source/smbd/session.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    session handling for utmp and PAM
   4
   5    Copyright (C) tridge@samba.org       2001
   6    Copyright (C) abartlet@samba.org     2001
   7    Copyright (C) Gerald (Jerry) Carter  2006
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 /* a "session" is claimed when we do a SessionSetupX operation
  24    and is yielded when the corresponding vuid is destroyed.
  25
  26    sessions are used to populate utmp and PAM session structures
  27 */
  28
  29 #include "includes.h"
  30
  31 /********************************************************************
  32 ********************************************************************/
  33
  34 static struct db_context *session_db_ctx(void)
  35 {
  36         static struct db_context *ctx;
  37
  38         if (ctx)
  39                 return ctx;
  40
  41         ctx = db_open(NULL, lock_path("sessionid.tdb"), 0,
  42                       TDB_CLEAR_IF_FIRST|TDB_DEFAULT,
  43                       O_RDWR | O_CREAT, 0644);
  44         return ctx;
  45 }
  46
  47 BOOL session_init(void)
  48 {
  49         if (session_db_ctx() == NULL) {
  50                 DEBUG(1,("session_init: failed to open sessionid tdb\n"));
  51                 return False;
  52         }
  53
  54         return True;
  55 }
  56
  57 /********************************************************************
  58  called when a session is created
  59 ********************************************************************/
  60
  61 BOOL session_claim(user_struct *vuser)
  62 {
  63         TDB_DATA key, data;
  64         int i = 0;
  65         struct sockaddr sa;
  66         struct in_addr *client_ip;
  67         struct sessionid sessionid;
  68         struct server_id pid = procid_self();
  69         fstring keystr;
  70         char * hostname;
  71         struct db_context *ctx;
  72         struct db_record *rec;
  73         NTSTATUS status;
  74
  75         vuser->session_keystr = NULL;
  76
  77         /* don't register sessions for the guest user - its just too
  78            expensive to go through pam session code for browsing etc */
  79         if (vuser->guest) {
  80                 return True;
  81         }
  82
  83         if (!(ctx = session_db_ctx())) {
  84                 return False;
  85         }
  86
  87         ZERO_STRUCT(sessionid);
  88
  89         data.dptr = NULL;
  90         data.dsize = 0;
  91
  92         if (lp_utmp()) {
  93
  94                 for (i=1;i<MAX_SESSION_ID;i++) {
  95
  96                         /*
  97                          * This is very inefficient and needs fixing -- vl
  98                          */
  99
 100                         struct server_id sess_pid;
 101
 102                         snprintf(keystr, sizeof(keystr), "ID/%d", i);
 103                         key = string_term_tdb_data(keystr);
 104
 105                         rec = ctx->fetch_locked(ctx, NULL, key);
 106
 107                         if (rec == NULL) {
 108                                 DEBUG(1, ("Could not lock \"%s\"\n", keystr));
 109                                 return False;
 110                         }
 111
 112                         if (rec->value.dsize != sizeof(sessionid)) {
 113                                 DEBUG(1, ("Re-using invalid record\n"));
 114                                 break;
 115                         }
 116
 117                         sess_pid = ((struct sessionid *)rec->value.dptr)->pid;
 118
 119                         if (!process_exists(sess_pid)) {
 120                                 DEBUG(5, ("%s has died -- re-using session\n",
 121                                           procid_str_static(&sess_pid)));
 122                                 break;
 123                         }
 124
 125                         TALLOC_FREE(rec);
 126                 }
 127
 128                 if (i == MAX_SESSION_ID) {
 129                         SMB_ASSERT(rec == NULL);
 130                         DEBUG(1,("session_claim: out of session IDs "
 131                                  "(max is %d)\n", MAX_SESSION_ID));
 132                         return False;
 133                 }
 134
 135                 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
 136                          SESSION_UTMP_TEMPLATE, i);
 137         } else
 138         {
 139                 snprintf(keystr, sizeof(keystr), "ID/%s/%u",
 140                          procid_str_static(&pid), vuser->vuid);
 141                 key = string_term_tdb_data(keystr);
 142
 143                 rec = ctx->fetch_locked(ctx, NULL, key);
 144
 145                 if (rec == NULL) {
 146                         DEBUG(1, ("Could not lock \"%s\"\n", keystr));
 147                         return False;
 148                 }
 149
 150                 snprintf(sessionid.id_str, sizeof(sessionid.id_str),
 151                          SESSION_TEMPLATE, (long unsigned int)sys_getpid(),
 152                          vuser->vuid);
 153         }
 154
 155         SMB_ASSERT(rec != NULL);
 156
 157         /* If 'hostname lookup' == yes, then do the DNS lookup.  This is
 158            needed because utmp and PAM both expect DNS names
 159
 160            client_name() handles this case internally.
