VirtualBox

source: vbox/trunk/src/VBox/Additions/common/pam/pam_vbox.cpp@ 28800

Last change on this file since 28800 was 28800, checked in by vboxsync, 15 years ago

Automated rebranding to Oracle copyright/license strings via filemuncher
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 9.9 KB
Line 
1/* $Id: pam_vbox.cpp 28800 2010-04-27 08:22:32Z vboxsync $ */
2/** @file
3 * pam_vbox - PAM module for auto logons.
4 */
5
6/*
7 * Copyright (C) 2008-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18/*******************************************************************************
19* Header Files *
20*******************************************************************************/
21#define PAM_SM_AUTH
22#define PAM_SM_ACCOUNT
23#define PAM_SM_PASSWORD
24#define PAM_SM_SESSION
25
26#ifdef _DEBUG
27 #define PAM_DEBUG
28#endif
29
30#ifdef RT_OS_SOLARIS
31# include <security/pam_appl.h>
32#endif
33#include <security/pam_modules.h>
34#include <security/pam_appl.h>
35#ifdef RT_OS_LINUX
36#include <security/_pam_macros.h>
37#endif
38
39#ifndef PAM_EXTERN
40# define PAM_EXTERN extern
41#endif
42
43#include <pwd.h>
44#include <syslog.h>
45
46#include <iprt/env.h>
47#include <iprt/stream.h>
48#include <iprt/initterm.h>
49#include <iprt/string.h>
50#include <iprt/assert.h>
51#include <VBox/log.h>
52
53#include <VBox/VBoxGuestLib.h>
54
55#define VBOX_MODULE_NAME "pam_vbox"
56
57/** For debugging. */
58#ifdef _DEBUG
59 static pam_handle_t *g_pam_handle;
60 static int g_verbosity = 99;
61#else
62 static int g_verbosity = 0;
63#endif
64
65/**
66 * Write to system log.
67 *
68 * @param pszBuf Buffer to write to the log (NULL-terminated)
69 */
70static void pam_vbox_writesyslog(char *pszBuf)
71{
72#ifdef RT_OS_LINUX
73 openlog("pam_vbox", LOG_PID, LOG_AUTHPRIV);
74 syslog(LOG_ERR, pszBuf);
75 closelog();
76#elif defined(RT_OS_SOLARIS)
77 syslog(LOG_ERR, "pam_vbox: %s\n", pszBuf);
78#endif
79}
80
81
82/**
83 * Displays an error message.
84 *
85 * @param pszFormat The message text.
86 * @param ... Format arguments.
87 */
88static void pam_vbox_error(pam_handle_t *h, const char *pszFormat, ...)
89{
90 va_list va;
91 va_start(va, pszFormat);
92 /** @todo is this NULL terminated? */
93 char *buf;
94 if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
95 {
96 LogRel(("%s: Error: %s", VBOX_MODULE_NAME, buf));
97 pam_vbox_writesyslog(buf);
98 RTStrFree(buf);
99 }
100 va_end(va);
101}
102
103
104/**
105 * Displays a debug message.
106 *
107 * @param pszFormat The message text.
108 * @param ... Format arguments.
109 */
110static void pam_vbox_log(pam_handle_t *h, const char *pszFormat, ...)
111{
112 va_list va;
113 va_start(va, pszFormat);
114 /** @todo is this NULL terminated? */
115 char *buf;
116 if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
117 {
118 if (g_verbosity)
119 {
120 /* Only do normal logging in debug mode; could contain
121 * sensitive data! */
122 LogRel(("%s: %s", VBOX_MODULE_NAME, buf));
123 /* Log to syslog */
124 pam_vbox_writesyslog(buf);
125 }
126 RTStrFree(buf);
127 }
128 va_end(va);
129}
130
131
132int pam_vbox_do_check(pam_handle_t *h)
133{
134#ifdef _DEBUG
135 g_pam_handle = h; /* hack for getting assertion text */
136#endif
137
138 /* Don't make assertions panic because the PAM stack +
139 * the current logon module won't work anymore (or just restart).
140 * This could result in not able to log into the system anymore. */
141 RTAssertSetMayPanic(false);
142
143 int rc = RTR3Init();
144 if (RT_FAILURE(rc))
145 {
146 pam_vbox_error(h, "pam_vbox_do_check: could not init runtime! rc=%Rrc. Aborting.\n", rc);
147 return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
148 }
149
150 pam_vbox_log(h, "pam_vbox_do_check: runtime initialized.\n");
151 if (RT_SUCCESS(rc))
152 {
153 rc = VbglR3InitUser();
154 if (RT_FAILURE(rc))
155 {
156 switch(rc)
157 {
158 case VERR_ACCESS_DENIED:
159 pam_vbox_error(h, "pam_vbox_do_check: access is denied to guest driver! Please make sure you run with sufficient rights. Aborting.\n");
160 break;
161
162 case VERR_FILE_NOT_FOUND:
163 pam_vbox_error(h, "pam_vbox_do_check: guest driver not found! Guest Additions installed? Aborting.\n");
164 break;
165
166 default:
167 pam_vbox_error(h, "pam_vbox_do_check: could not init VbglR3 library! rc=%Rrc. Aborting.\n", rc);
168 break;
169 }
170 return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
171 }
172 pam_vbox_log(h, "pam_vbox_do_check: guest lib initialized.\n");
173 }
174
175 int pamrc = PAM_OPEN_ERR; /* The PAM return code; intentionally not used as an exit value below. */
176 if (RT_SUCCESS(rc))
177 {
178 char *rhost = NULL;
179 char *tty = NULL;
180 char *prompt = NULL;
181#ifdef RT_OS_SOLARIS
182 pam_get_item(h, PAM_RHOST, (void**) &rhost);
183 pam_get_item(h, PAM_TTY, (void**) &tty);
184 pam_get_item(h, PAM_USER_PROMPT, (void**) &prompt);
185#else
186 pam_get_item(h, PAM_RHOST, (const void**) &rhost);
187 pam_get_item(h, PAM_TTY, (const void**) &tty);
188 pam_get_item(h, PAM_USER_PROMPT, (const void**) &prompt);
189#endif
190 pam_vbox_log(h, "pam_vbox_do_check: rhost=%s, tty=%s, prompt=%s\n",
191 rhost ? rhost : "<none>", tty ? tty : "<none>", prompt ? prompt : "<none>");
192
193 rc = VbglR3CredentialsQueryAvailability();
194 if (RT_FAILURE(rc))
195 {
196 if (rc == VERR_NOT_FOUND)
197 pam_vbox_log(h, "pam_vbox_do_check: no credentials available.\n");
198 else
199 pam_vbox_error(h, "pam_vbox_do_check: could not query for credentials! rc=%Rrc. Aborting.\n", rc);
200 pamrc = PAM_SUCCESS;
201 }
202 else
203 {
204 char *pszUsername;
205 char *pszPassword;
206 char *pszDomain;
207
208 rc = VbglR3CredentialsRetrieve(&pszUsername, &pszPassword, &pszDomain);
209 if (RT_FAILURE(rc))
210 {
211 pam_vbox_error(h, "pam_vbox_do_check: could not retrieve credentials! rc=%Rrc. Aborting.\n", rc);
212 }
213 else
214 {
215 pam_vbox_log(h, "pam_vbox_do_check: credentials retrieved: user=%s, password=%s, domain=%s\n",
216 pszUsername, pszPassword, pszDomain);
217 /* Fill credentials into PAM. */
218 pamrc = pam_set_item(h, PAM_USER, pszUsername);
219 if (pamrc != PAM_SUCCESS)
220 {
221 pam_vbox_error(h, "pam_vbox_do_check: could not set user name! pamrc=%d. Aborting.\n", pamrc);
222 }
223 else
224 {
225 pamrc = pam_set_item(h, PAM_AUTHTOK, pszPassword);
226 if (pamrc != PAM_SUCCESS)
227 pam_vbox_error(h, "pam_vbox_do_check: could not set password! pamrc=%d. Aborting.\n", pamrc);
228 }
229 /** @todo Add handling domains as well. */
230
231 VbglR3CredentialsDestroy(pszUsername, pszPassword, pszDomain,
232 3 /* Three wipe passes */);
233 }
234 }
235 VbglR3Term();
236 } /* VbglR3 init okay */
237
238#if 0 /** @todo implement RTR3Term, or create some hack to force anything containing RTR3Init to stay loaded. */
239 RTR3Term();
240#endif
241
242 pam_vbox_log(h, "pam_vbox_do_check: returned with pamrc=%d, msg=%s\n",
243 pamrc, pam_strerror(h, pamrc));
244
245 /* Never report an error here because if no credentials from the host are available or something
246 * went wrong we then let do the authentication by the next module in the stack. */
247
248 /* We report success here because this is all we can do right now -- we passed the credentials
249 * to the next PAM module in the block above which then might do a shadow (like pam_unix/pam_unix2)
250 * password verification to "really" authenticate the user. */
251 return PAM_SUCCESS;
252}
253
254
255/**
256 * Performs authentication within the PAM framework.
257 *
258 * @todo
259 */
260PAM_EXTERN int pam_sm_authenticate(pam_handle_t *h, int flags,
261 int argc, const char **argv)
262{
263 /* Parse arguments. */
264 for (int i=0; i<argc; i++)
265 {
266 if (!RTStrICmp(argv[i], "debug"))
267 g_verbosity=1;
268 else
269 pam_vbox_error(h, "pam_sm_authenticate: unknown command line argument \"%s\"\n", argv[i]);
270 }
271 pam_vbox_log(h, "pam_vbox_authenticate called.\n");
272
273 /* Do the actual check. */
274 return pam_vbox_do_check(h);
275}
276
277
278/**
279 * Modifies / deletes user credentials
280 *
281 * @todo
282 */
283PAM_EXTERN int pam_sm_setcred(pam_handle_t *h, int flags, int argc, const char **argv)
284{
285 pam_vbox_log(h, "pam_vbox_setcred called.\n");
286 return PAM_SUCCESS;
287}
288
289
290PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *h, int flags, int argc, const char **argv)
291{
292 pam_vbox_log(h, "pam_vbox_acct_mgmt called.\n");
293 return PAM_SUCCESS;
294}
295
296
297PAM_EXTERN int pam_sm_open_session(pam_handle_t *h, int flags, int argc, const char **argv)
298{
299 pam_vbox_log(h, "pam_vbox_open_session called.\n");
300 RTPrintf("This session was provided by VirtualBox Guest Additions. Have a lot of fun!\n");
301 return PAM_SUCCESS;
302}
303
304
305PAM_EXTERN int pam_sm_close_session(pam_handle_t *h, int flags, int argc, const char **argv)
306{
307 pam_vbox_log(h, "pam_vbox_close_session called.\n");
308 return PAM_SUCCESS;
309}
310
311PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *h, int flags, int argc, const char **argv)
312{
313 pam_vbox_log(h, "pam_vbox_sm_chauthtok called.\n");
314 return PAM_SUCCESS;
315}
316
317#ifdef _DEBUG
318DECLEXPORT(void) RTAssertMsg1Weak(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction)
319{
320 pam_vbox_log(g_pam_handle,
321 "\n!!Assertion Failed!!\n"
322 "Expression: %s\n"
323 "Location : %s(%d) %s\n",
324 pszExpr, pszFile, uLine, pszFunction);
325 RTAssertMsg1(pszExpr, uLine, pszFile, pszFunction);
326}
327#endif
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette