1 /*
2  * Copyright (C) 2008, 2010 Red Hat, Inc.
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General
15  * Public License along with this library; if not, write to the
16  * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
17  * Boston, MA 02111-1307, USA.
18  *
19  * Author: David Zeuthen <davidz@redhat.com>
20  */
21 
22 #include "config.h"
23 #include "polkitagenthelperprivate.h"
24 
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <unistd.h>
29 #include <sys/types.h>
30 #include <sys/stat.h>
31 #include <syslog.h>
32 #include <security/pam_appl.h>
33 
34 #include <polkit/polkit.h>
35 
36 static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
37 
38 static void
send_to_helper(const gchar * str1,const gchar * str2)39 send_to_helper (const gchar *str1,
40                 const gchar *str2)
41 {
42   char *escaped;
43   char *tmp2;
44   size_t len2;
45 
46   tmp2 = g_strdup(str2);
47   len2 = strlen(tmp2);
48 #ifdef PAH_DEBUG
49   fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1);
50 #endif /* PAH_DEBUG */
51   fprintf (stdout, "%s ", str1);
52 
53   if (len2 > 0 && tmp2[len2 - 1] == '\n')
54     tmp2[len2 - 1] = '\0';
55   escaped = g_strescape (tmp2, NULL);
56 #ifdef PAH_DEBUG
57   fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped);
58 #endif /* PAH_DEBUG */
59   fprintf (stdout, "%s", escaped);
60 #ifdef PAH_DEBUG
61   fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n");
62 #endif /* PAH_DEBUG */
63   fputc ('\n', stdout);
64 #ifdef PAH_DEBUG
65   fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n");
66 #endif /* PAH_DEBUG */
67   fflush (stdout);
68 
69   g_free (escaped);
70   g_free (tmp2);
71 }
72 
73 int
main(int argc,char * argv[])74 main (int argc, char *argv[])
75 {
76   int rc;
77   const char *user_to_auth;
78   char *cookie = NULL;
79   struct pam_conv pam_conversation;
80   pam_handle_t *pam_h;
81   const void *authed_user;
82 
83   rc = 0;
84   pam_h = NULL;
85 
86   /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
87   if (_polkit_clearenv () != 0)
88     goto error;
89 
90   /* set a minimal environment */
91   setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
92 
93   /* check that we are setuid root */
94   if (geteuid () != 0)
95     {
96       gchar *s;
97 
98       fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
99 
100       /* Special-case a very common error triggered in jhbuild setups */
101       s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]);
102       send_to_helper ("PAM_ERROR_MSG", s);
103       g_free (s);
104       goto error;
105     }
106 
107   openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
108 
109   /* check for correct invocation */
110   if (!(argc == 2 || argc == 3))
111     {
112       syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
113       fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
114       goto error;
115     }
116 
117   user_to_auth = argv[1];
118 
119   cookie = read_cookie (argc, argv);
120   if (!cookie)
121     goto error;
122 
123   if (getuid () != 0)
124     {
125       /* check we're running with a non-tty stdin */
126       if (isatty (STDIN_FILENO) != 0)
127         {
128           syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
129           fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
130           goto error;
131         }
132     }
133 
134 #ifdef PAH_DEBUG
135   fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
136 #endif /* PAH_DEBUG */
137 
138   pam_conversation.conv        = conversation_function;
139   pam_conversation.appdata_ptr = NULL;
140 
141   /* start the pam stack */
142   rc = pam_start ("polkit-1",
143                   user_to_auth,
144                   &pam_conversation,
145                   &pam_h);
146   if (rc != PAM_SUCCESS)
147     {
148       fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
149       goto error;
150     }
151 
152   /* set the requesting user */
153   rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
154   if (rc != PAM_SUCCESS)
155     {
156       fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
157       goto error;
158     }
159 
160   /* is user really user? */
161   rc = pam_authenticate (pam_h, 0);
162   if (rc != PAM_SUCCESS)
163     {
164       const char *err;
165       err = pam_strerror (pam_h, rc);
166       fprintf (stderr, "polkit-agent-helper-1: pam_authenticate failed: %s\n", err);
167       goto error;
168     }
169 
170   /* permitted access? */
171   rc = pam_acct_mgmt (pam_h, 0);
172   if (rc != PAM_SUCCESS)
173     {
174       const char *err;
175       err = pam_strerror (pam_h, rc);
176       fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", err);
177       goto error;
178     }
179 
180   /* did we auth the right user? */
181   rc = pam_get_item (pam_h, PAM_USER, &authed_user);
182   if (rc != PAM_SUCCESS)
183     {
184       const char *err;
185       err = pam_strerror (pam_h, rc);
186       fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", err);
187       goto error;
188     }
189 
190   if (strcmp (authed_user, user_to_auth) != 0)
191     {
192       fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
193                user_to_auth, (const char *) authed_user);
194       goto error;
195     }
196 
197 #ifdef PAH_DEBUG
198   fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
199 #endif /* PAH_DEBUG */
200 
201   pam_end (pam_h, rc);
202   pam_h = NULL;
203 
204 #ifdef PAH_DEBUG
205   fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
206 #endif /* PAH_DEBUG */
207 
208   /* now send a D-Bus message to the PolicyKit daemon that
209    * includes a) the cookie; and b) the user we authenticated
210    */
211   if (!send_dbus_message (cookie, user_to_auth))
212     {
213 #ifdef PAH_DEBUG
214       fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
215 #endif /* PAH_DEBUG */
216       goto error;
217     }
218 
219   free (cookie);
220 
221 #ifdef PAH_DEBUG
222   fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
223 #endif /* PAH_DEBUG */
224 
225   fprintf (stdout, "SUCCESS\n");
226   flush_and_wait();
227   return 0;
228 
229 error:
230   free (cookie);
231   if (pam_h != NULL)
232     pam_end (pam_h, rc);
233 
234   fprintf (stdout, "FAILURE\n");
235   flush_and_wait();
236   return 1;
237 }
238 
239 static int
conversation_function(int n,const struct pam_message ** msg,struct pam_response ** resp,void * data)240 conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
241 {
242   struct pam_response *aresp;
243   char buf[PAM_MAX_RESP_SIZE];
244   int i;
245 
246   (void)data;
247   if (n <= 0 || n > PAM_MAX_NUM_MSG)
248     return PAM_CONV_ERR;
249 
250   if ((aresp = calloc(n, sizeof *aresp)) == NULL)
251     return PAM_BUF_ERR;
252 
253   for (i = 0; i < n; ++i)
254     {
255       aresp[i].resp_retcode = 0;
256       aresp[i].resp = NULL;
257       switch (msg[i]->msg_style)
258         {
259 
260         case PAM_PROMPT_ECHO_OFF:
261           send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg);
262           goto conv1;
263 
264         case PAM_PROMPT_ECHO_ON:
265           send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg);
266 
267         conv1:
268           if (fgets (buf, sizeof buf, stdin) == NULL)
269             goto error;
270 
271           if (strlen (buf) > 0 &&
272               buf[strlen (buf) - 1] == '\n')
273             buf[strlen (buf) - 1] = '\0';
274 
275           aresp[i].resp = strdup (buf);
276           if (aresp[i].resp == NULL)
277             goto error;
278           break;
279 
280         case PAM_ERROR_MSG:
281           send_to_helper ("PAM_ERROR_MSG", msg[i]->msg);
282           break;
283 
284         case PAM_TEXT_INFO:
285           send_to_helper ("PAM_TEXT_INFO", msg[i]->msg);
286           break;
287 
288         default:
289           goto error;
290         }
291     }
292 
293   *resp = aresp;
294   return PAM_SUCCESS;
295 
296 error:
297 
298   for (i = 0; i < n; ++i)
299     {
300       if (aresp[i].resp != NULL) {
301         memset (aresp[i].resp, 0, strlen(aresp[i].resp));
302         free (aresp[i].resp);
303       }
304     }
305   memset (aresp, 0, n * sizeof *aresp);
306   free (aresp);
307   *resp = NULL;
308   return PAM_CONV_ERR;
309 }
310