aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorIftikhar Ahmad <iftikhar.ahmad@gmail.com>2012-10-16 12:51:22 +0000
committerTarmac <>2012-10-16 12:51:22 +0000
commite92b549c49833e3150d60e8773a6731fc49d1249 (patch)
tree5cba1d1b7b7d41784233d4c0ca7724b8d63fc8d1 /src
parentc06ef184d455532c267526f82fb73f00081f70f9 (diff)
parentb17e449c99af738d4cbc8c5d177a1b6943f601d7 (diff)
downloadlibpam-x2go-e92b549c49833e3150d60e8773a6731fc49d1249.tar.gz
libpam-x2go-e92b549c49833e3150d60e8773a6731fc49d1249.tar.bz2
libpam-x2go-e92b549c49833e3150d60e8773a6731fc49d1249.zip
Improving the test coverage.. Approved by David Barth.
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am3
-rw-r--r--src/pam-freerdp-children.c231
-rw-r--r--src/pam-freerdp-children.h30
-rw-r--r--src/pam-freerdp.c196
4 files changed, 268 insertions, 192 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 34d1ddd..ed9087c 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -23,7 +23,8 @@ noinst_LTLIBRARIES = \
libfreerdpcore.la
libfreerdpcore_la_SOURCES = \
- pam-freerdp.c
+ pam-freerdp.c \
+ pam-freerdp-children.c
libfreerdpcore_la_CFLAGS = \
-Wall -Werror \
$(COVERAGE_CFLAGS)
diff --git a/src/pam-freerdp-children.c b/src/pam-freerdp-children.c
new file mode 100644
index 0000000..ea29c14
--- /dev/null
+++ b/src/pam-freerdp-children.c
@@ -0,0 +1,231 @@
+/*
+ * Copyright © 2012 Canonical Ltd.
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 3, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranties of
+ * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Author: Ted Gould <ted@canonical.com>
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/un.h>
+#include <pwd.h>
+#include <grp.h>
+#include <errno.h>
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_appl.h>
+
+#include "pam-freerdp-children.h"
+#include "auth-check-path.h"
+
+void
+pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain)
+{
+
+ dup2(stdinpipe[0], 0);
+
+ char * args[5];
+
+ args[0] = (char *)auth_check_path;
+ args[1] = (char *)rhost;
+ args[2] = (char *)ruser;
+ args[3] = (char *)rdomain;
+ args[4] = NULL;
+
+ struct passwd * pwdent = getpwnam(username);
+ if (pwdent == NULL) {
+ _exit(EXIT_FAILURE);
+ }
+
+ /* Setting groups, but allowing EPERM as if we're not 100% root
+ we might not be able to do this */
+ if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+ _exit(EXIT_FAILURE);
+ }
+
+ if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
+ setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
+ _exit(EXIT_FAILURE);
+ }
+
+ if (clearenv() != 0) {
+ _exit(EXIT_FAILURE);
+ }
+
+ if (chdir(pwdent->pw_dir) != 0) {
+ _exit(EXIT_FAILURE);
+ }
+
+ setenv("HOME", pwdent->pw_dir, 1);
+
+ execvp(args[0], args);
+ _exit(0);
+}
+
+int
+session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password)
+{
+ /* Socket stuff */
+ int socketfd = 0;
+ struct sockaddr_un socket_addr;
+
+ /* Connected user */
+ socklen_t connected_addr_size;
+ int connectfd = 0;
+ struct sockaddr_un connected_addr;
+
+ /* Our buffer */
+ char * buffer = NULL;
+ int buffer_len = 0;
+ int buffer_fill = 0;
+
+ /* Track write out */
+ int writedata = 0;
+
+ /* Track ready writing */
+ int readywrite = 0;
+
+ /* Setting groups, but allowing EPERM as if we're not 100% root
+ we might not be able to do this */
+ if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
+ _exit(EXIT_FAILURE);
+ }
+
+ if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
+ setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
+ /* Don't need to clean up yet */
+ return EXIT_FAILURE;
+ }
+
+ if (clearenv() != 0) {
+ /* Don't need to clean up yet */
+ return EXIT_FAILURE;
+ }
+
+ if (chdir(pwdent->pw_dir) != 0) {
+ /* Don't need to clean up yet */
+ return EXIT_FAILURE;
+ }
+
+ if (rdomain[0] == '\0') {
+ rdomain = ".";
+ }
+
+ /* Build this up as a buffer so we can just write it and see that
+ very, very clearly */
+ buffer_len += strlen(ruser) + 1; /* Add one for the space */
+ buffer_len += strlen(rhost) + 1; /* Add one for the space */
+ buffer_len += strlen(rdomain) + 1; /* Add one for the space */
+ buffer_len += strlen(password) + 1; /* Add one for the NULL */
+
+ if (buffer_len < 5) {
+ /* Don't need to clean up yet */
+ return EXIT_FAILURE;
+ }
+
+ buffer = malloc(buffer_len);
+
+ if (buffer == NULL) {
+ /* Don't need to clean up yet */
+ return EXIT_FAILURE;
+ }
+
+ /* Lock the buffer before writing */
+ if (mlock(buffer, buffer_len) != 0) {
+ /* We can't lock, we go home */
+ goto cleanup;
+ }
+
+ buffer_fill = snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost);
+ if (buffer_fill > buffer_len) {
+ /* This really shouldn't happen, but if for some reason we have an
+ difference between they way that the lengths are calculated we want
+ to catch that. */
+ goto cleanup;
+ }
+
+ /* Make our socket and bind it */
+ socketfd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (socketfd < 0) {
