Attachment #569177 for bug #852015

View | Details | Raw Unified | Return to bug 852015
Collapse All | Expand All




-- systemd-208/src/login/logind-dbus.c

                                DBUS_TYPE_OBJECT_PATH, &path,
                                DBUS_TYPE_STRING, &session->user->runtime_path,
                                DBUS_TYPE_UNIX_FD, &fifo_fd,
                                DBUS_TYPE_UINT32, &session->user->uid,
                                DBUS_TYPE_STRING, &cseat,
                                DBUS_TYPE_UINT32, &vtnr,
                                DBUS_TYPE_BOOLEAN, &exists,
-- systemd-208/src/login/logind-session-dbus.c

                                    DBUS_TYPE_OBJECT_PATH, &path,
                                    DBUS_TYPE_STRING, &s->user->runtime_path,
                                    DBUS_TYPE_UNIX_FD, &fifo_fd,
                                    DBUS_TYPE_UINT32, &s->user->uid,
                                    DBUS_TYPE_STRING, &cseat,
                                    DBUS_TYPE_UINT32, &vtnr,
                                    DBUS_TYPE_BOOLEAN, &exists,
-- systemd-208/src/login/pam-module.c

        assert(ret_username);
        assert(ret_pw);

        r = pam_get_user(handle, &username, NULL);
        if (r != PAM_SUCCESS) {
                pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                return r;
        }
                if (r != PAM_SUCCESS) {
                        pam_syslog(handle, LOG_ERR, "Failed to get user name.");
                        return r;
                }

                if (isempty(username)) {
                        pam_syslog(handle, LOG_ERR, "User name not valid.");
                        return PAM_AUTH_ERR;
                }

        if (isempty(username)) {
                pam_syslog(handle, LOG_ERR, "User name not valid.");
                return PAM_AUTH_ERR;
        }

        pw = pam_modutil_getpwnam(handle, username);
        if (!pw) {
                pam_syslog(handle, LOG_ERR, "Failed to get user data.");
                return PAM_USER_UNKNOWN;

}

static int get_seat_from_display(const char *display, const char **seat, uint32_t *vtnr) {
        _cleanup_free_ char *p = NULL;
        int r;
        _cleanup_close_ int fd = -1;
        union sockaddr_union sa = {
                .un.sun_family = AF_UNIX,
        };
         _cleanup_free_ char *p = NULL, *tty = NULL;
         _cleanup_close_ int fd = -1;
        struct ucred ucred;
        socklen_t l;
        int v, r;
        int v;

        assert(display);
        assert(vtnr);

        dbus_bool_t remote, existing;
        int r;
        uint32_t vtnr = 0;
        uid_t original_uid;

        assert(handle);

        dbus_error_init(&error);

        /* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */

        /* Make this a NOP on non-logind systems */
        if (!logind_running())
                return PAM_SUCCESS;

                goto finish;
        }

        if (debug)
                pam_syslog(handle, LOG_INFO, "pam-systemd initializing");

        r = get_user_data(handle, &username, &pw);
        if (r != PAM_SUCCESS)
                goto finish;

        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
                           "uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
                              pw->pw_uid, pid,
                              strempty(service),
                              type, class,
                              seat, vtnr, tty, display,
                              yes_no(remote), remote_user, remote_host);

        reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
        if (!reply) {

                                   DBUS_TYPE_OBJECT_PATH, &object_path,
                                   DBUS_TYPE_STRING, &runtime_path,
                                   DBUS_TYPE_UNIX_FD, &session_fd,
                                   DBUS_TYPE_UINT32, &original_uid,
                                   DBUS_TYPE_STRING, &seat,
                                   DBUS_TYPE_UINT32, &vtnr,
                                   DBUS_TYPE_BOOLEAN, &existing,


        if (debug)
                pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
                           "id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
                           id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);

        r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
        if (r != PAM_SUCCESS) {

                goto finish;
        }

        if (original_uid == pw->pw_uid) {
                /* Don't set $XDG_RUNTIME_DIR if the user we now
                 * authenticated for does not match the original user
                 * of the session. We do this in order not to result
                 * in privileged apps clobbering the runtime directory
                 * unnecessarily. */

                r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
                if (r != PAM_SUCCESS) {
                         pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
                         goto finish;
                }
        } else {
                (void) unsetenv("XDG_RUNTIME_DIR");
                r = pam_putenv(handle, "XDG_RUNTIME_DIR");
                if (r != PAM_SUCCESS && r != PAM_BAD_ITEM) {
                         pam_syslog(handle, LOG_ERR, "Failed to unset runtime dir.");
                }
        }

