[X2Go-Commits] libpam-x2go.git - x2gosession (branch) updated: d08f8135be6a78615cb8fe85ba6426cc319d5f9f

X2Go dev team git-admin at x2go.org
Wed Apr 24 18:47:20 CEST 2013 

The branch, x2gosession has been updated
       via  d08f8135be6a78615cb8fe85ba6426cc319d5f9f (commit)
      from  b7e10405b3fce70267bff420466d17d1731dc0d1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 src/pam-freerdp.c |  107 ++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 81 insertions(+), 26 deletions(-)

The diff of changes is:
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 1858baf..399b84c 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -1,43 +1,98 @@
 #include <stdlib.h>
+#include <string.h>
 
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
+#include <security/pam_appl.h>
 
-/* Authenticate.  We need to make sure we have a user account, that
-   there are remote accounts and then verify them with FreeRDP */
-PAM_EXTERN int
-pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
+#define PAM_TYPE_DOMAIN  1234
+
+/* Either grab a value or prompt for it */
+static char *
+get_item (pam_handle_t * pamh, int type)
 {
-	const char * username = NULL;
-	const char * password = NULL;
-	const char * ruser = NULL;
-	const char * rhost = NULL;
-	//const char * rdomain = NULL;
-
-	if (pam_get_item(pamh, PAM_USER, (const void **)&username) != PAM_SUCCESS || username == NULL) {
-		/* If we don't have a local username then bah, we don't want
-		   to deal with this and we're going to fail.  This means that
-		   the pam-local-account failed.
-
-		   NOTE: We're not using pam_get_user() here because we don't want
-		   to prompt, we want to only work in the case where the username is
-		   built for us. */
-		return PAM_AUTH_ERR;
+	/* Check to see if we just have the value.  If we do, great
+	   let's dup it some we're consitently allocating memory */
+	if (type != PAM_TYPE_DOMAIN) {
+		char * value;
+		if (pam_get_item(pamh, type, (const void **)&value) == PAM_SUCCESS) {
+			return strdup(value);
+		}
 	}
+	/* Now we need to prompt */
 
-	if (pam_get_item(pamh, PAM_RUSER, (const void **)&ruser) != PAM_SUCCESS || ruser == NULL) {
-		return PAM_AUTH_ERR;
+	/* Build up the message we're prompting for */
+	struct pam_message message[1];
+	message[0].msg_style = PAM_PROMPT_ECHO_ON;
+
+	switch (type) {
+	case PAM_USER:
+		message[0].msg = "login:";
+		break;
+	case PAM_RUSER:
+		message[0].msg = "remote login:";
+		break;
+	case PAM_RHOST:
+		message[0].msg = "remote host:";
+		break;
+	case PAM_AUTHTOK:
+		message[0].msg = "password:";
+		message[0].msg_style = PAM_PROMPT_ECHO_OFF;
+		break;
+	case PAM_TYPE_DOMAIN:
+		message[0].msg = "remote domain:";
+		break;
+	default:
+		return NULL;
 	}
 
-	if (pam_get_item(pamh, PAM_RHOST, (const void **)&rhost) != PAM_SUCCESS || rhost == NULL) {
-		return PAM_AUTH_ERR;
+	struct pam_conv conv;
+	if (pam_get_item(pamh, PAM_CONV, (const void **)&conv) != PAM_SUCCESS) {
+		return NULL;
 	}
 
-	if (pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password) != PAM_SUCCESS || password == NULL) {
-		return PAM_AUTH_ERR;
+	struct pam_response * responses = NULL;
+	if (conv.conv(1, (const struct pam_message **)&message, &responses, conv.appdata_ptr) != PAM_SUCCESS) {
+		return NULL;
 	}
 
-	return PAM_IGNORE;
+	char * retval = responses->resp;
+	free(responses);
+	return retval;
+}
+
+#define GET_ITEM(val, type) \
+	if ((val = get_item(pamh, type)) == NULL) { \
+		retval = PAM_AUTH_ERR; \
+		goto done; \
+	}
+
+/* Authenticate.  We need to make sure we have a user account, that
+   there are remote accounts and then verify them with FreeRDP */
+PAM_EXTERN int
+pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	char * username = NULL;
+	char * password = NULL;
+	char * ruser = NULL;
+	char * rhost = NULL;
+	char * rdomain = NULL;
+	int retval = PAM_IGNORE;
+
+	GET_ITEM(username, PAM_USER);
+	GET_ITEM(ruser,    PAM_RUSER);
+	GET_ITEM(rhost,    PAM_RHOST);
+	GET_ITEM(rdomain,  PAM_TYPE_DOMAIN);
+	GET_ITEM(password, PAM_AUTHTOK);
+
+done:
+	if (username != NULL) { free(username); }
+	if (password != NULL) { free(password); }
+	if (ruser != NULL)    { free(ruser); }
+	if (rhost != NULL)    { free(rhost); }
+	if (rdomain != NULL)  { free(rdomain); }
+
+	return retval;
 }
 
 /* Open Session.  Here we need to fork a little process so that we can


hooks/post-receive
-- 
libpam-x2go.git (Remote login session via X2Go (PAM module))

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "libpam-x2go.git" (Remote login session via X2Go (PAM module)).

More information about the x2go-commits mailing list