VirtualBox

source: vbox/trunk/src/VBox/Additions/common/pam/pam_vbox.cpp@ 28736

Last change on this file since 28736 was 27867, checked in by vboxsync, 15 years ago

export Additions/linux/pam to OSE
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 10.1 KB
Line 
1/* $Id: pam_vbox.cpp 27867 2010-03-31 09:31:10Z vboxsync $ */
2/** @file
3 * pam_vbox - PAM module for auto logons.
4 */
5
6/*
7 * Copyright (C) 2008-2010 Sun Microsystems, Inc.
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
18 * Clara, CA 95054 USA or visit http://www.sun.com if you need
19 * additional information or have any questions.
20 */
21
22/*******************************************************************************
23* Header Files *
24*******************************************************************************/
25#define PAM_SM_AUTH
26#define PAM_SM_ACCOUNT
27#define PAM_SM_PASSWORD
28#define PAM_SM_SESSION
29
30#ifdef _DEBUG
31 #define PAM_DEBUG
32#endif
33
34#ifdef RT_OS_SOLARIS
35# include <security/pam_appl.h>
36#endif
37#include <security/pam_modules.h>
38#include <security/pam_appl.h>
39#ifdef RT_OS_LINUX
40#include <security/_pam_macros.h>
41#endif
42
43#ifndef PAM_EXTERN
44# define PAM_EXTERN extern
45#endif
46
47#include <pwd.h>
48#include <syslog.h>
49
50#include <iprt/env.h>
51#include <iprt/stream.h>
52#include <iprt/initterm.h>
53#include <iprt/string.h>
54#include <iprt/assert.h>
55#include <VBox/log.h>
56
57#include <VBox/VBoxGuestLib.h>
58
59#define VBOX_MODULE_NAME "pam_vbox"
60
61/** For debugging. */
62#ifdef _DEBUG
63 static pam_handle_t *g_pam_handle;
64 static int g_verbosity = 99;
65#else
66 static int g_verbosity = 0;
67#endif
68
69/**
70 * Write to system log.
71 *
72 * @param pszBuf Buffer to write to the log (NULL-terminated)
73 */
74static void pam_vbox_writesyslog(char *pszBuf)
75{
76#ifdef RT_OS_LINUX
77 openlog("pam_vbox", LOG_PID, LOG_AUTHPRIV);
78 syslog(LOG_ERR, pszBuf);
79 closelog();
80#elif defined(RT_OS_SOLARIS)
81 syslog(LOG_ERR, "pam_vbox: %s\n", pszBuf);
82#endif
83}
84
85
86/**
87 * Displays an error message.
88 *
89 * @param pszFormat The message text.
90 * @param ... Format arguments.
91 */
92static void pam_vbox_error(pam_handle_t *h, const char *pszFormat, ...)
93{
94 va_list va;
95 va_start(va, pszFormat);
96 /** @todo is this NULL terminated? */
97 char *buf;
98 if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
99 {
100 LogRel(("%s: Error: %s", VBOX_MODULE_NAME, buf));
101 pam_vbox_writesyslog(buf);
102 RTStrFree(buf);
103 }
104 va_end(va);
105}
106
107
108/**
109 * Displays a debug message.
110 *
111 * @param pszFormat The message text.
112 * @param ... Format arguments.
113 */
114static void pam_vbox_log(pam_handle_t *h, const char *pszFormat, ...)
115{
116 va_list va;
117 va_start(va, pszFormat);
118 /** @todo is this NULL terminated? */
119 char *buf;
120 if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
121 {
122 if (g_verbosity)
123 {
124 /* Only do normal logging in debug mode; could contain
125 * sensitive data! */
126 LogRel(("%s: %s", VBOX_MODULE_NAME, buf));
127 /* Log to syslog */
128 pam_vbox_writesyslog(buf);
129 }
130 RTStrFree(buf);
131 }
132 va_end(va);
133}
134
135
136int pam_vbox_do_check(pam_handle_t *h)
137{
138#ifdef _DEBUG
139 g_pam_handle = h; /* hack for getting assertion text */
140#endif
141
142 /* Don't make assertions panic because the PAM stack +
143 * the current logon module won't work anymore (or just restart).
144 * This could result in not able to log into the system anymore. */
145 RTAssertSetMayPanic(false);
146
147 int rc = RTR3Init();
148 if (RT_FAILURE(rc))
149 {
150 pam_vbox_error(h, "pam_vbox_do_check: could not init runtime! rc=%Rrc. Aborting.\n", rc);
151 return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
152 }
153
154 pam_vbox_log(h, "pam_vbox_do_check: runtime initialized.\n");
155 if (RT_SUCCESS(rc))
156 {
157 rc = VbglR3InitUser();
158 if (RT_FAILURE(rc))
159 {
160 switch(rc)
161 {
162 case VERR_ACCESS_DENIED:
163 pam_vbox_error(h, "pam_vbox_do_check: access is denied to guest driver! Please make sure you run with sufficient rights. Aborting.\n");
164 break;
165
166 case VERR_FILE_NOT_FOUND:
167 pam_vbox_error(h, "pam_vbox_do_check: guest driver not found! Guest Additions installed? Aborting.\n");
168 break;
169
170 default:
171 pam_vbox_error(h, "pam_vbox_do_check: could not init VbglR3 library! rc=%Rrc. Aborting.\n", rc);
172 break;
173 }
174 return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
175 }
176 pam_vbox_log(h, "pam_vbox_do_check: guest lib initialized.\n");
177 }
178
179 int pamrc = PAM_OPEN_ERR; /* The PAM return code; intentionally not used as an exit value below. */
180 if (RT_SUCCESS(rc))
181 {
182 char *rhost = NULL;
183 char *tty = NULL;
184 char *prompt = NULL;
185#ifdef RT_OS_SOLARIS
186 pam_get_item(h, PAM_RHOST, (void**) &rhost);
187 pam_get_item(h, PAM_TTY, (void**) &tty);
188 pam_get_item(h, PAM_USER_PROMPT, (void**) &prompt);
189#else
190 pam_get_item(h, PAM_RHOST, (const void**) &rhost);
191 pam_get_item(h, PAM_TTY, (const void**) &tty);
192 pam_get_item(h, PAM_USER_PROMPT, (const void**) &prompt);
193#endif
194 pam_vbox_log(h, "pam_vbox_do_check: rhost=%s, tty=%s, prompt=%s\n",
195 rhost ? rhost : "<none>", tty ? tty : "<none>", prompt ? prompt : "<none>");
196
197 rc = VbglR3CredentialsQueryAvailability();
198 if (RT_FAILURE(rc))
199 {
200 if (rc == VERR_NOT_FOUND)
201 pam_vbox_log(h, "pam_vbox_do_check: no credentials available.\n");
202 else
203 pam_vbox_error(h, "pam_vbox_do_check: could not query for credentials! rc=%Rrc. Aborting.\n", rc);
204 pamrc = PAM_SUCCESS;
205 }
206 else
207 {
208 char *pszUsername;
209 char *pszPassword;
210 char *pszDomain;
211
212 rc = VbglR3CredentialsRetrieve(&pszUsername, &pszPassword, &pszDomain);
213 if (RT_FAILURE(rc))
214 {
215 pam_vbox_error(h, "pam_vbox_do_check: could not retrieve credentials! rc=%Rrc. Aborting.\n", rc);
216 }
217 else
218 {
219 pam_vbox_log(h, "pam_vbox_do_check: credentials retrieved: user=%s, password=%s, domain=%s\n",
220 pszUsername, pszPassword, pszDomain);
221 /* Fill credentials into PAM. */
222 pamrc = pam_set_item(h, PAM_USER, pszUsername);
223 if (pamrc != PAM_SUCCESS)
224 {
225 pam_vbox_error(h, "pam_vbox_do_check: could not set user name! pamrc=%d. Aborting.\n", pamrc);
226 }
227 else
228 {
229 pamrc = pam_set_item(h, PAM_AUTHTOK, pszPassword);
230 if (pamrc != PAM_SUCCESS)
231 pam_vbox_error(h, "pam_vbox_do_check: could not set password! pamrc=%d. Aborting.\n", pamrc);
232 }
