2 * Copyright (C) 2010-2011 Robert Ancell.
3 * Author: Robert Ancell <robert.ancell@canonical.com>
5 * This program is free software: you can redistribute it and/or modify it under
6 * the terms of the GNU General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option) any later
8 * version. See http://www.gnu.org/copyleft/gpl.html the full text of the
19 #include "ldm-marshal.h"
20 #include "guest-account.h"
26 static guint signals[LAST_SIGNAL] = { 0 };
30 /* Session running on */
33 /* Buffer for data read from greeter */
37 /* Hints for the greeter */
40 /* Default session to use */
41 gchar *default_session;
43 /* Sequence number of current PAM session */
44 guint32 authentication_sequence_number;
46 /* PAM session being constructed by the greeter */
47 PAMSession *pam_session;
49 /* TRUE if logging into guest session */
50 gboolean using_guest_account;
52 /* Communication channels to communicate with */
53 GIOChannel *to_greeter_channel;
54 GIOChannel *from_greeter_channel;
57 G_DEFINE_TYPE (Greeter, greeter, G_TYPE_OBJECT);
59 /* Messages from the greeter to the server */
62 GREETER_MESSAGE_CONNECT = 0,
63 GREETER_MESSAGE_AUTHENTICATE,
64 GREETER_MESSAGE_AUTHENTICATE_AS_GUEST,
65 GREETER_MESSAGE_CONTINUE_AUTHENTICATION,
66 GREETER_MESSAGE_START_SESSION,
67 GREETER_MESSAGE_CANCEL_AUTHENTICATION
70 /* Messages from the server to the greeter */
73 SERVER_MESSAGE_CONNECTED = 0,
75 SERVER_MESSAGE_PROMPT_AUTHENTICATION,
76 SERVER_MESSAGE_END_AUTHENTICATION,
77 SERVER_MESSAGE_SESSION_FAILED,
81 greeter_new (Session *session)
83 Greeter *greeter = g_object_new (GREETER_TYPE, NULL);
85 greeter->priv->session = g_object_ref (session);
91 greeter_set_hint (Greeter *greeter, const gchar *name, const gchar *value)
93 g_hash_table_insert (greeter->priv->hints, g_strdup (name), g_strdup (value));
102 #define HEADER_SIZE (sizeof (guint32) * 2)
103 #define MAX_MESSAGE_LENGTH 1024
106 write_message (Greeter *greeter, guint8 *message, gsize message_length)
108 GError *error = NULL;
109 if (g_io_channel_write_chars (greeter->priv->to_greeter_channel, (gchar *) message, message_length, NULL, &error) != G_IO_STATUS_NORMAL)
110 g_warning ("Error writing to greeter: %s", error->message);
112 g_debug ("Wrote %zi bytes to greeter", message_length);
113 g_clear_error (&error);
114 g_io_channel_flush (greeter->priv->to_greeter_channel, NULL);
118 write_int (guint8 *buffer, gint buffer_length, guint32 value, gsize *offset)
120 if (*offset + 4 >= buffer_length)
122 buffer[*offset] = value >> 24;
123 buffer[*offset+1] = (value >> 16) & 0xFF;
124 buffer[*offset+2] = (value >> 8) & 0xFF;
125 buffer[*offset+3] = value & 0xFF;
130 write_string (guint8 *buffer, gint buffer_length, const gchar *value, gsize *offset)
135 length = strlen (value);
138 write_int (buffer, buffer_length, length, offset);
139 if (*offset + length >= buffer_length)
143 memcpy (buffer + *offset, value, length);
149 write_header (guint8 *buffer, gint buffer_length, guint32 id, guint32 length, gsize *offset)
151 write_int (buffer, buffer_length, id, offset);
152 write_int (buffer, buffer_length, length, offset);
156 string_length (const gchar *value)
159 return int_length ();
161 return int_length () + strlen (value);
165 handle_connect (Greeter *greeter, const gchar *version)
167 guint8 message[MAX_MESSAGE_LENGTH];
173 g_debug ("Greeter connected version=%s", version);
175 length = string_length (VERSION);
176 g_hash_table_iter_init (&iter, greeter->priv->hints);
177 while (g_hash_table_iter_next (&iter, &key, &value))
178 length += string_length (key) + string_length (value);
180 write_header (message, MAX_MESSAGE_LENGTH, SERVER_MESSAGE_CONNECTED, length, &offset);
181 write_string (message, MAX_MESSAGE_LENGTH, VERSION, &offset);
182 g_hash_table_iter_init (&iter, greeter->priv->hints);
183 while (g_hash_table_iter_next (&iter, &key, &value))
185 write_string (message, MAX_MESSAGE_LENGTH, key, &offset);
186 write_string (message, MAX_MESSAGE_LENGTH, value, &offset);
188 write_message (greeter, message, offset);
192 pam_messages_cb (PAMSession *session, int num_msg, const struct pam_message **msg, Greeter *greeter)
196 guint8 message[MAX_MESSAGE_LENGTH];
199 /* Respond to d-bus query with messages */
200 g_debug ("Prompt greeter with %d message(s)", num_msg);
201 size = int_length () + int_length ();
202 for (i = 0; i < num_msg; i++)
204 g_debug ("%s", msg[i]->msg);
205 size += int_length () + string_length (msg[i]->msg);
208 write_header (message, MAX_MESSAGE_LENGTH, SERVER_MESSAGE_PROMPT_AUTHENTICATION, size, &offset);
209 write_int (message, MAX_MESSAGE_LENGTH, greeter->priv->authentication_sequence_number, &offset);
210 write_int (message, MAX_MESSAGE_LENGTH, num_msg, &offset);
211 for (i = 0; i < num_msg; i++)
213 write_int (message, MAX_MESSAGE_LENGTH, msg[i]->msg_style, &offset);
214 write_string (message, MAX_MESSAGE_LENGTH, msg[i]->msg, &offset);
216 write_message (greeter, message, offset);
220 send_end_authentication (Greeter *greeter, guint32 sequence_number, int result)
222 guint8 message[MAX_MESSAGE_LENGTH];
225 write_header (message, MAX_MESSAGE_LENGTH, SERVER_MESSAGE_END_AUTHENTICATION, int_length () + int_length (), &offset);
226 write_int (message, MAX_MESSAGE_LENGTH, sequence_number, &offset);
227 write_int (message, MAX_MESSAGE_LENGTH, result, &offset);
228 write_message (greeter, message, offset);
232 authentication_result_cb (PAMSession *session, int result, Greeter *greeter)
234 g_debug ("Authenticate result for user %s: %s", pam_session_get_username (greeter->priv->pam_session), pam_session_strerror (greeter->priv->pam_session, result));
236 if (result == PAM_SUCCESS)
238 g_debug ("User %s authorized", pam_session_get_username (session));
239 pam_session_authorize (session);
242 send_end_authentication (greeter, greeter->priv->authentication_sequence_number, result);
246 reset_session (Greeter *greeter)
248 if (greeter->priv->pam_session == NULL)
251 g_signal_handlers_disconnect_matched (greeter->priv->pam_session, G_SIGNAL_MATCH_DATA, 0, 0, NULL, NULL, greeter);
252 pam_session_end (greeter->priv->pam_session);
253 g_object_unref (greeter->priv->pam_session);
255 greeter->priv->using_guest_account = FALSE;
259 handle_login (Greeter *greeter, guint32 sequence_number, const gchar *username)
261 GError *error = NULL;
263 if (username[0] == '\0')
265 g_debug ("Greeter start authentication");
269 g_debug ("Greeter start authentication for %s", username);
271 reset_session (greeter);
273 greeter->priv->pam_session = pam_session_new ("lightdm"/*FIXMEgreeter->priv->pam_service*/, username);
274 greeter->priv->authentication_sequence_number = sequence_number;
276 g_signal_connect (G_OBJECT (greeter->priv->pam_session), "got-messages", G_CALLBACK (pam_messages_cb), greeter);
277 g_signal_connect (G_OBJECT (greeter->priv->pam_session), "authentication-result", G_CALLBACK (authentication_result_cb), greeter);
279 if (!pam_session_start (greeter->priv->pam_session, &error))
281 g_warning ("Failed to start authentication: %s", error->message);
282 send_end_authentication (greeter, sequence_number, PAM_SYSTEM_ERR);
284 g_clear_error (&error);
288 handle_login_as_guest (Greeter *greeter, guint32 sequence_number)
290 g_debug ("Greeter start authentication for guest account");
292 reset_session (greeter);
294 if (!guest_account_get_is_enabled ())
296 g_debug ("Guest account is disabled");
297 send_end_authentication (greeter, sequence_number, PAM_USER_UNKNOWN);
301 greeter->priv->using_guest_account = TRUE;
302 greeter->priv->pam_session = pam_session_new ("lightdm-autologin" /*FIXME*/, guest_account_get_username ());
303 pam_session_authorize (greeter->priv->pam_session);
304 send_end_authentication (greeter, sequence_number, PAM_SUCCESS);
