pax_global_header00006660000000000000000000000064144171371230014515gustar00rootroot0000000000000052 comment=90fec177c6e0bf28c7280b3236fd6002c62a6551 vorlonofportland-pam_session_timelimit-90fec17/000077500000000000000000000000001441713712300221405ustar00rootroot00000000000000vorlonofportland-pam_session_timelimit-90fec17/LICENSE000066400000000000000000000167431441713712300231600ustar00rootroot00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library. vorlonofportland-pam_session_timelimit-90fec17/Makefile.am000066400000000000000000000021321441713712300241720ustar00rootroot00000000000000# # Copyright (c) 2023 Steve Langasek # # pam_session_timelimit is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 3 of the # License, or (at your option) any later version. # # pam_session_timelimit is distributed in the hope that it will be # useful, but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . SUBDIRS = . tests doc ACLOCAL_AMFLAGS = -I m4 AM_LDFLAGS = -no-undefined -avoid-version -module dist_config_DATA = time_limits.conf pamdir = @pamdir@ pam_LTLIBRARIES = pam_session_timelimit.la pam_session_timelimit_la_SOURCES = pam_session_timelimit.c \ time-util.c \ time-util.h pam_session_timelimit_la_LIBADD = -lpam vorlonofportland-pam_session_timelimit-90fec17/README.md000066400000000000000000000001471441713712300234210ustar00rootroot00000000000000# pam_session_timelimit PAM module to permit configuring time limits for user sessions via pam_systemd vorlonofportland-pam_session_timelimit-90fec17/configure.ac000066400000000000000000000040641441713712300244320ustar00rootroot00000000000000# # Copyright (c) 2023 Steve Langasek # # pam_session_timelimit is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 3 of the # License, or (at your option) any later version. # # pam_session_timelimit is distributed in the hope that it will be # useful, but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . AC_PREREQ(2.63) AC_INIT([pam_session_timelimit], [0.1], [https://github.com/vorlonofportland/pam_session_timelimit/issues]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST AM_INIT_AUTOMAKE([foreign]) LT_INIT([disable-static]) AC_ENABLE_STATIC([no]) AC_ENABLE_SHARED([yes]) AC_SYS_LARGEFILE if [[ "$ac_cv_sys_file_offset_bits" = yes ]]; then AC_DEFINE([_TIME_BITS], [64], [Number of bits in a timestamp, on hosts where this is settable.]) fi AC_ARG_WITH( [pam-dir], AS_HELP_STRING([--with-pam-dir], [Directory where to install the module (defaults to ${libdir}/security]), [pamdir=$withval], [pamdir="${libdir}/security"]) AC_SUBST(pamdir) AC_ARG_WITH( [config-dir], AS_HELP_STRING([--with-config-dir], [Directory to use for the config file (defaults to ${sysconfdirdir}/security)]), [configdir=$withval], [configdir="${sysconfdir}/security"]) AC_SUBST(configdir) AC_PATH_PROG([XSLTPROC], [xsltproc]) AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true]) AC_DEFINE_UNQUOTED(CONFIGDIR, "$configdir", [Define to the directory used for the config file]) AC_DEFINE_UNQUOTED(LOCALSTATEDIR, "$localstatedir", [Define to the directory used for the config file]) AC_CONFIG_FILES([Makefile tests/Makefile doc/Makefile]) AC_OUTPUT vorlonofportland-pam_session_timelimit-90fec17/doc/000077500000000000000000000000001441713712300227055ustar00rootroot00000000000000vorlonofportland-pam_session_timelimit-90fec17/doc/Makefile.am000066400000000000000000000004241441713712300247410ustar00rootroot00000000000000EXTRA_DISTS = pam_session_timelimit.8.xml CLEANFILES = pam_session_timelimit.8 man8_MANS = $(CLEANFILES) %.8: %.8.xml $(XMLLINT) --nonet --xinclude --postvalid --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet $(top_srcdir)/doc/custom-man.xsl $< vorlonofportland-pam_session_timelimit-90fec17/doc/custom-man.xsl000066400000000000000000000004271441713712300255230ustar00rootroot00000000000000 vorlonofportland-pam_session_timelimit-90fec17/doc/pam_session_timelimit.8.xml000066400000000000000000000142001441713712300301670ustar00rootroot00000000000000 pam_session_timelimit 8 System Manager's Manual pam_session_timelimit Module to impose daily time limits on user sessions pam_session_timelimit.so ... DESCRIPTION The pam_session_timelimit PAM module interfaces with systemd to limit the length of time that a user can use a service. This is a per-day time limit; each successive session counts against the limit and reduces the time available on a given day for remaining sessions. The time used by a session is only recorded at the session end. It is therefore possible to exceed the absolute limit by launching sessions in parallel. By default the settings for per-user session time limits are taken from the config file /etc/security/time_limits.conf. An alternate file can be specified with the path option. Time limits in this config file are expressed using the syntax described in systemd.time7 . The config file format does not support configuring different time limits for different services. To achieve this, use different path options for each service. OPTIONS Indicate an alternative configuration file following the time_limits.conf format to override the default. Indicate an alternative state file where the module should record each user's used session time for the day. MODULE TYPES PROVIDED The and module types are provided. RETURN VALUES PAM_SUCCESS Access was granted. PAM_PERM_DENIED The user is not allowed access at this time. PAM_BUF_ERR Memory buffer error. PAM_SYSTEM_ERR An unexpected error was encountered. PAM_SESSION_ERR The session was not opened correctly and therefore cannot be closed correctly. PAM_BAD_ITEM The module could not identify the user to be given access. PAM_IGNORE No session limit has been configured for this user. FILES /etc/security/time_limits.conf Default configuration file /var/lib/session_times Default state file EXAMPLES #%PAM-1.0 # # apply pam_session_timelimit accounting to login requests # login account required pam_session_timelimit.so login session required pam_session_timelimit.so SEE ALSO systemd.time7 , pam.d5 , pam7 . AUTHOR pam_session_timelimit was written by Steve Langasek <vorlon@dodds.net>. vorlonofportland-pam_session_timelimit-90fec17/m4/000077500000000000000000000000001441713712300224605ustar00rootroot00000000000000vorlonofportland-pam_session_timelimit-90fec17/m4/.gitignore000066400000000000000000000000001441713712300244360ustar00rootroot00000000000000vorlonofportland-pam_session_timelimit-90fec17/pam_session_timelimit.c000066400000000000000000000344261441713712300267120ustar00rootroot00000000000000/* * * Copyright (c) 2023 Steve Langasek * * pam_session_timelimit is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 3 of the * License, or (at your option) any later version. * * pam_session_timelimit is distributed in the hope that it will be * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "time-util.h" #define UNUSED __attribute__((unused)) #define DEFAULT_CONFIG_PATH CONFIGDIR "/time_limits.conf" #define DEFAULT_STATE_PATH LOCALSTATEDIR "/lib/session_times" static void cleanup(pam_handle_t *handle UNUSED, void *data, int err UNUSED) { if (!data) return; free(data); } /* returns fd, or -1 on failure */ static int open_state_path (const pam_handle_t *handle, const char *statepath) { int fd, retval; ssize_t bytes; char buf[12]; if (geteuid() == 0) { /* must set the real uid to 0 so the helper will not error out if pam is called from setuid binary (su, sudo...) */ if (setuid(0) == -1) { pam_syslog(handle, LOG_ERR, "Could not gain root privilege: %s", strerror(errno)); return -1; } } fd = open(statepath, O_RDWR); if (fd < 0 && errno == ENOENT) { fd = open(statepath, O_RDWR|O_CREAT, 0600); if (fd < 0) { pam_syslog(handle, LOG_ERR, "Could not create statefile: %s", strerror(errno)); return -1; } retval = flock(fd, LOCK_EX); if (retval < 0) { pam_syslog(handle, LOG_ERR, "Could not lock statefile: %s", strerror(errno)); close(fd); return -1; } strncpy(buf, "Format: ", 9); /* This file format is not portable between systems of different endianness */ *((uint32_t *)(buf+8)) = 1; bytes = write(fd, buf, 12); if (bytes != 12) { pam_syslog(handle, LOG_ERR, "Could not initialize statefile: %s", strerror(errno)); close(fd); return -1; } return fd; } if (fd < 0) { pam_syslog(handle, LOG_ERR, "Could not open statefile: %s", strerror(errno)); return -1; } retval = flock(fd, LOCK_EX); if (retval < 0) { pam_syslog(handle, LOG_ERR, "Could not lock statefile: %s", strerror(errno)); close(fd); return -1; } bytes = read(fd, buf, 12); if (bytes != 12) { pam_syslog(handle, LOG_ERR, "Could not read from statefile: %s", strerror(errno)); close(fd); return -1; } if (strncmp(buf, "Format: ", 8) != 0 || *((uint32_t *)(buf+8)) != 1) { pam_syslog(handle, LOG_ERR, "Unknown statefile format"); close(fd); return -1; } return fd; } static time_t time_today(void) { struct tm current_tm; time_t current_time = time(NULL); if (localtime_r(¤t_time, ¤t_tm) == NULL) { return -1; } // get the time at 00:00:00 today current_tm.tm_sec = current_tm.tm_min = current_tm.tm_hour = 0; // we query the local time, but we write in GMT so that the session // limits don't get reset if the system timezone changes return timegm(¤t_tm); } static int get_used_time_for_user(const pam_handle_t *handle, const char *statepath, const char *username, usec_t *used_time) { char buf[NAME_MAX+1 + sizeof(time_t) + sizeof(usec_t)]; ssize_t read_bytes, buf_bytes = 0; int retval = PAM_SUCCESS; int state_file = open_state_path(handle, statepath); *used_time = 0; if (state_file < 0) return PAM_SYSTEM_ERR; do { if (buf_bytes == sizeof(buf)) { // found the record for this user if (!strncmp(username, buf, NAME_MAX+1)) { time_t last_seen; memcpy(&last_seen, buf + NAME_MAX+1, sizeof(time_t)); /* record is for a different day, so doesn't count against us */ if (last_seen < time_today()) break; memcpy(used_time, buf + NAME_MAX+1 + sizeof(time_t), sizeof(usec_t)); break; } buf_bytes = 0; } read_bytes = read(state_file, buf, sizeof(buf) - buf_bytes); if (read_bytes < 0) { if (errno == EINTR) continue; retval = PAM_SYSTEM_ERR; } buf_bytes += read_bytes; } while (read_bytes != 0); close(state_file); return retval; } static int set_used_time_for_user(const