Wrap the unix token info in a unix_user_token in auth_serversupplied_info
[kai/samba.git] / source3 / smbd / session.c
1 /* 
2    Unix SMB/CIFS implementation.
3    session handling for utmp and PAM
4
5    Copyright (C) tridge@samba.org       2001
6    Copyright (C) abartlet@samba.org     2001
7    Copyright (C) Gerald (Jerry) Carter  2006   
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 /* a "session" is claimed when we do a SessionSetupX operation
24    and is yielded when the corresponding vuid is destroyed.
25
26    sessions are used to populate utmp and PAM session structures
27 */
28
29 #include "includes.h"
30
31 /********************************************************************
32 ********************************************************************/
33
34 static struct db_context *session_db_ctx(void)
35 {
36         static struct db_context *ctx;
37
38         if (ctx)
39                 return ctx;
40
41         ctx = db_open(NULL, lock_path("sessionid.tdb"), 0,
42                       TDB_CLEAR_IF_FIRST|TDB_DEFAULT, 
43                       O_RDWR | O_CREAT, 0644);
44         return ctx;
45 }
46
47 bool session_init(void)
48 {
49         if (session_db_ctx() == NULL) {
50                 DEBUG(1,("session_init: failed to open sessionid tdb\n"));
51                 return False;
52         }
53
54         return True;
55 }
56
57 /********************************************************************
58  called when a session is created
59 ********************************************************************/
60
61 bool session_claim(user_struct *vuser)
62 {
63         TDB_DATA key, data;
64         int i = 0;
65         struct sessionid sessionid;
66         struct server_id pid = procid_self();
67         fstring keystr;
68         const char * hostname;
69         struct db_context *ctx;
70         struct db_record *rec;
71         NTSTATUS status;
72         char addr[INET6_ADDRSTRLEN];
73
74         vuser->session_keystr = NULL;
75
76         /* don't register sessions for the guest user - its just too
77            expensive to go through pam session code for browsing etc */
78         if (vuser->server_info->guest) {
79                 return True;
80         }
81
82         if (!(ctx = session_db_ctx())) {
83                 return False;
84         }
85
86         ZERO_STRUCT(sessionid);
87
88         data.dptr = NULL;
89         data.dsize = 0;
90
91         if (lp_utmp()) {
92
93                 for (i=1;i<MAX_SESSION_ID;i++) {
94
95                         /*
96                          * This is very inefficient and needs fixing -- vl
97                          */
98
99                         struct server_id sess_pid;
100
101                         snprintf(keystr, sizeof(keystr), "ID/%d", i);
102                         key = string_term_tdb_data(keystr);
103
104                         rec = ctx->fetch_locked(ctx, NULL, key);
105
106                         if (rec == NULL) {
107                                 DEBUG(1, ("Could not lock \"%s\"\n", keystr));
108                                 return False;
109                         }
110
111                         if (rec->value.dsize != sizeof(sessionid)) {
112                                 DEBUG(1, ("Re-using invalid record\n"));
113                                 break;
114                         }
115
116                         sess_pid = ((struct sessionid *)rec->value.dptr)->pid;
117
118                         if (!process_exists(sess_pid)) {
119                                 DEBUG(5, ("%s has died -- re-using session\n",
120                                           procid_str_static(&sess_pid)));
121                                 break;
122                         }
123
124                         TALLOC_FREE(rec);
125                 }
126
127                 if (i == MAX_SESSION_ID) {
128                         SMB_ASSERT(rec == NULL);
129                         DEBUG(1,("session_claim: out of session IDs "
130                                  "(max is %d)\n", MAX_SESSION_ID));
131                         return False;
132                 }
133
134                 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
135                          SESSION_UTMP_TEMPLATE, i);
136         } else
137         {
138                 snprintf(keystr, sizeof(keystr), "ID/%s/%u",
139                          procid_str_static(&pid), vuser->vuid);
140                 key = string_term_tdb_data(keystr);
141
142                 rec = ctx->fetch_locked(ctx, NULL, key);
143
144                 if (rec == NULL) {
145                         DEBUG(1, ("Could not lock \"%s\"\n", keystr));
146                         return False;
147                 }
148
149                 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
150                          SESSION_TEMPLATE, (long unsigned int)sys_getpid(),
151                          vuser->vuid);
152         }
153
154         SMB_ASSERT(rec != NULL);
155
156         /* If 'hostname lookup' == yes, then do the DNS lookup.  This is
157            needed because utmp and PAM both expect DNS names
158
159            client_name() handles this case internally.
160         */
161
162         hostname = client_name(get_client_fd());
163         if (strcmp(hostname, "UNKNOWN") == 0) {
164                 hostname = client_addr(get_client_fd(),addr,sizeof(addr));
165         }
166
167         fstrcpy(sessionid.username, vuser->server_info->unix_name);
168         fstrcpy(sessionid.hostname, hostname);
169         sessionid.id_num = i;  /* Only valid for utmp sessions */
170         sessionid.pid = pid;
171         sessionid.uid = vuser->server_info->utok.uid;
172         sessionid.gid = vuser->server_info->utok.gid;
173         fstrcpy(sessionid.remote_machine, get_remote_machine_name());
174         fstrcpy(sessionid.ip_addr_str,
175                 client_addr(get_client_fd(),addr,sizeof(addr)));
176         sessionid.connect_start = time(NULL);
177
178         if (!smb_pam_claim_session(sessionid.username, sessionid.id_str,
179                                    sessionid.hostname)) {
180                 DEBUG(1,("pam_session rejected the session for %s [%s]\n",
181                                 sessionid.username, sessionid.id_str));
182
183                 TALLOC_FREE(rec);
184                 return False;
185         }
186
187         data.dptr = (uint8 *)&sessionid;
188         data.dsize = sizeof(sessionid);
189
190         status = rec->store(rec, data, TDB_REPLACE);
191
192         TALLOC_FREE(rec);
193
194         if (!NT_STATUS_IS_OK(status)) {
195                 DEBUG(1,("session_claim: unable to create session id "
196                          "record: %s\n", nt_errstr(status)));
197                 return False;
198         }
199
200         if (lp_utmp()) {
201                 sys_utmp_claim(sessionid.username, sessionid.hostname,
202                                sessionid.ip_addr_str,
203                                sessionid.id_str, sessionid.id_num);
204         }
205
206         vuser->session_keystr = talloc_strdup(vuser, keystr);
207         if (!vuser->session_keystr) {
208                 DEBUG(0, ("session_claim:  talloc_strdup() failed for session_keystr\n"));
209                 return False;
210         }
211         return True;
212 }
213
214 /********************************************************************
215  called when a session is destroyed
216 ********************************************************************/
217
218 void session_yield(user_struct *vuser)
219 {
220         TDB_DATA key;
221         struct sessionid sessionid;
222         struct db_context *ctx;
223         struct db_record *rec;
224
225         if (!(ctx = session_db_ctx())) return;
226
227         if (!vuser->session_keystr) {
228                 return;
229         }
230
231         key = string_term_tdb_data(vuser->session_keystr);
232
233         if (!(rec = ctx->fetch_locked(ctx, NULL, key))) {
234                 return;
235         }
236
237         if (rec->value.dsize != sizeof(sessionid))
238                 return;
239
240         memcpy(&sessionid, rec->value.dptr, sizeof(sessionid));
241
242         if (lp_utmp()) {
243                 sys_utmp_yield(sessionid.username, sessionid.hostname, 
244                                sessionid.ip_addr_str,
245                                sessionid.id_str, sessionid.id_num);
246         }
247
248         smb_pam_close_session(sessionid.username, sessionid.id_str,
249                               sessionid.hostname);
250
251         rec->delete_rec(rec);
252
253         TALLOC_FREE(rec);
254 }
255
256 /********************************************************************
257 ********************************************************************/
258
259 static bool session_traverse(int (*fn)(struct db_record *db,
260                                        void *private_data),
261                              void *private_data)
262 {
263         struct db_context *ctx;
264
265         if (!(ctx = session_db_ctx())) {
266                 DEBUG(3, ("No tdb opened\n"));
267                 return False;
268         }
269
270         ctx->traverse_read(ctx, fn, private_data);
271         return True;
272 }
273
274 /********************************************************************
275 ********************************************************************/
276
277 struct session_list {
278         TALLOC_CTX *mem_ctx;
279         int count;
280         struct sessionid *sessions;
281 };
282
283 static int gather_sessioninfo(struct db_record *rec, void *state)
284 {
285         struct session_list *sesslist = (struct session_list *) state;
286         const struct sessionid *current =
287                 (const struct sessionid *) rec->value.dptr;
288
289         sesslist->sessions = TALLOC_REALLOC_ARRAY(
290                 sesslist->mem_ctx, sesslist->sessions, struct sessionid,
291                 sesslist->count+1);
292
293         if (!sesslist->sessions) {
294                 sesslist->count = 0;
295                 return -1;
296         }
297
298         memcpy(&sesslist->sessions[sesslist->count], current,
299                sizeof(struct sessionid));
300
301         sesslist->count++;
302
303         DEBUG(7,("gather_sessioninfo session from %s@%s\n", 
304                  current->username, current->remote_machine));
305
306         return 0;
307 }
308
309 /********************************************************************
310 ********************************************************************/
311
312 int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
313 {
314         struct session_list sesslist;
315
316         sesslist.mem_ctx = mem_ctx;
317         sesslist.count = 0;
318         sesslist.sessions = NULL;
319         
320         if (!session_traverse(gather_sessioninfo, (void *) &sesslist)) {
321                 DEBUG(3, ("Session traverse failed\n"));
322                 SAFE_FREE(sesslist.sessions);
323                 *session_list = NULL;
324                 return 0;
325         }
326
327         *session_list = sesslist.sessions;
328         return sesslist.count;
329 }