/* $Id$ */
/** @file
* pam_vbox - PAM module for auto logons.
*/
/*
* Copyright (C) 2008-2012 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*/
/*******************************************************************************
* Header Files *
*******************************************************************************/
#define PAM_SM_AUTH
#define PAM_SM_ACCOUNT
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION
#ifdef DEBUG
# define PAM_DEBUG
#endif
#include <security/pam_appl.h>
#ifdef RT_OS_LINUX
# include <security/_pam_macros.h>
#endif
#include <pwd.h>
#include <syslog.h>
#include <stdlib.h>
#include <iprt/buildconfig.h>
#include <iprt/initterm.h>
#include <VBox/VBoxGuestLib.h>
#ifdef VBOX_WITH_GUEST_PROPS
using namespace guestProp;
#endif
/** For debugging. */
#ifdef DEBUG
#else
static int g_verbosity = 0;
#endif
/**
* User-provided thread data for the credentials waiting thread.
*/
typedef struct PAMVBOXTHREAD
{
/** The PAM handle. */
/** The timeout (in ms) to wait for credentials. */
/** The overall result of the thread operation. */
int rc;
/**
* Write to system log.
*
* @param pszBuf Buffer to write to the log (NULL-terminated)
*/
{
#ifdef RT_OS_LINUX
closelog();
#elif defined(RT_OS_SOLARIS)
#endif
}
/**
* Displays an error message.
*
* @param pszFormat The message text.
* @param ... Format arguments.
*/
{
char *buf;
{
}
}
/**
* Displays a debug message.
*
* @param pszFormat The message text.
* @param ... Format arguments.
*/
{
if (g_verbosity)
{
char *buf;
{
/* Only do normal logging in debug mode; could contain
* sensitive data! */
/* Log to syslog */
}
}
}
/**
* Sets a message using PAM's conversation function.
*
* @return IPRT status code.
* @param hPAM PAM handle.
* @param iStyle Style of message (0 = Information, 1 = Prompt
* echo off, 2 = Prompt echo on, 3 = Error).
* @param pszText Message text to set.
*/
{
if (!iStyle)
#ifdef RT_OS_SOLARIS
#else
#endif
#ifdef RT_OS_SOLARIS
#else
#endif
if ( pamrc == PAM_SUCCESS
&& conv)
{
#ifdef RT_OS_SOLARIS
#else
#endif
{
{
/** @todo Save response! */
}
}
}
else
rc = VERR_NOT_FOUND;
return rc;
}
/**
* Initializes pam_vbox.
*
* @return IPRT status code.
* @param hPAM PAM handle.
*/
{
#ifdef DEBUG
#endif
/* Don't make assertions panic because the PAM stack +
* the current logon module won't work anymore (or just restart).
* This could result in not able to log into the system anymore. */
RTAssertSetMayPanic(false);
if (RT_FAILURE(rc))
{
return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
}
if (RT_SUCCESS(rc))
{
rc = VbglR3InitUser();
if (RT_FAILURE(rc))
{
switch(rc)
{
case VERR_ACCESS_DENIED:
pam_vbox_error(hPAM, "pam_vbox_init: access is denied to guest driver! Please make sure you run with sufficient rights. Aborting\n");
break;
case VERR_FILE_NOT_FOUND:
pam_vbox_error(hPAM, "pam_vbox_init: guest driver not found! Guest Additions installed? Aborting\n");
break;
default:
break;
}
}
}
if (RT_SUCCESS(rc))
{
#ifdef RT_OS_SOLARIS
#else
#endif
}
return rc;
}
/**
* Shuts down pam_vbox.
*
* @return IPRT status code.
* @param hPAM PAM handle.
*/
{
VbglR3Term();
}
/**
* Checks for credentials provided by the host / HGCM.
*
* @return IPRT status code. VERR_NOT_FOUND if no credentials are available,
* VINF_SUCCESS on successful retrieval or another IPRT error.
* @param hPAM PAM handle.
*/
{
if (RT_FAILURE(rc))
{
if (rc != VERR_NOT_FOUND)
pam_vbox_error(hPAM, "pam_vbox_check_creds: could not query for credentials! rc=%Rrc. Aborting\n", rc);
#ifdef DEBUG
else
#endif
}
else
{
char *pszUsername;
char *pszPassword;
char *pszDomain;
if (RT_FAILURE(rc))
{
pam_vbox_error(hPAM, "pam_vbox_check_creds: could not retrieve credentials! rc=%Rrc. Aborting\n", rc);
}
else
{
#ifdef DEBUG
pam_vbox_log(hPAM, "pam_vbox_check_creds: credentials retrieved: user=%s, password=%s, domain=%s\n",
#else
/* Don't log passwords in release mode! */
pam_vbox_log(hPAM, "pam_vbox_check_creds: credentials retrieved: user=%s, password=XXX, domain=%s\n",
#endif
/* Fill credentials into PAM. */
if (pamrc != PAM_SUCCESS)
{
}
else
{
if (pamrc != PAM_SUCCESS)
}
/** @todo Add handling domains as well. */
3 /* Three wipe passes */);
}
}
#ifdef DEBUG
#endif
return rc;
}
#ifdef VBOX_WITH_GUEST_PROPS
/**
* Reads a guest property.
*
* @return IPRT status code.
* @param hPAM PAM handle.
* @param uClientID Guest property service client ID.
* @param pszKey Key (name) of guest property to read.
* @param fReadOnly Indicates whether this key needs to be
* checked if it only can be read (and *not* written)
* by the guest.
* @param pszValue Buffer where to store the key's value.
* @param cbValue Size of buffer (in bytes).
*/
{
int rc;
char *pszValTemp;
/* The buffer for storing the data and its initial size. We leave a bit
* of space here in case the maximum values are raised. */
/* Because there is a race condition between our reading the size of a
* property and the guest updating it, we loop a few times here and
* hope. Actually this should never go wrong, as we are generous
* enough with buffer space. */
for (unsigned i = 0; i < 10; i++)
{
if (pvTmpBuf)
{
&cbBuf);
}
else
rc = VERR_NO_MEMORY;
switch (rc)
{
case VERR_BUFFER_OVERFLOW:
{
/* Buffer too small, try it with a bigger one next time. */
continue; /* Try next round. */
}
default:
break;
}
/* Everything except VERR_BUFFER_OVERLOW makes us bail out ... */
break;
}
if (RT_SUCCESS(rc))
{
/* Check security bits. */
if (pszFlags)
{
if ( fReadOnly
{
/* If we want a property which is read-only on the guest
* and it is *not* marked as such, deny access! */
pszKey);
}
}
else /* No flags, no access! */
{
}
if (RT_SUCCESS(rc))
{
/* If everything went well copy property value to our destination buffer. */
{
pszKey);
}
if (RT_SUCCESS(rc))
}
}
return rc;
}
/**
* Waits for a guest property to be changed.
*
* @return IPRT status code.
* @param hPAM PAM handle.
* @param uClientID Guest property service client ID.
* @param pszKey Key (name) of guest property to wait for.
* @param uTimeoutMS Timeout (in ms) to wait for the change. Specify
* RT_INDEFINITE_WAIT to wait indefinitly.
*/
{
int rc;
/* The buffer for storing the data and its initial size. We leave a bit
* of space here in case the maximum values are raised. */
for (int i = 0; i < 10; i++)
{
if (pvTmpBuf)
{
0 /* Last timestamp; just wait for next event */, uTimeoutMS,
}
else
rc = VERR_NO_MEMORY;
if (rc == VERR_BUFFER_OVERFLOW)
{
/* Buffer too small, try it with a bigger one next time. */
continue; /* Try next round. */
}
/* Everything except VERR_BUFFER_OVERLOW makes us bail out ... */
break;
}
return rc;
}
#endif
/**
* Thread function waiting for credentials to arrive.
*
* @return IPRT status code.
* @param ThreadSelf Thread struct to this thread.
* @param pvUser Pointer to a PAMVBOXTHREAD structure providing
* required data used / set by the thread.
*/
{
/* Get current time stamp to later calculate rest of timeout left. */
#ifdef VBOX_WITH_GUEST_PROPS
if (RT_FAILURE(rc))
{
pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: Unable to connect to guest property service, rc=%Rrc\n", rc);
}
else
{
#endif
for (;;)
{
#ifdef VBOX_WITH_GUEST_PROPS
if (uClientID)
{
500 /* Wait 500ms, same as VBoxGINA/VBoxCredProv. */);
switch (rc)
{
case VINF_SUCCESS:
break;
case VERR_INTERRUPTED:
pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: The abort notification request timed out or was interrupted\n");
break;
case VERR_TIMEOUT:
/* We did not receive an abort message within time. */
break;
case VERR_TOO_MUCH_DATA:
pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: Temporarily unable to get abort notification\n");
break;
default:
pam_vbox_error(pUserData->hPAM, "pam_vbox_wait_thread: The abort notification request failed with rc=%Rrc\n", rc);
break;
}
{
rc = VERR_CANCELLED;
break;
}
}
#endif
if ( RT_SUCCESS(rc)
|| rc == VERR_TIMEOUT)
{
if (RT_SUCCESS(rc))
{
/* Credentials retrieved. */
break; /* Thread no longer is required, bail out. */
}
else if (rc == VERR_NOT_FOUND)
{
/* No credentials found, but try next round (if there's
* time left for) ... */
#ifndef VBOX_WITH_GUEST_PROPS
#endif
}
else
break; /* Something bad happend ... */
}
else
break;
/* Calculate timeout value left after process has been started. */
/* Is it time to bail out? */
{
pam_vbox_log(pUserData->hPAM, "pam_vbox_wait_thread: Waiting thread has reached timeout (%dms), exiting ...\n",
rc = VERR_TIMEOUT;
break;
}
}
#ifdef VBOX_WITH_GUEST_PROPS
}
#endif
/* Save result. */
return rc;
}
/**
* Waits for credentials to arrive by creating and waiting for a thread.
*
* @return IPRT status code.
* @param hPAM PAM handle.
* @param uClientID Guest property service client ID.
* @param pszKey Key (name) of guest property to wait for.
* @param uTimeoutMS Timeout (in ms) to wait for the change. Specify
* RT_INDEFINITE_WAIT to wait indefinitly.
*/
{
(void *)&threadData, 0,
if (RT_SUCCESS(rc))
{
/* Wait for thread to initialize. */
/** @todo We can do something else here in the meantime later. */
if (RT_SUCCESS(rc))
}
else
return rc;
}
{
/* Parse arguments. */
for (int i = 0; i < argc; i++)
{
g_verbosity = 1;
else
}
if (RT_FAILURE(rc))
return PAM_SUCCESS; /* Jump out as early as we can to not mess around. */
bool fFallback = true;
#ifdef VBOX_WITH_GUEST_PROPS
if (RT_SUCCESS(rc))
{
true /* Read-only on guest */,
if (RT_SUCCESS(rc))
{
/* All calls which are checked against rc2 are not critical, e.g. it does
* not matter if they succeed or not. */
true /* Read-only on guest */,
if (RT_SUCCESS(rc2))
{
if (!uTimeoutMS)
{
pam_vbox_error(hPAM, "pam_vbox_authenticate: invalid waiting timeout value specified, defaulting to infinite timeout\n");
}
else
}
true /* Read-only on guest */,
if (RT_SUCCESS(rc2))
pszWaitMsg = szVal;
pam_vbox_error(hPAM, "pam_vbox_authenticate: error setting waiting information message, rc=%Rrc\n", rc2);
if (RT_SUCCESS(rc))
{
/* Before we actuall wait for credentials just make sure we didn't already get credentials
* set so that we can skip waiting for them ... */
if (rc == VERR_NOT_FOUND)
{
if (rc == VERR_TIMEOUT)
{
true /* Read-only on guest */,
if (RT_SUCCESS(rc2))
{
}
}
else if (rc == VERR_CANCELLED)
{
true /* Read-only on guest */,
if (RT_SUCCESS(rc2))
{
}
}
}
/* If we got here we don't need the fallback, so just deactivate it. */
fFallback = false;
}
}
}
#endif /* VBOX_WITH_GUEST_PROPS */
if (fFallback)
{
/* If anything went wrong in the code above we just do a credentials
* check like it was before: Try retrieving the stuff and authenticating. */
if (RT_SUCCESS(rc))
}
/* Never report an error here because if no credentials from the host are available or something
* went wrong we then let do the authentication by the next module in the stack. */
/* We report success here because this is all we can do right now -- we passed the credentials
* password verification to "really" authenticate the user. */
return PAM_SUCCESS;
}
{
for (int i = 0; i < argc; i++)
return PAM_SUCCESS;
}
{
return PAM_SUCCESS;
}
{
RTPrintf("This session was provided by VirtualBox Guest Additions. Have a lot of fun!\n");
return PAM_SUCCESS;
}
{
return PAM_SUCCESS;
}
{
return PAM_SUCCESS;
}
#ifdef DEBUG
DECLEXPORT(void) RTAssertMsg1Weak(const char *pszExpr, unsigned uLine, const char *pszFile, const char *pszFunction)
{
"\n!!Assertion Failed!!\n"
"Expression: %s\n"
"Location : %s(%d) %s\n",
}
#endif