diff options
-rw-r--r-- | src/pam-freerdp.c | 107 |
1 files changed, 81 insertions, 26 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 1858baf..399b84c 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -1,43 +1,98 @@ #include <stdlib.h> +#include <string.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> +#include <security/pam_appl.h> -/* Authenticate. We need to make sure we have a user account, that - there are remote accounts and then verify them with FreeRDP */ -PAM_EXTERN int -pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) +#define PAM_TYPE_DOMAIN 1234 + +/* Either grab a value or prompt for it */ +static char * +get_item (pam_handle_t * pamh, int type) { - const char * username = NULL; - const char * password = NULL; - const char * ruser = NULL; - const char * rhost = NULL; - //const char * rdomain = NULL; - - if (pam_get_item(pamh, PAM_USER, (const void **)&username) != PAM_SUCCESS || username == NULL) { - /* If we don't have a local username then bah, we don't want - to deal with this and we're going to fail. This means that - the pam-local-account failed. - - NOTE: We're not using pam_get_user() here because we don't want - to prompt, we want to only work in the case where the username is - built for us. */ - return PAM_AUTH_ERR; + /* Check to see if we just have the value. If we do, great + let's dup it some we're consitently allocating memory */ + if (type != PAM_TYPE_DOMAIN) { + char * value; + if (pam_get_item(pamh, type, (const void **)&value) == PAM_SUCCESS) { + return strdup(value); + } } + /* Now we need to prompt */ - if (pam_get_item(pamh, PAM_RUSER, (const void **)&ruser) != PAM_SUCCESS || ruser == NULL) { - return PAM_AUTH_ERR; + /* Build up the message we're prompting for */ + struct pam_message message[1]; + message[0].msg_style = PAM_PROMPT_ECHO_ON; + + switch (type) { + case PAM_USER: + message[0].msg = "login:"; + break; + case PAM_RUSER: + message[0].msg = "remote login:"; + break; + case PAM_RHOST: + message[0].msg = "remote host:"; + break; + case PAM_AUTHTOK: + message[0].msg = "password:"; + message[0].msg_style = PAM_PROMPT_ECHO_OFF; + break; + case PAM_TYPE_DOMAIN: + message[0].msg = "remote domain:"; + break; + default: + return NULL; } - if (pam_get_item(pamh, PAM_RHOST, (const void **)&rhost) != PAM_SUCCESS || rhost == NULL) { - return PAM_AUTH_ERR; + struct pam_conv conv; + if (pam_get_item(pamh, PAM_CONV, (const void **)&conv) != PAM_SUCCESS) { + return NULL; } - if (pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password) != PAM_SUCCESS || password == NULL) { - return PAM_AUTH_ERR; + struct pam_response * responses = NULL; + if (conv.conv(1, (const struct pam_message **)&message, &responses, conv.appdata_ptr) != PAM_SUCCESS) { + return NULL; } - return PAM_IGNORE; + char * retval = responses->resp; + free(responses); + return retval; +} + +#define GET_ITEM(val, type) \ + if ((val = get_item(pamh, type)) == NULL) { \ + retval = PAM_AUTH_ERR; \ + goto done; \ + } + +/* Authenticate. We need to make sure we have a user account, that + there are remote accounts and then verify them with FreeRDP */ +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + char * username = NULL; + char * password = NULL; + char * ruser = NULL; + char * rhost = NULL; + char * rdomain = NULL; + int retval = PAM_IGNORE; + + GET_ITEM(username, PAM_USER); + GET_ITEM(ruser, PAM_RUSER); + GET_ITEM(rhost, PAM_RHOST); + GET_ITEM(rdomain, PAM_TYPE_DOMAIN); + GET_ITEM(password, PAM_AUTHTOK); + +done: + if (username != NULL) { free(username); } + if (password != NULL) { free(password); } + if (ruser != NULL) { free(ruser); } + if (rhost != NULL) { free(rhost); } + if (rdomain != NULL) { free(rdomain); } + + return retval; } /* Open Session. Here we need to fork a little process so that we can |