308 handle_continue_authentication (Greeter *greeter, gchar **secrets)
311 const struct pam_message **messages;
312 struct pam_response *response;
313 int i, j, n_secrets = 0;
315 /* Not in authorization */
316 if (greeter->priv->pam_session == NULL)
319 num_messages = pam_session_get_num_messages (greeter->priv->pam_session);
320 messages = pam_session_get_messages (greeter->priv->pam_session);
322 /* Check correct number of responses */
323 for (i = 0; i < num_messages; i++)
325 int msg_style = messages[i]->msg_style;
326 if (msg_style == PAM_PROMPT_ECHO_OFF || msg_style == PAM_PROMPT_ECHO_ON)
329 if (g_strv_length (secrets) != n_secrets)
331 pam_session_end (greeter->priv->pam_session);
335 g_debug ("Continue authentication");
338 response = calloc (num_messages, sizeof (struct pam_response));
339 for (i = 0, j = 0; i < num_messages; i++)
341 int msg_style = messages[i]->msg_style;
342 if (msg_style == PAM_PROMPT_ECHO_OFF || msg_style == PAM_PROMPT_ECHO_ON)
344 response[i].resp = strdup (secrets[j]); // FIXME: Need to convert from UTF-8
349 pam_session_respond (greeter->priv->pam_session, response);
353 handle_cancel_authentication (Greeter *greeter)
355 /* Not in authorization */
356 if (greeter->priv->pam_session == NULL)
359 g_debug ("Cancel authentication");
361 pam_session_cancel (greeter->priv->pam_session);
365 handle_start_session (Greeter *greeter, gchar *session)
369 if (strcmp (session, "") == 0)
372 g_signal_emit (greeter, signals[START_SESSION], 0, session, greeter->priv->using_guest_account, &result);
376 guint8 message[MAX_MESSAGE_LENGTH];
379 write_header (message, MAX_MESSAGE_LENGTH, SERVER_MESSAGE_SESSION_FAILED, 0, &offset);
380 write_message (greeter, message, offset);
385 read_int (Greeter *greeter, gsize *offset)
389 if (greeter->priv->n_read - *offset < sizeof (guint32))
391 g_warning ("Not enough space for int, need %zu, got %zu", sizeof (guint32), greeter->priv->n_read - *offset);
394 buffer = greeter->priv->read_buffer + *offset;
395 value = buffer[0] << 24 | buffer[1] << 16 | buffer[2] << 8 | buffer[3];
396 *offset += int_length ();
401 read_string (Greeter *greeter, gsize *offset)
406 length = read_int (greeter, offset);
407 if (greeter->priv->n_read - *offset < length)
409 g_warning ("Not enough space for string, need %u, got %zu", length, greeter->priv->n_read - *offset);
410 return g_strdup ("");
413 value = g_malloc (sizeof (gchar *) * (length + 1));
414 memcpy (value, greeter->priv->read_buffer + *offset, length);
415 value[length] = '\0';
422 read_cb (GIOChannel *source, GIOCondition condition, gpointer data)
424 Greeter *greeter = data;
425 gsize n_to_read, n_read, offset;
427 int id, n_secrets, i;
428 guint32 sequence_number;
429 gchar *version, *username, *session_name;
431 GError *error = NULL;
433 if (condition == G_IO_HUP)
435 g_debug ("Greeter closed communication channel");
439 n_to_read = HEADER_SIZE;
440 if (greeter->priv->n_read >= HEADER_SIZE)
442 offset = int_length ();
443 n_to_read += read_int (greeter, &offset);
446 status = g_io_channel_read_chars (greeter->priv->from_greeter_channel,
447 (gchar *) greeter->priv->read_buffer + greeter->priv->n_read,
448 n_to_read - greeter->priv->n_read,
451 if (status != G_IO_STATUS_NORMAL)
452 g_warning ("Error reading from greeter: %s", error->message);
453 g_clear_error (&error);
454 if (status != G_IO_STATUS_NORMAL)
457 g_debug ("Read %zi bytes from greeter", n_read);
458 /*for (i = 0; i < n_read; i++)
459 g_print ("%02X ", greeter->priv->read_buffer[greeter->priv->n_read+i]);
462 greeter->priv->n_read += n_read;
463 if (greeter->priv->n_read != n_to_read)
466 /* If have header, rerun for content */
467 if (greeter->priv->n_read == HEADER_SIZE)
469 n_to_read = ((guint32 *) greeter->priv->read_buffer)[1];
472 greeter->priv->read_buffer = g_realloc (greeter->priv->read_buffer, HEADER_SIZE + n_to_read);