pam_handle_t *handle, const char *statepath, const char *username, usec_t used_time) { char buf[NAME_MAX+1 + sizeof(time_t) + sizeof(usec_t)]; ssize_t read_bytes, buf_bytes = 0; int state_file = open_state_path(handle, statepath); if (state_file < 0) return PAM_SYSTEM_ERR; do { if (buf_bytes == sizeof(buf)) { // found the record for this user if (!strncmp(username, buf, NAME_MAX+1)) { // found our record, so rewind to the start lseek(state_file, -sizeof(buf), SEEK_CUR); break; } buf_bytes = 0; } read_bytes = read(state_file, buf, sizeof(buf) - buf_bytes); if (read_bytes < 0) { if (errno == EINTR) continue; close(state_file); return PAM_SYSTEM_ERR; } buf_bytes += read_bytes; } while (read_bytes != 0); memset(buf, '\0', sizeof(buf)); strncpy(buf, username, NAME_MAX+1); *((time_t *)(buf + NAME_MAX + 1)) = time_today(); *((usec_t *)(buf + NAME_MAX + 1 + sizeof(time_t))) = used_time; buf_bytes = write(state_file, buf, sizeof(buf)); close(state_file); if (buf_bytes != sizeof(buf)) { pam_syslog(handle, LOG_ERR, "Could not update statefile: %s", strerror(errno)); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } static void free_config_file(char **user_table) { int i; for (i = 0; user_table[i]; i += 2) { free(user_table[i]); free(user_table[i+1]); } free(user_table); } static int parse_config_line(char *line, char **user, char **limit) { size_t length; int i; char *comment; *user = NULL; *limit = NULL; length = strlen(line); /* line >= 1024 chars, go away */ if (line[length-1] != '\n') return PAM_BUF_ERR; /* remove trailing newline */ line[--length] = '\0'; /* strip comments */ comment = strchr(line, '#'); if (comment) { *comment = '\0'; length = comment - line; } /* eat trailing whitespace */ while (isspace(line[length-1])) line[--length] = '\0'; /* comment-only or empty line */ if (!length) return PAM_SUCCESS; /* find the end of the username */ for (i = 0; i <= length; i++) { if (isspace(line[i])) break; } /* no leading whitespace allowed */ if (!i) return PAM_SYSTEM_ERR; *user = malloc(i+1); if (!*user) return PAM_BUF_ERR; if (!strncpy(*user, line, i)) { free(*user); *user = NULL; return PAM_BUF_ERR; } (*user)[i] = '\0'; /* skip whitespace to find the start of the limit */ line += i; while (isspace(*line)) line++; /* no limit specified */ if (*line == '\0') { free(*user); *user = NULL; return PAM_SYSTEM_ERR; } *limit = strdup(line); return PAM_SUCCESS; } static int parse_config_file(pam_handle_t *handle, const char *path, char ***user_table) { FILE *config_file; struct stat statbuf; int usercount = 0; char line[1024]; char **results; *user_table = NULL; if (stat(path, &statbuf)) { pam_syslog(handle, LOG_INFO, "No config file for module, ignoring."); return PAM_IGNORE; } config_file = fopen(path, "r"); if (config_file == NULL) { pam_syslog(handle, LOG_ERR, "Failed to open config file '%s': %s", path, strerror(errno)); return PAM_PERM_DENIED; } results = malloc(sizeof(char *)); results[0] = NULL; while (fgets(line, sizeof(line), config_file)) { int ret; char *user = NULL; char *limit = NULL; char **newresults; ret = parse_config_line(line, &user, &limit); if (ret != PAM_SUCCESS) { free_config_file(results); pam_syslog(handle, LOG_ERR, "invalid config file '%s'", path); return PAM_PERM_DENIED; } if (!user || !limit) { free(user); free(limit); continue; } newresults = reallocarray(results, sizeof(char *), ++usercount * 2 + 1); if (!newresults) { free(user); free(limit); free_config_file(results); return PAM_BUF_ERR; } results = newresults; results[(usercount - 1) * 2] = user; results[(usercount - 1) * 2 + 1] = limit; results[usercount * 2] = NULL; } if (!usercount) { free(results); return PAM_IGNORE; } *user_table = results; return PAM_SUCCESS; } PAM_EXTERN int pam_sm_open_session(pam_handle_t *handle, int flags, int argc, const char **argv) { int retval; time_t *current_time = malloc(sizeof(time_t)); if (!current_time) return PAM_BUF_ERR; *current_time = time(NULL); retval = pam_set_data(handle, "timelimit.session_start", (void *)current_time, cleanup); if (retval != PAM_SUCCESS) { free(current_time); return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *handle, int flags, int argc, const char **argv) { int retval; const char *statepath = NULL, *username = NULL; usec_t elapsed_time, used_time = 0; time_t *start_time, end_time = time(NULL); char *runtime_max_sec = NULL; // if no time limit is set for us, then short-circuit to avoid // creating an unnecessarily large state file retval = pam_get_data(handle, "systemd.runtime_max_sec", (const void **)&runtime_max_sec); if (retval != PAM_SUCCESS || runtime_max_sec == NULL) return PAM_SUCCESS; retval = pam_get_data(handle, "timelimit.session_start", (const void **)&start_time); for (; argc-- > 0; ++argv) { if (strncmp(*argv, "statepath=", strlen("statepath=")) == 0) statepath = *argv + strlen("statepath="); else { pam_syslog(handle, LOG_ERR, "Unknown module argument: %s", *argv); return PAM_SYSTEM_ERR; } } if (!statepath) statepath = DEFAULT_STATE_PATH; retval = pam_get_data(handle, "timelimit.session_start", (const void **)&start_time); if (retval != PAM_SUCCESS) { pam_syslog(handle, LOG_ERR, "start time missing from session"); return PAM_SESSION_ERR; } if (end_time < *start_time) { pam_syslog(handle, LOG_ERR, "session start time in the future"); return PAM_SESSION_ERR; } elapsed_time = (end_time - *start_time) * USEC_PER_SEC; retval = pam_get_item(handle, PAM_USER, (const void **)&username); if (retval != PAM_SUCCESS) return retval; if (!username) return PAM_SESSION_ERR; retval = get_used_time_for_user(handle, statepath, username, &used_time); if (retval != PAM_SUCCESS) { return PAM_SESSION_ERR; } if (USEC_INFINITY - used_time < elapsed_time) elapsed_time = USEC_INFINITY; else elapsed_time += used_time; retval = set_used_time_for_user(handle, statepath, username, elapsed_time); if (retval != PAM_SUCCESS) return PAM_SESSION_ERR; return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *handle, int flags, int argc, const char **argv) { const char *path = NULL, *statepath = NULL, *username = NULL; char *current_limit = NULL, *runtime_max_sec = NULL; char **user_table; unsigned int i; int retval; usec_t timeval = 0, old_timeval = 0, used_time = 0; for (; argc-- > 0; ++argv) { if (strncmp(*argv, "path=", strlen("path=")) == 0) path = *argv + strlen("path="); else if (strncmp(*argv, "statepath=", strlen("statepath=")) == 0) statepath = *argv + strlen("statepath="); else { pam_syslog(handle, LOG_ERR, "Unknown module argument: %s", *argv); return PAM_PERM_DENIED; } } if (!path) path = DEFAULT_CONFIG_PATH; if (!statepath) statepath = DEFAULT_STATE_PATH; retval = pam_get_item(handle, PAM_USER, (const void **)&username); /* Uh we don't know the user we're acting for? Yeah, bail. */ if (retval != PAM_SUCCESS) return retval; if (!username) return PAM_PERM_DENIED; retval = parse_config_file(handle, path, &user_table); if (retval != PAM_SUCCESS) return retval; for (i = 0; user_table[i]; i += 2) { if (!strcmp(user_table[i], username)) { runtime_max_sec = user_table[i+1]; pam_syslog(handle, LOG_INFO, "Limiting user login time for '%s' to '%s'", username, runtime_max_sec); } } if (!runtime_max_sec) { free_config_file(user_table); return PAM_IGNORE; } retval = parse_time(runtime_max_sec, &timeval, USEC_PER_SEC); free_config_file(user_table); if (retval) { pam_syslog(handle, LOG_ERR, "Invalid time limit '%s'", runtime_max_sec); return PAM_PERM_DENIED; } retval = get_used_time_for_user(handle, statepath, username, &used_time); if (retval != PAM_SUCCESS) { return PAM_PERM_DENIED; } if (timeval <= used_time) return PAM_PERM_DENIED; timeval -= used_time; pam_get_data(handle, "systemd.runtime_max_sec", (const void **)¤t_limit); if (current_limit) { retval = parse_time(current_limit, &old_timeval, USEC_PER_SEC); timeval = MIN(old_timeval, timeval); } if (timeval != old_timeval) { runtime_max_sec = malloc(FORMAT_TIMESPAN_MAX); if (!format_timespan(runtime_max_sec, FORMAT_TIMESPAN_MAX, timeval, USEC_PER_SEC)) { free((void *)runtime_max_sec); return PAM_PERM_DENIED; } retval = pam_set_data(handle, "systemd.runtime_max_sec", (void *)runtime_max_sec, cleanup); if (retval != PAM_SUCCESS) { free((void *)runtime_max_sec); retval = PAM_PERM_DENIED; } } return retval; } vorlonofportland-pam_session_timelimit-90fec17/tests/000077500000000000000000000000001441713712300233025ustar00rootroot00000000000000vorlonofportland-pam_session_timelimit-90fec17/tests/Makefile.am000066400000000000000000000015041441713712300253360ustar00rootroot00000000000000# # Copyright (c) 2023 Steve Langasek # # pam_session_timelimit is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 3 of the # License, or (at your option) any later version. # # pam_session_timelimit is distributed in the hope that it will be # useful, but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . TESTS = tests noinst_PROGRAMS = tests tests_SOURCES = tests.c tests_LDADD = -lcunit tests_LDFLAGS = -export-dynamic vorlonofportland-pam_session_timelimit-90fec17/tests/data/000077500000000000000000000000001441713712300242135ustar00rootroot00000000000000vorlonofportland-pam_session_timelimit-90fec17/tests/data/broken_whitespace000066400000000000000000000000601441713712300276260ustar00rootroot00000000000000 user 5h # entry must begin at start of line vorlonofportland-pam_session_timelimit-90fec17/tests/data/comment_after_entry000066400000000000000000000000561441713712300302030ustar00rootroot00000000000000ted 5h # comments are allowed after the limit vorlonofportland-pam_session_timelimit-90fec17/tests/data/commented_limit000066400000000000000000000001731441713712300273100ustar00rootroot00000000000000# config file has valid entries, but at least one entry missing a limit buzz infinity john # this is a comment not a limit vorlonofportland-pam_session_timelimit-90fec17/tests/data/invalid_time_spec000066400000000000000000000000471441713712300276150ustar00rootroot00000000000000ted purple # not a valid time interval vorlonofportland-pam_session_timelimit-90fec17/tests/data/limit_with_spaces000066400000000000000000000000621441713712300276430ustar00rootroot00000000000000ted 5h 12m # comments are allowed after the limit