summaryrefslogtreecommitdiffstats
path: root/sesman/verify_user_pam.c
diff options
context:
space:
mode:
Diffstat (limited to 'sesman/verify_user_pam.c')
-rw-r--r--sesman/verify_user_pam.c362
1 files changed, 193 insertions, 169 deletions
diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
index e3d8596e..b81398de 100644
--- a/sesman/verify_user_pam.c
+++ b/sesman/verify_user_pam.c
@@ -1,28 +1,27 @@
-/*
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
- xrdp: A Remote Desktop Protocol server.
- Copyright (C) Jay Sorg 2005-2008
-*/
+/**
+ * xrdp: A Remote Desktop Protocol server.
+ *
+ * Copyright (C) Jay Sorg 2004-2012
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
/**
*
* @file verify_user_pam.c
* @brief Authenticate user using pam
* @author Jay Sorg
- *
+ *
*/
#include "arch.h"
@@ -33,107 +32,116 @@
struct t_user_pass
{
- char user[256];
- char pass[256];
+ char user[256];
+ char pass[256];
};
struct t_auth_info
{
- struct t_user_pass user_pass;
- int session_opened;
- int did_setcred;
- struct pam_conv pamc;
- pam_handle_t* ph;
+ struct t_user_pass user_pass;
+ int session_opened;
+ int did_setcred;
+ struct pam_conv pamc;
+ pam_handle_t *ph;
};
/******************************************************************************/
static int DEFAULT_CC
-verify_pam_conv(int num_msg, const struct pam_message** msg,
- struct pam_response** resp, void* appdata_ptr)
+verify_pam_conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
{
- int i;
- struct pam_response* reply;
- struct t_user_pass* user_pass;
-
- reply = g_malloc(sizeof(struct pam_response) * num_msg, 1);
- for (i = 0; i < num_msg; i++)
- {
- switch (msg[i]->msg_style)
+ int i;
+ struct pam_response *reply;
+ struct t_user_pass *user_pass;
+
+ reply = g_malloc(sizeof(struct pam_response) * num_msg, 1);
+
+ for (i = 0; i < num_msg; i++)
{
- case PAM_PROMPT_ECHO_ON: /* username */
- user_pass = appdata_ptr;
- reply[i].resp = g_strdup(user_pass->user);
- reply[i].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_PROMPT_ECHO_OFF: /* password */
- user_pass = appdata_ptr;
- reply[i].resp = g_strdup(user_pass->pass);
- reply[i].resp_retcode = PAM_SUCCESS;
- break;
- default:
- g_printf("unknown in verify_pam_conv\r\n");
- g_free(reply);
- return PAM_CONV_ERR;
+ switch (msg[i]->msg_style)
+ {
+ case PAM_PROMPT_ECHO_ON: /* username */
+ user_pass = appdata_ptr;
+ reply[i].resp = g_strdup(user_pass->user);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_PROMPT_ECHO_OFF: /* password */
+ user_pass = appdata_ptr;
+ reply[i].resp = g_strdup(user_pass->pass);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ default:
+ g_printf("unknown in verify_pam_conv\r\n");
+ g_free(reply);
+ return PAM_CONV_ERR;
+ }
}
- }
- *resp = reply;
- return PAM_SUCCESS;
+
+ *resp = reply;
+ return PAM_SUCCESS;
}
/******************************************************************************/
static void DEFAULT_CC
-get_service_name(char* service_name)
+get_service_name(char *service_name)
{
- service_name[0] = 0;
- if (g_file_exist("/etc/pam.d/xrdp-sesman"))
- {
- g_strncpy(service_name, "xrdp-sesman", 255);
- }
- else
- {
- g_strncpy(service_name, "gdm", 255);
- }
+ service_name[0] = 0;
+
+ if (g_file_exist("/etc/pam.d/xrdp-sesman"))
+ {
+ g_strncpy(service_name, "xrdp-sesman", 255);