233 /** @todo Add handling domains as well. */
234
235 VbglR3CredentialsDestroy(pszUsername, pszPassword, pszDomain,
236 3 /* Three wipe passes */);
237 }
238 }
239 VbglR3Term();
240 } /* VbglR3 init okay */
241
242#if 0 /** @todo implement RTR3Term, or create some hack to force anything containing RTR3Init to stay loaded. */
243 RTR3Term();
244#endif
245
246 pam_vbox_log(h, "pam_vbox_do_check: returned with pamrc=%d, msg=%s\n",
247 pamrc, pam_strerror(h, pamrc));
248
249 /* Never report an error here because if no credentials from the host are available or something
250 * went wrong we then let do the authentication by the next module in the stack. */
251
252 /* We report success here because this is all we can do right now -- we passed the credentials
253 * to the next PAM module in the block above which then might do a shadow (like pam_unix/pam_unix2)
254 * password verification to "really" authenticate the user. */
255 return PAM_SUCCESS;
256}
257
258
259/**
260 * Performs authentication within the PAM framework.
261 *
262 * @todo
263 */
264PAM_EXTERN int pam_sm_authenticate(pam_handle_t *h, int flags,
265 int argc, const char **argv)
266{
267 /* Parse arguments. */
268 for (int i=0; i<argc; i++)
269 {
270 if (!RTStrICmp(argv[i], "debug"))
271 g_verbosity=1;
272 else
273 pam_vbox_error(h, "pam_sm_authenticate: unknown command line argument \"%s\"\n", argv[i]);
274 }
275 pam_vbox_log(h, "pam_vbox_authenticate called.\n");
276
277 /* Do the actual check. */
278 return pam_vbox_do_check(h);
279}
280
281
282/**
283 * Modifies / deletes user credentials
284 *
285 * @todo
286 */
287PAM_EXTERN int pam_sm_setcred(pam_handle_t *h, int flags, int argc, const char **argv)
288{
289 pam_vbox_log(h, "pam_vbox_setcred called.\n");
290 return PAM_SUCCESS;
291}
292
293
294PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *h, int flags, int argc, const char **argv)
295{
296 pam_vbox_log(h, "pam_vbox_acct_mgmt called.\n");
297 return PAM_SUCCESS;
298}
299
300
301PAM_EXTERN int pam_sm_open_session(pam_handle_t *h, int flags, int argc, const char **argv)
302{
303 pam_vbox_log(h, "pam_vbox_open_session called.\n");
304 RTPrintf("This session was provided by VirtualBox Guest Additions. Have a lot of fun!\n");
305 return PAM_SUCCESS;
306}
307
308
309PAM_EXTERN int pam_sm_close_session(pam_handle_t *h, int flags, int argc, const char **argv)
310{
311 pam_vbox_log(h, "pam_vbox_close_session called.\n");
312 return PAM_SUCCESS;
313}
314
315PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *h, int flags, int argc, const char **argv)
316{
317 pam_vbox_log(h, "pam_vbox_sm_chauthtok called.\n");
318 return PAM_SUCCESS;
319}
320
321#ifdef _DEBUG
322DECLEXPORT(void) RTAssertMsg1Weak(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction)
323{
324 pam_vbox_log(g_pam_handle,
325 "\n!!Assertion Failed!!\n"
326 "Expression: %s\n"
327 "Location : %s(%d) %s\n",
328 pszExpr, pszFile, uLine, pszFunction);
329 RTAssertMsg1(pszExpr, uLine, pszFile, pszFunction);
330}
331#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette