refactor: Refactor PAM authenticate module

REUSE.toml

@@ -69,7 +69,7 @@ SPDX-FileCopyrightText = "None"
 SPDX-License-Identifier = "GPL-2.0-or-later"
 
 [[annotations]]
-path = ["releng/prepare-relnotes", "src/auth/Auth.cpp", "src/auth/Auth.h", "src/auth/AuthMessages.h", "src/auth/AuthPrompt.cpp", "src/auth/AuthPrompt.h", "src/auth/AuthRequest.cpp", "src/auth/AuthRequest.h", "src/common/ConfigReader.cpp", "src/common/ConfigReader.h", "src/common/Configuration.cpp", "src/common/Configuration.h", "src/common/MessageHandler.h", "src/common/Messages.h", "src/common/SafeDataStream.cpp", "src/common/SafeDataStream.h", "src/common/Session.cpp", "src/common/Session.h", "src/common/SignalHandler.cpp", "src/common/SignalHandler.h", "src/common/SocketWriter.cpp", "src/common/SocketWriter.h", "src/common/ThemeConfig.cpp", "src/common/ThemeConfig.h", "src/common/ThemeMetadata.cpp", "src/common/ThemeMetadata.h", "src/common/VirtualTerminal.cpp", "src/common/VirtualTerminal.h", "src/common/XAuth.cpp", "src/common/XAuth.h", "src/daemon/DaemonApp.cpp", "src/daemon/DaemonApp.h", "src/daemon/Display.cpp", "src/daemon/Display.h", "src/daemon/DisplayManager.cpp", "src/daemon/DisplayManager.h", "src/daemon/DisplayServer.cpp", "src/daemon/DisplayServer.h", "src/daemon/Greeter.cpp", "src/daemon/Greeter.h", "src/daemon/PowerManager.cpp", "src/daemon/PowerManager.h", "src/daemon/Seat.cpp", "src/daemon/Seat.h", "src/daemon/SeatManager.cpp", "src/daemon/SeatManager.h", "src/daemon/SocketServer.cpp", "src/daemon/SocketServer.h", "src/daemon/TreelandConnector.cpp", "src/daemon/TreelandConnector.h", "src/daemon/Utils.h", "src/daemon/WaylandDisplayServer.cpp", "src/daemon/WaylandDisplayServer.h", "src/daemon/XorgDisplayServer.cpp", "src/daemon/XorgDisplayServer.h", "src/daemon/XorgUserDisplayServer.cpp", "src/daemon/XorgUserDisplayServer.h", "src/greeter/GreeterApp.h", "src/greeter/GreeterProxy.cpp", "src/greeter/GreeterProxy.h", "src/greeter/SessionModel.cpp", "src/greeter/SessionModel.h", "src/greeter/UserModel.cpp", "src/greeter/UserModel.h", "src/helper/Backend.cpp", "src/helper/Backend.h", "src/helper/HelperApp.cpp", "src/helper/HelperApp.h", "src/helper/HelperStartWayland.cpp", "src/helper/HelperStartX11User.cpp", "src/helper/UserSession.cpp", "src/helper/UserSession.h", "src/helper/backend/PamBackend.cpp", "src/helper/backend/PamBackend.h", "src/helper/backend/PamHandle.cpp", "src/helper/backend/PamHandle.h", "src/helper/waylandhelper.cpp", "src/helper/waylandhelper.h", "src/helper/waylandsocketwatcher.cpp", "src/helper/waylandsocketwatcher.h", "src/helper/xorguserhelper.cpp", "src/helper/xorguserhelper.h", "src/common/LogindDBusTypes.cpp", "src/common/LogindDBusTypes.h", "src/greeter/GreeterApp.cpp"]
+path = ["releng/prepare-relnotes", "src/auth/Auth.cpp", "src/auth/Auth.h", "src/auth/AuthMessages.h", "src/auth/AuthPrompt.cpp", "src/auth/AuthPrompt.h", "src/auth/AuthRequest.cpp", "src/auth/AuthRequest.h", "src/common/ConfigReader.cpp", "src/common/ConfigReader.h", "src/common/Configuration.cpp", "src/common/Configuration.h", "src/common/MessageHandler.h", "src/common/Messages.h", "src/common/SafeDataStream.cpp", "src/common/SafeDataStream.h", "src/common/Session.cpp", "src/common/Session.h", "src/common/SignalHandler.cpp", "src/common/SignalHandler.h", "src/common/SocketWriter.cpp", "src/common/SocketWriter.h", "src/common/ThemeConfig.cpp", "src/common/ThemeConfig.h", "src/common/ThemeMetadata.cpp", "src/common/ThemeMetadata.h", "src/common/VirtualTerminal.cpp", "src/common/VirtualTerminal.h", "src/common/XAuth.cpp", "src/common/XAuth.h", "src/daemon/DaemonApp.cpp", "src/daemon/DaemonApp.h", "src/daemon/Display.cpp", "src/daemon/Display.h", "src/daemon/DisplayManager.cpp", "src/daemon/DisplayManager.h", "src/daemon/DisplayServer.cpp", "src/daemon/DisplayServer.h", "src/daemon/Greeter.cpp", "src/daemon/Greeter.h", "src/daemon/PowerManager.cpp", "src/daemon/PowerManager.h", "src/daemon/Seat.cpp", "src/daemon/Seat.h", "src/daemon/SeatManager.cpp", "src/daemon/SeatManager.h", "src/daemon/SocketServer.cpp", "src/daemon/SocketServer.h", "src/daemon/TreelandConnector.cpp", "src/daemon/TreelandConnector.h", "src/daemon/Utils.h", "src/daemon/WaylandDisplayServer.cpp", "src/daemon/WaylandDisplayServer.h", "src/daemon/XorgDisplayServer.cpp", "src/daemon/XorgDisplayServer.h", "src/daemon/XorgUserDisplayServer.cpp", "src/daemon/XorgUserDisplayServer.h", "src/greeter/GreeterApp.h", "src/greeter/GreeterProxy.cpp", "src/greeter/GreeterProxy.h", "src/greeter/SessionModel.cpp", "src/greeter/SessionModel.h", "src/greeter/UserModel.cpp", "src/greeter/UserModel.h", "src/helper/Pam.cpp", "src/helper/Pam.h", "src/helper/HelperApp.cpp", "src/helper/HelperApp.h", "src/helper/HelperStartWayland.cpp", "src/helper/HelperStartX11User.cpp", "src/helper/UserSession.cpp", "src/helper/UserSession.h", "src/helper/waylandhelper.cpp", "src/helper/waylandhelper.h", "src/helper/waylandsocketwatcher.cpp", "src/helper/waylandsocketwatcher.h", "src/helper/xorguserhelper.cpp", "src/helper/xorguserhelper.h", "src/common/LogindDBusTypes.cpp", "src/common/LogindDBusTypes.h", "src/greeter/GreeterApp.cpp"]
 precedence = "aggregate"
 SPDX-FileCopyrightText = "None"
 SPDX-License-Identifier = "GPL-2.0-or-later"

src/helper/CMakeLists.txt

@@ -5,11 +5,9 @@ include_directories(
 )
 
 set(HELPER_SOURCES
-    Backend.cpp
     HelperApp.cpp
     UserSession.cpp
-    backend/PamHandle.cpp
-    backend/PamBackend.cpp
+    Pam.cpp
 )
 
 add_executable(ddm-helper ${HELPER_SOURCES})

src/helper/HelperApp.cpp

@@ -19,10 +19,10 @@
  */
 
 #include "HelperApp.h"
-#include "Backend.h"
+#include "Pam.h"
 #include "Configuration.h"
 #include "UserSession.h"
 #include "SafeDataStream.h"
 
 #include "MessageHandler.h"
 #include "VirtualTerminal.h"
@@ -46,12 +46,16 @@
 #endif
 #include <utmpx.h>
 #include <QByteArray>
 #include <signal.h>
 
 namespace DDM {
+    static Request passwordRequest{
+        { { AuthPrompt::LOGIN_PASSWORD, QStringLiteral("Password: "), true } }
+    };
+
     HelperApp::HelperApp(int& argc, char** argv)
             : QCoreApplication(argc, argv)
-            , m_backend(Backend::get(this))
+            , m_pam(new Pam(this))
             , m_session(new UserSession(this))
             , m_socket(new QLocalSocket(this)) {
         qInstallMessageHandler(HelperMessageHandler);
@@ -99,6 +103,7 @@
                 return;
             }
             m_user = args[pos + 1];
+            m_pam->user = m_user;
         }
 
         if ((pos = args.indexOf(QStringLiteral("--display-server"))) >= 0) {
@@ -108,19 +113,10 @@
                 return;
             }
             m_session->setDisplayServerCommand(args[pos + 1]);
-            m_backend->setDisplayServer(true);
-        }
-
-        if ((pos = args.indexOf(QStringLiteral("--autologin"))) >= 0) {
-            m_backend->setAutologin(true);
-        }
-
-        if ((pos = args.indexOf(QStringLiteral("--greeter"))) >= 0) {
-            m_backend->setGreeter(true);
         }
 
         if ((pos = args.indexOf(QStringLiteral("--identify-only"))) >= 0) {
-            m_backend->setIdentifyOnly(true);
+            m_identifyOnly = true;
         }
 
         if ((pos = args.indexOf(QStringLiteral("--skip-auth"))) >= 0) {
@@ -134,7 +130,7 @@
         }
 
         connect(m_socket, &QLocalSocket::connected, this, &HelperApp::doAuth);
-        if(!m_backend->identifyOnly()){
+        if(!m_identifyOnly){
             connect(m_session, &UserSession::finished, this, &HelperApp::sessionFinished);
         }
 