+ }
+ else
+ {
+ g_strncpy(service_name, "gdm", 255);
+ }
}
/******************************************************************************/
/* returns long, zero is no go */
long DEFAULT_CC
-auth_userpass(char* user, char* pass)
+auth_userpass(char *user, char *pass)
{
- int error;
- struct t_auth_info* auth_info;
- char service_name[256];
-
- get_service_name(service_name);
- auth_info = g_malloc(sizeof(struct t_auth_info), 1);
- g_strncpy(auth_info->user_pass.user, user, 255);
- g_strncpy(auth_info->user_pass.pass, pass, 255);
- auth_info->pamc.conv = &verify_pam_conv;
- auth_info->pamc.appdata_ptr = &(auth_info->user_pass);
- error = pam_start(service_name, 0, &(auth_info->pamc), &(auth_info->ph));
- if (error != PAM_SUCCESS)
- {
- g_printf("pam_start failed: %s\r\n", pam_strerror(auth_info->ph, error));
- g_free(auth_info);
- return 0;
- }
- error = pam_authenticate(auth_info->ph, 0);
- if (error != PAM_SUCCESS)
- {
- g_printf("pam_authenticate failed: %s\r\n",
- pam_strerror(auth_info->ph, error));
- g_free(auth_info);
- return 0;
- }
- error = pam_acct_mgmt(auth_info->ph, 0);
- if (error != PAM_SUCCESS)
- {
- g_printf("pam_acct_mgmt failed: %s\r\n",
- pam_strerror(auth_info->ph, error));
- g_free(auth_info);
- return 0;
- }
- return (long)auth_info;
+ int error;
+ struct t_auth_info *auth_info;
+ char service_name[256];
+
+ get_service_name(service_name);
+ auth_info = g_malloc(sizeof(struct t_auth_info), 1);
+ g_strncpy(auth_info->user_pass.user, user, 255);
+ g_strncpy(auth_info->user_pass.pass, pass, 255);
+ auth_info->pamc.conv = &verify_pam_conv;
+ auth_info->pamc.appdata_ptr = &(auth_info->user_pass);
+ error = pam_start(service_name, 0, &(auth_info->pamc), &(auth_info->ph));
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_start failed: %s\r\n", pam_strerror(auth_info->ph, error));
+ g_free(auth_info);
+ return 0;
+ }
+
+ error = pam_authenticate(auth_info->ph, 0);
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_authenticate failed: %s\r\n",
+ pam_strerror(auth_info->ph, error));
+ g_free(auth_info);
+ return 0;
+ }
+
+ error = pam_acct_mgmt(auth_info->ph, 0);
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_acct_mgmt failed: %s\r\n",
+ pam_strerror(auth_info->ph, error));
+ g_free(auth_info);
+ return 0;
+ }
+
+ return (long)auth_info;
}
/******************************************************************************/
@@ -141,34 +149,40 @@ auth_userpass(char* user, char* pass)
int DEFAULT_CC
auth_start_session(long in_val, int in_display)
{
- struct t_auth_info* auth_info;
- int error;
- char display[256];
-
- g_sprintf(display, ":%d", in_display);
- auth_info = (struct t_auth_info*)in_val;
- error = pam_set_item(auth_info->ph, PAM_TTY, display);
- if (error != PAM_SUCCESS)
- {
- g_printf("pam_set_item failed: %s\r\n", pam_strerror(auth_info->ph, error));
- return 1;
- }
- error = pam_setcred(auth_info->ph, PAM_ESTABLISH_CRED);
- if (error != PAM_SUCCESS)
- {
- g_printf("pam_setcred failed: %s\r\n", pam_strerror(auth_info->ph, error));
- return 1;
- }
- auth_info->did_setcred = 1;
- error = pam_open_session(auth_info->ph, 0);
- if (error != PAM_SUCCESS)
- {
- g_printf("pam_open_session failed: %s\r\n",
- pam_strerror(auth_info->ph, error));
- return 1;
- }
- auth_info->session_opened = 1;