        if (!isempty(seat)) {

Return to bug 852015

Line Link Here

(-) (-32 / +44 lines)
	-- systemd-208/src/login/logind-dbus.c
Lines 523-528 static int bus_manager_create_session(Ma Link Here
523	DBUS_TYPE_OBJECT_PATH, &path,	523	DBUS_TYPE_OBJECT_PATH, &path,
524	DBUS_TYPE_STRING, &session->user->runtime_path,	524	DBUS_TYPE_STRING, &session->user->runtime_path,
525	DBUS_TYPE_UNIX_FD, &fifo_fd,	525	DBUS_TYPE_UNIX_FD, &fifo_fd,
		526	DBUS_TYPE_UINT32, &session->user->uid,
526	DBUS_TYPE_STRING, &cseat,	527	DBUS_TYPE_STRING, &cseat,
527	DBUS_TYPE_UINT32, &vtnr,	528	DBUS_TYPE_UINT32, &vtnr,
528	DBUS_TYPE_BOOLEAN, &exists,	529	DBUS_TYPE_BOOLEAN, &exists,
529	-- systemd-208/src/login/logind-session-dbus.c
Lines 755-760 int session_send_create_reply(Session *s Link Here
755	DBUS_TYPE_OBJECT_PATH, &path,	755	DBUS_TYPE_OBJECT_PATH, &path,
756	DBUS_TYPE_STRING, &s->user->runtime_path,	756	DBUS_TYPE_STRING, &s->user->runtime_path,
757	DBUS_TYPE_UNIX_FD, &fifo_fd,	757	DBUS_TYPE_UNIX_FD, &fifo_fd,
		758	DBUS_TYPE_UINT32, &s->user->uid,
758	DBUS_TYPE_STRING, &cseat,	759	DBUS_TYPE_STRING, &cseat,
759	DBUS_TYPE_UINT32, &vtnr,	760	DBUS_TYPE_UINT32, &vtnr,
760	DBUS_TYPE_BOOLEAN, &exists,	761	DBUS_TYPE_BOOLEAN, &exists,
761	-- systemd-208/src/login/pam-module.c
Lines 93-116 static int get_user_data( Link Here
93	assert(ret_username);	93	assert(ret_username);
94	assert(ret_pw);	94	assert(ret_pw);
95		95
96	r = audit_loginuid_from_pid(0, &uid);	96	r = pam_get_user(handle, &username, NULL);
97	if (r >= 0)	97	if (r != PAM_SUCCESS) {
98	pw = pam_modutil_getpwuid(handle, uid);	98	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
99	else {	99	return r;
100	r = pam_get_user(handle, &username, NULL);	100	}
101	if (r != PAM_SUCCESS) {
102	pam_syslog(handle, LOG_ERR, "Failed to get user name.");
103	return r;
104	}
105
106	if (isempty(username)) {
107	pam_syslog(handle, LOG_ERR, "User name not valid.");
108	return PAM_AUTH_ERR;
109	}
110		101
111	pw = pam_modutil_getpwnam(handle, username);	102	if (isempty(username)) {
		103	pam_syslog(handle, LOG_ERR, "User name not valid.");
		104	return PAM_AUTH_ERR;
112	}	105	}
113		106
		107	pw = pam_modutil_getpwnam(handle, username);
114	if (!pw) {	108	if (!pw) {
115	pam_syslog(handle, LOG_ERR, "Failed to get user data.");	109	pam_syslog(handle, LOG_ERR, "Failed to get user data.");
116	return PAM_USER_UNKNOWN;	110	return PAM_USER_UNKNOWN;
Lines 123-138 static int get_user_data( Link Here
123	}	117	}
124		118
125	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {	119	static int get_seat_from_display(const char display, const char seat, uint32_t vtnr) {
126	_cleanup_free_ char *p = NULL;
127	int r;
128	_cleanup_close_ int fd = -1;
129	union sockaddr_union sa = {	120	union sockaddr_union sa = {
130	.un.sun_family = AF_UNIX,	121	.un.sun_family = AF_UNIX,
131	};	122	};
		123	_cleanup_free_ char p = NULL, tty = NULL;
		124	_cleanup_close_ int fd = -1;
132	struct ucred ucred;	125	struct ucred ucred;
133	socklen_t l;	126	socklen_t l;
134	_cleanup_free_ char *tty = NULL;	127	int v, r;
135	int v;
136		128
137	assert(display);	129	assert(display);
138	assert(vtnr);	130	assert(vtnr);
Lines 194-206 _public_ PAM_EXTERN int pam_sm_open_sess Link Here
194	dbus_bool_t remote, existing;	186	dbus_bool_t remote, existing;
195	int r;	187	int r;
196	uint32_t vtnr = 0;	188	uint32_t vtnr = 0;
		189	uid_t original_uid;
197		190
198	assert(handle);	191	assert(handle);
199		192
200	dbus_error_init(&error);	193	dbus_error_init(&error);
201		194
202	/* pam_syslog(handle, LOG_INFO, "pam-systemd initializing"); */
203
