summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2010-06-23 19:46:29 +0200
committerLennart Poettering <lennart@poettering.net>2010-06-23 19:46:29 +0200
commita838e6a17a40df902b50a9ce5b2e944dfc5a7e08 (patch)
tree0f578000c2f565146add26b2c527d49049dbe8ec /src
parentdd17b384db0ef1690ecf8f73f09dd130b06fb120 (diff)
pam: dont use $XDG_SESSION_COOKIE since CK wants that to be secret. Come up with our own $XDG_SESSION_ID based on /proc/self/sessionid if that is available
Diffstat (limited to 'src')
-rw-r--r--src/pam-module.c98
-rw-r--r--src/util.h12
2 files changed, 70 insertions, 40 deletions
diff --git a/src/pam-module.c b/src/pam-module.c
index 5157897a71..08de006f68 100644
--- a/src/pam-module.c
+++ b/src/pam-module.c
@@ -23,6 +23,7 @@
#include <fcntl.h>
#include <sys/file.h>
#include <pwd.h>
+#include <endian.h>
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
@@ -102,39 +103,59 @@ static int open_file_and_lock(const char *fn) {
return fd;
}
-static uint32_t combine32(unsigned long long u) {
- uint32_t r = 0;
- unsigned i;
+static uint64_t get_session_id(void) {
+ char *s;
+ int fd;
- for (i = 0; i < sizeof(u)/4; i ++)
- r ^= (uint32_t) ((u >> (i*32)) & 0xFFFFFFFFULL);
+ /* First attempt: let's use the session ID of the audit
+ * system, if it is available. */
+ if (read_one_line_file("/proc/self/sessionid", &s) >= 0) {
+ uint32_t u;
+ int r;
- return r;
-}
+ r = safe_atou32(s, &u);
+ free(s);
-static char *generate_session_cookie(void) {
- char *machine;
- char *cookie;
- unsigned long long r;
- usec_t u;
- int k;
+ if (r >= 0 && u != (uint32_t) -1)
+ return (uint64_t) u;
+ }
- if (getmachineid_malloc(&machine) < 0)
- if (!(machine = gethostname_malloc()))
- return NULL;
+ /* Second attempt, use our own counter. */
+ if ((fd = open_file_and_lock(RUNTIME_DIR "/user/.pam-systemd-session")) >= 0) {
+ uint64_t counter;
+ ssize_t r;
- r = random_ull();
- u = now(CLOCK_REALTIME);
+ /* We do a bit of endianess swapping here, just to be
+ * sure. /var should be machine specific anyway, and
+ * /var/run even mounted from tmpfs, so this
+ * byteswapping should really not be necessary. But
+ * then again, you never know, so let's avoid any
+ * risk. */
- k = asprintf(&cookie, "%s-%lu-%lu",
- machine,
- (unsigned long) combine32(r),
- (unsigned long) combine32((unsigned long long) u));
- free(machine);
+ if (loop_read(fd, &counter, sizeof(counter), false) != sizeof(counter))
+ counter = 1;
+ else
+ counter = le64toh(counter) + 1;
- return k < 0 ? NULL : cookie;
-}
+ if (lseek(fd, 0, SEEK_SET) == 0) {
+ uint64_t swapped = htole64(counter);
+
+ r = loop_write(fd, &swapped, sizeof(swapped), false);
+
+ if (r != sizeof(swapped))
+ r = -EIO;
+ } else
+ r = -errno;
+ close_nointr_nofail(fd);
+
+ if (r >= 0)
+ return counter;
+ }
+
+ /* Last attempt, pick a random value */
+ return (uint64_t) random_ull();
+}
static int get_user_data(
pam_handle_t *handle,
const char **ret_username,
@@ -258,28 +279,29 @@ _public_ PAM_EXTERN int pam_sm_open_session(
buf = NULL;
if (create_session) {
- const char *cookie;
+ const char *id;
/* Reuse or create XDG session ID */
- if (!(cookie = pam_getenv(handle, "XDG_SESSION_COOKIE"))) {
- if (!(buf = generate_session_cookie())) {
+ if (!(id = pam_getenv(handle, "XDG_SESSION_ID"))) {
+
+ if (asprintf(&buf, "%llu", (unsigned long long) get_session_id()) < 0) {
r = PAM_BUF_ERR;
goto finish;
}
- if ((r = pam_misc_setenv(handle, "XDG_SESSION_COOKIE", buf, 0)) != PAM_SUCCESS) {
- pam_syslog(handle, LOG_ERR, "Failed to set cookie.");
+ if ((r = pam_misc_setenv(handle, "XDG_SESSION_ID", buf, 0)) != PAM_SUCCESS) {
+ pam_syslog(handle, LOG_ERR, "Failed to set session id.");
goto finish;
}
- if (!(cookie = pam_getenv(handle, "XDG_SESSION_COOKIE"))) {
- pam_syslog(handle, LOG_ERR, "Failed to get cookie.");
+ if (!(id = pam_getenv(handle, "XDG_SESSION_ID"))) {
+ pam_syslog(handle, LOG_ERR, "Failed to get session id.");
r = PAM_SESSION_ERR;
goto finish;
}
}
- r = asprintf(&buf, "/user/%s/%s", username, cookie);
+ r = asprintf(&buf, "/user/%s/%s", username, id);
} else
r = asprintf(&buf, "/user/%s/no-session", username);
@@ -353,7 +375,7 @@ _public_ PAM_EXTERN int pam_sm_close_session(
bool kill_user = false;
int lock_fd = -1, r;
char *session_path = NULL, *nosession_path = NULL, *user_path = NULL;
- const char *cookie;
+ const char *id;
struct passwd *pw;
assert(handle);
@@ -379,23 +401,19 @@ _public_ PAM_EXTERN int pam_sm_close_session(
goto finish;
}
- if ((cookie = pam_getenv(handle, "XDG_SESSION_COOKIE"))) {
+ if ((id = pam_getenv(handle, "XDG_SESSION_ID"))) {
- if (asprintf(&session_path, "/user/%s/%s", username, cookie) < 0 ||
+ if (asprintf(&session_path, "/user/%s/%s", username, id) < 0 ||
asprintf(&nosession_path, "/user/%s/no-session", username) < 0) {
r = PAM_BUF_ERR;
goto finish;
}
if (kill_session) {
- pam_syslog(handle, LOG_INFO, "KILLING ENTER");
-
/* Kill processes in session cgroup */
if ((r = cg_kill_recursive_and_wait("name=systemd", session_path)) < 0)
pam_syslog(handle, LOG_ERR, "Failed to kill session cgroup: %s", strerror(-r));
- pam_syslog(handle, LOG_INFO, "KILLING EXIT");
-
} else {
/* Migrate processes from session to
* no-session cgroup. First, try to create the
diff --git a/src/util.h b/src/util.h
index 864d98fa63..2410312421 100644
--- a/src/util.h
+++ b/src/util.h
@@ -30,6 +30,8 @@
#include <stdio.h>
#include <signal.h>
+#include "macro.h"
+
typedef uint64_t usec_t;
typedef struct timestamp {
@@ -113,6 +115,16 @@ int parse_pid(const char *s, pid_t* ret_pid);
int safe_atou(const char *s, unsigned *ret_u);
int safe_atoi(const char *s, int *ret_i);
+static inline int safe_atou32(const char *s, uint32_t *ret_u) {
+ assert_cc(sizeof(uint32_t) == sizeof(unsigned));
+ return safe_atou(s, (unsigned*) ret_u);
+}
+
+static inline int safe_atoi32(const char *s, int32_t *ret_u) {
+ assert_cc(sizeof(int32_t) == sizeof(int));
+ return safe_atoi(s, (int*) ret_u);
+}
+
int safe_atolu(const char *s, unsigned long *ret_u);
int safe_atoli(const char *s, long int *ret_i);