- return 0;
+ struct t_auth_info *auth_info;
+ int error;
+ char display[256];
+
+ g_sprintf(display, ":%d", in_display);
+ auth_info = (struct t_auth_info *)in_val;
+ error = pam_set_item(auth_info->ph, PAM_TTY, display);
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_set_item failed: %s\r\n", pam_strerror(auth_info->ph, error));
+ return 1;
+ }
+
+ error = pam_setcred(auth_info->ph, PAM_ESTABLISH_CRED);
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_setcred failed: %s\r\n", pam_strerror(auth_info->ph, error));
+ return 1;
+ }
+
+ auth_info->did_setcred = 1;
+ error = pam_open_session(auth_info->ph, 0);
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_open_session failed: %s\r\n",
+ pam_strerror(auth_info->ph, error));
+ return 1;
+ }
+
+ auth_info->session_opened = 1;
+ return 0;
}
/******************************************************************************/
@@ -177,27 +191,31 @@ auth_start_session(long in_val, int in_display)
int DEFAULT_CC
auth_end(long in_val)
{
- struct t_auth_info* auth_info;
+ struct t_auth_info *auth_info;
+
+ auth_info = (struct t_auth_info *)in_val;
- auth_info = (struct t_auth_info*)in_val;
- if (auth_info != 0)
- {
- if (auth_info->ph != 0)
+ if (auth_info != 0)
{
- if (auth_info->session_opened)
- {
- pam_close_session(auth_info->ph, 0);
- }
- if (auth_info->did_setcred)
- {
- pam_setcred(auth_info->ph, PAM_DELETE_CRED);
- }
- pam_end(auth_info->ph, PAM_SUCCESS);
- auth_info->ph = 0;
+ if (auth_info->ph != 0)
+ {
+ if (auth_info->session_opened)
+ {
+ pam_close_session(auth_info->ph, 0);
+ }
+
+ if (auth_info->did_setcred)
+ {
+ pam_setcred(auth_info->ph, PAM_DELETE_CRED);
+ }
+
+ pam_end(auth_info->ph, PAM_SUCCESS);
+ auth_info->ph = 0;
+ }
}
- }
- g_free(auth_info);
- return 0;
+
+ g_free(auth_info);
+ return 0;
}
/******************************************************************************/
@@ -206,33 +224,39 @@ auth_end(long in_val)
int DEFAULT_CC
auth_set_env(long in_val)
{
- struct t_auth_info* auth_info;
- char** pam_envlist;
- char** pam_env;
- char item[256];
- char value[256];
- int eq_pos;
-
- auth_info = (struct t_auth_info*)in_val;
- if (auth_info != 0)
- {
- /* export PAM environment */
- pam_envlist = pam_getenvlist(auth_info->ph);
- if (pam_envlist != NULL)
+ struct t_auth_info *auth_info;
+ char **pam_envlist;
+ char **pam_env;
+ char item[256];
+ char value[256];
+ int eq_pos;
+
+ auth_info = (struct t_auth_info *)in_val;
+
+ if (auth_info != 0)
{
- for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env)
- {
- eq_pos = g_pos(*pam_env, "=");
- if (eq_pos >= 0 && eq_pos < 250)
+ /* export PAM environment */
+ pam_envlist = pam_getenvlist(auth_info->ph);
+
+ if (pam_envlist != NULL)
{
- g_strncpy(item, *pam_env, eq_pos);
- g_strncpy(value, (*pam_env) + eq_pos + 1, 255);
- g_setenv(item, value, 1);
+ for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env)
+ {
+ eq_pos = g_pos(*pam_env, "=");
+
+ if (eq_pos >= 0 && eq_pos < 250)
+ {
+ g_strncpy(item, *pam_env, eq_pos);
+ g_strncpy(value, (*pam_env) + eq_pos + 1, 255);
+ g_setenv(item, value, 1);
+ }
+
+ g_free(*pam_env);
+ }
+
+ g_free(pam_envlist);
}
- g_free(*pam_env);
- }
- g_free(pam_envlist);
}
- }
- return 0;
+
+ return 0;
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-15 02:24:56 +0000