1 /*
2 * session.c - PPP session control.
3 *
4 * Copyright (c) 2007 Diego Rivera. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. The name(s) of the authors of this software must not be used to
14 * endorse or promote products derived from this software without
15 * prior written permission.
16 *
17 * 3. Redistributions of any form whatsoever must retain the following
18 * acknowledgment:
19 * "This product includes software developed by Paul Mackerras
20 * <paulus@samba.org>".
21 *
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 *
30 * Derived from auth.c, which is:
31 *
32 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
33 *
34 * Redistribution and use in source and binary forms, with or without
35 * modification, are permitted provided that the following conditions
36 * are met:
37 *
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 *
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in
43 * the documentation and/or other materials provided with the
44 * distribution.
45 *
46 * 3. The name "Carnegie Mellon University" must not be used to
47 * endorse or promote products derived from this software without
48 * prior written permission. For permission or any legal
49 * details, please contact
50 * Office of Technology Transfer
51 * Carnegie Mellon University
52 * 5000 Forbes Avenue
53 * Pittsburgh, PA 15213-3890
54 * (412) 268-4387, fax: (412) 268-7395
55 * tech-transfer@andrew.cmu.edu
56 *
57 * 4. Redistributions of any form whatsoever must retain the following
58 * acknowledgment:
59 * "This product includes software developed by Computing Services
60 * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
61 *
62 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
63 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
64 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
65 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
66 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
67 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
68 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
69 */
70
71 #include <stdio.h>
72 #include <stdlib.h>
73 #include <string.h>
74 #include <pwd.h>
75 #if !defined(__ANDROID__)
76 #include <crypt.h>
77 #endif
78 #ifdef HAS_SHADOW
79 #include <shadow.h>
80 #endif
81 #include <time.h>
82 #include <utmp.h>
83 #include <fcntl.h>
84 #include <unistd.h>
85 #include "pppd.h"
86 #include "session.h"
87
88 #ifdef USE_PAM
89 #include <security/pam_appl.h>
90 #endif /* #ifdef USE_PAM */
91
92 #define SET_MSG(var, msg) if (var != NULL) { var[0] = msg; }
93 #define COPY_STRING(s) ((s) ? strdup(s) : NULL)
94
95 #define SUCCESS_MSG "Session started successfully"
96 #define ABORT_MSG "Session can't be started without a username"
97 #define SERVICE_NAME "ppp"
98
99 #define SESSION_FAILED 0
100 #define SESSION_OK 1
101
102 /* We have successfully started a session */
103 static bool logged_in = 0;
104
105 #ifdef USE_PAM
106 /*
107 * Static variables used to communicate between the conversation function
108 * and the server_login function
109 */
110 static const char *PAM_username;
111 static const char *PAM_password;
112 static int PAM_session = 0;
113 static pam_handle_t *pamh = NULL;
114
115 /* PAM conversation function
116 * Here we assume (for now, at least) that echo on means login name, and
117 * echo off means password.
118 */
119
conversation(int num_msg,const struct pam_message ** msg,struct pam_response ** resp,void * appdata_ptr)120 static int conversation (int num_msg,
121 #ifndef SOL2
122 const
123 #endif
124 struct pam_message **msg,
125 struct pam_response **resp, void *appdata_ptr)
126 {
127 int replies = 0;
128 struct pam_response *reply = NULL;
129
130 reply = malloc(sizeof(struct pam_response) * num_msg);
131 if (!reply) return PAM_CONV_ERR;
132
133 for (replies = 0; replies < num_msg; replies++) {
134 switch (msg[replies]->msg_style) {
135 case PAM_PROMPT_ECHO_ON:
136 reply[replies].resp_retcode = PAM_SUCCESS;
137 reply[replies].resp = COPY_STRING(PAM_username);
138 /* PAM frees resp */
139 break;
140 case PAM_PROMPT_ECHO_OFF:
141 reply[replies].resp_retcode = PAM_SUCCESS;
142 reply[replies].resp = COPY_STRING(PAM_password);
143 /* PAM frees resp */
144 break;
145 case PAM_TEXT_INFO:
146 /* fall through */
147 case PAM_ERROR_MSG:
148 /* ignore it, but pam still wants a NULL response... */
149 reply[replies].resp_retcode = PAM_SUCCESS;
150 reply[replies].resp = NULL;
151 break;
152 default:
153 /* Must be an error of some sort... */
154 free (reply);
155 return PAM_CONV_ERR;
156 }
157 }
158 *resp = reply;
159 return PAM_SUCCESS;
160 }
161
162 static struct pam_conv pam_conv_data = {
163 &conversation,
164 NULL
165 };
166 #endif /* #ifdef USE_PAM */
167
168 int
session_start(flags,user,passwd,ttyName,msg)169 session_start(flags, user, passwd, ttyName, msg)
170 const int flags;
171 const char *user;
172 const char *passwd;
173 const char *ttyName;
174 char **msg;
175 {
176 #ifdef USE_PAM
177 bool ok = 1;
178 const char *usr;
179 int pam_error;
180 bool try_session = 0;
181 #else /* #ifdef USE_PAM */
182 struct passwd *pw;
183 char *cbuf;
184 #ifdef HAS_SHADOW
185 struct spwd *spwd;
186 struct spwd *getspnam();
187 long now = 0;
188 #endif /* #ifdef HAS_SHADOW */
189 #endif /* #ifdef USE_PAM */
190
191 SET_MSG(msg, SUCCESS_MSG);
192
193 /* If no verification is requested, then simply return an OK */
194 if (!(SESS_ALL & flags)) {
195 return SESSION_OK;
196 }
197
198 #if defined(__ANDROID__)
199 return SESSION_FAILED;
200 #endif
201
202 if (user == NULL) {
203 SET_MSG(msg, ABORT_MSG);
204 return SESSION_FAILED;
205 }
206
207 #ifdef USE_PAM
208 /* Find the '\\' in the username */
209 /* This needs to be fixed to support different username schemes */
210 if ((usr = strchr(user, '\\')) == NULL)
211 usr = user;
212 else
213 usr++;
214
215 PAM_session = 0;
216 PAM_username = usr;
217 PAM_password = passwd;
218
219 dbglog("Initializing PAM (%d) for user %s", flags, usr);
220 pam_error = pam_start (SERVICE_NAME, usr, &pam_conv_data, &pamh);
221 dbglog("---> PAM INIT Result = %d", pam_error);
222 ok = (pam_error == PAM_SUCCESS);
223
224 if (ok) {
225 ok = (pam_set_item(pamh, PAM_TTY, ttyName) == PAM_SUCCESS) &&
226 (pam_set_item(pamh, PAM_RHOST, ifname) == PAM_SUCCESS);
227 }
228
229 if (ok && (SESS_AUTH & flags)) {
230 dbglog("Attempting PAM authentication");
231 pam_error = pam_authenticate (pamh, PAM_SILENT);
232 if (pam_error == PAM_SUCCESS) {
233 /* PAM auth was OK */
234 dbglog("PAM Authentication OK for %s", user);
235 } else {
236 /* No matter the reason, we fail because we're authenticating */
237 ok = 0;
238 if (pam_error == PAM_USER_UNKNOWN) {
239 dbglog("User unknown, failing PAM authentication");
240 SET_MSG(msg, "User unknown - cannot authenticate via PAM");
241 } else {
242 /* Any other error means authentication was bad */
243 dbglog("PAM Authentication failed: %d: %s", pam_error,
244 pam_strerror(pamh, pam_error));
245 SET_MSG(msg, (char *) pam_strerror (pamh, pam_error));
246 }
247 }
248 }
249
250 if (ok && (SESS_ACCT & flags)) {
251 dbglog("Attempting PAM account checks");
252 pam_error = pam_acct_mgmt (pamh, PAM_SILENT);
253 if (pam_error == PAM_SUCCESS) {
254 /*
255 * PAM account was OK, set the flag which indicates that we should
256 * try to perform the session checks.
257 */
258 try_session = 1;
259 dbglog("PAM Account OK for %s", user);
260 } else {
261 /*
262 * If the account checks fail, then we should not try to perform
263 * the session check, because they don't make sense.
264 */
265 try_session = 0;
266 if (pam_error == PAM_USER_UNKNOWN) {
267 /*
268 * We're checking the account, so it's ok to not have one
269 * because the user might come from the secrets files, or some
270 * other plugin.
271 */
272 dbglog("User unknown, ignoring PAM restrictions");
273 SET_MSG(msg, "User unknown - ignoring PAM restrictions");
274 } else {
275 /* Any other error means session is rejected */
276 ok = 0;
277 dbglog("PAM Account checks failed: %d: %s", pam_error,
278 pam_strerror(pamh, pam_error));
279 SET_MSG(msg, (char *) pam_strerror (pamh, pam_error));
280 }
281 }
282 }
283
284 if (ok && try_session && (SESS_ACCT & flags)) {
285 /* Only open a session if the user's account was found */
286 pam_error = pam_open_session (pamh, PAM_SILENT);
287 if (pam_error == PAM_SUCCESS) {
288 dbglog("PAM Session opened for user %s", user);
289 PAM_session = 1;
290 } else {
291 dbglog("PAM Session denied for user %s", user);
292 SET_MSG(msg, (char *) pam_strerror (pamh, pam_error));
293 ok = 0;
294 }
295 }
296
297 /* This is needed because apparently the PAM stuff closes the log */
298 reopen_log();
299
300 /* If our PAM checks have already failed, then we must return a failure */
301 if (!ok) return SESSION_FAILED;
302
303 #elif !defined(__ANDROID__) /* #ifdef USE_PAM */
304
305 /*
306 * Use the non-PAM methods directly. 'pw' will remain NULL if the user
307 * has not been authenticated using local UNIX system services.
308 */
309
310 pw = NULL;
311 if ((SESS_AUTH & flags)) {
312 pw = getpwnam(user);
313
314 endpwent();
315 /*
316 * Here, we bail if we have no user account, because there is nothing
317 * to verify against.
318 */
319 if (pw == NULL)
320 return SESSION_FAILED;
321
322 #ifdef HAS_SHADOW
323
324 spwd = getspnam(user);
325 endspent();
326
327 /*
328 * If there is no shadow entry for the user, then we can't verify the
329 * account.
330 */
331 if (spwd == NULL)
332 return SESSION_FAILED;
333
334 /*
335 * We check validity all the time, because if the password has expired,
336 * then clearly we should not authenticate against it (if we're being
337 * called for authentication only). Thus, in this particular instance,
338 * there is no real difference between using the AUTH, SESS or ACCT
339 * flags, or combinations thereof.
340 */
341 now = time(NULL) / 86400L;
342 if ((spwd->sp_expire > 0 && now >= spwd->sp_expire)
343 || ((spwd->sp_max >= 0 && spwd->sp_max < 10000)
344 && spwd->sp_lstchg >= 0
345 && now >= spwd->sp_lstchg + spwd->sp_max)) {
346 warn("Password for %s has expired", user);
347 return SESSION_FAILED;
348 }
349
350 /* We have a valid shadow entry, keep the password */
351 pw->pw_passwd = spwd->sp_pwdp;
352
353 #endif /* #ifdef HAS_SHADOW */
354
355 /*
356 * If no passwd, don't let them login if we're authenticating.
357 */
358 if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
359 return SESSION_FAILED;
360 cbuf = crypt(passwd, pw->pw_passwd);
361 if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)
362 return SESSION_FAILED;
363 }
364
365 #endif /* #ifdef USE_PAM */
366
367 /*
368 * Write a wtmp entry for this user.
369 */
370
371 if (SESS_ACCT & flags) {
372 if (strncmp(ttyName, "/dev/", 5) == 0)
373 ttyName += 5;
374 logwtmp(ttyName, user, ifname); /* Add wtmp login entry */
375 logged_in = 1;
376
377 #if defined(_PATH_LASTLOG) && !defined(USE_PAM)
378 /*
379 * Enter the user in lastlog only if he has been authenticated using
380 * local system services. If he has not, then we don't know what his
381 * UID might be, and lastlog is indexed by UID.
382 */
383 if (pw != NULL) {
384 struct lastlog ll;
385 int fd;
386 time_t tnow;
387
388 if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
389 (void)lseek(fd, (off_t)(pw->pw_uid * sizeof(ll)), SEEK_SET);
390 memset((void *)&ll, 0, sizeof(ll));
391 (void)time(&tnow);
392 ll.ll_time = tnow;
393 (void)strncpy(ll.ll_line, ttyName, sizeof(ll.ll_line));
394 (void)strncpy(ll.ll_host, ifname, sizeof(ll.ll_host));
395 (void)write(fd, (char *)&ll, sizeof(ll));
396 (void)close(fd);
397 }
398 }
399 #endif /* _PATH_LASTLOG and not USE_PAM */
400 info("user %s logged in on tty %s intf %s", user, ttyName, ifname);
401 }
402
403 return SESSION_OK;
404 }
405
406 /*
407 * session_end - Logout the user.
408 */
409 void
session_end(const char * ttyName)410 session_end(const char* ttyName)
411 {
412 #ifdef USE_PAM
413 int pam_error = PAM_SUCCESS;
414
415 if (pamh != NULL) {
416 if (PAM_session) pam_error = pam_close_session (pamh, PAM_SILENT);
417 PAM_session = 0;
418 pam_end (pamh, pam_error);
419 pamh = NULL;
420 /* Apparently the pam stuff does closelog(). */
421 reopen_log();
422 }
423 #endif
424 if (logged_in) {
425 if (strncmp(ttyName, "/dev/", 5) == 0)
426 ttyName += 5;
427 logwtmp(ttyName, "", ""); /* Wipe out utmp logout entry */
428 logged_in = 0;
429 }
430 }
431