUG
	595	fprintf(stderr, "creating %s\n", cg);
	596	#endif
	597	for (i = 0; i < MAXCONTROLLERS; i++) {
	598	struct controller *c = controllers[i];
	599
	600	if (!c)
	601	continue;
	602
79ab1116	603	if (!cgfs_create_forone(c, uid, gid, cg, existed)) {
df54106a SH	604	for (j = 0; j < i; j++)
	605	cgfs_remove_forone(j, cg);
	606	return false;
	607	}
	608	}
	609
	610	return true;
	611	}
	612
df54106a SH	613	static bool write_int(char *path, int v)
	614	{
	615	FILE *f = fopen(path, "w");
e9597a70 SH	616	bool ret = true;
e9597a70 SH	617
df54106a SH	618	if (!f)
df54106a SH	619	return false;
e9597a70 SH	620	if (fprintf(f, "%d\n", v) < 0)
	621	ret = false;
	622	if (fclose(f) != 0)
	623	ret = false;
	624	return ret;
df54106a SH	625	}
	626
	627	static bool do_enter(struct controller c, const char cg)
	628	{
	629	char *path;
	630	bool pass;
	631
	632	while (c) {
	633	if (!c->mount_path \|\| !c->init_path)
1e5fe374	634	goto next;
df54106a SH	635	path = must_strcat(c->mount_path, c->init_path, cg, "/cgroup.procs", NULL);
	636	if (!exists(path)) {
	637	free(path);
	638	path = must_strcat(c->mount_path, c->init_path, cg, "/tasks", NULL);
	639	}
	640	#if DEBUG
	641	fprintf(stderr, "Attempting to enter %s:%s using %s\n", c->name, cg, path);
	642	#endif
	643	pass = write_int(path, (int)getpid());
	644	free(path);
	645	if (pass) /* only have to enter one of the comounts */
	646	return true;
	647	#if DEBUG
	648	if (!pass)
	649	fprintf(stderr, "Failed to enter %s:%s\n", c->name, cg);
	650	#endif
1e5fe374	651	next:
df54106a SH	652	c = c->next;
	653	}
	654
	655	return false;
	656	}
	657
edd25678	658	static bool cgfs_enter(const char *cg, bool skip_systemd)
df54106a SH	659	{
	660	int i;
	661
	662	for (i = 0; i < MAXCONTROLLERS; i++) {
	663	struct controller *c = controllers[i];
	664
	665	if (!c)
	666	continue;
	667
edd25678 SH	668	if (strcmp(c->name, "name=systemd") == 0) {
	669	if (skip_systemd)
	670	continue;
	671	if (c->systemd_created)
	672	continue;
	673	}
	674
df54106a SH	675	if (!do_enter(c, cg))
	676	return false;
	677	}
	678
	679	return true;
	680	}
	681
	682	static void cgfs_escape(void)
	683	{
edd25678	684	if (!cgfs_enter("/", true)) {
df54106a SH	685	mysyslog(LOG_WARNING, "Failed to escape to init's cgroup\n");
	686	}
	687	}
	688
	689	static bool get_uid_gid(const char user, uid_t uid, gid_t *gid)
	690	{
	691	struct passwd *pwent;
	692
	693	pwent = getpwnam(user);
	694	if (!pwent)
	695	return false;
	696	*uid = pwent->pw_uid;
	697	*gid = pwent->pw_gid;
	698
	699	return true;
	700	}
	701
	702	#define DIRNAMSZ 200
	703	static int handle_login(const char *user)
	704	{
	705	int idx = 0, ret;
	706	bool existed;
	707	uid_t uid = 0;
	708	gid_t gid = 0;
	709	char cg[MAXPATHLEN];
78a2a9f3	710
df54106a SH	711	if (!get_uid_gid(user, &uid, &gid)) {
	712	mysyslog(LOG_ERR, "Failed to get uid and gid for %s\n", user);
	713	return PAM_SESSION_ERR;
	714	}
	715
	716	cgfs_escape();
	717
	718	while (idx >= 0) {
	719	ret = snprintf(cg, MAXPATHLEN, "/user/%s/%d", user, idx);
	720	if (ret < 0 \|\| ret >= MAXPATHLEN) {
	721	mysyslog(LOG_ERR, "username too long\n");
	722	return PAM_SESSION_ERR;
	723	}
	724
79ab1116	725	if (!cgfs_create(cg, uid, gid, &existed)) {
df54106a SH	726	mysyslog(LOG_ERR, "Failed to create a cgroup for user %s\n", user);
	727	return PAM_SESSION_ERR;
	728	}
	729
	730	if (existed == 1) {
	731	idx++;
	732	continue;
	733	}
	734
edd25678	735	if (!cgfs_enter(cg, false)) {
df54106a SH	736	mysyslog(LOG_ERR, "Failed to enter user cgroup %s for user %s\n", cg, user);
	737	return PAM_SESSION_ERR;
	738	}
	739	break;
	740	}
	741
	742	return PAM_SUCCESS;
	743	}
	744
	745	int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
	746	const char **argv)
	747	{
	748	const char *PAM_user = NULL;
	749	int ret;
	750
	751	if (!get_active_controllers()) {
	752	mysyslog(LOG_ERR, "Failed to get list of controllers\n");
	753	return PAM_SESSION_ERR;
	754	}
	755
	756	if (argc > 1 && strcmp(argv[0], "-c") == 0)
	757	filter_controllers(argv[1]);
	758
	759	ret = pam_get_user(pamh, &PAM_user, NULL);
	760	if (ret != PAM_SUCCESS) {
	761	mysyslog(LOG_ERR, "PAM-CGFS: couldn't get user\n");
	762	return PAM_SESSION_ERR;
	763	}
	764
	765	ret = handle_login(PAM_user);
	766	return ret;
	767	}
	768
	769	static void prune_empty_cgroups(struct controller c, const char user)
	770	{
	771	while (c) {
	772	if (!c->mount_path \|\| !c->init_path)
	773	goto next;
	774	char *path = must_strcat(c->mount_path, c->init_path, "user/", user, NULL);
	775	#if DEBUG
	776	fprintf(stderr, "Pruning %s\n", path);
	777	#endif
	778	recursive_rmdir(path);
dec08471	779	free(path);
df54106a SH	780	next:
	781	c = c->next;
	782	}
	783	}
	784
	785	/*
	786	* Since we can't rely on kernel's autoremove, remove stale cgroups
	787	* any time the user logs out.
	788	*/
	789	static void prune_user_cgs(const char *user)
	790	{
	791	int i;
	792
	793	for (i = 0; i < MAXCONTROLLERS; i++)
	794	prune_empty_cgroups(controllers[i], user);
	795	}
	796
	797	int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
	798	const char **argv)
	799	{
	800	const char *PAM_user = NULL;
	801	int ret = pam_get_user(pamh, &PAM_user, NULL);
	802
	803	if (ret != PAM_SUCCESS) {
	804	mysyslog(LOG_ERR, "PAM-CGFS: couldn't get user\n");
	805	return PAM_SESSION_ERR;
	806	}
	807
	808	if (!initialized) {
	809	get_active_controllers();
	810	if (argc > 1 && strcmp(argv[0], "-c") == 0)
	811	filter_controllers(argv[1]);
	812	}
	813
	814	prune_user_cgs(PAM_user);
	815	return PAM_SUCCESS;
	816	}