login: new option LOGIN_SESSION_AS_CHILD

Signed-off-by: Ian Wienand <ianw@vmware.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

3 files changed, 61 insertions, 6 deletions

diff --git a/debianutils/run_parts.c b/debianutils/run_parts.c
index 65cbfc338..8f08f6dc6 100644
--- a/debianutils/run_parts.c
+++ b/debianutils/run_parts.c
@@ -66,6 +66,7 @@ struct globals {
 #define names (G.names)
 #define cur   (G.cur  )
 #define cmd   (G.cmd  )
+#define INIT_G() do { } while (0)
 
 enum { NUM_CMD = (COMMON_BUFSIZE - sizeof(G)) / sizeof(cmd[0]) - 1 };
 
@@ -143,6 +144,8 @@ int run_parts_main(int argc UNUSED_PARAM, char **argv)
         unsigned n;
         int ret;
 
+        INIT_G();
+
 #if ENABLE_FEATURE_RUN_PARTS_LONG_OPTIONS
         applet_long_options = runparts_longopts;
 #endif
diff --git a/loginutils/Config.src b/loginutils/Config.src
index 0d7f50cf1..14ce53434 100644
--- a/loginutils/Config.src
+++ b/loginutils/Config.src
@@ -205,6 +205,17 @@ config LOGIN
           Note that Busybox binary must be setuid root for this applet to
           work properly.
 
+config LOGIN_SESSION_AS_CHILD
+        bool "Run logged in session in a child process"
+        default y if PAM
+        depends on LOGIN
+        help
+          Run the logged in session in a child process.  This allows
+          login to clean up things such as utmp entries or PAM sessions
+          when the login session is complete.  If you use PAM, you
+          almost always would want this to be set to Y, else PAM session
+          will not be cleaned up.
+
 config PAM
         bool "Support for PAM (Pluggable Authentication Modules)"
         default n
diff --git a/loginutils/login.c b/loginutils/login.c
index 2f7b9b212..534343129 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -41,8 +41,6 @@ enum {
         TTYNAME_SIZE = 32,
 };
 
-static char* short_tty;
-
 #if ENABLE_FEATURE_NOLOGIN
 static void die_if_nologin(void)
 {
@@ -74,7 +72,7 @@ static void die_if_nologin(void)
 #endif
 
 #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
-static int check_securetty(void)
+static int check_securetty(const char *short_tty)
 {
         char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
         parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
@@ -89,7 +87,7 @@ static int check_securetty(void)
         return buf != NULL;
 }
 #else
-static ALWAYS_INLINE int check_securetty(void) { return 1; }
+static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
 
 #if ENABLE_SELINUX
@@ -142,6 +140,29 @@ static void run_login_script(struct passwd *pw, char *full_tty)
 void run_login_script(struct passwd *pw, char *full_tty);
 #endif
 
+#if ENABLE_LOGIN_SESSION_AS_CHILD && ENABLE_PAM
+static void login_pam_end(pam_handle_t *pamh)
+{
+        int pamret;
+
+        pamret = pam_setcred(pamh, PAM_DELETE_CRED);
+        if (pamret != PAM_SUCCESS) {
+                bb_error_msg("pam_%s failed: %s (%d)", "setcred",
+                        pam_strerror(pamh, pamret), pamret);
+        }
+        pamret = pam_close_session(pamh, 0);
+        if (pamret != PAM_SUCCESS) {
+                bb_error_msg("pam_%s failed: %s (%d)", "close_session",
+                        pam_strerror(pamh, pamret), pamret);
+        }
+        pamret = pam_end(pamh, pamret);
+        if (pamret != PAM_SUCCESS) {
+                bb_error_msg("pam_%s failed: %s (%d)", "end",
+                        pam_strerror(pamh, pamret), pamret);
+        }
+}
+#endif /* ENABLE_PAM */
+
 static void get_username_or_die(char *buf, int size_buf)
 {
         int c, cntdown;
@@ -214,6 +235,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
         char *opt_host = NULL;
         char *opt_user = opt_user; /* for compiler */
         char *full_tty;
+        char *short_tty;
         IF_SELINUX(security_context_t user_sid = NULL;)
 #if ENABLE_PAM
         int pamret;
@@ -224,6 +246,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
         char pwdbuf[256];
         char **pamenv;
 #endif
+#if ENABLE_LOGIN_SESSION_AS_CHILD
+        pid_t child_pid;
+#endif
 
         username[0] = '\0';
         signal(SIGALRM, alarm_handler);
@@ -359,7 +384,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                 if (opt & LOGIN_OPT_f)
                         break; /* -f USER: success without asking passwd */
 
-                if (pw->pw_uid == 0 && !check_securetty())
+                if (pw->pw_uid == 0 && !check_securetty(short_tty))
                         goto auth_failed;
 
                 /* Don't check the password if password entry is empty (!) */
@@ -393,7 +418,23 @@ int login_main(int argc UNUSED_PARAM, char **argv)
         if (pw->pw_uid != 0)
                 die_if_nologin();
 
-        IF_SELINUX(initselinux(username, full_tty, &user_sid));
+
+#if ENABLE_LOGIN_SESSION_AS_CHILD
+        child_pid = vfork();
+        if (child_pid != 0) {
+                if (child_pid < 0)
+                        bb_perror_msg("vfork");
+                else {
+                        if (safe_waitpid(child_pid, NULL, 0) == -1)
+                                bb_perror_msg("waitpid");
+                        update_utmp(child_pid, DEAD_PROCESS, NULL, NULL, NULL);
+                }
+                IF_PAM(login_pam_end(pamh);)
+                return 0;
+        }
+#endif
+
+        IF_SELINUX(initselinux(username, full_tty, &user_sid);)
 
         /* Try these, but don't complain if they fail.
          * _f_chown is safe wrt race t=ttyname(0);...;chown(t); */