@@ -153,7 +149,7 @@
         if (str.status() != QDataStream::Ok)
             qCritical() << "Couldn't write initial message:" << str.status();
 
-        if (!m_backend->start(m_user)) {
+        if (!m_pam->start()) {
             authenticated(QString());
 
             // write failed login to btmp
@@ -167,20 +163,22 @@
         }
 
         Q_ASSERT(getuid() == 0);
-        if (!m_skipAuth && !m_backend->authenticate()) {
-            authenticated(QString());
-
-            // write failed login to btmp
-            const QProcessEnvironment env = m_session->processEnvironment();
-            const QString displayId = env.value(QStringLiteral("DISPLAY"));
-            const QString vt = env.value(QStringLiteral("XDG_VTNR"));
-            utmpLogin(vt, displayId, m_user, 0, false);
-
-            exit(Auth::HELPER_AUTH_ERROR);
-            return;
+        if (!m_skipAuth) {
+            Request req = request(passwordRequest);
+            if (req.prompts.length() <= 0 || !m_pam->authenticate(req.prompts[0].response)) {
+                authenticated(QString());
+
+                // write failed login to btmp
+                const QProcessEnvironment env = m_session->processEnvironment();
+                const QString displayId = env.value(QStringLiteral("DISPLAY"));
+                const QString vt = env.value(QStringLiteral("XDG_VTNR"));
+                utmpLogin(vt, displayId, m_user, 0, false);
+
+                exit(Auth::HELPER_AUTH_ERROR);
+                return;
+            }
         }
 
-        m_user = m_backend->userName();
         QProcessEnvironment env = authenticated(m_user);
 
         if (env.value(QStringLiteral("XDG_SESSION_CLASS")) == QLatin1String("greeter")) {
@@ -200,16 +198,30 @@
             env.insert(m_session->processEnvironment());
             m_session->setProcessEnvironment(env);
 
-            if (!m_backend->openSession()) {
+            auto sessionEnv = m_pam->openSession(env);
+            if (!sessionEnv.has_value()) {
                 sessionOpened(false, 0);
                 exit(Auth::HELPER_SESSION_ERROR);
                 return;
             }
 
-            sessionOpened(true, m_backend->sessionId());
+            env = *sessionEnv;
+            int sessionId = env.value(QStringLiteral("XDG_SESSION_ID")).toInt();
+            sessionOpened(true, sessionId);
+
+            struct passwd *pw;
+            pw = getpwnam(qPrintable(m_user));
+            if (pw) {
+                env.insert(QStringLiteral("HOME"), QString::fromLocal8Bit(pw->pw_dir));
+                env.insert(QStringLiteral("PWD"), QString::fromLocal8Bit(pw->pw_dir));
+                env.insert(QStringLiteral("SHELL"), QString::fromLocal8Bit(pw->pw_shell));
+                env.insert(QStringLiteral("USER"), QString::fromLocal8Bit(pw->pw_name));
+                env.insert(QStringLiteral("LOGNAME"), QString::fromLocal8Bit(pw->pw_name));
+            }
+            m_session->setProcessEnvironment(env);
+            m_session->start();
 
             // write successful login to utmp/wtmp
-            const QProcessEnvironment env = m_session->processEnvironment();
             const QString displayId = env.value(QStringLiteral("DISPLAY"));
             const QString vt = env.value(QStringLiteral("XDG_VTNR"));
             if (env.value(QStringLiteral("XDG_SESSION_CLASS")) != QLatin1String("greeter")) {
@@ -323,8 +335,8 @@
         Q_ASSERT(getuid() == 0);
 
         m_session->stop();
-        if(!m_backend->identifyOnly()){
-            m_backend->closeSession();
+        if(!m_identifyOnly && m_pam->sessionOpened){
+            m_pam->closeSession();
         }
 
         // write logout to utmp/wtmp

src/helper/HelperApp.h

@@ -29,7 +29,7 @@
 class QLocalSocket;
 
 namespace DDM {
-    class Backend;
+    class Pam;
     class UserSession;
     class HelperApp : public QCoreApplication
     {
@@ -61,13 +61,14 @@ namespace DDM {
 
     private:
         qint64 m_id { -1 };
-        Backend *m_backend { nullptr };
+        Pam *m_pam { nullptr };
         UserSession *m_session { nullptr };
         QLocalSocket *m_socket { nullptr };
         QString m_user { };
         // TODO: get rid of this in a nice clean way along the way with moving to user session X server
         QByteArray m_cookie { };
         bool m_skipAuth = false;
+        bool m_identifyOnly = false;
 
         /*!
          \brief Write utmp/wtmp/btmp records when a user logs in