lib/libpam/modules/pam_xdg/pam_xdg.c

root/lib/libpam/modules/pam_xdg/pam_xdg.c
/*-
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Copyright (c) 2024 Beckhoff Automation GmbH & Co. KG
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/stat.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>

#define PAM_SM_SESSION

#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>

#define BASE_RUNTIME_DIR_PREFIX "/var/run/xdg"
#define RUNTIME_DIR_PREFIX      runtime_dir_prefix != NULL ? runtime_dir_prefix : BASE_RUNTIME_DIR_PREFIX

#define RUNTIME_DIR_PREFIX_MODE 0711
#define RUNTIME_DIR_MODE        0700    /* XDG spec */

#define XDG_MAX_SESSION         100 /* Arbitrary limit because we need one */

static int
_pam_xdg_open(pam_handle_t *pamh, int flags __unused,
    int argc __unused, const char *argv[] __unused)
{
        struct passwd *passwd;
        const char *user;
        const char *runtime_dir_prefix;
        struct stat sb;
        char *runtime_dir = NULL;
        char *xdg_session_file;
        int rv, rt_dir_prefix, rt_dir, session_file, i;

        session_file = -1;
        rt_dir_prefix = -1;
        runtime_dir_prefix = openpam_get_option(pamh, "runtime_dir_prefix");

        /* Get user info */
        rv = pam_get_item(pamh, PAM_USER, (const void **)&user);
        if (rv != PAM_SUCCESS || user == NULL) {
                PAM_VERBOSE_ERROR("Can't get user information");
                goto out;
        }
        if ((passwd = getpwnam(user)) == NULL) {
                PAM_VERBOSE_ERROR("Can't get user information");
                rv = PAM_SESSION_ERR;
                goto out;
        }

        /* Open or create the base xdg directory */
        rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW);
        if (rt_dir_prefix < 0) {
                rt_dir_prefix = mkdir(RUNTIME_DIR_PREFIX, RUNTIME_DIR_PREFIX_MODE);
                if (rt_dir_prefix != 0) {
                        PAM_VERBOSE_ERROR("Can't mkdir %s", RUNTIME_DIR_PREFIX);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
                rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW);
        }

        /* Open or create the user xdg directory */
        rt_dir = openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW);
        if (rt_dir < 0) {
                rt_dir = mkdirat(rt_dir_prefix, user, RUNTIME_DIR_MODE);
                if (rt_dir != 0) {
                        PAM_VERBOSE_ERROR("mkdir: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rt_dir);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
                rv = fchownat(rt_dir_prefix, user, passwd->pw_uid, passwd->pw_gid, 0);
                if (rv != 0) {
                        PAM_VERBOSE_ERROR("fchownat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, rv);
                        rv = unlinkat(rt_dir_prefix, user, AT_REMOVEDIR);
                        if (rv == -1)
                                PAM_VERBOSE_ERROR("unlinkat: %s/%s (%d)", RUNTIME_DIR_PREFIX, user, errno);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
        } else {
                close(rt_dir);
                /* Check that the already create dir is correctly owned */
                rv = fstatat(rt_dir_prefix, user, &sb, 0);
                if (rv == -1) {
                        PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, user, errno);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
                if (sb.st_uid != passwd->pw_uid ||
                  sb.st_gid != passwd->pw_gid) {
                        PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX, user, passwd->pw_uid, passwd->pw_gid);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
                /* Test directory mode */
                if ((sb.st_mode & 0x1FF) != RUNTIME_DIR_MODE) {
                        PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
        }

        /* Setup the environment variable */
        rv = asprintf(&runtime_dir, "XDG_RUNTIME_DIR=%s/%s", RUNTIME_DIR_PREFIX, user);
        if (rv < 0) {
                PAM_VERBOSE_ERROR("asprintf failed %d\n", rv);
                rv = PAM_SESSION_ERR;
                goto out;
        }
        rv = pam_putenv(pamh, runtime_dir);
        if (rv != PAM_SUCCESS) {
                PAM_VERBOSE_ERROR("pam_putenv: failed (%d)", rv);
                rv = PAM_SESSION_ERR;
                goto out;
        }

        /* Setup the session count file */
        for (i = 0; i < XDG_MAX_SESSION; i++) {
                rv = asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i);
                if (rv < 0) {
                        PAM_VERBOSE_ERROR("asprintf failed %d\n", rv);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
                rv = 0;
                session_file = openat(rt_dir_prefix, xdg_session_file, O_CREAT | O_EXCL, RUNTIME_DIR_MODE);
                free(xdg_session_file);
                if (session_file >= 0)
                        break;
        }
        if (session_file < 0) {
                PAM_VERBOSE_ERROR("Too many sessions");
                rv = PAM_SESSION_ERR;
                goto out;
        }

out:
        if (session_file >= 0)
                close(session_file);
        if (rt_dir_prefix >= 0)
                close(rt_dir_prefix);

        if (runtime_dir)
                free(runtime_dir);
        return (rv);
}

static int
remove_dir(int fd)
{
        DIR *dirp;
        struct dirent *dp;

        dirp = fdopendir(fd);
        if (dirp == NULL)
                return (-1);

        while ((dp = readdir(dirp)) != NULL) {
                if (dp->d_type == DT_DIR) {
                        int dirfd;