473 read_cb (source, condition, greeter);
479 id = read_int (greeter, &offset);
480 read_int (greeter, &offset);
483 case GREETER_MESSAGE_CONNECT:
484 version = read_string (greeter, &offset);
485 handle_connect (greeter, version);
488 case GREETER_MESSAGE_AUTHENTICATE:
489 sequence_number = read_int (greeter, &offset);
490 username = read_string (greeter, &offset);
491 handle_login (greeter, sequence_number, username);
494 case GREETER_MESSAGE_AUTHENTICATE_AS_GUEST:
495 sequence_number = read_int (greeter, &offset);
496 handle_login_as_guest (greeter, sequence_number);
498 case GREETER_MESSAGE_CONTINUE_AUTHENTICATION:
499 n_secrets = read_int (greeter, &offset);
500 secrets = g_malloc (sizeof (gchar *) * (n_secrets + 1));
501 for (i = 0; i < n_secrets; i++)
502 secrets[i] = read_string (greeter, &offset);
504 handle_continue_authentication (greeter, secrets);
505 g_strfreev (secrets);
507 case GREETER_MESSAGE_CANCEL_AUTHENTICATION:
508 handle_cancel_authentication (greeter);
510 case GREETER_MESSAGE_START_SESSION:
511 session_name = read_string (greeter, &offset);
512 handle_start_session (greeter, session_name);
513 g_free (session_name);
516 g_warning ("Unknown message from greeter: %d", id);
520 greeter->priv->n_read = 0;
526 greeter_start (Greeter *greeter)
528 int to_greeter_pipe[2], from_greeter_pipe[2];
532 if (pipe (to_greeter_pipe) != 0 ||
533 pipe (from_greeter_pipe) != 0)
535 g_warning ("Failed to create pipes: %s", strerror (errno));
539 greeter->priv->to_greeter_channel = g_io_channel_unix_new (to_greeter_pipe[1]);
540 g_io_channel_set_encoding (greeter->priv->to_greeter_channel, NULL, NULL);
541 greeter->priv->from_greeter_channel = g_io_channel_unix_new (from_greeter_pipe[0]);
542 g_io_channel_set_encoding (greeter->priv->from_greeter_channel, NULL, NULL);
543 g_io_channel_set_buffered (greeter->priv->from_greeter_channel, FALSE);
544 g_io_add_watch (greeter->priv->from_greeter_channel, G_IO_IN | G_IO_HUP, read_cb, greeter);
546 fd = from_greeter_pipe[1];
547 value = g_strdup_printf ("%d", fd);
548 process_set_env (PROCESS (greeter->priv->session), "LIGHTDM_TO_SERVER_FD", value);
551 fd = to_greeter_pipe[0];
552 value = g_strdup_printf ("%d", fd);
553 process_set_env (PROCESS (greeter->priv->session), "LIGHTDM_FROM_SERVER_FD", value);
560 greeter_get_pam_session (Greeter *greeter)
562 g_return_val_if_fail (greeter != NULL, NULL);
563 return greeter->priv->pam_session;
567 greeter_quit (Greeter *greeter)
569 guint8 message[MAX_MESSAGE_LENGTH];
572 g_return_if_fail (greeter != NULL);
574 write_header (message, MAX_MESSAGE_LENGTH, SERVER_MESSAGE_QUIT, 0, &offset);
575 write_message (greeter, message, offset);
579 greeter_init (Greeter *greeter)
581 greeter->priv = G_TYPE_INSTANCE_GET_PRIVATE (greeter, GREETER_TYPE, GreeterPrivate);
582 greeter->priv->read_buffer = g_malloc (HEADER_SIZE);
583 greeter->priv->hints = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
587 greeter_finalize (GObject *object)
591 self = GREETER (object);
593 g_object_unref (self->priv->session);
594 g_hash_table_unref (self->priv->hints);
595 g_free (self->priv->read_buffer);
596 if (self->priv->to_greeter_channel)
597 g_io_channel_unref (self->priv->to_greeter_channel);
598 if (self->priv->from_greeter_channel)
599 g_io_channel_unref (self->priv->from_greeter_channel);
601 G_OBJECT_CLASS (greeter_parent_class)->finalize (object);
605 greeter_class_init (GreeterClass *klass)
607 GObjectClass *object_class = G_OBJECT_CLASS (klass);
609 object_class->finalize = greeter_finalize;
611 signals[START_SESSION] =
612 g_signal_new ("start-session",
613 G_TYPE_FROM_CLASS (klass),
615 G_STRUCT_OFFSET (GreeterClass, start_session),
617 ldm_marshal_BOOLEAN__STRING_BOOLEAN,
618 G_TYPE_BOOLEAN, 2, G_TYPE_STRING, G_TYPE_BOOLEAN);
620 g_type_class_add_private (klass, sizeof (GreeterPrivate));