2 Unix SMB/CIFS implementation.
3 session handling for utmp and PAM
5 Copyright (C) tridge@samba.org 2001
6 Copyright (C) abartlet@samba.org 2001
7 Copyright (C) Gerald (Jerry) Carter 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* a "session" is claimed when we do a SessionSetupX operation
24 and is yielded when the corresponding vuid is destroyed.
26 sessions are used to populate utmp and PAM session structures
31 /********************************************************************
32 ********************************************************************/
34 static struct db_context *session_db_ctx(void)
36 static struct db_context *ctx;
41 ctx = db_open(NULL, lock_path("sessionid.tdb"), 0,
42 TDB_CLEAR_IF_FIRST|TDB_DEFAULT,
43 O_RDWR | O_CREAT, 0644);
47 bool session_init(void)
49 if (session_db_ctx() == NULL) {
50 DEBUG(1,("session_init: failed to open sessionid tdb\n"));
57 /********************************************************************
58 called when a session is created
59 ********************************************************************/
61 bool session_claim(user_struct *vuser)
65 struct sessionid sessionid;
66 struct server_id pid = procid_self();
68 const char * hostname;
69 struct db_context *ctx;
70 struct db_record *rec;
72 char addr[INET6_ADDRSTRLEN];
74 vuser->session_keystr = NULL;
76 /* don't register sessions for the guest user - its just too
77 expensive to go through pam session code for browsing etc */
78 if (vuser->server_info->guest) {
82 if (!(ctx = session_db_ctx())) {
86 ZERO_STRUCT(sessionid);
93 for (i=1;i<MAX_SESSION_ID;i++) {
96 * This is very inefficient and needs fixing -- vl
99 struct server_id sess_pid;
101 snprintf(keystr, sizeof(keystr), "ID/%d", i);
102 key = string_term_tdb_data(keystr);
104 rec = ctx->fetch_locked(ctx, NULL, key);
107 DEBUG(1, ("Could not lock \"%s\"\n", keystr));
111 if (rec->value.dsize != sizeof(sessionid)) {
112 DEBUG(1, ("Re-using invalid record\n"));
116 sess_pid = ((struct sessionid *)rec->value.dptr)->pid;
118 if (!process_exists(sess_pid)) {
119 DEBUG(5, ("%s has died -- re-using session\n",
120 procid_str_static(&sess_pid)));
127 if (i == MAX_SESSION_ID) {
128 SMB_ASSERT(rec == NULL);
129 DEBUG(1,("session_claim: out of session IDs "
130 "(max is %d)\n", MAX_SESSION_ID));
134 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
135 SESSION_UTMP_TEMPLATE, i);
138 snprintf(keystr, sizeof(keystr), "ID/%s/%u",
139 procid_str_static(&pid), vuser->vuid);
140 key = string_term_tdb_data(keystr);
142 rec = ctx->fetch_locked(ctx, NULL, key);
145 DEBUG(1, ("Could not lock \"%s\"\n", keystr));
149 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
150 SESSION_TEMPLATE, (long unsigned int)sys_getpid(),
154 SMB_ASSERT(rec != NULL);
156 /* If 'hostname lookup' == yes, then do the DNS lookup. This is
157 needed because utmp and PAM both expect DNS names
159 client_name() handles this case internally.
162 hostname = client_name(get_client_fd());
163 if (strcmp(hostname, "UNKNOWN") == 0) {
164 hostname = client_addr(get_client_fd(),addr,sizeof(addr));
167 fstrcpy(sessionid.username, vuser->server_info->unix_name);
168 fstrcpy(sessionid.hostname, hostname);
169 sessionid.id_num = i; /* Only valid for utmp sessions */
171 sessionid.uid = vuser->server_info->uid;
172 sessionid.gid = vuser->server_info->gid;
173 fstrcpy(sessionid.remote_machine, get_remote_machine_name());
174 fstrcpy(sessionid.ip_addr_str,
175 client_addr(get_client_fd(),addr,sizeof(addr)));
176 sessionid.connect_start = time(NULL);
178 if (!smb_pam_claim_session(sessionid.username, sessionid.id_str,
179 sessionid.hostname)) {
180 DEBUG(1,("pam_session rejected the session for %s [%s]\n",
181 sessionid.username, sessionid.id_str));
187 data.dptr = (uint8 *)&sessionid;
188 data.dsize = sizeof(sessionid);
190 status = rec->store(rec, data, TDB_REPLACE);
194 if (!NT_STATUS_IS_OK(status)) {
195 DEBUG(1,("session_claim: unable to create session id "
196 "record: %s\n", nt_errstr(status)));
201 sys_utmp_claim(sessionid.username, sessionid.hostname,
202 sessionid.ip_addr_str,
203 sessionid.id_str, sessionid.id_num);
206 vuser->session_keystr = talloc_strdup(vuser, keystr);
207 if (!vuser->session_keystr) {
208 DEBUG(0, ("session_claim: talloc_strdup() failed for session_keystr\n"));
214 /********************************************************************
215 called when a session is destroyed
216 ********************************************************************/
218 void session_yield(user_struct *vuser)
221 struct sessionid sessionid;
222 struct db_context *ctx;
223 struct db_record *rec;
225 if (!(ctx = session_db_ctx())) return;
227 if (!vuser->session_keystr) {
231 key = string_term_tdb_data(vuser->session_keystr);
233 if (!(rec = ctx->fetch_locked(ctx, NULL, key))) {
237 if (rec->value.dsize != sizeof(sessionid))
240 memcpy(&sessionid, rec->value.dptr, sizeof(sessionid));
243 sys_utmp_yield(sessionid.username, sessionid.hostname,
244 sessionid.ip_addr_str,
245 sessionid.id_str, sessionid.id_num);
248 smb_pam_close_session(sessionid.username, sessionid.id_str,
251 rec->delete_rec(rec);
256 /********************************************************************
257 ********************************************************************/
259 static bool session_traverse(int (*fn)(struct db_record *db,
263 struct db_context *ctx;
265 if (!(ctx = session_db_ctx())) {
266 DEBUG(3, ("No tdb opened\n"));
270 ctx->traverse_read(ctx, fn, private_data);
274 /********************************************************************
275 ********************************************************************/
277 struct session_list {
280 struct sessionid *sessions;
283 static int gather_sessioninfo(struct db_record *rec, void *state)
285 struct session_list *sesslist = (struct session_list *) state;
286 const struct sessionid *current =
287 (const struct sessionid *) rec->value.dptr;
289 sesslist->sessions = TALLOC_REALLOC_ARRAY(
290 sesslist->mem_ctx, sesslist->sessions, struct sessionid,
293 if (!sesslist->sessions) {
298 memcpy(&sesslist->sessions[sesslist->count], current,
299 sizeof(struct sessionid));
303 DEBUG(7,("gather_sessioninfo session from %s@%s\n",
304 current->username, current->remote_machine));
309 /********************************************************************
310 ********************************************************************/
312 int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
314 struct session_list sesslist;
316 sesslist.mem_ctx = mem_ctx;
318 sesslist.sessions = NULL;
320 if (!session_traverse(gather_sessioninfo, (void *) &sesslist)) {
321 DEBUG(3, ("Session traverse failed\n"));
322 SAFE_FREE(sesslist.sessions);
323 *session_list = NULL;
327 *session_list = sesslist.sessions;
328 return sesslist.count;