vorlonofportland-pam_session_timelimit-90fec17/tests/data/match_last_entry000066400000000000000000000001631441713712300274760ustar00rootroot00000000000000# multiple matching entries for the user, make sure we use the last one ted 5h ted 6h tina 5h fred 1h5m20s ted 12h vorlonofportland-pam_session_timelimit-90fec17/tests/data/missing_limit000066400000000000000000000001331441713712300270020ustar00rootroot00000000000000# config file has valid entries, but at least one entry missing a limit buzz infinity john vorlonofportland-pam_session_timelimit-90fec17/tests/data/only_comments000066400000000000000000000000771441713712300270300ustar00rootroot00000000000000# this is a comment # and so is this # no configuration here vorlonofportland-pam_session_timelimit-90fec17/tests/tests.c000066400000000000000000000360371441713712300246210ustar00rootroot00000000000000/* * * Copyright (c) 2023 Steve Langasek * * pam_session_timelimit is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 3 of the * License, or (at your option) any later version. * * pam_session_timelimit is distributed in the hope that it will be * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include "time-util.h" typedef struct pam_handle { char *username; char *limit; time_t *start_time; unsigned int get_item_calls; unsigned int get_data_calls; unsigned int set_data_calls; unsigned int syslog_calls; } pam_handle_t; typedef int (*pam_module_fn)(pam_handle_t *handle, int flags, int argc, const char **argv); static pam_module_fn acct_mgmt, open_session, close_session; static pam_handle_t pamh; int pam_set_data(pam_handle_t *pamh, const char *module_data_name, void *data, void (*cleanup)(pam_handle_t *pamh, void *data, int error_status)) { pamh->set_data_calls++; if (!strcmp(module_data_name,"systemd.runtime_max_sec")) { pamh->limit = data; return PAM_SUCCESS; } else if (!strcmp(module_data_name,"timelimit.session_start")) { pamh->start_time = data; return PAM_SUCCESS; } return PAM_BAD_ITEM; } int pam_get_data(pam_handle_t *pamh, const char *module_data_name, void **data) { pamh->get_data_calls++; if (!strcmp(module_data_name,"systemd.runtime_max_sec")) { *data = pamh->limit; return PAM_SUCCESS; } else if (!strcmp(module_data_name,"timelimit.session_start")) { *data = pamh->start_time; return PAM_SUCCESS; } return PAM_BAD_ITEM; } int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item) { ((pam_handle_t *)pamh)->get_item_calls++; if (item_type == PAM_USER) { if (!pamh->username) return PAM_BAD_ITEM; *item = pamh->username; return PAM_SUCCESS; } return PAM_BAD_ITEM; } void pam_syslog(pam_handle_t *pamh, int priority, const char *fmt, ...) { /* va_list argp; va_start(argp, fmt); vprintf(fmt, argp); va_end(argp); printf("\n"); */ pamh->syslog_calls++; } static void setup_pam_state(void) { memset(&pamh, '\0', sizeof(pam_handle_t)); } static void cleanup_pam_state(void) { unlink("data/state"); free(pamh.limit); free(pamh.start_time); } static int initialize_state_file(char *username, time_t base_time, usec_t timeval) { char buf[1024]; ssize_t bytes; int fd; fd = open("data/state", O_RDWR | O_CREAT, 0600); if (fd < 0) return -1; strncpy(buf, "Format: ", 9); *((uint32_t *)(buf+8)) = 1; bytes = write(fd, buf, 12); if (bytes != 12) { close(fd); unlink("data/state"); return -1; } memset(buf, '\0', NAME_MAX+1+sizeof(time_t)+sizeof(usec_t)); strncpy(buf, username, NAME_MAX+1); *((time_t *)(buf+NAME_MAX+1)) = base_time; *((usec_t *)(buf+NAME_MAX+1+sizeof(time_t))) = timeval; bytes = write(fd, buf, NAME_MAX+1+sizeof(time_t)+sizeof(usec_t)); close(fd); if (bytes != NAME_MAX+1+sizeof(time_t)+sizeof(usec_t)) { unlink("data/state"); return -1; } return 0; } static void invalid_module_argument(void) { const char *arg = "something_broken"; CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 1, &arg) == PAM_PERM_DENIED); CU_ASSERT(pamh.get_item_calls == 0); CU_ASSERT(pamh.set_data_calls == 0); CU_ASSERT(pamh.syslog_calls == 1); } static void no_valid_user(void) { CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 0, NULL) == PAM_BAD_ITEM); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); } static void no_config_file(void) { const char *arg = "path=data/non-existent"; pamh.username = "ted"; CU_ASSERT(acct_mgmt(&pamh, 0, 1, &arg) == PAM_IGNORE); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); CU_ASSERT(pamh.syslog_calls == 1); } static void config_not_at_start_of_line(void) { const char *arg = "path=data/broken_whitespace"; pamh.username = "ted"; CU_ASSERT(acct_mgmt(&pamh, 0, 1, &arg) == PAM_PERM_DENIED); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); CU_ASSERT(pamh.syslog_calls == 1); } static void config_only_comments(void) { const char *arg = "path=data/only_comments"; pamh.username = "ted"; CU_ASSERT(acct_mgmt(&pamh, 0, 1, &arg) == PAM_IGNORE); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); } static void config_missing_limit(void) { const char *arg = "path=data/missing_limit"; pamh.username = "ted"; CU_ASSERT(acct_mgmt(&pamh, 0, 1, &arg) == PAM_PERM_DENIED); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); CU_ASSERT(pamh.syslog_calls == 1); } static void config_commented_limit(void) { const char *arg = "path=data/commented_limit"; pamh.username = "ted"; CU_ASSERT(acct_mgmt(&pamh, 0, 1, &arg) == PAM_PERM_DENIED); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); } static void config_comment_after_entry(void) { const char *args[] = { "path=data/comment_after_entry", "statepath=data/state" }; pamh.username = "ted"; CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strncmp(pamh.limit, "5h", 3)); } static void match_last_entry(void) { const char *args[] = { "path=data/match_last_entry", "statepath=data/state" }; pamh.username = "ted"; CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(pamh.syslog_calls == 3); CU_ASSERT(!strcmp(pamh.limit, "12h")); } static void limit_with_spaces(void) { const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; pamh.username = "ted"; CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strcmp(pamh.limit, "5h 12min")); } static void invalid_time_spec(void) { const char *arg = "path=data/invalid_time_spec"; pamh.username = "ted"; CU_ASSERT(acct_mgmt(&pamh, 0, 1, &arg) == PAM_PERM_DENIED); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 0); } static void state_file_exists_no_match(void) { int retval; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; pamh.username = "ted"; retval = initialize_state_file("bob", time(NULL), 5*USEC_PER_HOUR); CU_ASSERT_FATAL(retval == 0); CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strcmp(pamh.limit, "5h 12min")); } static void state_file_exists_with_match(void) { int retval; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; pamh.username = "ted"; retval = initialize_state_file(pamh.username, time(NULL), 5*USEC_PER_HOUR); CU_ASSERT_FATAL(retval == 0); CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strcmp(pamh.limit, "12min")); } static void state_file_ignore_stale_entry(void) { int retval; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; pamh.username = "ted"; retval = initialize_state_file(pamh.username, 0, 5*USEC_PER_HOUR); CU_ASSERT_FATAL(retval == 0); CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strcmp(pamh.limit, "5h 12min")); } static void state_file_no_crash_on_truncation(void) { int retval; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; pamh.username = "ted"; retval = initialize_state_file(pamh.username, time(NULL), 5*USEC_PER_HOUR); CU_ASSERT_FATAL(retval == 0); CU_ASSERT_FATAL(truncate("data/state", 50) == 0); CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strcmp(pamh.limit, "5h 12min")); } static void state_file_no_crash_on_missing_NUL(void) { int retval; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; char username[NAME_MAX+2]; pamh.username = "ted"; memset(username, 'A', NAME_MAX+1); username[NAME_MAX+1] = '\0'; retval = initialize_state_file(username, time(NULL), 5*USEC_PER_HOUR); CU_ASSERT_FATAL(retval == 0); CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.get_item_calls == 1); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(!strcmp(pamh.limit, "5h 12min")); } static void open_session_sets_time() { CU_ASSERT_FATAL(open_session(&pamh, 0, 0, NULL) == PAM_SUCCESS); CU_ASSERT(pamh.set_data_calls == 1); CU_ASSERT(pamh.start_time != NULL); CU_ASSERT(*pamh.start_time <= time(NULL)); // If this takes longer than a minute, something has gone wrong... CU_ASSERT(*pamh.start_time >= time(NULL)-60); } static void close_session_updates_state() { const char *arg = "statepath=data/state"; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; struct stat statbuf; pamh.username = "ted"; CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_SUCCESS); CU_ASSERT(pamh.set_data_calls == 1); // remove the state file created in the accounting phase unlink("data/state"); CU_ASSERT_FATAL(open_session(&pamh, 0, 1, &arg) == PAM_SUCCESS); CU_ASSERT(pamh.set_data_calls == 2); // let's try to avoid a 0-length session, even though we're using // microseconds... sleep(5); CU_ASSERT(pamh.start_time != NULL); CU_ASSERT(*pamh.start_time <= time(NULL)); CU_ASSERT(*pamh.start_time >= time(NULL)-60); CU_ASSERT_FATAL(close_session(&pamh, 0, 1, &arg) == PAM_SUCCESS); CU_ASSERT(pamh.get_data_calls == 4); CU_ASSERT(stat("data/state", &statbuf) == 0); } static void close_session_updates_existing_record() { const char *arg = "statepath=data/state"; struct stat statbuf; off_t filesize; int retval; pamh.username = "ted"; retval = initialize_state_file("ted", time(NULL), 5*USEC_PER_HOUR); CU_ASSERT_FATAL(retval == 0); CU_ASSERT(stat("data/state", &statbuf) == 0); filesize = statbuf.st_size; CU_ASSERT_FATAL(open_session(&pamh, 0, 1, &arg) == PAM_SUCCESS); CU_ASSERT(pamh.set_data_calls == 1); // let's try to avoid a 0-length session, even though we're using // microseconds... sleep(5); CU_ASSERT(pamh.start_time != NULL); CU_ASSERT(*pamh.start_time <= time(NULL)); CU_ASSERT(*pamh.start_time >= time(NULL)-60); CU_ASSERT(stat("data/state", &statbuf) == 0); CU_ASSERT(statbuf.st_size == filesize); } static void close_session_no_write_for_unlimited() { const char *arg = "statepath=data/state"; const