diff options
Diffstat (limited to 'lib/libpam/modules/pam_xdg')
| -rw-r--r-- | lib/libpam/modules/pam_xdg/Makefile | 5 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_xdg/pam_xdg.8 | 64 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_xdg/pam_xdg.c | 329 | 
3 files changed, 398 insertions, 0 deletions
| diff --git a/lib/libpam/modules/pam_xdg/Makefile b/lib/libpam/modules/pam_xdg/Makefile new file mode 100644 index 000000000000..df3948987da6 --- /dev/null +++ b/lib/libpam/modules/pam_xdg/Makefile @@ -0,0 +1,5 @@ +LIB=	pam_xdg +SRCS=	pam_xdg.c +MAN=	pam_xdg.8 + +.include <bsd.lib.mk> diff --git a/lib/libpam/modules/pam_xdg/pam_xdg.8 b/lib/libpam/modules/pam_xdg/pam_xdg.8 new file mode 100644 index 000000000000..031010953e98 --- /dev/null +++ b/lib/libpam/modules/pam_xdg/pam_xdg.8 @@ -0,0 +1,64 @@ +.\" * SPDX-License-Identifier: BSD-2-Clause +.\" +.\" Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG +.\" +.\" * Redistribution and use in source and binary forms, with or without +.\" * modification, are permitted provided that the following conditions +.\" * are met: +.\" * 1. Redistributions of source code must retain the above copyright +.\" *    notice, this list of conditions and the following disclaimer. +.\" * 2. Redistributions in binary form must reproduce the above copyright +.\" *    notice, this list of conditions and the following disclaimer in the +.\" *    documentation and/or other materials provided with the distribution. +.\" * +.\" * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" * SUCH DAMAGE. +.Dd May 20, 2025 +.Dt PAM_XDG 8 +.Os +.Sh NAME +.Nm pam_xdg +.Nd XDG PAM module +.Sh SYNOPSIS +.Op Ar service-name +.Ar module-type +.Ar control-flag +.Pa pam_xdg +.Op Ar arguments +.Sh DESCRIPTION +The xdg service module for PAM creates the runtime files base directory +according to the Cross Desktop Group Base Directory Specification. +.Pp +By default the directory is created under +.Pa /var/run/xdg/ Ns $ Ns Ev USER . +.Pp +The following option may be passed to the authentication module: +.Bl -tag -width "runtime_dir_prefix=directory" +.It Cm runtime_dir_prefix Ns = Ns Ar directory +Use an alternate base directory +.El +.Sh ENVIRONMENT +.Bl -tag -width indent +.It Ev XDG_RUNTIME_DIR +The location of the runtime files base directory created by this module. +.El +.Sh STANDARDS +The directory created by this module conforms to the +.Lk https://specifications.freedesktop.org/basedir-spec XDG Base Directory Specification . +.Sh SEE ALSO +.Xr pam 3 , +.Xr pam.conf 5 +.Sh AUTHORS +The +.Nm +module and this manual page were written by +.An Emmanuel Vadot Aq Mt manu@FreeBSD.org . diff --git a/lib/libpam/modules/pam_xdg/pam_xdg.c b/lib/libpam/modules/pam_xdg/pam_xdg.c new file mode 100644 index 000000000000..10c6467776a3 --- /dev/null +++ b/lib/libpam/modules/pam_xdg/pam_xdg.c @@ -0,0 +1,329 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *    notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *    notice, this list of conditions and the following disclaimer in the + *    documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <sys/stat.h> +#include <dirent.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <pwd.h> + +#define	PAM_SM_SESSION + +#include <security/pam_appl.h> +#include <security/pam_modules.h> +#include <security/pam_mod_misc.h> + +#define	BASE_RUNTIME_DIR_PREFIX	"/var/run/xdg" +#define	RUNTIME_DIR_PREFIX	runtime_dir_prefix != NULL ? runtime_dir_prefix : BASE_RUNTIME_DIR_PREFIX + +#define	RUNTIME_DIR_PREFIX_MODE	0711 +#define	RUNTIME_DIR_MODE	0700	/* XDG spec */ + +#define	XDG_MAX_SESSION		100 /* Arbitrary limit because we need one */ + +static int +_pam_xdg_open(pam_handle_t *pamh, int flags __unused, +    int argc __unused, const char *argv[] __unused) +{ +	struct passwd *passwd; +	const char *user; +	const char *runtime_dir_prefix; +	struct stat sb; +	char *runtime_dir = NULL; +	char *xdg_session_file; +	int rv, rt_dir_prefix, rt_dir, session_file, i; + +	session_file = -1; +	rt_dir_prefix = -1; +	runtime_dir_prefix = openpam_get_option(pamh, "runtime_dir_prefix"); + +	/* Get user info */ +	rv = pam_get_item(pamh, PAM_USER, (const void **)&user); +	if (rv != PAM_SUCCESS || user == NULL) { +		PAM_VERBOSE_ERROR("Can't get user information"); +		goto out; +	} +	if ((passwd = getpwnam(user)) == NULL) { +		PAM_VERBOSE_ERROR("Can't get user information"); +		rv = PAM_SESSION_ERR; +		goto out; +	} + +	/* Open or create the base xdg directory */ +	rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); +	if (rt_dir_prefix < 0) { +		rt_dir_prefix = mkdir(RUNTIME_DIR_PREFIX, RUNTIME_DIR_PREFIX_MODE); +		if (rt_dir_prefix != 0) { +			PAM_VERBOSE_ERROR("Can't mkdir %s", RUNTIME_DIR_PREFIX); +			rv = PAM_SESSION_ERR; +			goto out; +		} +		rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); +	} + +	/* Open or create the user xdg directory */ +	rt_dir = openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW); +	if (rt_dir < 0) { +		rt_dir = mkdirat(rt_dir_prefix, user, RUNTIME_DIR_MODE); +		if (rt_dir != 0) { +			PAM_VERBOSE_ERROR("mkdir: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rt_dir); +			rv = PAM_SESSION_ERR; +			goto out; +		} +		rv = fchownat(rt_dir_prefix, user, passwd->pw_uid, passwd->pw_gid, 0); +		if (rv != 0) { +			PAM_VERBOSE_ERROR("fchownat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rv); +			rv = unlinkat(rt_dir_prefix, user, AT_REMOVEDIR); +			if (rv == -1) +				PAM_VERBOSE_ERROR("unlinkat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, errno); +			rv = PAM_SESSION_ERR; +			goto out; +		} +	} else { +		close(rt_dir); +		/* Check that the already create dir is correctly owned */ +		rv = fstatat(rt_dir_prefix, user, &sb, 0); +		if (rv == -1) { +			PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, user, errno); +			rv = PAM_SESSION_ERR; +			goto out; +		} +		if (sb.st_uid != passwd->pw_uid || +		  sb.st_gid != passwd->pw_gid) { +			PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX, user, passwd->pw_uid, passwd->pw_gid); +			rv = PAM_SESSION_ERR; +			goto out; +		} +		/* Test directory mode */ +		if ((sb.st_mode & 0x1FF) != RUNTIME_DIR_MODE) { +			PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user); +			rv = PAM_SESSION_ERR; +			goto out; +		} +	} + +	/* Setup the environment variable */ +	rv = asprintf(&runtime_dir, "XDG_RUNTIME_DIR=%s/%s", RUNTIME_DIR_PREFIX, user); +	if (rv < 0) { +		PAM_VERBOSE_ERROR("asprintf failed %d\n", rv); +		rv = PAM_SESSION_ERR; +		goto out; +	} +	rv = pam_putenv(pamh, runtime_dir); +	if (rv != PAM_SUCCESS) { +		PAM_VERBOSE_ERROR("pam_putenv: failed (%d)", rv); +		rv = PAM_SESSION_ERR; +		goto out; +	} + +	/* Setup the session count file */ +	for (i = 0; i < XDG_MAX_SESSION; i++) { +		rv = asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i); +		if (rv < 0) { +			PAM_VERBOSE_ERROR("asprintf failed %d\n", rv); +			rv = PAM_SESSION_ERR; +			goto out; +		} +		rv = 0; +		session_file = openat(rt_dir_prefix, xdg_session_file, O_CREAT | O_EXCL, RUNTIME_DIR_MODE); +		free(xdg_session_file); +		if (session_file >= 0) +			break; +	} +	if (session_file < 0) { +		PAM_VERBOSE_ERROR("Too many sessions"); +		rv = PAM_SESSION_ERR; +		goto out; +	} + +out: +	if (session_file >= 0) +		close(session_file); +	if (rt_dir_prefix >= 0) +		close(rt_dir_prefix); + +	if (runtime_dir) +		free(runtime_dir); +	return (rv); +} + +static int +remove_dir(int fd) +{ +	DIR *dirp; +	struct dirent *dp; + +	dirp = fdopendir(fd); +	if (dirp == NULL) +		return (-1); + +	while ((dp = readdir(dirp)) != NULL) { +		if (dp->d_type == DT_DIR) { +			int dirfd; + +			if (strcmp(dp->d_name, ".") == 0 || +			    strcmp(dp->d_name, "..") == 0) +				continue; +			dirfd = openat(fd, dp->d_name, 0); +			remove_dir(dirfd); +			close(dirfd); +			unlinkat(fd, dp->d_name, AT_REMOVEDIR); +			continue; +		} +		unlinkat(fd, dp->d_name, 0); +	} +	closedir(dirp); + +	return (0); +} + +static int +_pam_xdg_close(pam_handle_t *pamh __unused, int flags __unused, +    int argc __unused, const char *argv[] __unused) +{ +	struct passwd *passwd; +	const char *user; +	const char *runtime_dir_prefix; +	struct stat sb; +	char *xdg_session_file; +	int rv, rt_dir_prefix, rt_dir, session_file, i; + +	rt_dir = -1; +	rt_dir_prefix = -1; +	runtime_dir_prefix = openpam_get_option(pamh, "runtime_dir_prefix"); + +	/* Get user info */ +	rv = pam_get_item(pamh, PAM_USER, (const void **)&user); +	if (rv != PAM_SUCCESS || user == NULL) { +		PAM_VERBOSE_ERROR("Can't get user information"); +		goto out; +	} +	if ((passwd = getpwnam(user)) == NULL) { +		PAM_VERBOSE_ERROR("Can't get user information"); +		rv = PAM_SESSION_ERR; +		goto out; +	} + +	/* Open the xdg base directory */ +	rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW); +	if (rt_dir_prefix < 0) { +		PAM_VERBOSE_ERROR("open: %s failed (%d)\n", runtime_dir_prefix, rt_dir_prefix); +		rv = PAM_SESSION_ERR; +		goto out; +	} +	/* Check that the already created dir is correctly owned */ +	rv = fstatat(rt_dir_prefix, user, &sb, 0); +	if (rv == -1) { +		PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, user, errno); +		rv = PAM_SESSION_ERR; +		goto out; +	} +	if (sb.st_uid != passwd->pw_uid || +	    sb.st_gid != passwd->pw_gid) { +		PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX, user, passwd->pw_uid, passwd->pw_gid); +		rv = PAM_SESSION_ERR; +		goto out; +	} +	/* Test directory mode */ +	if ((sb.st_mode & 0x1FF) != RUNTIME_DIR_MODE) { +		PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user); +		rv = PAM_SESSION_ERR; +		goto out; +	} + +	/* Open the user xdg directory */ +	rt_dir = openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW); +	if (rt_dir < 0) { +		PAM_VERBOSE_ERROR("openat: %s/%s failed (%d)\n", RUNTIME_DIR_PREFIX, user, rt_dir_prefix); +		rv = PAM_SESSION_ERR; +		goto out; +	} + +	/* Get the last session file created */ +	for (i = XDG_MAX_SESSION; i >= 0; i--) { +		rv = asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i); +		if (rv < 0) { +			PAM_VERBOSE_ERROR("asprintf failed %d\n", rv); +			rv = PAM_SESSION_ERR; +			goto out; +		} +		rv = 0; +		session_file = openat(rt_dir_prefix, xdg_session_file, 0); +		if (session_file >= 0) { +			unlinkat(rt_dir_prefix, xdg_session_file, 0); +			free(xdg_session_file); +			break; +		} +		free(xdg_session_file); +	} +	if (session_file < 0) { +		PAM_VERBOSE_ERROR("Can't find session number\n"); +		rv = PAM_SESSION_ERR; +		goto out; +	} +	close(session_file); + +	/* Final cleanup if last user session */ +	if (i == 0) { +		remove_dir(rt_dir); +		if (unlinkat(rt_dir_prefix, user, AT_REMOVEDIR) != 0) { +			PAM_VERBOSE_ERROR("Can't cleanup %s/%s\n", runtime_dir_prefix, user); +			rv = PAM_SESSION_ERR; +			goto out; +		} +	} + +	rv = PAM_SUCCESS; +out: +	if (rt_dir >= 0) +		close(rt_dir); +	if (rt_dir_prefix >= 0) +		close(rt_dir_prefix); +	return (rv); +} + +PAM_EXTERN int +pam_sm_open_session(pam_handle_t *pamh, int flags, +    int argc, const char *argv[]) +{ + +	return (_pam_xdg_open(pamh, flags, argc, argv)); +} + +PAM_EXTERN int +pam_sm_close_session(pam_handle_t *pamh, int flags, +    int argc, const char *argv[]) +{ + +	return (_pam_xdg_close(pamh, flags, argc, argv)); +} + +PAM_MODULE_ENTRY("pam_xdg"); | 
