1 | /* $Id: pam_vbox.cpp 82968 2020-02-04 10:35:17Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * pam_vbox - PAM module for auto logons.
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2008-2020 Oracle Corporation
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox Open Source Edition (OSE), as
|
---|
10 | * available from http://www.virtualbox.org. This file is free software;
|
---|
11 | * you can redistribute it and/or modify it under the terms of the GNU
|
---|
12 | * General Public License (GPL) as published by the Free Software
|
---|
13 | * Foundation, in version 2 as it comes in the "COPYING" file of the
|
---|
14 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
|
---|
15 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
|
---|
16 | */
|
---|
17 |
|
---|
18 |
|
---|
19 | /*********************************************************************************************************************************
|
---|
20 | * Header Files *
|
---|
21 | *********************************************************************************************************************************/
|
---|
22 | #define PAM_SM_AUTH
|
---|
23 | #define PAM_SM_ACCOUNT
|
---|
24 | #define PAM_SM_PASSWORD
|
---|
25 | #define PAM_SM_SESSION
|
---|
26 |
|
---|
27 | #ifdef DEBUG
|
---|
28 | # define PAM_DEBUG
|
---|
29 | #endif
|
---|
30 |
|
---|
31 | #include <security/pam_appl.h>
|
---|
32 | #ifdef RT_OS_LINUX
|
---|
33 | # include <security/_pam_macros.h>
|
---|
34 | #endif
|
---|
35 |
|
---|
36 | #include <pwd.h>
|
---|
37 | #include <syslog.h>
|
---|
38 | #include <stdlib.h>
|
---|
39 |
|
---|
40 | #include <iprt/assert.h>
|
---|
41 | #include <iprt/buildconfig.h>
|
---|
42 | #include <iprt/env.h>
|
---|
43 | #include <iprt/initterm.h>
|
---|
44 | #include <iprt/mem.h>
|
---|
45 | #include <iprt/stream.h>
|
---|
46 | #include <iprt/string.h>
|
---|
47 | #include <iprt/thread.h>
|
---|
48 | #include <iprt/time.h>
|
---|
49 |
|
---|
50 | #include <VBox/VBoxGuestLib.h>
|
---|
51 |
|
---|
52 | #include <VBox/log.h>
|
---|
53 | #ifdef VBOX_WITH_GUEST_PROPS
|
---|
54 | # include <VBox/HostServices/GuestPropertySvc.h>
|
---|
55 | #endif
|
---|
56 |
|
---|
57 | #define VBOX_MODULE_NAME "pam_vbox"
|
---|
58 |
|
---|
59 | #define VBOX_PAM_FLAG_SILENT "PAM_SILENT"
|
---|
60 | #define VBOX_PAM_FLAG_DISALLOW_NULL_AUTHTOK "PAM_DISALLOW_NULL_AUTHTOK"
|
---|
61 | #define VBOX_PAM_FLAG_ESTABLISH_CRED "PAM_ESTABLISH_CRED"
|
---|
62 | #define VBOX_PAM_FLAG_DELETE_CRED "PAM_DELETE_CRED"
|
---|
63 | #define VBOX_PAM_FLAG_REINITIALIZE_CRED "PAM_REINITIALIZE_CRED"
|
---|
64 | #define VBOX_PAM_FLAG_REFRESH_CRED "PAM_REFRESH_CRED"
|
---|
65 |
|
---|
66 | RT_C_DECLS_BEGIN
|
---|
67 | RTDECL(int) pam_sm_authenticate(pam_handle_t *hPAM, int iFlags, int argc, const char **argv);
|
---|
68 | RTDECL(int) pam_sm_setcred(pam_handle_t *hPAM, int iFlags, int argc, const char **argv);
|
---|
69 | RTDECL(int) pam_sm_acct_mgmt(pam_handle_t *hPAM, int iFlags, int argc, const char **argv);
|
---|
70 | RTDECL(int) pam_sm_open_session(pam_handle_t *hPAM, int iFlags, int argc, const char **argv);
|
---|
71 | RTDECL(int) pam_sm_close_session(pam_handle_t *hPAM, int iFlags, int argc, const char **argv);
|
---|
72 | RTDECL(int) pam_sm_chauthtok(pam_handle_t *hPAM, int iFlags, int argc, const char **argv);
|
---|
73 | RT_C_DECLS_END
|
---|
74 |
|
---|
75 | /** For debugging. */
|
---|
76 | #ifdef DEBUG
|
---|
77 | static pam_handle_t *g_pam_handle;
|
---|
78 | static int g_verbosity = 99;
|
---|
79 | #else
|
---|
80 | static int g_verbosity = 0;
|
---|
81 | #endif
|
---|
82 |
|
---|
83 | /**
|
---|
84 | * User-provided thread data for the credentials waiting thread.
|
---|
85 | */
|
---|
86 | typedef struct PAMVBOXTHREAD
|
---|
87 | {
|
---|
88 | /** The PAM handle. */
|
---|
89 | pam_handle_t *hPAM;
|
---|
90 | /** The timeout (in ms) to wait for credentials. */
|
---|
91 | uint32_t uTimeoutMS;
|
---|
92 | /** The overall result of the thread operation. */
|
---|
93 | int rc;
|
---|
94 | } PAMVBOXTHREAD, *PPAMVBOXTHREAD;
|
---|
95 |
|
---|
96 | /**
|
---|
97 | * Write to system log.
|
---|
98 | *
|
---|
99 | * @param pszBuf Buffer to write to the log (NULL-terminated)
|
---|
100 | */
|
---|
101 | static void pam_vbox_writesyslog(char *pszBuf)
|
---|
102 | {
|
---|
103 | #ifdef RT_OS_LINUX
|
---|
104 | openlog("pam_vbox", LOG_PID, LOG_AUTHPRIV);
|
---|
105 | syslog(LOG_ERR, "%s", pszBuf);
|
---|
106 | closelog();
|
---|
107 | #elif defined(RT_OS_SOLARIS)
|
---|
108 | syslog(LOG_ERR, "pam_vbox: %s\n", pszBuf);
|
---|
109 | #endif
|
---|
110 | }
|
---|
111 |
|
---|
112 |
|
---|
113 | /**
|
---|
114 | * Displays an error message.
|
---|
115 | *
|
---|
116 | * @param hPAM PAM handle.
|
---|
117 | * @param pszFormat The message text.
|
---|
118 | * @param ... Format arguments.
|
---|
119 | */
|
---|
120 | static void pam_vbox_error(pam_handle_t *hPAM, const char *pszFormat, ...)
|
---|
121 | {
|
---|
122 | RT_NOREF1(hPAM);
|
---|
123 | va_list va;
|
---|
124 | char *buf;
|
---|
125 | va_start(va, pszFormat);
|
---|
126 | if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
|
---|
127 | {
|
---|
128 | LogRel(("%s: Error: %s", VBOX_MODULE_NAME, buf));
|
---|
129 | pam_vbox_writesyslog(buf);
|
---|
130 | RTStrFree(buf);
|
---|
131 | }
|
---|
132 | va_end(va);
|
---|
133 | }
|
---|
134 |
|
---|
135 |
|
---|
136 | /**
|
---|
137 | * Displays a debug message.
|
---|
138 | *
|
---|
139 | * @param hPAM PAM handle.
|
---|
140 | * @param pszFormat The message text.
|
---|
141 | * @param ... Format arguments.
|
---|
142 | */
|
---|
143 | static void pam_vbox_log(pam_handle_t *hPAM, const char *pszFormat, ...)
|
---|
144 | {
|
---|
145 | RT_NOREF1(hPAM);
|
---|
146 | if (g_verbosity)
|
---|
147 | {
|
---|
148 | va_list va;
|
---|
149 | char *buf;
|
---|
150 | va_start(va, pszFormat);
|
---|
151 | if (RT_SUCCESS(RTStrAPrintfV(&buf, pszFormat, va)))
|
---|
152 | {
|
---|
153 | /* Only do normal logging in debug mode; could contain
|
---|
154 | * sensitive data! */
|
---|
155 | LogRel(("%s: %s", VBOX_MODULE_NAME, buf));
|
---|
156 | /* Log to syslog */
|
---|
157 | pam_vbox_writesyslog(buf);
|
---|
158 | RTStrFree(buf);
|
---|
159 | }
|
---|
160 | va_end(va);
|
---|
161 | }
|
---|
162 | }
|
---|
163 |
|
---|
164 |
|
---|
165 | /**
|
---|
166 | * Sets a message using PAM's conversation function.
|
---|
167 | *
|
---|
168 | * @return IPRT status code.
|
---|
169 | * @param hPAM PAM handle.
|
---|
170 | * @param iStyle Style of message (0 = Information, 1 = Prompt
|
---|
171 | * echo off, 2 = Prompt echo on, 3 = Error).
|
---|
172 | * @param pszText Message text to set.
|
---|
173 | */
|
---|
174 | static int vbox_set_msg(pam_handle_t *hPAM, int iStyle, const char *pszText)
|
---|
175 | {
|
---|
176 | AssertPtrReturn(hPAM, VERR_INVALID_POINTER);
|
---|
177 | AssertPtrReturn(pszText, VERR_INVALID_POINTER);
|
---|
178 |
|
---|
179 | if (!iStyle)
|
---|
180 | iStyle = PAM_TEXT_INFO;
|
---|
181 |
|
---|
182 | int rc = VINF_SUCCESS;
|
---|
183 |
|
---|
184 | pam_message msg;
|
---|
185 | msg.msg_style = iStyle;
|
---|
186 | #ifdef RT_OS_SOLARIS
|
---|
187 | msg.msg = (char*)pszText;
|
---|
188 | #else
|
---|
189 | msg.msg = pszText;
|
---|
190 | #endif
|
---|
191 |
|
---|
192 | #ifdef RT_OS_SOLARIS
|
---|
193 | pam_conv *conv = NULL;
|
---|
194 | int pamrc = pam_get_item(hPAM, PAM_CONV, (void **)&conv);
|
---|
195 | #else
|
---|
196 | const pam_conv *conv = NULL;
|
---|
197 | int pamrc = pam_get_item(hPAM, PAM_CONV, (const void **)&conv);
|
---|
198 | #endif
|
---|
199 | if ( pamrc == PAM_SUCCESS
|
---|
200 | && conv)
|
---|
201 | {
|
---|
202 | pam_response *resp = NULL;
|
---|
203 | #ifdef RT_OS_SOLARIS
|
---|
204 | pam_message *msg_p = &msg;
|
---|
205 | #else
|
---|
206 | const pam_message *msg_p = &msg;
|
---|
207 | #endif
|
---|
208 | pam_vbox_log(hPAM, "Showing message \"%s\" (type %d)", pszText, iStyle);
|
---|
209 |
|
---|
210 | pamrc = conv->conv(1 /* One message only */, &msg_p, &resp, conv->appdata_ptr);
|
---|
211 | if (resp != NULL) /* If we use PAM_TEXT_INFO we never will get something back! */
|
---|
212 | {
|
---|
213 | if (resp->resp)
|
---|
214 | {
|
---|
215 | pam_vbox_log(hPAM, "Response to message \"%s\" was \"%s\"",
|
---|
216 | pszText, resp->resp);
|
---|
217 | /** @todo Save response! */
|
---|
218 | free(resp->resp);
|
---|
219 | }
|
---|
220 | free(resp);
|
---|
221 | }
|
---|
222 | }
|
---|
223 | else
|
---|
224 | rc = VERR_NOT_FOUND;
|
---|
225 | return rc;
|
---|
226 | }
|
---|
227 |
|
---|
228 |
|
---|
229 | /**
|
---|
230 | * Initializes pam_vbox.
|
---|
231 | *
|
---|
232 | * @return IPRT status code.
|
---|
233 | * @param hPAM PAM handle.
|
---|
234 | */
|
---|
235 | static int pam_vbox_init(pam_handle_t *hPAM)
|
---|
236 | {
|
---|
237 | #ifdef DEBUG
|
---|
238 | g_pam_handle = hPAM; /* hack for getting assertion text */
|
---|
239 | #endif
|
---|
240 |
|
---|
241 | /* Don't make assertions panic because the PAM stack +
|
---|
242 | * the current logon module won't work anymore (or just restart).
|
---|
243 | * This could result in not able to log into the system anymore. */
|
---|
244 | RTAssertSetMayPanic(false);
|
---|
245 |
|
---|
246 | pam_vbox_log(hPAM, "pam_vbox: %sr%s, running on %s\n",
|
---|
247 | RTBldCfgVersion(), RTBldCfgRevisionStr(), RTBldCfgTargetArch());
|
---|
248 |
|
---|
249 | int rc = RTR3InitDll(0);
|
---|
250 | if (RT_FAILURE(rc))
|
---|
251 | {
|
---|
252 | pam_vbox_error(hPAM, "pam_vbox_init: could not init runtime! rc=%Rrc. Aborting\n", rc);
|
---|
253 | return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
|
---|
254 | }
|
---|
255 |
|
---|
256 | pam_vbox_log(hPAM, "pam_vbox_init: runtime initialized\n");
|
---|
257 | if (RT_SUCCESS(rc))
|
---|
258 | {
|
---|
259 | rc = VbglR3InitUser();
|
---|
260 | if (RT_FAILURE(rc))
|
---|
261 | {
|
---|
262 | switch(rc)
|
---|
263 | {
|
---|
264 | case VERR_ACCESS_DENIED:
|
---|
265 | pam_vbox_error(hPAM, "pam_vbox_init: access is denied to guest driver! Please make sure you run with sufficient rights. Aborting\n");
|
---|
266 | break;
|
---|
267 |
|
---|
268 | case VERR_FILE_NOT_FOUND:
|
---|
269 | pam_vbox_error(hPAM, "pam_vbox_init: guest driver not found! Guest Additions installed? Aborting\n");
|
---|
270 | break;
|
---|
271 |
|
---|
272 | default:
|
---|
273 | pam_vbox_error(hPAM, "pam_vbox_init: could not init VbglR3 library! rc=%Rrc. Aborting\n", rc);
|
---|
274 | break;
|
---|
275 | }
|
---|
276 | }
|
---|
277 | pam_vbox_log(hPAM, "pam_vbox_init: guest lib initialized\n");
|
---|
278 | }
|
---|
279 |
|
---|
280 | if (RT_SUCCESS(rc))
|
---|
281 | {
|
---|
282 | char *rhost = NULL;
|
---|
283 | char *tty = NULL;
|
---|
284 | char *prompt = NULL;
|
---|
285 | #ifdef RT_OS_SOLARIS
|
---|
286 | pam_get_item(hPAM, PAM_RHOST, (void**) &rhost);
|
---|
287 | pam_get_item(hPAM, PAM_TTY, (void**) &tty);
|
---|
288 | pam_get_item(hPAM, PAM_USER_PROMPT, (void**) &prompt);
|
---|
289 | #else
|
---|
290 | pam_get_item(hPAM, PAM_RHOST, (const void**) &rhost);
|
---|
291 | pam_get_item(hPAM, PAM_TTY, (const void**) &tty);
|
---|
292 | pam_get_item(hPAM, PAM_USER_PROMPT, (const void**) &prompt);
|
---|
293 | #endif
|
---|
294 | pam_vbox_log(hPAM, "pam_vbox_init: rhost=%s, tty=%s, prompt=%s\n",
|
---|
295 | rhost ? rhost : "<none>", tty ? tty : "<none>", prompt ? prompt : "<none>");
|
---|
296 | }
|
---|
297 |
|
---|
298 | return rc;
|
---|
299 | }
|
---|
300 |
|
---|
301 |
|
---|
302 | /**
|
---|
303 | * Shuts down pam_vbox.
|
---|
304 | *
|
---|
305 | * @return IPRT status code.
|
---|
306 | * @param hPAM PAM handle.
|
---|
307 | */
|
---|
308 | static void pam_vbox_shutdown(pam_handle_t *hPAM)
|
---|
309 | {
|
---|
310 | RT_NOREF1(hPAM);
|
---|
311 | VbglR3Term();
|
---|
312 | }
|
---|
313 |
|
---|
314 |
|
---|
315 | /**
|
---|
316 | * Checks for credentials provided by the host / HGCM.
|
---|
317 | *
|
---|
318 | * @return IPRT status code. VERR_NOT_FOUND if no credentials are available,
|
---|
319 | * VINF_SUCCESS on successful retrieval or another IPRT error.
|
---|
320 | * @param hPAM PAM handle.
|
---|
321 | */
|
---|
322 | static int pam_vbox_check_creds(pam_handle_t *hPAM)
|
---|
323 | {
|
---|
324 | int rc = VbglR3CredentialsQueryAvailability();
|
---|
325 | if (RT_FAILURE(rc))
|
---|
326 | {
|
---|
327 | if (rc != VERR_NOT_FOUND)
|
---|
328 | pam_vbox_error(hPAM, "pam_vbox_check_creds: could not query for credentials! rc=%Rrc. Aborting\n", rc);
|
---|
329 | #ifdef DEBUG
|
---|
330 | else
|
---|
331 | pam_vbox_log(hPAM, "pam_vbox_check_creds: no credentials available\n");
|
---|
332 | #endif
|
---|
333 | }
|
---|
334 | else
|
---|
335 | {
|
---|
336 | char *pszUsername;
|
---|
337 | char *pszPassword;
|
---|
338 | char *pszDomain;
|
---|
339 |
|
---|
340 | rc = VbglR3CredentialsRetrieve(&pszUsername, &pszPassword, &pszDomain);
|
---|
341 | if (RT_FAILURE(rc))
|
---|
342 | {
|
---|
343 | pam_vbox_error(hPAM, "pam_vbox_check_creds: could not retrieve credentials! rc=%Rrc. Aborting\n", rc);
|
---|
344 | }
|
---|
345 | else
|
---|
346 | {
|
---|
347 | #ifdef DEBUG
|
---|
348 | pam_vbox_log(hPAM, "pam_vbox_check_creds: credentials retrieved: user=%s, password=%s, domain=%s\n",
|
---|
349 | pszUsername, pszPassword, pszDomain);
|
---|
350 | #else
|
---|
351 | /* Don't log passwords in release mode! */
|
---|
352 | pam_vbox_log(hPAM, "pam_vbox_check_creds: credentials retrieved: user=%s, password=XXX, domain=%s\n",
|
---|
353 | pszUsername, pszDomain);
|
---|
354 | #endif
|
---|
355 | /* Fill credentials into PAM. */
|
---|
356 | int pamrc = pam_set_item(hPAM, PAM_USER, pszUsername);
|
---|
357 | if (pamrc != PAM_SUCCESS)
|
---|
358 | {
|
---|
359 | pam_vbox_error(hPAM, "pam_vbox_check_creds: could not set user name! pamrc=%d, msg=%s. Aborting\n",
|
---|
360 | pamrc, pam_strerror(hPAM, pamrc));
|
---|
361 | }
|
---|
362 | else
|
---|
363 | {
|
---|
364 | pamrc = pam_set_item(hPAM, PAM_AUTHTOK, pszPassword);
|
---|
365 | if (pamrc != PAM_SUCCESS)
|
---|
366 | pam_vbox_error(hPAM, "pam_vbox_check_creds: could not set password! pamrc=%d, msg=%s. Aborting\n",
|
---|
367 | pamrc, pam_strerror(hPAM, pamrc));
|
---|
368 |
|
---|
369 | }
|
---|
370 | /** @todo Add handling domains as well. */
|
---|
371 | VbglR3CredentialsDestroy(pszUsername, pszPassword, pszDomain,
|
---|
372 | 3 /* Three wipe passes */);
|
---|
373 | pam_vbox_log(hPAM, "pam_vbox_check_creds: returned with pamrc=%d, msg=%s\n",
|
---|
374 | pamrc, pam_strerror(hPAM, pamrc));
|
---|
375 | }
|
---|
376 | }
|
---|
377 |
|
---|
378 | #ifdef DEBUG
|
---|
379 | pam_vbox_log(hPAM, "pam_vbox_check_creds: returned with rc=%Rrc\n", rc);
|
---|
380 | #endif
|
---|
381 | return rc;
|
---|
382 | }
|
---|
383 |
|
---|
384 |
|
---|
385 | #ifdef VBOX_WITH_GUEST_PROPS
|
---|
386 | /**
|
---|
387 | * Reads a guest property.
|
---|
388 | *
|
---|
389 | * @return IPRT status code.
|
---|
390 | * @param hPAM PAM handle.
|
---|
391 | * @param uClientID Guest property service client ID.
|
---|
392 | * @param pszKey Key (name) of guest property to read.
|
---|
393 | * @param fReadOnly Indicates whether this key needs to be
|
---|
394 | * checked if it only can be read (and *not* written)
|
---|
395 | * by the guest.
|
---|
396 | * @param pszValue Buffer where to store the key's value.
|
---|
397 | * @param cbValue Size of buffer (in bytes).
|
---|
398 | */
|
---|
399 | static int pam_vbox_read_prop(pam_handle_t *hPAM, uint32_t uClientID,
|
---|
400 | const char *pszKey, bool fReadOnly,
|
---|
401 | char *pszValue, size_t cbValue)
|
---|
402 | {
|
---|
403 | AssertPtrReturn(hPAM, VERR_INVALID_POINTER);
|
---|
404 | AssertReturn(uClientID, VERR_INVALID_PARAMETER);
|
---|
405 | AssertPtrReturn(pszKey, VERR_INVALID_POINTER);
|
---|
406 | AssertPtrReturn(pszValue, VERR_INVALID_POINTER);
|
---|
407 |
|
---|
408 | int rc;
|
---|
409 |
|
---|
410 | uint64_t u64Timestamp = 0;
|
---|
411 | char *pszValTemp;
|
---|
412 | char *pszFlags = NULL;
|
---|
413 | /* The buffer for storing the data and its initial size. We leave a bit
|
---|
414 | * of space here in case the maximum values are raised. */
|
---|
415 | void *pvBuf = NULL;
|
---|
416 | uint32_t cbBuf = GUEST_PROP_MAX_VALUE_LEN + GUEST_PROP_MAX_FLAGS_LEN + _1K;
|
---|
417 |
|
---|
418 | /* Because there is a race condition between our reading the size of a
|
---|
419 | * property and the guest updating it, we loop a few times here and
|
---|
420 | * hope. Actually this should never go wrong, as we are generous
|
---|
421 | * enough with buffer space. */
|
---|
422 | for (unsigned i = 0; i < 10; i++)
|
---|
423 | {
|
---|
424 | void *pvTmpBuf = RTMemRealloc(pvBuf, cbBuf);
|
---|
425 | if (pvTmpBuf)
|
---|
426 | {
|
---|
427 | pvBuf = pvTmpBuf;
|
---|
428 | rc = VbglR3GuestPropRead(uClientID, pszKey, pvBuf, cbBuf,
|
---|
429 | &pszValTemp, &u64Timestamp, &pszFlags,
|
---|
430 | &cbBuf);
|
---|
431 | }
|
---|
432 | else
|
---|
433 | rc = VERR_NO_MEMORY;
|
---|
434 |
|
---|
435 | switch (rc)
|
---|
436 | {
|
---|
437 | case VERR_BUFFER_OVERFLOW:
|
---|
438 | {
|
---|
439 | /* Buffer too small, try it with a bigger one next time. */
|
---|
440 | cbBuf += _1K;
|
---|
441 | continue; /* Try next round. */
|
---|
442 | }
|
---|
443 |
|
---|
444 | default:
|
---|
445 | break;
|
---|
446 | }
|
---|
447 |
|
---|
448 | /* Everything except VERR_BUFFER_OVERLOW makes us bail out ... */
|
---|
449 | break;
|
---|
450 | }
|
---|
451 |
|
---|
452 | if (RT_SUCCESS(rc))
|
---|
453 | {
|
---|
454 | /* Check security bits. */
|
---|
455 | if (pszFlags)
|
---|
456 | {
|
---|
457 | if ( fReadOnly
|
---|
458 | && !RTStrStr(pszFlags, "RDONLYGUEST"))
|
---|
459 | {
|
---|
460 | /* If we want a property which is read-only on the guest
|
---|
461 | * and it is *not* marked as such, deny access! */
|
---|
462 | pam_vbox_error(hPAM, "pam_vbox_read_prop: key \"%s\" should be read-only on guest but it is not\n",
|
---|
463 | pszKey);
|
---|
464 | rc = VERR_ACCESS_DENIED;
|
---|
465 | }
|
---|
466 | }
|
---|
467 | else /* No flags, no access! */
|
---|
468 | {
|
---|
469 | pam_vbox_error(hPAM, "pam_vbox_read_prop: key \"%s\" contains no/wrong flags (%s)\n",
|
---|
470 | pszKey, pszFlags);
|
---|
471 | rc = VERR_ACCESS_DENIED;
|
---|
472 | }
|
---|
473 |
|
---|
474 | if (RT_SUCCESS(rc))
|
---|
475 | {
|
---|
476 | /* If everything went well copy property value to our destination buffer. */
|
---|
477 | if (!RTStrPrintf(pszValue, cbValue, "%s", pszValTemp))
|
---|
478 | {
|
---|
479 | pam_vbox_error(hPAM, "pam_vbox_read_prop: could not store value of key \"%s\"\n",
|
---|
480 | pszKey);
|
---|
481 | rc = VERR_INVALID_PARAMETER;
|
---|
482 | }
|
---|
483 |
|
---|
484 | if (RT_SUCCESS(rc))
|
---|
485 | pam_vbox_log(hPAM, "pam_vbox_read_prop: read key \"%s\"=\"%s\"\n",
|
---|
486 | pszKey, pszValue);
|
---|
487 | }
|
---|
488 | }
|
---|
489 |
|
---|
490 | pam_vbox_log(hPAM, "pam_vbox_read_prop: read key \"%s\" with rc=%Rrc\n",
|
---|
491 | pszKey, rc);
|
---|
492 | return rc;
|
---|
493 | }
|
---|
494 |
|
---|
495 |
|
---|
496 | /**
|
---|
497 | * Waits for a guest property to be changed.
|
---|
498 | *
|
---|
499 | * @return IPRT status code.
|
---|
500 | * @param hPAM PAM handle.
|
---|
501 | * @param uClientID Guest property service client ID.
|
---|
502 | * @param pszKey Key (name) of guest property to wait for.
|
---|
503 | * @param uTimeoutMS Timeout (in ms) to wait for the change. Specify
|
---|
504 | * RT_INDEFINITE_WAIT to wait indefinitly.
|
---|
505 | */
|
---|
506 | static int pam_vbox_wait_prop(pam_handle_t *hPAM, uint32_t uClientID,
|
---|
507 | const char *pszKey, uint32_t uTimeoutMS)
|
---|
508 | {
|
---|
509 | AssertPtrReturn(hPAM, VERR_INVALID_POINTER);
|
---|
510 | AssertReturn(uClientID, VERR_INVALID_PARAMETER);
|
---|
511 | AssertPtrReturn(pszKey, VERR_INVALID_POINTER);
|
---|
512 |
|
---|
513 | int rc;
|
---|
514 |
|
---|
515 | /* The buffer for storing the data and its initial size. We leave a bit
|
---|
516 | * of space here in case the maximum values are raised. */
|
---|
517 | void *pvBuf = NULL;
|
---|
518 | uint32_t cbBuf = GUEST_PROP_MAX_NAME_LEN + GUEST_PROP_MAX_VALUE_LEN + GUEST_PROP_MAX_FLAGS_LEN + _1K;
|
---|
519 |
|
---|
520 | for (int i = 0; i < 10; i++)
|
---|
521 | {
|
---|
522 | void *pvTmpBuf = RTMemRealloc(pvBuf, cbBuf);
|
---|
523 | if (pvTmpBuf)
|
---|
524 | {
|
---|
525 | char *pszName = NULL;
|
---|
526 | char *pszValue = NULL;
|
---|
527 | uint64_t u64TimestampOut = 0;
|
---|
528 | char *pszFlags = NULL;
|
---|
529 |
|
---|
530 | pvBuf = pvTmpBuf;
|
---|
531 | rc = VbglR3GuestPropWait(uClientID, pszKey, pvBuf, cbBuf,
|
---|
532 | 0 /* Last timestamp; just wait for next event */, uTimeoutMS,
|
---|
533 | &pszName, &pszValue, &u64TimestampOut,
|
---|
534 | &pszFlags, &cbBuf);
|
---|
535 | }
|
---|
536 | else
|
---|
537 | rc = VERR_NO_MEMORY;
|
---|
538 |
|
---|
539 | if (rc == VERR_BUFFER_OVERFLOW)
|
---|
540 | {
|
---|
541 | /* Buffer too small, try it with a bigger one next time. */
|
---|
542 | cbBuf += _1K;
|
---|
543 | continue; /* Try next round. */
|
---|
544 | }
|
---|
545 |
|
---|
546 | /* Everything except VERR_BUFFER_OVERLOW makes us bail out ... */
|
---|
547 | break;
|
---|
548 | }
|
---|
549 |
|
---|
550 | return rc;
|
---|
551 | }
|
---|
552 | #endif
|
---|
553 |
|
---|
554 | /**
|
---|
555 | * Thread function waiting for credentials to arrive.
|
---|
556 | *
|
---|
557 | * @return IPRT status code.
|
---|
558 | * @param hThreadSelf Thread handle.
|
---|
559 | * @param pvUser Pointer to a PAMVBOXTHREAD structure providing
|
---|
560 | * required data used / set by the thread.
|
---|
561 | */
|
---|
562 | static DECLCALLBACK(int) pam_vbox_wait_thread(RTTHREAD hThreadSelf, void *pvUser)
|
---|
563 | {
|
---|
564 | RT_NOREF1(hThreadSelf);
|
---|
565 | PPAMVBOXTHREAD pUserData = (PPAMVBOXTHREAD)pvUser;
|
---|
566 | AssertPtr(pUserData);
|
---|
567 |
|
---|
568 | int rc = VINF_SUCCESS;
|
---|
569 | /* Get current time stamp to later calculate rest of timeout left. */
|
---|
570 | uint64_t u64StartMS = RTTimeMilliTS();
|
---|
571 |
|
---|
572 | #ifdef VBOX_WITH_GUEST_PROPS
|
---|
573 | uint32_t uClientID = 0;
|
---|
574 | rc = VbglR3GuestPropConnect(&uClientID);
|
---|
575 | if (RT_FAILURE(rc))
|
---|
576 | {
|
---|
577 | pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: Unable to connect to guest property service, rc=%Rrc\n", rc);
|
---|
578 | }
|
---|
579 | else
|
---|
580 | {
|
---|
581 | pam_vbox_log(pUserData->hPAM, "pam_vbox_wait_thread: clientID=%u\n", uClientID);
|
---|
582 | #endif
|
---|
583 | for (;;)
|
---|
584 | {
|
---|
585 | #ifdef VBOX_WITH_GUEST_PROPS
|
---|
586 | if (uClientID)
|
---|
587 | {
|
---|
588 | rc = pam_vbox_wait_prop(pUserData->hPAM, uClientID,
|
---|
589 | "/VirtualBox/GuestAdd/PAM/CredsWaitAbort",
|
---|
590 | 500 /* Wait 500ms, same as VBoxGINA/VBoxCredProv. */);
|
---|
591 | switch (rc)
|
---|
592 | {
|
---|
593 | case VINF_SUCCESS:
|
---|
594 | /* Somebody (guest/host) wants to abort waiting for credentials. */
|
---|
595 | break;
|
---|
596 |
|
---|
597 | case VERR_INTERRUPTED:
|
---|
598 | pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: The abort notification request timed out or was interrupted\n");
|
---|
599 | break;
|
---|
600 |
|
---|
601 | case VERR_TIMEOUT:
|
---|
602 | /* We did not receive an abort message within time. */
|
---|
603 | break;
|
---|
604 |
|
---|
605 | case VERR_TOO_MUCH_DATA:
|
---|
606 | pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: Temporarily unable to get abort notification\n");
|
---|
607 | break;
|
---|
608 |
|
---|
609 | default:
|
---|
610 | pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: The abort notification request failed with rc=%Rrc\n", rc);
|
---|
611 | break;
|
---|
612 | }
|
---|
613 |
|
---|
614 | if (RT_SUCCESS(rc)) /* Abort waiting. */
|
---|
615 | {
|
---|
616 | pam_vbox_log(pUserData->hPAM, "pam_vbox_wait_thread: Got notification to abort waiting\n");
|
---|
617 | rc = VERR_CANCELLED;
|
---|
618 | break;
|
---|
619 | }
|
---|
620 | }
|
---|
621 | #endif
|
---|
622 | if ( RT_SUCCESS(rc)
|
---|
623 | || rc == VERR_TIMEOUT)
|
---|
624 | {
|
---|
625 | rc = pam_vbox_check_creds(pUserData->hPAM);
|
---|
626 | if (RT_SUCCESS(rc))
|
---|
627 | {
|
---|
628 | /* Credentials retrieved. */
|
---|
629 | break; /* Thread no longer is required, bail out. */
|
---|
630 | }
|
---|
631 | else if (rc == VERR_NOT_FOUND)
|
---|
632 | {
|
---|
633 | /* No credentials found, but try next round (if there's
|
---|
634 | * time left for) ... */
|
---|
635 | #ifndef VBOX_WITH_GUEST_PROPS
|
---|
636 | RTThreadSleep(500); /* Wait 500 ms. */
|
---|
637 | #endif
|
---|
638 | }
|
---|
639 | else
|
---|
640 | break; /* Something bad happend ... */
|
---|
641 | }
|
---|
642 | else
|
---|
643 | break;
|
---|
644 |
|
---|
645 | /* Calculate timeout value left after process has been started. */
|
---|
646 | uint64_t u64Elapsed = RTTimeMilliTS() - u64StartMS;
|
---|
647 | /* Is it time to bail out? */
|
---|
648 | if (pUserData->uTimeoutMS < u64Elapsed)
|
---|
649 | {
|
---|
650 | pam_vbox_log(pUserData->hPAM, "pam_vbox_wait_thread: Waiting thread has reached timeout (%dms), exiting ...\n",
|
---|
651 | pUserData->uTimeoutMS);
|
---|
652 | rc = VERR_TIMEOUT;
|
---|
653 | break;
|
---|
654 | }
|
---|
655 | }
|
---|
656 | #ifdef VBOX_WITH_GUEST_PROPS
|
---|
657 | }
|
---|
658 | VbglR3GuestPropDisconnect(uClientID);
|
---|
659 | #endif
|
---|
660 |
|
---|
661 | /* Save result. */
|
---|
662 | pUserData->rc = rc; /** @todo Use ASMAtomicXXX? */
|
---|
663 |
|
---|
664 | int rc2 = RTThreadUserSignal(RTThreadSelf());
|
---|
665 | AssertRC(rc2);
|
---|
666 |
|
---|
667 | pam_vbox_log(pUserData->hPAM, "pam_vbox_wait_thread: Waiting thread returned with rc=%Rrc\n", rc);
|
---|
668 | return rc;
|
---|
669 | }
|
---|
670 |
|
---|
671 |
|
---|
672 | /**
|
---|
673 | * Waits for credentials to arrive by creating and waiting for a thread.
|
---|
674 | *
|
---|
675 | * @return IPRT status code.
|
---|
676 | * @param hPAM PAM handle.
|
---|
677 | * @param uClientID Guest property service client ID.
|
---|
678 | * @param uTimeoutMS Timeout (in ms) to wait for the change. Specify
|
---|
679 | * RT_INDEFINITE_WAIT to wait indefinitly.
|
---|
680 | */
|
---|
681 | static int pam_vbox_wait_for_creds(pam_handle_t *hPAM, uint32_t uClientID, uint32_t uTimeoutMS)
|
---|
682 | {
|
---|
683 | RT_NOREF1(uClientID);
|
---|
684 | PAMVBOXTHREAD threadData;
|
---|
685 | threadData.hPAM = hPAM;
|
---|
686 | threadData.uTimeoutMS = uTimeoutMS;
|
---|
687 |
|
---|
688 | RTTHREAD threadWait;
|
---|
689 | int rc = RTThreadCreate(&threadWait, pam_vbox_wait_thread,
|
---|
690 | (void *)&threadData, 0,
|
---|
691 | RTTHREADTYPE_DEFAULT, 0 /* Flags */, "pam_vbox");
|
---|
692 | if (RT_SUCCESS(rc))
|
---|
693 | {
|
---|
694 | pam_vbox_log(hPAM, "pam_vbox_wait_for_creds: Waiting for credentials (%dms) ...\n", uTimeoutMS);
|
---|
695 | /* Wait for thread to initialize. */
|
---|
696 | /** @todo We can do something else here in the meantime later. */
|
---|
697 | rc = RTThreadUserWait(threadWait, RT_INDEFINITE_WAIT);
|
---|
698 | if (RT_SUCCESS(rc))
|
---|
699 | rc = threadData.rc; /* Get back thread result to take further actions. */
|
---|
700 | }
|
---|
701 | else
|
---|
702 | pam_vbox_error(hPAM, "pam_vbox_wait_for_creds: Creating thread failed with rc=%Rrc\n", rc);
|
---|
703 |
|
---|
704 | pam_vbox_log(hPAM, "pam_vbox_wait_for_creds: Waiting for credentials returned with rc=%Rrc\n", rc);
|
---|
705 | return rc;
|
---|
706 | }
|
---|
707 |
|
---|
708 |
|
---|
709 | DECLEXPORT(int) pam_sm_authenticate(pam_handle_t *hPAM, int iFlags, int argc, const char **argv)
|
---|
710 | {
|
---|
711 | RT_NOREF1(iFlags);
|
---|
712 |
|
---|
713 | /* Parse arguments. */
|
---|
714 | for (int i = 0; i < argc; i++)
|
---|
715 | {
|
---|
716 | if (!RTStrICmp(argv[i], "debug"))
|
---|
717 | g_verbosity = 1;
|
---|
718 | else
|
---|
719 | pam_vbox_error(hPAM, "pam_vbox_authenticate: unknown command line argument \"%s\"\n", argv[i]);
|
---|
720 | }
|
---|
721 | pam_vbox_log(hPAM, "pam_vbox_authenticate called\n");
|
---|
722 |
|
---|
723 | int rc = pam_vbox_init(hPAM);
|
---|
724 | if (RT_FAILURE(rc))
|
---|
725 | return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
|
---|
726 |
|
---|
727 | bool fFallback = true;
|
---|
728 |
|
---|
729 | #ifdef VBOX_WITH_GUEST_PROPS
|
---|
730 | uint32_t uClientId;
|
---|
731 | rc = VbglR3GuestPropConnect(&uClientId);
|
---|
732 | if (RT_SUCCESS(rc))
|
---|
733 | {
|
---|
734 | char szVal[256];
|
---|
735 | rc = pam_vbox_read_prop(hPAM, uClientId,
|
---|
736 | "/VirtualBox/GuestAdd/PAM/CredsWait",
|
---|
737 | true /* Read-only on guest */,
|
---|
738 | szVal, sizeof(szVal));
|
---|
739 | if (RT_SUCCESS(rc))
|
---|
740 | {
|
---|
741 | /* All calls which are checked against rc2 are not critical, e.g. it does
|
---|
742 | * not matter if they succeed or not. */
|
---|
743 | uint32_t uTimeoutMS = RT_INDEFINITE_WAIT; /* Wait infinite by default. */
|
---|
744 | int rc2 = pam_vbox_read_prop(hPAM, uClientId,
|
---|
745 | "/VirtualBox/GuestAdd/PAM/CredsWaitTimeout",
|
---|
746 | true /* Read-only on guest */,
|
---|
747 | szVal, sizeof(szVal));
|
---|
748 | if (RT_SUCCESS(rc2))
|
---|
749 | {
|
---|
750 | uTimeoutMS = RTStrToUInt32(szVal);
|
---|
751 | if (!uTimeoutMS)
|
---|
752 | {
|
---|
753 | pam_vbox_error(hPAM, "pam_vbox_authenticate: invalid waiting timeout value specified, defaulting to infinite timeout\n");
|
---|
754 | uTimeoutMS = RT_INDEFINITE_WAIT;
|
---|
755 | }
|
---|
756 | else
|
---|
757 | uTimeoutMS = uTimeoutMS * 1000; /* Make ms out of s. */
|
---|
758 | }
|
---|
759 |
|
---|
760 | rc2 = pam_vbox_read_prop(hPAM, uClientId,
|
---|
761 | "/VirtualBox/GuestAdd/PAM/CredsMsgWaiting",
|
---|
762 | true /* Read-only on guest */,
|
---|
763 | szVal, sizeof(szVal));
|
---|
764 | const char *pszWaitMsg = NULL;
|
---|
765 | if (RT_SUCCESS(rc2))
|
---|
766 | pszWaitMsg = szVal;
|
---|
767 |
|
---|
768 | rc2 = vbox_set_msg(hPAM, 0 /* Info message */,
|
---|
769 | pszWaitMsg ? pszWaitMsg : "Waiting for credentials ...");
|
---|
770 | if (RT_FAILURE(rc2)) /* Not critical. */
|
---|
771 | pam_vbox_error(hPAM, "pam_vbox_authenticate: error setting waiting information message, rc=%Rrc\n", rc2);
|
---|
772 |
|
---|
773 | if (RT_SUCCESS(rc))
|
---|
774 | {
|
---|
775 | /* Before we actuall wait for credentials just make sure we didn't already get credentials
|
---|
776 | * set so that we can skip waiting for them ... */
|
---|
777 | rc = pam_vbox_check_creds(hPAM);
|
---|
778 | if (rc == VERR_NOT_FOUND)
|
---|
779 | {
|
---|
780 | rc = pam_vbox_wait_for_creds(hPAM, uClientId, uTimeoutMS);
|
---|
781 | if (rc == VERR_TIMEOUT)
|
---|
782 | {
|
---|
783 | pam_vbox_log(hPAM, "pam_vbox_authenticate: no credentials given within time\n");
|
---|
784 |
|
---|
785 | rc2 = pam_vbox_read_prop(hPAM, uClientId,
|
---|
786 | "/VirtualBox/GuestAdd/PAM/CredsMsgWaitTimeout",
|
---|
787 | true /* Read-only on guest */,
|
---|
788 | szVal, sizeof(szVal));
|
---|
789 | if (RT_SUCCESS(rc2))
|
---|
790 | {
|
---|
791 | rc2 = vbox_set_msg(hPAM, 0 /* Info message */, szVal);
|
---|
792 | AssertRC(rc2);
|
---|
793 | }
|
---|
794 | }
|
---|
795 | else if (rc == VERR_CANCELLED)
|
---|
796 | {
|
---|
797 | pam_vbox_log(hPAM, "pam_vbox_authenticate: waiting aborted\n");
|
---|
798 |
|
---|
799 | rc2 = pam_vbox_read_prop(hPAM, uClientId,
|
---|
800 | "/VirtualBox/GuestAdd/PAM/CredsMsgWaitAbort",
|
---|
801 | true /* Read-only on guest */,
|
---|
802 | szVal, sizeof(szVal));
|
---|
803 | if (RT_SUCCESS(rc2))
|
---|
804 | {
|
---|
805 | rc2 = vbox_set_msg(hPAM, 0 /* Info message */, szVal);
|
---|
806 | AssertRC(rc2);
|
---|
807 | }
|
---|
808 | }
|
---|
809 | }
|
---|
810 |
|
---|
811 | /* If we got here we don't need the fallback, so just deactivate it. */
|
---|
812 | fFallback = false;
|
---|
813 | }
|
---|
814 | }
|
---|
815 |
|
---|
816 | VbglR3GuestPropDisconnect(uClientId);
|
---|
817 | }
|
---|
818 | #endif /* VBOX_WITH_GUEST_PROPS */
|
---|
819 |
|
---|
820 | if (fFallback)
|
---|
821 | {
|
---|
822 | pam_vbox_log(hPAM, "pam_vbox_authenticate: falling back to old method\n");
|
---|
823 |
|
---|
824 | /* If anything went wrong in the code above we just do a credentials
|
---|
825 | * check like it was before: Try retrieving the stuff and authenticating. */
|
---|
826 | int rc2 = pam_vbox_check_creds(hPAM);
|
---|
827 | if (RT_SUCCESS(rc))
|
---|
828 | rc = rc2;
|
---|
829 | }
|
---|
830 |
|
---|
831 | pam_vbox_shutdown(hPAM);
|
---|
832 |
|
---|
833 | pam_vbox_log(hPAM, "pam_vbox_authenticate: overall result rc=%Rrc\n", rc);
|
---|
834 |
|
---|
835 | /* Never report an error here because if no credentials from the host are available or something
|
---|
836 | * went wrong we then let do the authentication by the next module in the stack. */
|
---|
837 |
|
---|
838 | /* We report success here because this is all we can do right now -- we passed the credentials
|
---|
839 | * to the next PAM module in the block above which then might do a shadow (like pam_unix/pam_unix2)
|
---|
840 | * password verification to "really" authenticate the user. */
|
---|
841 | return PAM_SUCCESS;
|
---|
842 | }
|
---|
843 |
|
---|
844 |
|
---|
845 | DECLEXPORT(int) pam_sm_setcred(pam_handle_t *hPAM, int iFlags, int argc, const char **argv)
|
---|
846 | {
|
---|
847 | pam_vbox_log(hPAM, "pam_vbox_setcred called, iFlags=0x%x\n", iFlags);
|
---|
848 | for (int i = 0; i < argc; i++)
|
---|
849 | pam_vbox_log(hPAM, "pam_vbox_setcred: argv[%d] = %s\n", i, argv[i]);
|
---|
850 | return PAM_SUCCESS;
|
---|
851 | }
|
---|
852 |
|
---|
853 |
|
---|
854 | DECLEXPORT(int) pam_sm_acct_mgmt(pam_handle_t *hPAM, int iFlags, int argc, const char **argv)
|
---|
855 | {
|
---|
856 | RT_NOREF3(iFlags, argc, argv);
|
---|
857 | pam_vbox_log(hPAM, "pam_vbox_acct_mgmt called\n");
|
---|
858 | return PAM_SUCCESS;
|
---|
859 | }
|
---|
860 |
|
---|
861 |
|
---|
862 | DECLEXPORT(int) pam_sm_open_session(pam_handle_t *hPAM, int iFlags, int argc, const char **argv)
|
---|
863 | {
|
---|
864 | RT_NOREF3(iFlags, argc, argv);
|
---|
865 | pam_vbox_log(hPAM, "pam_vbox_open_session called\n");
|
---|
866 | RTPrintf("This session was provided by VirtualBox Guest Additions. Have a lot of fun!\n");
|
---|
867 | return PAM_SUCCESS;
|
---|
868 | }
|
---|
869 |
|
---|
870 |
|
---|
871 | DECLEXPORT(int) pam_sm_close_session(pam_handle_t *hPAM, int iFlags, int argc, const char **argv)
|
---|
872 | {
|
---|
873 | RT_NOREF3(iFlags, argc, argv);
|
---|
874 | pam_vbox_log(hPAM, "pam_vbox_close_session called\n");
|
---|
875 | return PAM_SUCCESS;
|
---|
876 | }
|
---|
877 |
|
---|
878 |
|
---|
879 | DECLEXPORT(int) pam_sm_chauthtok(pam_handle_t *hPAM, int iFlags, int argc, const char **argv)
|
---|
880 | {
|
---|
881 | RT_NOREF3(iFlags, argc, argv);
|
---|
882 | pam_vbox_log(hPAM, "pam_vbox_sm_chauthtok called\n");
|
---|
883 | return PAM_SUCCESS;
|
---|
884 | }
|
---|
885 |
|
---|
886 |
|
---|
887 | #ifdef DEBUG
|
---|
888 | DECLEXPORT(void) RTAssertMsg1Weak(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction)
|
---|
889 | {
|
---|
890 | pam_vbox_log(g_pam_handle,
|
---|
891 | "\n!!Assertion Failed!!\n"
|
---|
892 | "Expression: %s\n"
|
---|
893 | "Location : %s(%d) %s\n",
|
---|
894 | pszExpr, pszFile, uLine, pszFunction);
|
---|
895 | RTAssertMsg1(pszExpr, uLine, pszFile, pszFunction);
|
---|
896 | }
|
---|
897 | #endif
|
---|
898 |
|
---|