VirtualBox

source: vbox/trunk/src/VBox/Additions/common/pam/pam_vbox.c@ 29055

Last change on this file since 29055 was 29055, checked in by vboxsync, 15 years ago

pam: warnings
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 9.9 KB
Line 
1/* $Id: pam_vbox.c 29055 2010-05-05 08:31:14Z vboxsync $ */
2/** @file
3 * pam_vbox - PAM module for auto logons.
4 */
5
6/*
7 * Copyright (C) 2008-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Header Files *
20*******************************************************************************/
21#define PAM_SM_AUTH
22#define PAM_SM_ACCOUNT
23#define PAM_SM_PASSWORD
24#define PAM_SM_SESSION
25
26#ifdef _DEBUG
27 #define PAM_DEBUG
28#endif
29
30#ifdef RT_OS_SOLARIS
31# include <security/pam_appl.h>
32#endif
33#include <security/pam_modules.h>
34#include <security/pam_appl.h>
35#ifdef RT_OS_LINUX
36#include <security/_pam_macros.h>
37#endif
38
39#ifndef PAM_EXTERN
40# define PAM_EXTERN extern
41#endif
42
43#include <pwd.h>
44#include <syslog.h>
45
46#include <iprt/env.h>
47#include <iprt/stream.h>
48#include <iprt/initterm.h>
49#include <iprt/string.h>
50#include <iprt/assert.h>
51#include <VBox/log.h>
52
53#include <VBox/VBoxGuestLib.h>
54
55#define VBOX_MODULE_NAME "pam_vbox"
56
57/** For debugging. */
58#ifdef _DEBUG
59 static pam_handle_t *g_pam_handle;
60 static int g_verbosity = 99;
61#else
62 static int g_verbosity = 0;
63#endif
64
65/**
66 * Write to system log.
67 *
68 * @param pszBuf Buffer to write to the log (NULL-terminated)
69 */
70static void pam_vbox_writesyslog(char *pszBuf)
71{
72#ifdef RT_OS_LINUX
73 openlog("pam_vbox", LOG_PID, LOG_AUTHPRIV);
74 syslog(LOG_ERR, pszBuf);
75 closelog();
76#elif defined(RT_OS_SOLARIS)
77 syslog(LOG_ERR, "pam_vbox: %s\n", pszBuf);
78#endif
79}
80
81
82/**
83 * Displays an error message.
84 *
85 * @param pszFormat The message text.
86 * @param ... Format arguments.
87 */
88static void pam_vbox_error(pam_handle_t *h, const char *pszFormat, ...)
89{
90 va_list va;
91 char *buf;
92 va_start(va, pszFormat);
93 /** @todo is this NULL terminated? */
94 if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
95 {
96 LogRel(("%s: Error: %s", VBOX_MODULE_NAME, buf));
97 pam_vbox_writesyslog(buf);
98 RTStrFree(buf);
99 }
100 va_end(va);
101}
102
103
104/**
105 * Displays a debug message.
106 *
107 * @param pszFormat The message text.
108 * @param ... Format arguments.
109 */
110static void pam_vbox_log(pam_handle_t *h, const char *pszFormat, ...)
111{
112 va_list va;
113 char *buf;
114 va_start(va, pszFormat);
115 /** @todo is this NULL terminated? */
116 if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
117 {
118 if (g_verbosity)
119 {
120 /* Only do normal logging in debug mode; could contain
121 * sensitive data! */
122 LogRel(("%s: %s", VBOX_MODULE_NAME, buf));
123 /* Log to syslog */
124 pam_vbox_writesyslog(buf);
125 }
126 RTStrFree(buf);
127 }
128 va_end(va);
129}
130
131
132static int pam_vbox_do_check(pam_handle_t *h)
133{
134 int rc;
135 int pamrc;
136
137#ifdef _DEBUG
138 g_pam_handle = h; /* hack for getting assertion text */
139#endif
140
141 /* Don't make assertions panic because the PAM stack +
142 * the current logon module won't work anymore (or just restart).
143 * This could result in not able to log into the system anymore. */
144 RTAssertSetMayPanic(false);
145
146 rc = RTR3Init();
147 if (RT_FAILURE(rc))
148 {
149 pam_vbox_error(h, "pam_vbox_do_check: could not init runtime! rc=%Rrc. Aborting.\n", rc);
150 return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
151 }
152
153 pam_vbox_log(h, "pam_vbox_do_check: runtime initialized.\n");
154 if (RT_SUCCESS(rc))
155 {
156 rc = VbglR3InitUser();
157 if (RT_FAILURE(rc))
158 {
159 switch(rc)
160 {
161 case VERR_ACCESS_DENIED:
162 pam_vbox_error(h, "pam_vbox_do_check: access is denied to guest driver! Please make sure you run with sufficient rights. Aborting.\n");
163 break;
164
165 case VERR_FILE_NOT_FOUND:
166 pam_vbox_error(h, "pam_vbox_do_check: guest driver not found! Guest Additions installed? Aborting.\n");
167 break;
168
169 default:
170 pam_vbox_error(h, "pam_vbox_do_check: could not init VbglR3 library! rc=%Rrc. Aborting.\n", rc);
171 break;
172 }
173 return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
174 }
175 pam_vbox_log(h, "pam_vbox_do_check: guest lib initialized.\n");
176 }
177
178 pamrc = PAM_OPEN_ERR; /* The PAM return code; intentionally not used as an exit value below. */
179 if (RT_SUCCESS(rc))
180 {
181 char *rhost = NULL;
182 char *tty = NULL;
183 char *prompt = NULL;
184#ifdef RT_OS_SOLARIS
185 pam_get_item(h, PAM_RHOST, (void**) &rhost);
186 pam_get_item(h, PAM_TTY, (void**) &tty);
187 pam_get_item(h, PAM_USER_PROMPT, (void**) &prompt);
188#else
189 pam_get_item(h, PAM_RHOST, (const void**) &rhost);
190 pam_get_item(h, PAM_TTY, (const void**) &tty);
191 pam_get_item(h, PAM_USER_PROMPT, (const void**) &prompt);
192#endif
193 pam_vbox_log(h, "pam_vbox_do_check: rhost=%s, tty=%s, prompt=%s\n",
194 rhost ? rhost : "<none>", tty ? tty : "<none>", prompt ? prompt : "<none>");
195
196 rc = VbglR3CredentialsQueryAvailability();
197 if (RT_FAILURE(rc))
198 {
199 if (rc == VERR_NOT_FOUND)
200 pam_vbox_log(h, "pam_vbox_do_check: no credentials available.\n");
201 else
202 pam_vbox_error(h, "pam_vbox_do_check: could not query for credentials! rc=%Rrc. Aborting.\n", rc);
203 pamrc = PAM_SUCCESS;
204 }
205 else
206 {
207 char *pszUsername;
208 char *pszPassword;
209 char *pszDomain;
210
211 rc = VbglR3CredentialsRetrieve(&pszUsername, &pszPassword, &pszDomain);
212 if (RT_FAILURE(rc))
213 {
214 pam_vbox_error(h, "pam_vbox_do_check: could not retrieve credentials! rc=%Rrc. Aborting.\n", rc);
215 }
216 else
217 {
218 pam_vbox_log(h, "pam_vbox_do_check: credentials retrieved: user=%s, password=%s, domain=%s\n",
219 pszUsername, pszPassword, pszDomain);
220 /* Fill credentials into PAM. */
221 pamrc = pam_set_item(h, PAM_USER, pszUsername);
222 if (pamrc != PAM_SUCCESS)
223 {
224 pam_vbox_error(h, "pam_vbox_do_check: could not set user name! pamrc=%d. Aborting.\n", pamrc);
225 }
226 else
227 {
228 pamrc = pam_set_item(h, PAM_AUTHTOK, pszPassword);
229 if (pamrc != PAM_SUCCESS)
230 pam_vbox_error(h, "pam_vbox_do_check: could not set password! pamrc=%d. Aborting.\n", pamrc);
231 }
232 /** @todo Add handling domains as well. */
233
234 VbglR3CredentialsDestroy(pszUsername, pszPassword, pszDomain,
235 3 /* Three wipe passes */);
236 }
237 }
238 VbglR3Term();
239 } /* VbglR3 init okay */
240
241#if 0 /** @todo implement RTR3Term, or create some hack to force anything containing RTR3Init to stay loaded. */
242 RTR3Term();
243#endif
244
245 pam_vbox_log(h, "pam_vbox_do_check: returned with pamrc=%d, msg=%s\n",
246 pamrc, pam_strerror(h, pamrc));
247
248 /* Never report an error here because if no credentials from the host are available or something
249 * went wrong we then let do the authentication by the next module in the stack. */
250
251 /* We report success here because this is all we can do right now -- we passed the credentials
252 * to the next PAM module in the block above which then might do a shadow (like pam_unix/pam_unix2)
253 * password verification to "really" authenticate the user. */
254 return PAM_SUCCESS;
255}
256
257
258/**
259 * Performs authentication within the PAM framework.
260 *
261 * @todo
262 */
263PAM_EXTERN int pam_sm_authenticate(pam_handle_t *h, int flags,
264 int argc, const char **argv)
265{
266 /* Parse arguments. */
267 int i;
268 for (i = 0; i < argc; i++)
269 {
270 if (!RTStrICmp(argv[i], "debug"))
271 g_verbosity=1;
272 else
273 pam_vbox_error(h, "pam_sm_authenticate: unknown command line argument \"%s\"\n", argv[i]);
274 }
275 pam_vbox_log(h, "pam_vbox_authenticate called.\n");
276
277 /* Do the actual check. */
278 return pam_vbox_do_check(h);
279}
280
281
282/**
283 * Modifies / deletes user credentials
284 *
285 * @todo
286 */
287PAM_EXTERN int pam_sm_setcred(pam_handle_t *h, int flags, int argc, const char **argv)
288{
289 pam_vbox_log(h, "pam_vbox_setcred called.\n");
290 return PAM_SUCCESS;
291}
292
293
294PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *h, int flags, int argc, const char **argv)
295{
296 pam_vbox_log(h, "pam_vbox_acct_mgmt called.\n");
297 return PAM_SUCCESS;
298}
299
300
301PAM_EXTERN int pam_sm_open_session(pam_handle_t *h, int flags, int argc, const char **argv)
302{
303 pam_vbox_log(h, "pam_vbox_open_session called.\n");
304 RTPrintf("This session was provided by VirtualBox Guest Additions. Have a lot of fun!\n");
305 return PAM_SUCCESS;
306}
307
308
309PAM_EXTERN int pam_sm_close_session(pam_handle_t *h, int flags, int argc, const char **argv)
310{
311 pam_vbox_log(h, "pam_vbox_close_session called.\n");
312 return PAM_SUCCESS;
313}
314
315PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *h, int flags, int argc, const char **argv)
316{
317 pam_vbox_log(h, "pam_vbox_sm_chauthtok called.\n");
318 return PAM_SUCCESS;
319}
320
321#ifdef _DEBUG
322DECLEXPORT(void) RTAssertMsg1Weak(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction)
323{
324 pam_vbox_log(g_pam_handle,
325 "\n!!Assertion Failed!!\n"
326 "Expression: %s\n"
327 "Location : %s(%d) %s\n",
328 pszExpr, pszFile, uLine, pszFunction);
329 RTAssertMsg1(pszExpr, uLine, pszFile, pszFunction);
330}
331#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette