source/smbd/session.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    session handling for utmp and PAM
   4
   5    Copyright (C) tridge@samba.org       2001
   6    Copyright (C) abartlet@samba.org     2001
   7    Copyright (C) Gerald (Jerry) Carter  2006
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 2 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program; if not, write to the Free Software
  21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  22 */
  23
  24 /* a "session" is claimed when we do a SessionSetupX operation
  25    and is yielded when the corresponding vuid is destroyed.
  26
  27    sessions are used to populate utmp and PAM session structures
  28 */
  29
  30 #include "includes.h"
  31
  32 static TDB_CONTEXT *tdb;
  33
  34 /********************************************************************
  35 ********************************************************************/
  36
  37 BOOL session_init(void)
  38 {
  39         if (tdb)
  40                 return True;
  41
  42         tdb = tdb_open_log(lock_path("sessionid.tdb"), 0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT,
  43                        O_RDWR | O_CREAT, 0644);
  44         if (!tdb) {
  45                 DEBUG(1,("session_init: failed to open sessionid tdb\n"));
  46                 return False;
  47         }
  48
  49         return True;
  50 }
  51
  52 /********************************************************************
  53  called when a session is created
  54 ********************************************************************/
  55
  56 BOOL session_claim(user_struct *vuser)
  57 {
  58         int i = 0;
  59         TDB_DATA data;
  60         struct sockaddr sa;
  61         struct in_addr *client_ip;
  62         struct sessionid sessionid;
  63         struct server_id pid = procid_self();
  64         fstring keystr;
  65         char * hostname;
  66         int tdb_store_flag;  /* If using utmp, we do an inital 'lock hold' store,
  67                                 but we don't need this if we are just using the
  68                                 (unique) pid/vuid combination */
  69
  70         vuser->session_keystr = NULL;
  71
  72         /* don't register sessions for the guest user - its just too
  73            expensive to go through pam session code for browsing etc */
  74         if (vuser->guest) {
  75                 return True;
  76         }
  77
  78         if (!session_init())
  79                 return False;
  80
  81         ZERO_STRUCT(sessionid);
  82
  83         data.dptr = NULL;
  84         data.dsize = 0;
  85
  86         if (lp_utmp()) {
  87                 for (i=1;i<MAX_SESSION_ID;i++) {
  88                         slprintf(keystr, sizeof(keystr)-1, "ID/%d", i);
  89
  90                         if (tdb_store_bystring(tdb, keystr, data, TDB_INSERT) == 0) break;
  91                 }
  92
  93                 if (i == MAX_SESSION_ID) {
  94                         DEBUG(1,("session_claim: out of session IDs (max is %d)\n",
  95                                  MAX_SESSION_ID));
  96                         return False;
  97                 }
  98                 slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_UTMP_TEMPLATE, i);
  99                 tdb_store_flag = TDB_MODIFY;
 100         } else
 101         {
 102                 slprintf(keystr, sizeof(keystr)-1, "ID/%lu/%u",
 103                          (long unsigned int)sys_getpid(),
 104                          vuser->vuid);
 105                 slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1,
 106                          SESSION_TEMPLATE, (long unsigned int)sys_getpid(),
 107                          vuser->vuid);
 108                 tdb_store_flag = TDB_REPLACE;
 109         }
 110
 111         /* If 'hostname lookup' == yes, then do the DNS lookup.  This is
 112            needed because utmp and PAM both expect DNS names
 113
 114            client_name() handles this case internally.
 115         */
 116
 117         hostname = client_name();
 118         if (strcmp(hostname, "UNKNOWN") == 0) {
 119                 hostname = client_addr();
 120         }
 121
 122         fstrcpy(sessionid.username, vuser->user.unix_name);
 123         fstrcpy(sessionid.hostname, hostname);
 124         sessionid.id_num = i;  /* Only valid for utmp sessions */
 125         sessionid.pid = pid;
 126         sessionid.uid = vuser->uid;
 127         sessionid.gid = vuser->gid;
 128         fstrcpy(sessionid.remote_machine, get_remote_machine_name());
 129         fstrcpy(sessionid.ip_addr, client_addr());
 130         sessionid.connect_start = time(NULL);
 131
 132         client_ip = client_inaddr(&sa);
 133
 134         if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) {
 135                 DEBUG(1,("pam_session rejected the session for %s [%s]\n",
 136                                 sessionid.username, sessionid.id_str));
 137                 if (tdb_store_flag == TDB_MODIFY) {
 138                         tdb_delete_bystring(tdb, keystr);
 139                 }
 140                 return False;
 141         }
 142
 143         data.dptr = (uint8 *)&sessionid;
 144         data.dsize = sizeof(sessionid);
 145         if (tdb_store_bystring(tdb, keystr, data, tdb_store_flag) != 0) {
 146                 DEBUG(1,("session_claim: unable to create session id record\n"));
 147                 return False;
 148         }
 149
 150         if (lp_utmp()) {
 151                 sys_utmp_claim(sessionid.username, sessionid.hostname,
 152                                client_ip,
 153                                sessionid.id_str, sessionid.id_num);
 154         }
 155
 156         vuser->session_keystr = talloc_strdup(vuser, keystr);
 157         if (!vuser->session_keystr) {
 158                 DEBUG(0, ("session_claim:  talloc_strdup() failed for session_keystr\n"));
 159                 return False;
 160         }
 161         return True;
 162 }
 163
 164 /********************************************************************
 165  called when a session is destroyed
 166 ********************************************************************/
 167
 168 void session_yield(user_struct *vuser)
 169 {
 170         TDB_DATA dbuf;
 171         struct sessionid sessionid;
 172         struct in_addr *client_ip;
 173
 174         if (!tdb) return;
 175
 176         if (!vuser->session_keystr) {
 177                 return;
 178         }
 179
 180         dbuf = tdb_fetch_bystring(tdb, vuser->session_keystr);
 181
 182         if (dbuf.dsize != sizeof(sessionid))
 183                 return;
 184
 185         memcpy(&sessionid, dbuf.dptr, sizeof(sessionid));
 186
 187         client_ip = interpret_addr2(sessionid.ip_addr);
 188
 189         SAFE_FREE(dbuf.dptr);
 190
 191         if (lp_utmp()) {
 192                 sys_utmp_yield(sessionid.username, sessionid.hostname,
 193                                client_ip,
 194                                sessionid.id_str, sessionid.id_num);
 195         }
 196
 197         smb_pam_close_session(sessionid.username, sessionid.id_str, sessionid.hostname);
 198
 199         tdb_delete_bystring(tdb, vuser->session_keystr);
 200 }
 201
 202 /********************************************************************
 203 ********************************************************************/
 204
 205 BOOL session_traverse(int (*fn)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *),
 206                       void *state)
 207 {
 208         if (!session_init()) {
 209                 DEBUG(3, ("No tdb opened\n"));
 210                 return False;
 211         }
 212
 213         tdb_traverse(tdb, fn, state);
 214         return True;
 215 }
 216
 217 /********************************************************************
 218 ********************************************************************/
 219
 220 struct session_list {
 221         TALLOC_CTX *mem_ctx;
 222         int count;
 223         struct sessionid *sessions;
 224 };
 225
 226 static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
 227 {
 228         uint32 i;
 229         struct session_list *sesslist = (struct session_list *) state;
 230         const struct sessionid *current = (const struct sessionid *) dbuf.dptr;
 231
 232         i = sesslist->count;
 233
 234         sesslist->sessions = TALLOC_REALLOC_ARRAY(
 235                 sesslist->mem_ctx, sesslist->sessions, struct sessionid, i+1);
 236
 237         if (!sesslist->sessions) {
 238                 sesslist->count = 0;
 239                 return -1;
 240         }
 241
 242         memcpy(&sesslist->sessions[i], current, sizeof(struct sessionid));
 243         sesslist->count++;
 244
 245         DEBUG(7,("gather_sessioninfo session from %s@%s\n",
 246                  current->username, current->remote_machine));
 247
 248         return 0;
 249 }
 250
 251 /********************************************************************
 252 ********************************************************************/
 253
 254 int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
 255 {
 256         struct session_list sesslist;
 257
 258         sesslist.mem_ctx = mem_ctx;
 259         sesslist.count = 0;
 260         sesslist.sessions = NULL;
 261
 262         if (!session_traverse(gather_sessioninfo, (void *) &sesslist)) {
 263                 DEBUG(3, ("Session traverse failed\n"));
 264                 SAFE_FREE(sesslist.sessions);
 265                 *session_list = NULL;
 266                 return 0;
 267         }
 268
 269         *session_list = sesslist.sessions;
 270         return sesslist.count;
 271 }