diff options
Diffstat (limited to 'src/login/pam-module.c')
| -rw-r--r-- | src/login/pam-module.c | 59 |
1 files changed, 48 insertions, 11 deletions
diff --git a/src/login/pam-module.c b/src/login/pam-module.c index 0727164db2..88b0ef9e45 100644 --- a/src/login/pam-module.c +++ b/src/login/pam-module.c @@ -49,6 +49,7 @@ static int parse_argv(pam_handle_t *handle, bool *kill_processes, char ***kill_only_users, char ***kill_exclude_users, + const char **class, bool *debug) { unsigned i; @@ -135,6 +136,11 @@ static int parse_argv(pam_handle_t *handle, *kill_exclude_users = l; } + } else if (startswith(argv[i], "class=")) { + + if (class) + *class = argv[i] + 6; + } else if (startswith(argv[i], "debug=")) { if ((k = parse_boolean(argv[i] + 6)) < 0) { pam_syslog(handle, LOG_ERR, "Failed to parse debug= argument."); @@ -322,7 +328,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( struct passwd *pw; bool kill_processes = false, debug = false; - const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type, *class, *cvtnr = NULL; + const char *username, *id, *object_path, *runtime_path, *service = NULL, *tty = NULL, *display = NULL, *remote_user = NULL, *remote_host = NULL, *seat = NULL, *type = NULL, *class = NULL, *class_pam = NULL, *cvtnr = NULL; char **controllers = NULL, **reset_controllers = NULL, **kill_only_users = NULL, **kill_exclude_users = NULL; DBusError error; uint32_t uid, pid; @@ -331,7 +337,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( int session_fd = -1; DBusConnection *bus = NULL; DBusMessage *m = NULL, *reply = NULL; - dbus_bool_t remote; + dbus_bool_t remote, existing; int r; uint32_t vtnr = 0; @@ -349,7 +355,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( argc, argv, &controllers, &reset_controllers, &kill_processes, &kill_only_users, &kill_exclude_users, - &debug) < 0) { + &class_pam, &debug) < 0) { r = PAM_SESSION_ERR; goto finish; } @@ -428,8 +434,14 @@ _public_ PAM_EXTERN int pam_sm_open_session( pam_get_item(handle, PAM_TTY, (const void**) &tty); pam_get_item(handle, PAM_RUSER, (const void**) &remote_user); pam_get_item(handle, PAM_RHOST, (const void**) &remote_host); + seat = pam_getenv(handle, "XDG_SEAT"); + if (isempty(seat)) + seat = getenv("XDG_SEAT"); + cvtnr = pam_getenv(handle, "XDG_VTNR"); + if (isempty(cvtnr)) + cvtnr = getenv("XDG_VTNR"); service = strempty(service); tty = strempty(tty); @@ -447,11 +459,20 @@ _public_ PAM_EXTERN int pam_sm_open_session( display = tty; tty = ""; } else if (streq(tty, "cron")) { - /* cron has been setting PAM_TTY to "cron" for a very long time - * and it cannot stop doing that for compatibility reasons. */ + /* cron has been setting PAM_TTY to "cron" for a very + * long time and it probably shouldn't stop doing that + * for compatibility reasons. */ + tty = ""; + type = "unspecified"; + } else if (streq(tty, "ssh")) { + /* ssh has been setting PAM_TTY to "ssh" for a very + * long time and probably shouldn't stop doing that + * for compatibility reasons. */ tty = ""; + type ="tty"; } + /* If this fails vtnr will be 0, that's intended */ if (!isempty(cvtnr)) safe_atou32(cvtnr, &vtnr); @@ -462,11 +483,16 @@ _public_ PAM_EXTERN int pam_sm_open_session( get_seat_from_display(display, NULL, &vtnr); } - type = !isempty(display) ? "x11" : - !isempty(tty) ? "tty" : "unspecified"; + if (!type) + type = !isempty(display) ? "x11" : + !isempty(tty) ? "tty" : "unspecified"; class = pam_getenv(handle, "XDG_SESSION_CLASS"); if (isempty(class)) + class = getenv("XDG_SESSION_CLASS"); + if (isempty(class)) + class = class_pam; + if (isempty(class)) class = "user"; remote = !isempty(remote_host) && @@ -517,8 +543,8 @@ _public_ PAM_EXTERN int pam_sm_open_session( if (debug) pam_syslog(handle, LOG_DEBUG, "Asking logind to create session: " - "uid=%u pid=%u service=%s type=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s", - uid, pid, service, type, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host); + "uid=%u pid=%u service=%s type=%s class=%s seat=%s vtnr=%u tty=%s display=%s remote=%s remote_user=%s remote_host=%s", + uid, pid, service, type, class, seat, vtnr, tty, display, yes_no(remote), remote_user, remote_host); reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error); if (!reply) { @@ -534,6 +560,7 @@ _public_ PAM_EXTERN int pam_sm_open_session( DBUS_TYPE_UNIX_FD, &session_fd, DBUS_TYPE_STRING, &seat, DBUS_TYPE_UINT32, &vtnr, + DBUS_TYPE_BOOLEAN, &existing, DBUS_TYPE_INVALID)) { pam_syslog(handle, LOG_ERR, "Failed to parse message: %s", bus_error_message(&error)); r = PAM_SESSION_ERR; @@ -577,6 +604,12 @@ _public_ PAM_EXTERN int pam_sm_open_session( } } + r = pam_set_data(handle, "systemd.existing", INT_TO_PTR(!!existing), NULL); + if (r != PAM_SUCCESS) { + pam_syslog(handle, LOG_ERR, "Failed to install existing flag."); + return r; + } + if (session_fd >= 0) { r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL); if (r != PAM_SUCCESS) { @@ -619,7 +652,7 @@ _public_ PAM_EXTERN int pam_sm_close_session( int flags, int argc, const char **argv) { - const void *p = NULL; + const void *p = NULL, *existing = NULL; const char *id; DBusConnection *bus = NULL; DBusMessage *m = NULL, *reply = NULL; @@ -630,8 +663,12 @@ _public_ PAM_EXTERN int pam_sm_close_session( dbus_error_init(&error); + /* Only release session if it wasn't pre-existing when we + * tried to create it */ + pam_get_data(handle, "systemd.existing", &existing); + id = pam_getenv(handle, "XDG_SESSION_ID"); - if (id) { + if (id && !existing) { /* Before we go and close the FIFO we need to tell * logind that this is a clean session shutdown, so |