mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4506 Commits
15 Branches
Tree: adc4570b19
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'adc4570b19'
${ noResults }
tigervnc/unix/vncserver/vncsession.c

vncsession.c 16KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617 
  1. /* 

  2.  * Copyright 2018 Pierre Ossman for Cendio AB

  3.  *    

  4.  * This is free software; you can redistribute it and/or modify

  5.  * it under the terms of the GNU General Public License as published by

  6.  * the Free Software Foundation; either version 2 of the License, or

  7.  * (at your option) any later version.

  8.  * 

  9.  * This software is distributed in the hope that it will be useful,

  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12.  * GNU General Public License for more details.

  13.  * 

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this software; if not, write to the Free Software

  16.  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

  17.  * USA.

  18.  */

  19. 

  20. #include <config.h>

  21. 

  22. #include <dirent.h>

  23. #include <errno.h>

  24. #include <fcntl.h>

  25. #include <grp.h>

  26. #include <limits.h>

  27. #include <pwd.h>

  28. #include <signal.h>

  29. #include <stdio.h>

  30. #include <stdlib.h>

  31. #include <string.h>

  32. #include <sysexits.h>

  33. #include <unistd.h>

  34. #include <syslog.h>

  35. #include <security/pam_appl.h>

  36. #include <sys/stat.h>

  37. #include <sys/types.h>

  38. #include <sys/wait.h>

  39. 

  40. #ifdef HAVE_SELINUX

  41. #include <selinux/selinux.h>

  42. #include <selinux/restorecon.h>

  43. #endif

  44. 

  45. extern char **environ;

  46. 

  47. // PAM service name

  48. const char *SERVICE_NAME = "tigervnc";

  49. 

  50. // Main script PID

  51. volatile static pid_t script = -1;

  52. 

  53. // Daemon completion pipe

  54. int daemon_pipe_fd = -1;

  55. 

  56. static int

  57. begin_daemon(void)

  58. {

  59.     int devnull, fds[2];

  60.     pid_t pid;

  61. 

  62.     /* Pipe to report startup success */

  63.     if (pipe(fds) < 0) {

  64.         perror("pipe");

  65.         return -1;

  66.     }

  67. 

  68.     /* First fork */

  69.     pid = fork();

  70.     if (pid < 0) {

  71.         perror("fork");

  72.         return -1;

  73.     }

  74. 

  75.     if (pid != 0) {

  76.         ssize_t len;

  77.         char buf[1];

  78. 

  79.         close(fds[1]);

  80. 

  81.         /* Wait for child to finish startup */

  82.         len = read(fds[0], buf, 1);

  83.         if (len != 1) {

  84.             fprintf(stderr, "Failed to start session\n");

  85.             _exit(EX_OSERR);

  86.         }

  87. 

  88.         _exit(0);

  89.     }

  90. 

  91.     close(fds[0]);

  92.     daemon_pipe_fd = fds[1];

  93. 

  94.     /* Detach from terminal */

  95.     if (setsid() < 0) {

  96.         perror("setsid");

  97.         return -1;

  98.     }

  99. 

  100.     /* Another fork required to fully detach */

  101.     pid = fork();

  102.     if (pid < 0) {

  103.         perror("fork");

  104.         return -1;

  105.     }

  106. 

  107.     if (pid != 0)

  108.         _exit(0);

  109. 

  110.     /* A safe working directory */

  111.     if (chdir("/") < 0) {

  112.         perror("chdir");

  113.         return -1;

  114.     }

  115. 

  116.     /* Send all stdio to /dev/null */

  117.     devnull = open("/dev/null", O_RDWR);

  118.     if (devnull < 0) {

  119.         fprintf(stderr, "Failed to open /dev/null: %s\n", strerror(errno));

  120.         return -1;

  121.     }

  122.     if ((dup2(devnull, 0) < 0) ||

  123.         (dup2(devnull, 1) < 0) ||

  124.         (dup2(devnull, 2) < 0)) {

  125.         perror("dup2");

  126.         return -1;

  127.     }

  128.     if (devnull > 2)

  129.         close(devnull);

  130. 

  131.     return 0;

  132. }

  133. 

  134. static void

  135. finish_daemon(void)

  136. {

  137.     write(daemon_pipe_fd, "+", 1);

  138.     close(daemon_pipe_fd);

  139.     daemon_pipe_fd = -1;

  140. }

  141. 

  142. static void

  143. sighandler(int sig)

  144. {

  145.     if (script > 0) {

  146.         kill(script, SIGTERM);

  147.     }

  148. }

  149. 

  150. static void

  151. setup_signals(void)

  152. {

  153.     struct sigaction act;

  154. 

  155.     memset(&act, 0, sizeof(act));

  156.     act.sa_handler = sighandler;

  157.     sigemptyset(&act.sa_mask);

  158.     act.sa_flags = 0;

  159. 

  160.     sigaction(SIGHUP, &act, NULL);

  161.     sigaction(SIGINT, &act, NULL);

  162.     sigaction(SIGTERM, &act, NULL);

  163.     sigaction(SIGQUIT, &act, NULL);

  164.     sigaction(SIGPIPE, &act, NULL);

  165. }

  166. 

  167. static int

  168. conv(int num_msg,

  169.      const struct pam_message **msg,

  170.      struct pam_response **resp, void *appdata_ptr)

  171. {

  172.     /* Opening a session should not require a conversation */

  173.     return PAM_CONV_ERR;

  174. }

  175. 

  176. static pam_handle_t *

  177. run_pam(int *pamret, const char *username, const char *display)

  178. {

  179.     pam_handle_t *pamh;

  180. 

  181.     /* Say hello to PAM */

  182.     struct pam_conv pconv;

  183.     pconv.conv = conv;

  184.     pconv.appdata_ptr = NULL;

  185.     *pamret = pam_start(SERVICE_NAME, username, &pconv, &pamh);

  186.     if (*pamret != PAM_SUCCESS) {

  187.         /* pam_strerror requires a pamh argument, but if pam_start

  188.            fails, pamh is invalid. In practice, at least the Linux

  189.            implementation of pam_strerror does not use the pamh

  190.            argument, but let's take care - avoid pam_strerror here. */

  191.         syslog(LOG_CRIT, "pam_start failed: %d", *pamret);

  192.         return NULL;

  193.     }

  194. 

  195.     /* ConsoleKit and systemd (and possibly others) uses this to

  196.        determine if the session is local or not. It needs to be set to

  197.        something that can't be interpreted as localhost. We don't know

  198.        what the client's address is though, and that might change on

  199.        reconnects. We also don't want to set it to some text string as

  200.        that results in a DNS lookup with e.g. libaudit. Let's use a

  201.        fake IPv4 address from the documentation range. */

  202.     /* FIXME: This might throw an error on a IPv6-only host */

  203.     *pamret = pam_set_item(pamh, PAM_RHOST, "203.0.113.20");

  204.     if (*pamret != PAM_SUCCESS) {

  205.         syslog(LOG_CRIT, "pam_set_item(PAM_RHOST) failed: %d (%s)",

  206.                *pamret, pam_strerror(pamh, *pamret));

  207.         return pamh;

  208.     }

  209. 

  210. #ifdef PAM_XDISPLAY

  211.     /* Let PAM modules use this to tag the session as a graphical one */

  212.     *pamret = pam_set_item(pamh, PAM_XDISPLAY, display);

  213.     /* Note: PAM_XDISPLAY is only supported by modern versions of PAM */

  214.     if (*pamret != PAM_BAD_ITEM && *pamret != PAM_SUCCESS) {

  215.         syslog(LOG_CRIT, "pam_set_item(PAM_XDISPLAY) failed: %d (%s)",

  216.                *pamret, pam_strerror(pamh, *pamret));

  217.         return pamh;

  218.     }

  219. #endif

  220. 

  221.     /* Open session */

  222.     *pamret = pam_open_session(pamh, PAM_SILENT);

  223.     if (*pamret != PAM_SUCCESS) {

  224.         syslog(LOG_CRIT, "pam_open_session failed: %d (%s)",

  225.                *pamret, pam_strerror(pamh, *pamret));

  226.         return pamh;

  227.     }

  228. 

  229.     return pamh;

  230. }

  231. 

  232. static int

  233. stop_pam(pam_handle_t * pamh, int pamret)

  234. {

  235.     /* Close session */

  236.     if (pamret == PAM_SUCCESS) {

  237.         pamret = pam_close_session(pamh, PAM_SILENT);

  238.         if (pamret != PAM_SUCCESS) {

  239.             syslog(LOG_ERR, "pam_close_session failed: %d (%s)",

  240.                    pamret, pam_strerror(pamh, pamret));

  241.         }

  242.     }

  243. 

  244.     /* If PAM was OK and we are running on a SELinux system, new

  245.        processes images will be executed in the root context. */

  246. 

  247.     /* Say goodbye */

  248.     pamret = pam_end(pamh, pamret);

  249.     if (pamret != PAM_SUCCESS) {

  250.         /* avoid pam_strerror - we have no pamh. */

  251.         syslog(LOG_ERR, "pam_end failed: %d", pamret);

  252.         return EX_OSERR;

  253.     }

  254.     return pamret;

  255. }

  256. 