 161         */
 162
 163         hostname = client_name();
 164         if (strcmp(hostname, "UNKNOWN") == 0) {
 165                 hostname = client_addr();
 166         }
 167
 168         fstrcpy(sessionid.username, vuser->user.unix_name);
 169         fstrcpy(sessionid.hostname, hostname);
 170         sessionid.id_num = i;  /* Only valid for utmp sessions */
 171         sessionid.pid = pid;
 172         sessionid.uid = vuser->uid;
 173         sessionid.gid = vuser->gid;
 174         fstrcpy(sessionid.remote_machine, get_remote_machine_name());
 175         fstrcpy(sessionid.ip_addr, client_addr());
 176         sessionid.connect_start = time(NULL);
 177
 178         client_ip = client_inaddr(&sa);
 179
 180         if (!smb_pam_claim_session(sessionid.username, sessionid.id_str,
 181                                    sessionid.hostname)) {
 182                 DEBUG(1,("pam_session rejected the session for %s [%s]\n",
 183                                 sessionid.username, sessionid.id_str));
 184
 185                 TALLOC_FREE(rec);
 186                 return False;
 187         }
 188
 189         data.dptr = (uint8 *)&sessionid;
 190         data.dsize = sizeof(sessionid);
 191
 192         status = rec->store(rec, data, TDB_REPLACE);
 193
 194         TALLOC_FREE(rec);
 195
 196         if (!NT_STATUS_IS_OK(status)) {
 197                 DEBUG(1,("session_claim: unable to create session id "
 198                          "record: %s\n", nt_errstr(status)));
 199                 return False;
 200         }
 201
 202         if (lp_utmp()) {
 203                 sys_utmp_claim(sessionid.username, sessionid.hostname,
 204                                client_ip,
 205                                sessionid.id_str, sessionid.id_num);
 206         }
 207
 208         TALLOC_FREE(rec);
 209
 210         vuser->session_keystr = talloc_strdup(vuser, keystr);
 211         if (!vuser->session_keystr) {
 212                 DEBUG(0, ("session_claim:  talloc_strdup() failed for "
 213                           "session_keystr\n"));
 214                 return False;
 215         }
 216         return True;
 217 }
 218
 219 /********************************************************************
 220  called when a session is destroyed
 221 ********************************************************************/
 222
 223 void session_yield(user_struct *vuser)
 224 {
 225         TDB_DATA key;
 226         struct sessionid sessionid;
 227         struct in_addr *client_ip;
 228         struct db_context *ctx;
 229         struct db_record *rec;
 230
 231         if (!(ctx = session_db_ctx())) return;
 232
 233         if (!vuser->session_keystr) {
 234                 return;
 235         }
 236
 237         key = string_term_tdb_data(vuser->session_keystr);
 238
 239         if (!(rec = ctx->fetch_locked(ctx, NULL, key))) {
 240                 return;
 241         }
 242
 243         if (rec->value.dsize != sizeof(sessionid))
 244                 return;
 245
 246         memcpy(&sessionid, rec->value.dptr, sizeof(sessionid));
 247
 248         client_ip = interpret_addr2(sessionid.ip_addr);
 249
 250         if (lp_utmp()) {
 251                 sys_utmp_yield(sessionid.username, sessionid.hostname,
 252                                client_ip,
 253                                sessionid.id_str, sessionid.id_num);
 254         }
 255
 256         smb_pam_close_session(sessionid.username, sessionid.id_str,
 257                               sessionid.hostname);
 258
 259         rec->delete_rec(rec);
 260
 261         TALLOC_FREE(rec);
 262 }
 263
 264 /********************************************************************
 265 ********************************************************************/
 266
 267 static BOOL session_traverse(int (*fn)(struct db_record *db,
 268                                        void *private_data),
 269                              void *private_data)
 270 {
 271         struct db_context *ctx;
 272
 273         if (!(ctx = session_db_ctx())) {
 274                 DEBUG(3, ("No tdb opened\n"));
 275                 return False;
 276         }
 277
 278         ctx->traverse_read(ctx, fn, private_data);
 279         return True;
 280 }
 281
 282 /********************************************************************
 283 ********************************************************************/
 284
 285 struct session_list {
 286         TALLOC_CTX *mem_ctx;
 287         int count;
 288         struct sessionid *sessions;
 289 };
 290
 291 static int gather_sessioninfo(struct db_record *rec, void *state)
 292 {
 293         struct session_list *sesslist = (struct session_list *) state;
 294         const struct sessionid *current =
 295                 (const struct sessionid *) rec->value.dptr;
 296
 297         sesslist->sessions = TALLOC_REALLOC_ARRAY(
 298                 sesslist->mem_ctx, sesslist->sessions, struct sessionid,
 299                 sesslist->count+1);
 300
 301         if (!sesslist->sessions) {
 302                 sesslist->count = 0;
 303                 return -1;
 304         }
 305
 306         memcpy(&sesslist->sessions[sesslist->count], current,
 307                sizeof(struct sessionid));
 308
 309         sesslist->count++;
 310
 311         DEBUG(7,("gather_sessioninfo session from %s@%s\n",
 312                  current->username, current->remote_machine));
 313
 314         return 0;
 315 }
 316
 317 /********************************************************************
 318 ********************************************************************/
 319
 320 int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list)
 321 {
 322         struct session_list sesslist;
 323
 324         sesslist.mem_ctx = mem_ctx;
 325         sesslist.count = 0;
 326         sesslist.sessions = NULL;
 327
 328         if (!session_traverse(gather_sessioninfo, (void *) &sesslist)) {
 329                 DEBUG(3, ("Session traverse failed\n"));
 330                 SAFE_FREE(sesslist.sessions);
 331                 *session_list = NULL;
 332                 return 0;
 333         }
 334
 335         *session_list = sesslist.sessions;
 336         return sesslist.count;
 337 }