                        if (strcmp(dp->d_name, ".") == 0 ||
                            strcmp(dp->d_name, "..") == 0)
                                continue;
                        dirfd = openat(fd, dp->d_name, 0);
                        remove_dir(dirfd);
                        close(dirfd);
                        unlinkat(fd, dp->d_name, AT_REMOVEDIR);
                        continue;
                }
                unlinkat(fd, dp->d_name, 0);
        }
        closedir(dirp);

        return (0);
}

static int
_pam_xdg_close(pam_handle_t *pamh __unused, int flags __unused,
    int argc __unused, const char *argv[] __unused)
{
        struct passwd *passwd;
        const char *user;
        const char *runtime_dir_prefix;
        struct stat sb;
        char *xdg_session_file;
        int rv, rt_dir_prefix, rt_dir, session_file, i;

        rt_dir = -1;
        rt_dir_prefix = -1;
        runtime_dir_prefix = openpam_get_option(pamh, "runtime_dir_prefix");

        /* Get user info */
        rv = pam_get_item(pamh, PAM_USER, (const void **)&user);
        if (rv != PAM_SUCCESS || user == NULL) {
                PAM_VERBOSE_ERROR("Can't get user information");
                goto out;
        }
        if ((passwd = getpwnam(user)) == NULL) {
                PAM_VERBOSE_ERROR("Can't get user information");
                rv = PAM_SESSION_ERR;
                goto out;
        }

        /* Open the xdg base directory */
        rt_dir_prefix = open(RUNTIME_DIR_PREFIX, O_DIRECTORY | O_NOFOLLOW);
        if (rt_dir_prefix < 0) {
                PAM_VERBOSE_ERROR("open: %s failed (%d)\n", runtime_dir_prefix, rt_dir_prefix);
                rv = PAM_SESSION_ERR;
                goto out;
        }
        /* Check that the already created dir is correctly owned */
        rv = fstatat(rt_dir_prefix, user, &sb, 0);
        if (rv == -1) {
                PAM_VERBOSE_ERROR("fstatat %s/%s failed (%d)", RUNTIME_DIR_PREFIX, user, errno);
                rv = PAM_SESSION_ERR;
                goto out;
        }
        if (sb.st_uid != passwd->pw_uid ||
            sb.st_gid != passwd->pw_gid) {
                PAM_VERBOSE_ERROR("%s/%s isn't owned by %d:%d\n", RUNTIME_DIR_PREFIX, user, passwd->pw_uid, passwd->pw_gid);
                rv = PAM_SESSION_ERR;
                goto out;
        }
        /* Test directory mode */
        if ((sb.st_mode & 0x1FF) != RUNTIME_DIR_MODE) {
                PAM_VERBOSE_ERROR("%s/%s have wrong mode\n", RUNTIME_DIR_PREFIX, user);
                rv = PAM_SESSION_ERR;
                goto out;
        }

        /* Open the user xdg directory */
        rt_dir = openat(rt_dir_prefix, user, O_DIRECTORY | O_NOFOLLOW);
        if (rt_dir < 0) {
                PAM_VERBOSE_ERROR("openat: %s/%s failed (%d)\n", RUNTIME_DIR_PREFIX, user, rt_dir_prefix);
                rv = PAM_SESSION_ERR;
                goto out;
        }

        /* Get the last session file created */
        for (i = XDG_MAX_SESSION; i >= 0; i--) {
                rv = asprintf(&xdg_session_file, "%s/xdg_session.%d", user, i);
                if (rv < 0) {
                        PAM_VERBOSE_ERROR("asprintf failed %d\n", rv);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
                rv = 0;
                session_file = openat(rt_dir_prefix, xdg_session_file, 0);
                if (session_file >= 0) {
                        unlinkat(rt_dir_prefix, xdg_session_file, 0);
                        free(xdg_session_file);
                        break;
                }
                free(xdg_session_file);
        }
        if (session_file < 0) {
                PAM_VERBOSE_ERROR("Can't find session number\n");
                rv = PAM_SESSION_ERR;
                goto out;
        }
        close(session_file);

        /* Final cleanup if last user session */
        if (i == 0) {
                remove_dir(rt_dir);
                if (unlinkat(rt_dir_prefix, user, AT_REMOVEDIR) != 0) {
                        PAM_VERBOSE_ERROR("Can't cleanup %s/%s\n", runtime_dir_prefix, user);
                        rv = PAM_SESSION_ERR;
                        goto out;
                }
        }

        rv = PAM_SUCCESS;
out:
        if (rt_dir >= 0)
                close(rt_dir);
        if (rt_dir_prefix >= 0)
                close(rt_dir_prefix);
        return (rv);
}

PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
{

        return (_pam_xdg_open(pamh, flags, argc, argv));
}

PAM_EXTERN int
pam_sm_close_session(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
{

        return (_pam_xdg_close(pamh, flags, argc, argv));
}

PAM_MODULE_ENTRY("pam_xdg");
FreeBSD