  257. static char **

  258. prepare_environ(pam_handle_t * pamh)

  259. {

  260.     char **pam_env, **child_env, **entry;

  261.     int orig_count, pam_count;

  262. 

  263.     /* This function merges the normal environment with PAM's changes */

  264. 

  265.     pam_env = pam_getenvlist(pamh);

  266.     if (pam_env == NULL)

  267.         return NULL;

  268. 

  269.     /*

  270.      * Worst case scenario is that PAM only adds variables, so allocate

  271.      * based on that assumption.

  272.      */

  273.     orig_count = 0;

  274.     for (entry = environ; *entry != NULL; entry++)

  275.         orig_count++;

  276.     pam_count = 0;

  277.     for (entry = pam_env; *entry != NULL; entry++)

  278.         pam_count++;

  279. 

  280.     child_env = calloc(orig_count + pam_count + 1, sizeof(char *));

  281.     if (child_env == NULL)

  282.         return NULL;

  283. 

  284.     memcpy(child_env, environ, sizeof(char *) * orig_count);

  285.     for (entry = child_env; *entry != NULL; entry++) {

  286.         *entry = strdup(*entry);

  287.         if (*entry == NULL)     // FIXME: cleanup

  288.             return NULL;

  289.     }

  290. 

  291.     for (entry = pam_env; *entry != NULL; entry++) {

  292.         size_t varlen;

  293.         char **orig_entry;

  294. 

  295.         varlen = strcspn(*entry, "=") + 1;

  296. 

  297.         /* Check for overwrite */

  298.         for (orig_entry = child_env; *orig_entry != NULL; orig_entry++) {

  299.             if (strncmp(*entry, *orig_entry, varlen) != 0)

  300.                 continue;

  301. 

  302.             free(*orig_entry);

  303.             *orig_entry = *entry;

  304.             break;

  305.         }

  306. 

  307.         /* New variable? */

  308.         if (*orig_entry == NULL) {

  309.             /*

  310.              * orig_entry will be pointing at the terminating entry,

  311.              * so we can just tack it on here. The new NULL was already

  312.              * prepared by calloc().

  313.              */

  314.             *orig_entry = *entry;

  315.         }

  316.     }

  317. 

  318.     return child_env;

  319. }

  320. 

  321. static void

  322. switch_user(const char *username, uid_t uid, gid_t gid)

  323. {

  324.     // We must change group stuff first, because only root can do that.

  325.     if (setgid(gid) < 0) {

  326.         syslog(LOG_CRIT, "setgid: %s", strerror(errno));

  327.         _exit(EX_OSERR);

  328.     }

  329. 

  330.     // Supplementary groups.

  331.     if (initgroups(username, gid) < 0) {

  332.         syslog(LOG_CRIT, "initgroups: %s", strerror(errno));

  333.         _exit(EX_OSERR);

  334.     }

  335. 

  336.     // Set euid, ruid and suid

  337.     if (setuid(uid) < 0) {

  338.         syslog(LOG_CRIT, "setuid: %s", strerror(errno));

  339.         _exit(EX_OSERR);

  340.     }

  341. }

  342. 

  343. static void

  344. redir_stdio(const char *homedir, const char *display)

  345. {

  346.     int fd;

  347.     size_t hostlen;

  348.     char* hostname = NULL;

  349.     char logfile[PATH_MAX];

  350. 

  351.     fd = open("/dev/null", O_RDONLY);

  352.     if (fd == -1) {

  353.         syslog(LOG_CRIT, "Failure redirecting stdin: open: %s", strerror(errno));

  354.         _exit(EX_OSERR);

  355.     }

  356.     if (dup2(fd, 0) == -1) {

  357.         syslog(LOG_CRIT, "Failure redirecting stdin: dup2: %s", strerror(errno));

  358.         _exit(EX_OSERR);

  359.     }

  360.     close(fd);

  361. 

  362.     snprintf(logfile, sizeof(logfile), "%s/.vnc", homedir);

  363.     if (mkdir(logfile, 0755) == -1) {

  364.         if (errno != EEXIST) {

  365.             syslog(LOG_CRIT, "Failure creating \"%s\": %s", logfile, strerror(errno));

  366.             _exit(EX_OSERR);

  367.         }

  368. 

  369. #ifdef HAVE_SELINUX

  370.         int result;

  371.         if (selinux_file_context_verify(logfile, 0) == 0) {

  372.             result = selinux_restorecon(logfile, SELINUX_RESTORECON_RECURSE);

  373. 

  374.             if (result < 0) {

  375.                 syslog(LOG_WARNING, "Failure restoring SELinux context for \"%s\": %s", logfile, strerror(errno));

  376.             }

  377.         }

  378. #endif

  379.     }

  380. 

  381.     hostlen = sysconf(_SC_HOST_NAME_MAX);

  382.     if (hostlen < 0) {

  383.       syslog(LOG_CRIT, "sysconf(_SC_HOST_NAME_MAX): %s", strerror(errno));

  384.       _exit(EX_OSERR);

  385.     }

  386.     hostname = malloc(hostlen + 1);

  387.     if (gethostname(hostname, hostlen + 1) == -1) {

  388.         syslog(LOG_CRIT, "gethostname: %s", strerror(errno));

  389.         free(hostname);

  390.         _exit(EX_OSERR);

  391.     }

  392. 

  393.     snprintf(logfile, sizeof(logfile), "%s/.vnc/%s%s.log",

  394.              homedir, hostname, display);

  395.     free(hostname);

  396.     fd = open(logfile, O_CREAT | O_WRONLY | O_TRUNC, 0644);

  397.     if (fd == -1) {

  398.         syslog(LOG_CRIT, "Failure creating log file \"%s\": %s", logfile, strerror(errno));

  399.         _exit(EX_OSERR);

  400.     }

  401.     if ((dup2(fd, 1) == -1) || (dup2(fd, 2) == -1)) {

  402.         syslog(LOG_CRIT, "Failure redirecting stdout or stderr: %s", strerror(errno));

  403.         _exit(EX_OSERR);

  404.     }

  405.     close(fd);

  406. }

  407. 

  408. static void

  409. close_fds(void)

  410. {

  411.     DIR *dir;

  412.     struct dirent *entry;

  413. 

  414.     dir = opendir("/proc/self/fd");

  415.     if (dir == NULL) {

  416.         syslog(LOG_CRIT, "opendir: %s", strerror(errno));

  417.         _exit(EX_OSERR);

  418.     }

  419. 

  420.     while ((entry = readdir(dir)) != NULL) {

  421.         int fd;

  422.         fd = atoi(entry->d_name);

  423.         if (fd < 3)

  424.             continue;

  425.         close(fd);

  426.     }

  427. 

  428.     closedir(dir);

  429. }

  430. 

  431. static pid_t

  432. run_script(const char *username, const char *display, char **envp)

  433. {

  434.     struct passwd *pwent;

  435.     pid_t pid;

  436.     const char *child_argv[3];

  437. 

  438.     pwent = getpwnam(username);

  439.     if (pwent == NULL) {

  440.         syslog(LOG_CRIT, "getpwnam: %s", strerror(errno));

  441.         return -1;

  442.     }

  443. 

  444.     pid = fork();

  445.     if (pid < 0) {

  446.         syslog(LOG_CRIT, "fork: %s", strerror(errno));

  447.         return pid;

  448.     }

  449. 

  450.     /* two processes now */

  451. 

  452.     if (pid > 0)

  453.         return pid;

  454. 

  455.     /* child */

  456. 

  457.     switch_user(pwent->pw_name, pwent->pw_uid, pwent->pw_gid);

  458. 

  459.     if (chdir(pwent->pw_dir) == -1)

  460.         chdir("/");

  461. 

  462.     close_fds();

  463. 

  464.     redir_stdio(pwent->pw_dir, display);

  465. 

  466.     // execvpe() is not POSIX and is missing from older glibc

  467.     // First clear out everything

  468.     while ((environ != NULL) && (*environ != NULL)) {

  469.         char *var, *eq;

  470.         var = strdup(*environ);

  471.         eq = strchr(var, '=');

  472.         if (eq)

  473.             *eq = '\0';

  474.         unsetenv(var);

  475.         free(var);

  476.     }

  477. 

  478.     // Then copy over the desired environment

  479.     for (; *envp != NULL; envp++)

  480.         putenv(*envp);

  481. 

  482.     // Set up some basic environment for the script

  483.     setenv("HOME", pwent->pw_dir, 1);

  484.     setenv("SHELL", pwent->pw_shell, 1);

  485.     setenv("LOGNAME", pwent->pw_name, 1);

  486.     setenv("USER", pwent->pw_name, 1);

  487.     setenv("USERNAME", pwent->pw_name, 1);

  488. 

  489.     child_argv[0] = CMAKE_INSTALL_FULL_LIBEXECDIR "/vncserver";

  490.     child_argv[1] = display;

  491.     child_argv[2] = NULL;

  492. 

  493.     execvp(child_argv[0], (char*const*)child_argv);

  494. 

  495.     // execvp failed

  496.     syslog(LOG_CRIT, "execvp: %s", strerror(errno));

  497. 

  498.     _exit(EX_OSERR);

  499. }

  500. 

  501. int

  502. main(int argc, char **argv)

  503. {

  504.     char pid_file[PATH_MAX];

  505.     FILE *f;

  506. 

  507.     const char *username, *display;

  508. 

  509.     if ((argc != 3) || (argv[2][0] != ':')) {

  510.         fprintf(stderr, "Syntax:\n");

  511.         fprintf(stderr, "    %s <username> <display>\n", argv[0]);

  512.         return EX_USAGE;

  513.     }

  514. 

  515.     username = argv[1];

  516.     display = argv[2];

  517. 

  518.     if (geteuid() != 0) {

  519.         fprintf(stderr, "This program needs to be run as root!\n");

  520.         return EX_USAGE;

  521.     }

  522. 

  523.     if (getpwnam(username) == NULL) {

  524.         if (errno == 0)

  525.           fprintf(stderr, "User \"%s\" does not exist\n", username);

  526.         else

  527.           fprintf(stderr, "Cannot look up user \"%s\": %s\n",

  528.                   username, strerror(errno));

  529.         return EX_OSERR;

  530.     }

  531. 

  532.     if (begin_daemon() == -1)

  533.         return EX_OSERR;

  534. 

  535.     openlog("vncsession", LOG_PID, LOG_AUTH);

  536. 

  537.     /* Indicate that this is a graphical user session. We need to do

  538.        this here before PAM as pam_systemd.so looks at these. */

  539.     if ((putenv("XDG_SESSION_CLASS=user") < 0) ||

  540.         (putenv("XDG_SESSION_TYPE=x11") < 0)) {

  541.         syslog(LOG_CRIT, "putenv: %s", strerror(errno));

  542.         return EX_OSERR;

  543.     }

  544. 

  545.     /* Init PAM */

  546.     int pamret;

  547.     pam_handle_t *pamh = run_pam(&pamret, username, display);

  548.     if (!pamh) {

  549.         return EX_OSERR;

  550.     }

  551.     if (pamret != PAM_SUCCESS) {

  552.         stop_pam(pamh, pamret);

  553.         return EX_OSERR;

  554.     }

  555. 

  556.     char **child_env;

  557.     child_env = prepare_environ(pamh);

  558.     if (child_env == NULL) {

  559.         syslog(LOG_CRIT, "Failure creating child process environment");

  560.         stop_pam(pamh, pamret);

  561.         return EX_OSERR;

  562.     }

  563. 

  564.     setup_signals();

  565. 

  566.     script = run_script(username, display, child_env);

  567.     if (script == -1) {

  568.         syslog(LOG_CRIT, "Failure starting vncserver script");

  569.         stop_pam(pamh, pamret);

  570.         return EX_OSERR;

  571.     }

  572. 

  573.     snprintf(pid_file, sizeof(pid_file),

  574.              "/run/vncsession-%s.pid", display);

  575.     f = fopen(pid_file, "w");

  576.     if (f == NULL) {

  577.         syslog(LOG_ERR, "Failure creating pid file \"%s\": %s",

  578.                pid_file, strerror(errno));

  579.     } else {

  580.         fprintf(f, "%ld\n", (long)getpid());

  581.         fclose(f);

  582.     }

  583. 

  584.     finish_daemon();

  585. 

  586.     while (1) {

  587.         int status;

  588.         pid_t gotpid = waitpid(script, &status, 0);

  589.         if (gotpid < 0) {

  590.             if (errno != EINTR) {

  591.                 syslog(LOG_CRIT, "waitpid: %s", strerror(errno));

  592.                 exit(EXIT_FAILURE);

  593.             }

  594.             continue;

  595.         }

  596.         if (WIFEXITED(status)) {

  597.             if (WEXITSTATUS(status) != 0) {

  598.                 syslog(LOG_WARNING,

  599.                         "vncsession: vncserver exited with status=%d",

  600.                         WEXITSTATUS(status));

  601.             }

  602.             break;

  603.         }

  604.         else if (WIFSIGNALED(status)) {

  605.             syslog(LOG_WARNING,

  606.                     "vncsession: vncserver was terminated by signal %d",

  607.                     WTERMSIG(status));

  608.             break;

  609.         }

  610.     }

  611. 

  612.     unlink(pid_file);

  613. 

  614.     stop_pam(pamh, pamret);

  615. 

  616.     return 0;

  617. }