204	/* Make this a NOP on non-logind systems */	195	/* Make this a NOP on non-logind systems */
205	if (!logind_running())	196	if (!logind_running())
206	return PAM_SUCCESS;	197	return PAM_SUCCESS;
Lines 213-218 _public_ PAM_EXTERN int pam_sm_open_sess Link Here
213	goto finish;	204	goto finish;
214	}	205	}
215		206
		207	if (debug)
		208	pam_syslog(handle, LOG_INFO, "pam-systemd initializing");
		209
216	r = get_user_data(handle, &username, &pw);	210	r = get_user_data(handle, &username, &pw);
217	if (r != PAM_SUCCESS)	211	if (r != PAM_SUCCESS)
218	goto finish;	212	goto finish;
Lines 374-380 _public_ PAM_EXTERN int pam_sm_open_sess Link Here
374	if (debug)	368	if (debug)
375	pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "	369	pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: "
376	"uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",	370	"uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s",
377	uid, pid, service, type, class, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host);	371	pw->pw_uid, pid,
		372	strempty(service),
		373	type, class,
		374	seat, vtnr, tty, display,
		375	yes_no(remote), remote_user, remote_host);
378		376
379	reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);	377	reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
380	if (!reply) {	378	if (!reply) {
Lines 388-393 _public_ PAM_EXTERN int pam_sm_open_sess Link Here
388	DBUS_TYPE_OBJECT_PATH, &object_path,	386	DBUS_TYPE_OBJECT_PATH, &object_path,
389	DBUS_TYPE_STRING, &runtime_path,	387	DBUS_TYPE_STRING, &runtime_path,
390	DBUS_TYPE_UNIX_FD, &session_fd,	388	DBUS_TYPE_UNIX_FD, &session_fd,
		389	DBUS_TYPE_UINT32, &original_uid,
391	DBUS_TYPE_STRING, &seat,	390	DBUS_TYPE_STRING, &seat,
392	DBUS_TYPE_UINT32, &vtnr,	391	DBUS_TYPE_UINT32, &vtnr,
393	DBUS_TYPE_BOOLEAN, &existing,	392	DBUS_TYPE_BOOLEAN, &existing,
Lines 399-406 _public_ PAM_EXTERN int pam_sm_open_sess Link Here
399		398
400	if (debug)	399	if (debug)
401	pam_syslog(handle, LOG_DEBUG, "Reply from logind: "	400	pam_syslog(handle, LOG_DEBUG, "Reply from logind: "
402	"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u",	401	"id=%s object_path=%s runtime_path=%s session_fd=%d seat=%s vtnr=%u original_uid=%u",
403	id, object_path, runtime_path, session_fd, seat, vtnr);	402	id, object_path, runtime_path, session_fd, seat, vtnr, original_uid);
404		403
405	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);	404	r = pam_misc_setenv(handle, "XDG_SESSION_ID", id, 0);
406	if (r != PAM_SUCCESS) {	405	if (r != PAM_SUCCESS) {
Lines 408-417 _public_ PAM_EXTERN int pam_sm_open_sess Link Here
408	goto finish;	407	goto finish;
409	}	408	}
410		409
411	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);	410	if (original_uid == pw->pw_uid) {
412	if (r != PAM_SUCCESS) {	411	/* Don't set $XDG_RUNTIME_DIR if the user we now
413	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");	412	* authenticated for does not match the original user
414	goto finish;	413	* of the session. We do this in order not to result
		414	* in privileged apps clobbering the runtime directory
		415	* unnecessarily. */
		416
		417	r = pam_misc_setenv(handle, "XDG_RUNTIME_DIR", runtime_path, 0);
		418	if (r != PAM_SUCCESS) {
		419	pam_syslog(handle, LOG_ERR, "Failed to set runtime dir.");
		420	goto finish;
		421	}
		422	} else {
		423	(void) unsetenv("XDG_RUNTIME_DIR");
		424	r = pam_putenv(handle, "XDG_RUNTIME_DIR");
		425	if (r != PAM_SUCCESS && r != PAM_BAD_ITEM) {
		426	pam_syslog(handle, LOG_ERR, "Failed to unset runtime dir.");
		427	}
415	}	428	}
416		429
417	if (!isempty(seat)) {	430	if (!isempty(seat)) {