1 /*
2 * Copyright (C) 2008, 2010 Red Hat, Inc.
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General
15 * Public License along with this library; if not, write to the
16 * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
17 * Boston, MA 02111-1307, USA.
18 *
19 * Author: David Zeuthen <davidz@redhat.com>
20 */
21
22 #include "config.h"
23 #include "polkitagenthelperprivate.h"
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <unistd.h>
29 #include <sys/types.h>
30 #include <sys/stat.h>
31 #include <syslog.h>
32 #include <security/pam_appl.h>
33
34 #include <polkit/polkit.h>
35
36 static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
37
38 static void
send_to_helper(const gchar * str1,const gchar * str2)39 send_to_helper (const gchar *str1,
40 const gchar *str2)
41 {
42 char *escaped;
43 char *tmp2;
44 size_t len2;
45
46 tmp2 = g_strdup(str2);
47 len2 = strlen(tmp2);
48 #ifdef PAH_DEBUG
49 fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1);
50 #endif /* PAH_DEBUG */
51 fprintf (stdout, "%s ", str1);
52
53 if (len2 > 0 && tmp2[len2 - 1] == '\n')
54 tmp2[len2 - 1] = '\0';
55 escaped = g_strescape (tmp2, NULL);
56 #ifdef PAH_DEBUG
57 fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped);
58 #endif /* PAH_DEBUG */
59 fprintf (stdout, "%s", escaped);
60 #ifdef PAH_DEBUG
61 fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n");
62 #endif /* PAH_DEBUG */
63 fputc ('\n', stdout);
64 #ifdef PAH_DEBUG
65 fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n");
66 #endif /* PAH_DEBUG */
67 fflush (stdout);
68
69 g_free (escaped);
70 g_free (tmp2);
71 }
72
73 int
main(int argc,char * argv[])74 main (int argc, char *argv[])
75 {
76 int rc;
77 const char *user_to_auth;
78 char *cookie = NULL;
79 struct pam_conv pam_conversation;
80 pam_handle_t *pam_h;
81 const void *authed_user;
82
83 rc = 0;
84 pam_h = NULL;
85
86 /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
87 if (_polkit_clearenv () != 0)
88 goto error;
89
90 /* set a minimal environment */
91 setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
92
93 /* check that we are setuid root */
94 if (geteuid () != 0)
95 {
96 gchar *s;
97
98 fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
99
100 /* Special-case a very common error triggered in jhbuild setups */
101 s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]);
102 send_to_helper ("PAM_ERROR_MSG", s);
103 g_free (s);
104 goto error;
105 }
106
107 openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
108
109 /* check for correct invocation */
110 if (!(argc == 2 || argc == 3))
111 {
112 syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
113 fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
114 goto error;
115 }
116
117 user_to_auth = argv[1];
118
119 cookie = read_cookie (argc, argv);
120 if (!cookie)
121 goto error;
122
123 if (getuid () != 0)
124 {
125 /* check we're running with a non-tty stdin */
126 if (isatty (STDIN_FILENO) != 0)
127 {
128 syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
129 fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
130 goto error;
131 }
132 }
133
134 #ifdef PAH_DEBUG
135 fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
136 #endif /* PAH_DEBUG */
137
138 pam_conversation.conv = conversation_function;
139 pam_conversation.appdata_ptr = NULL;
140
141 /* start the pam stack */
142 rc = pam_start ("polkit-1",
143 user_to_auth,
144 &pam_conversation,
145 &pam_h);
146 if (rc != PAM_SUCCESS)
147 {
148 fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
149 goto error;
150 }
151
152 /* set the requesting user */
153 rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
154 if (rc != PAM_SUCCESS)
155 {
156 fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
157 goto error;
158 }
159
160 /* is user really user? */
161 rc = pam_authenticate (pam_h, 0);
162 if (rc != PAM_SUCCESS)
163 {
164 const char *err;
165 err = pam_strerror (pam_h, rc);
166 fprintf (stderr, "polkit-agent-helper-1: pam_authenticate failed: %s\n", err);
167 goto error;
168 }
169
170 /* permitted access? */
171 rc = pam_acct_mgmt (pam_h, 0);
172 if (rc != PAM_SUCCESS)
173 {
174 const char *err;
175 err = pam_strerror (pam_h, rc);
176 fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", err);
177 goto error;
178 }
179
180 /* did we auth the right user? */
181 rc = pam_get_item (pam_h, PAM_USER, &authed_user);
182 if (rc != PAM_SUCCESS)
183 {
184 const char *err;
185 err = pam_strerror (pam_h, rc);
186 fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", err);
187 goto error;
188 }
189
190 if (strcmp (authed_user, user_to_auth) != 0)
191 {
192 fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
193 user_to_auth, (const char *) authed_user);
194 goto error;
195 }
196
197 #ifdef PAH_DEBUG
198 fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
199 #endif /* PAH_DEBUG */
200
201 pam_end (pam_h, rc);
202 pam_h = NULL;
203
204 #ifdef PAH_DEBUG
205 fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
206 #endif /* PAH_DEBUG */
207
208 /* now send a D-Bus message to the PolicyKit daemon that
209 * includes a) the cookie; and b) the user we authenticated
210 */
211 if (!send_dbus_message (cookie, user_to_auth))
212 {
213 #ifdef PAH_DEBUG
214 fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
215 #endif /* PAH_DEBUG */
216 goto error;
217 }
218
219 free (cookie);
220
221 #ifdef PAH_DEBUG
222 fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
223 #endif /* PAH_DEBUG */
224
225 fprintf (stdout, "SUCCESS\n");
226 flush_and_wait();
227 return 0;
228
229 error:
230 free (cookie);
231 if (pam_h != NULL)
232 pam_end (pam_h, rc);
233
234 fprintf (stdout, "FAILURE\n");
235 flush_and_wait();
236 return 1;
237 }
238
239 static int
conversation_function(int n,const struct pam_message ** msg,struct pam_response ** resp,void * data)240 conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
241 {
242 struct pam_response *aresp;
243 char buf[PAM_MAX_RESP_SIZE];
244 int i;
245
246 (void)data;
247 if (n <= 0 || n > PAM_MAX_NUM_MSG)
248 return PAM_CONV_ERR;
249
250 if ((aresp = calloc(n, sizeof *aresp)) == NULL)
251 return PAM_BUF_ERR;
252
253 for (i = 0; i < n; ++i)
254 {
255 aresp[i].resp_retcode = 0;
256 aresp[i].resp = NULL;
257 switch (msg[i]->msg_style)
258 {
259
260 case PAM_PROMPT_ECHO_OFF:
261 send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg);
262 goto conv1;
263
264 case PAM_PROMPT_ECHO_ON:
265 send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg);
266
267 conv1:
268 if (fgets (buf, sizeof buf, stdin) == NULL)
269 goto error;
270
271 if (strlen (buf) > 0 &&
272 buf[strlen (buf) - 1] == '\n')
273 buf[strlen (buf) - 1] = '\0';
274
275 aresp[i].resp = strdup (buf);
276 if (aresp[i].resp == NULL)
277 goto error;
278 break;
279
280 case PAM_ERROR_MSG:
281 send_to_helper ("PAM_ERROR_MSG", msg[i]->msg);
282 break;
283
284 case PAM_TEXT_INFO:
285 send_to_helper ("PAM_TEXT_INFO", msg[i]->msg);
286 break;
287
288 default:
289 goto error;
290 }
291 }
292
293 *resp = aresp;
294 return PAM_SUCCESS;
295
296 error:
297
298 for (i = 0; i < n; ++i)
299 {
300 if (aresp[i].resp != NULL) {
301 memset (aresp[i].resp, 0, strlen(aresp[i].resp));
302 free (aresp[i].resp);
303 }
304 }
305 memset (aresp, 0, n * sizeof *aresp);
306 free (aresp);
307 *resp = NULL;
308 return PAM_CONV_ERR;
309 }
310