char *args[] = { "path=data/limit_with_spaces", "statepath=data/state" }; struct stat statbuf; pamh.username = "bob"; CU_ASSERT_FATAL(acct_mgmt(&pamh, 0, 2, args) == PAM_IGNORE); CU_ASSERT(pamh.set_data_calls == 0); // remove the state file created in the accounting phase unlink("data/state"); CU_ASSERT_FATAL(open_session(&pamh, 0, 1, &arg) == PAM_SUCCESS); CU_ASSERT(pamh.set_data_calls == 1); // let's try to avoid a 0-length session, even though we're using // microseconds... sleep(5); CU_ASSERT(pamh.start_time != NULL); CU_ASSERT(*pamh.start_time <= time(NULL)); CU_ASSERT(*pamh.start_time >= time(NULL)-60); CU_ASSERT_FATAL(close_session(&pamh, 0, 1, &arg) == PAM_SUCCESS); CU_ASSERT(pamh.get_data_calls == 1); CU_ASSERT(stat("data/state", &statbuf) == -1); } int main(int argc, char **argv) { void *handle; unsigned int failures; CU_ErrorCode retval; CU_TestInfo tests[] = { { "invalid module argument", invalid_module_argument }, { "no config file", no_config_file }, { "no PAM_USER", no_valid_user }, { "config not at start of line", config_not_at_start_of_line }, { "config file has only comments and whitespace", config_only_comments }, { "config file with missing limit", config_missing_limit }, { "config file with commented-out limit", config_commented_limit }, { "config file with in-line comment after entry", config_comment_after_entry }, { "limit set to last matching user entry", match_last_entry }, { "limit can have spaces", limit_with_spaces }, { "invalid time specification", invalid_time_spec }, { "state file exists with no matching entry", state_file_exists_no_match }, { "state file exists with matching entry", state_file_exists_with_match }, { "no crash on truncated state file", state_file_no_crash_on_truncation }, { "no crash on username overflow in state file", state_file_no_crash_on_missing_NUL }, { "ignore state file entries with stale timestamp", state_file_ignore_stale_entry }, { "open_session() sets time", open_session_sets_time }, { "close_session() updates state", close_session_updates_state }, { "close_session() updates existing record", close_session_updates_existing_record }, { "close_session() does not write entry for unlimited user", close_session_no_write_for_unlimited }, CU_TEST_INFO_NULL, }; CU_SuiteInfo suites[] = { { "pam", NULL, NULL, setup_pam_state, cleanup_pam_state, tests }, CU_SUITE_INFO_NULL, }; /* Make sure we can open our DSO before bothering to set up CUnit */ handle = dlopen("../.libs/pam_session_timelimit.so", RTLD_NOW); if (!handle) { fprintf(stderr, "Failed to load PAM module: %s\n", dlerror()); exit(1); } acct_mgmt = (pam_module_fn) dlsym(handle, "pam_sm_acct_mgmt"); if (!acct_mgmt) { fprintf(stderr, "Failed to resolve PAM symbol: %s\n", dlerror()); exit(1); } open_session = (pam_module_fn) dlsym(handle, "pam_sm_open_session"); if (!open_session) { fprintf(stderr, "Failed to resolve PAM symbol: %s\n", dlerror()); exit(1); } close_session = (pam_module_fn) dlsym(handle, "pam_sm_close_session"); if (!open_session) { fprintf(stderr, "Failed to resolve PAM symbol: %s\n", dlerror()); exit(1); } /* Initialize the CUnit test registry. */ if (CUE_SUCCESS != CU_initialize_registry()) return CU_get_error(); retval = CU_register_suites(suites); if (retval != CUE_SUCCESS) { CU_cleanup_registry(); return retval; } CU_basic_set_mode(CU_BRM_VERBOSE); CU_basic_run_tests(); failures = CU_get_number_of_tests_failed(); CU_cleanup_registry(); exit (CU_get_error() != CUE_SUCCESS || failures != 0); } vorlonofportland-pam_session_timelimit-90fec17/time-util.c000066400000000000000000000224561441713712300242260ustar00rootroot00000000000000/* * * Copyright (c) 2012-2015 Lennart Poettering, * 2014-2023 Zbigniew Jędrzejewski-Szmek , * 2022-2023 Yu Watanabe * * pam_session_timelimit is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 3 of the * License, or (at your option) any later version. * * pam_session_timelimit is distributed in the hope that it will be * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #include #include #include #include #include #include #include #include "time-util.h" /* What is interpreted as whitespace? */ #define WHITESPACE " \t\n\r" #define DIGITS "0123456789" #define strneq(a, b, n) (strncmp((a), (b), (n)) == 0) #define ELEMENTSOF(x) \ (__builtin_choose_expr( \ !__builtin_types_compatible_p(typeof(x), typeof(&*(x))), \ sizeof(x)/sizeof((x)[0]), \ ((void)0))) static char *startswith(const char *s, const char *prefix) { size_t l; assert(s); assert(prefix); l = strlen(prefix); if (!strneq(s, prefix, l)) return NULL; return (char*) s + l; } static const char* extract_multiplier(const char *p, usec_t *ret) { static const struct { const char *suffix; usec_t usec; } table[] = { { "seconds", USEC_PER_SEC }, { "second", USEC_PER_SEC }, { "sec", USEC_PER_SEC }, { "s", USEC_PER_SEC }, { "minutes", USEC_PER_MINUTE }, { "minute", USEC_PER_MINUTE }, { "min", USEC_PER_MINUTE }, { "months", USEC_PER_MONTH }, { "month", USEC_PER_MONTH }, { "M", USEC_PER_MONTH }, { "msec", USEC_PER_MSEC }, { "ms", USEC_PER_MSEC }, { "m", USEC_PER_MINUTE }, { "hours", USEC_PER_HOUR }, { "hour", USEC_PER_HOUR }, { "hr", USEC_PER_HOUR }, { "h", USEC_PER_HOUR }, { "days", USEC_PER_DAY }, { "day", USEC_PER_DAY }, { "d", USEC_PER_DAY }, { "weeks", USEC_PER_WEEK }, { "week", USEC_PER_WEEK }, { "w", USEC_PER_WEEK }, { "years", USEC_PER_YEAR }, { "year", USEC_PER_YEAR }, { "y", USEC_PER_YEAR }, { "usec", 1ULL }, { "us", 1ULL }, { "µs", 1ULL }, }; assert(p); assert(ret); for (size_t i = 0; i < ELEMENTSOF(table); i++) { char *e; e = startswith(p, table[i].suffix); if (e) { *ret = table[i].usec; return e; } } return p; } int parse_time(const char *t, usec_t *usec, usec_t default_unit) { const char *p, *s; usec_t r = 0; bool something = false; assert(t); assert(default_unit > 0); p = t; p += strspn(p, WHITESPACE); s = startswith(p, "infinity"); if (s) { s += strspn(s, WHITESPACE); if (*s != 0) return -EINVAL; if (usec) *usec = USEC_INFINITY; return 0; } for (;;) { usec_t multiplier = default_unit, k; long long l; char *e; p += strspn(p, WHITESPACE); if (*p == 0) { if (!something) return -EINVAL; break; } if (*p == '-') /* Don't allow "-0" */ return -ERANGE; errno = 0; l = strtoll(p, &e, 10); if (errno > 0) return -errno; if (l < 0) return -ERANGE; if (*e == '.') { p = e + 1; p += strspn(p, DIGITS); } else if (e == p) return -EINVAL; else p = e; s = extract_multiplier(p + strspn(p, WHITESPACE), &multiplier); if (s == p && *s != '\0') /* Don't allow '12.34.56', but accept '12.34 .56' or '12.34s.56' */ return -EINVAL; p = s; if ((usec_t) l >= USEC_INFINITY / multiplier) return -ERANGE; k = (usec_t) l * multiplier; if (k >= USEC_INFINITY - r) return -ERANGE; r += k; something = true; if (*e == '.') { usec_t m = multiplier / 10; const char *b; for (b = e + 1; *b >= '0' && *b <= '9'; b++, m /= 10) { k = (usec_t) (*b - '0') * m; if (k >= USEC_INFINITY - r) return -ERANGE; r += k; } /* Don't allow "0.-0", "3.+1", "3. 1", "3.sec" or "3.hoge" */ if (b == e + 1) return -EINVAL; } } if (usec) *usec = r; return 0; } char* format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { static const struct { const char *suffix; usec_t usec; } table[] = { { "y", USEC_PER_YEAR }, { "month", USEC_PER_MONTH }, { "w", USEC_PER_WEEK }, { "d", USEC_PER_DAY }, { "h", USEC_PER_HOUR }, { "min", USEC_PER_MINUTE }, { "s", USEC_PER_SEC }, { "ms", USEC_PER_MSEC }, { "us", 1 }, }; char *p = buf; bool something = false; if (!p) return NULL; assert(l > 0); if (t == USEC_INFINITY) { strncpy(p, "infinity", l-1); p[l-1] = 0; return p; } if (t <= 0) { strncpy(p, "0", l-1); p[l-1] = 0; return p; } /* The result of this function can be parsed with parse_sec */ for (size_t i = 0; i < ELEMENTSOF(table); i++) { int k = 0; size_t n; bool done = false; usec_t a, b; if (t <= 0) break; if (t < accuracy && something) break; if (t < table[i].usec) continue; if (l <= 1) break; a = t / table[i].usec; b = t % table[i].usec; /* Let's see if we should shows this in dot notation */ if (t < USEC_PER_MINUTE && b > 0) { signed char j = 0; for (usec_t cc = table[i].usec; cc > 1; cc /= 10) j++; for (usec_t cc = accuracy; cc > 1; cc /= 10) { b /= 10; j--; } if (j > 0) { k = snprintf(p, l, "%s"USEC_FMT".%0*"PRI_USEC"%s", p > buf ? " " : "", a, j, b, table[i].suffix); t = 0; done = true; } } /* No? Then let's show it normally */ if (!done) { k = snprintf(p, l, "%s"USEC_FMT"%s", p > buf ? " " : "", a, table[i].suffix); t = b; } n = MIN((size_t) k, l-1); l -= n; p += n; something = true; } *p = 0; return buf; } vorlonofportland-pam_session_timelimit-90fec17/time-util.h000066400000000000000000000014221441713712300242210ustar00rootroot00000000000000#include typedef uint64_t usec_t; #define PRI_USEC PRIu64 #define USEC_FMT "%" PRI_USEC #define USEC_INFINITY ((usec_t) UINT64_MAX) #define USEC_PER_SEC ((usec_t) 1000000ULL) #define USEC_PER_MSEC ((usec_t) 1000ULL) #define USEC_PER_MINUTE ((usec_t) (60ULL*USEC_PER_SEC)) #define USEC_PER_HOUR ((usec_t) (60ULL*USEC_PER_MINUTE)) #define USEC_PER_DAY ((usec_t) (24ULL*USEC_PER_HOUR)) #define USEC_PER_WEEK ((usec_t) (7ULL*USEC_PER_DAY)) #define USEC_PER_MONTH ((usec_t) (2629800ULL*USEC_PER_SEC)) #define USEC_PER_YEAR ((usec_t) (31557600ULL*USEC_PER_SEC)) #define FORMAT_TIMESPAN_MAX 64U int parse_time(const char *t, usec_t *ret, usec_t default_unit); char* format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) __attribute__((__warn_unused_result__)); vorlonofportland-pam_session_timelimit-90fec17/time_limits.conf000066400000000000000000000011631441713712300253270ustar00rootroot00000000000000# per-user time limits for login sessions # # Comment line must start with "#", no space at front. # # Upon login, this file is scanned for a matching username. If an entry # is found, the corresponding time limit is passed to pam_systemd as # systemd.max_runtime_sec. The syntax of the time limit should be specified # in keeping with systemd.time(7). # # The last matching entry takes precedence. # # User "vorlon" should only be allowed to use the system for 5 hours and # 30 minutes a day #vorlon 5h30s # # User "shane" has no time limit #shane infinity # # User "lynn" can have a session of no longer than 30s #lynn 30