2 Unix SMB/CIFS implementation.
3 session handling for utmp and PAM
5 Copyright (C) tridge@samba.org 2001
6 Copyright (C) abartlet@samba.org 2001
7 Copyright (C) Gerald (Jerry) Carter 2006
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 /* a "session" is claimed when we do a SessionSetupX operation
24 and is yielded when the corresponding vuid is destroyed.
26 sessions are used to populate utmp and PAM session structures
30 #include "smbd/smbd.h"
31 #include "smbd/globals.h"
32 #include "dbwrap/dbwrap.h"
35 #include "../lib/tsocket/tsocket.h"
36 #include "../libcli/security/security.h"
39 /********************************************************************
40 called when a session is created
41 ********************************************************************/
43 bool session_claim(struct smbd_server_connection *sconn, struct smbXsrv_session *session)
45 struct user_struct *vuser = session->compat;
46 struct server_id pid = messaging_server_id(sconn->msg_ctx);
49 struct sessionid sessionid;
51 struct db_record *rec;
55 vuser->session_keystr = NULL;
57 /* don't register sessions for the guest user - its just too
58 expensive to go through pam session code for browsing etc */
59 if (security_session_user_level(vuser->session_info, NULL) < SECURITY_USER) {
63 if (!sessionid_init()) {
67 ZERO_STRUCT(sessionid);
74 for (i=1;i<MAX_SESSION_ID;i++) {
77 * This is very inefficient and needs fixing -- vl
80 struct server_id sess_pid;
83 snprintf(keystr, sizeof(keystr), "ID/%d", i);
85 rec = sessionid_fetch_record(NULL, keystr);
87 DEBUG(1, ("Could not lock \"%s\"\n", keystr));
91 value = dbwrap_record_get_value(rec);
93 if (value.dsize != sizeof(sessionid)) {
94 DEBUG(1, ("Re-using invalid record\n"));
100 + offsetof(struct sessionid, pid),
103 if (!process_exists(sess_pid)) {
104 DEBUG(5, ("%s has died -- re-using session\n",
105 procid_str_static(&sess_pid)));
112 if (i == MAX_SESSION_ID) {
113 SMB_ASSERT(rec == NULL);
114 DEBUG(1,("session_claim: out of session IDs "
115 "(max is %d)\n", MAX_SESSION_ID));
119 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
120 SESSION_UTMP_TEMPLATE, i);
123 snprintf(keystr, sizeof(keystr), "ID/%s/%llu",
124 procid_str_static(&pid),
125 (unsigned long long)vuser->vuid);
127 rec = sessionid_fetch_record(NULL, keystr);
129 DEBUG(1, ("Could not lock \"%s\"\n", keystr));
133 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
134 SESSION_TEMPLATE, (long unsigned int)getpid(),
135 (unsigned long long)vuser->vuid);
138 SMB_ASSERT(rec != NULL);
140 raddr = tsocket_address_inet_addr_string(sconn->remote_address,
146 /* Make clear that we require the optional unix_token in the source3 code */
147 SMB_ASSERT(vuser->session_info->unix_token);
149 fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name);
150 fstrcpy(sessionid.hostname, sconn->remote_hostname);
151 sessionid.id_num = i; /* Only valid for utmp sessions */
153 sessionid.uid = vuser->session_info->unix_token->uid;
154 sessionid.gid = vuser->session_info->unix_token->gid;
155 fstrcpy(sessionid.remote_machine, get_remote_machine_name());
156 fstrcpy(sessionid.ip_addr_str, raddr);
157 sessionid.connect_start = time(NULL);
159 if (!smb_pam_claim_session(sessionid.username, sessionid.id_str,
160 sessionid.hostname)) {
161 DEBUG(1,("pam_session rejected the session for %s [%s]\n",
162 sessionid.username, sessionid.id_str));
168 data.dptr = (uint8 *)&sessionid;
169 data.dsize = sizeof(sessionid);
171 status = dbwrap_record_store(rec, data, TDB_REPLACE);
175 if (!NT_STATUS_IS_OK(status)) {
176 DEBUG(1,("session_claim: unable to create session id "
177 "record: %s\n", nt_errstr(status)));
182 sys_utmp_claim(sessionid.username, sessionid.hostname,
183 sessionid.id_str, sessionid.id_num);
186 vuser->session_keystr = talloc_strdup(vuser, keystr);
187 if (!vuser->session_keystr) {
188 DEBUG(0, ("session_claim: talloc_strdup() failed for session_keystr\n"));
194 /********************************************************************
195 called when a session is destroyed
196 ********************************************************************/
198 void session_yield(struct smbXsrv_session *session)
200 struct user_struct *vuser = session->compat;
201 struct sessionid sessionid;
202 struct db_record *rec;
205 if (!vuser->session_keystr) {
209 rec = sessionid_fetch_record(NULL, vuser->session_keystr);
214 value = dbwrap_record_get_value(rec);
216 if (value.dsize != sizeof(sessionid))
219 memcpy(&sessionid, value.dptr, sizeof(sessionid));
222 sys_utmp_yield(sessionid.username, sessionid.hostname,
223 sessionid.id_str, sessionid.id_num);
226 smb_pam_close_session(sessionid.username, sessionid.id_str,
229 dbwrap_record_delete(rec);
234 /********************************************************************
235 ********************************************************************/
237 struct session_list {
240 struct sessionid *sessions;
243 static int gather_sessioninfo(const char *key, struct sessionid *session,
246 struct session_list *sesslist = (struct session_list *)private_data;
248 sesslist->sessions = talloc_realloc(
249 sesslist->mem_ctx, sesslist->sessions, struct sessionid,
252 if (!sesslist->sessions) {
257 memcpy(&sesslist->sessions[sesslist->count], session,
258 sizeof(struct sessionid));
262 DEBUG(7, ("gather_sessioninfo session from %s@%s\n",
263 session->username, session->remote_machine));
268 /********************************************************************
269 ********************************************************************/
271 int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
273 struct session_list sesslist;
276 sesslist.mem_ctx = mem_ctx;
278 sesslist.sessions = NULL;
280 status = sessionid_traverse_read(gather_sessioninfo, (void *) &sesslist);
281 if (!NT_STATUS_IS_OK(status)) {
282 DEBUG(3, ("Session traverse failed\n"));
283 SAFE_FREE(sesslist.sessions);
284 *session_list = NULL;
288 *session_list = sesslist.sessions;
289 return sesslist.count;