+ goto cleanup;
+ }
+
+ memset(&socket_addr, 0, sizeof(struct sockaddr_un));
+ socket_addr.sun_family = AF_UNIX;
+ strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
+ strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
+
+ /* We bind the socket before forking so that we ensure that
+ there isn't a race condition to get to it. Things will block
+ otherwise. */
+ if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) {
+ goto cleanup;
+ }
+
+ /* Set the socket file permissions to be 600 and the user and group
+ to be the guest user. NOTE: This won't protect on BSD */
+ if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
+ chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
+ goto cleanup;
+ }
+
+ if (listen(socketfd, 1) < 0) {
+ goto cleanup;
+ }
+
+ readywrite = write(readypipe, ALL_GOOD_SIGNAL, strlen(ALL_GOOD_SIGNAL) + 1);
+ if (readywrite != strlen(ALL_GOOD_SIGNAL) + 1) {
+ goto cleanup;
+ }
+
+ connected_addr_size = sizeof(struct sockaddr_un);
+ connectfd = accept(socketfd, (struct sockaddr *)&connected_addr, &connected_addr_size);
+ if (connectfd < 0) {
+ goto cleanup;
+ }
+
+ writedata = write(connectfd, buffer, buffer_len);
+
+cleanup:
+ if (socketfd != 0) {
+ close(socketfd);
+ }
+ if (connectfd != 0) {
+ close(connectfd);
+ }
+
+ if (buffer != NULL) {
+ memset(buffer, 0, buffer_len);
+ munlock(buffer, buffer_len);
+ free(buffer);
+ buffer = NULL;
+ }
+
+ /* This should be only true on the write, so we can use this to check
+ out as writedata is init to 0 */
+ if (writedata == buffer_len) {
+ _exit (0);
+ }
+
+ _exit(EXIT_FAILURE);
+}
+
diff --git a/src/pam-freerdp-children.h b/src/pam-freerdp-children.h
new file mode 100644
index 0000000..cb36312
--- /dev/null
+++ b/src/pam-freerdp-children.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright © 2012 Canonical Ltd.
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 3, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranties of
+ * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Author: Ted Gould <ted@canonical.com>
+ */
+
+#ifndef _PAM_FREERDP_CHILDREN_H_
+#define _PAM_FREERDP_CHILDREN_H_
+
+#define PAM_TYPE_DOMAIN 1234
+#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n"
+
+void
+pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain);
+
+int
+session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password);
+#endif //_PAM_FREERDP_CHILDREN_H_
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index fbfe182..8979e6e 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -34,11 +34,9 @@
#include <security/pam_modutil.h>
#include <security/pam_appl.h>
+#include "pam-freerdp-children.h"
#include "auth-check-path.h"
-#define PAM_TYPE_DOMAIN 1234
-#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n"
-
static int unpriveleged_kill (struct passwd * pwdent);
static char * global_domain = NULL;
@@ -236,44 +234,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
pid_t pid;
switch (pid = fork()) {
case 0: { /* child */
- dup2(stdinpipe[0], 0);
-
- char * args[5];
-
- args[0] = (char *)auth_check_path;
- args[1] = rhost;
- args[2] = ruser;
- args[3] = rdomain;
- args[4] = NULL;
-
- struct passwd * pwdent = getpwnam(username);
- if (pwdent == NULL) {
- _exit(EXIT_FAILURE);
- }
-
- /* Setting groups, but allowing EPERM as if we're not 100% root
- we might not be able to do this */
- if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
- _exit(EXIT_FAILURE);
- }
-
- if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
- setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
- _exit(EXIT_FAILURE);
- }
-
- if (clearenv() != 0) {
- _exit(EXIT_FAILURE);
- }
-
- if (chdir(pwdent->pw_dir) != 0) {
- _exit(EXIT_FAILURE);
- }
-
- setenv("HOME", pwdent->pw_dir, 1);
-
- execvp(args[0], args);
- _exit(EXIT_FAILURE);
+ pam_sm_authenticate_helper (stdinpipe, username, rhost, ruser, rdomain);
break;
}
case -1: { /* fork'n error! */
@@ -304,153 +265,7 @@ done:
return retval;
}
-static int
-session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password)
-{
- /* Socket stuff */
- int socketfd = 0;
- struct sockaddr_un socket_addr;
-
- /* Connected user */
- socklen_t connected_addr_size;
- int connectfd = 0;
- struct sockaddr_un connected_addr;
-
- /* Our buffer */
- char * buffer = NULL;
- int buffer_len = 0;
- int buffer_fill = 0;
-
- /* Track write out */
- int writedata = 0;
-
- /* Track ready writing */
- int readywrite = 0;
-
- /* Setting groups, but allowing EPERM as if we're not 100% root
- we might not be able to do this */
- if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) {
- _exit(EXIT_FAILURE);
- }
-
- if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
- setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
- /* Don't need to clean up yet */
- return EXIT_FAILURE;
- }
-
- if (clearenv() != 0) {
- /* Don't need to clean up yet */
- return EXIT_FAILURE;
- }
-
- if (chdir(pwdent->pw_dir) != 0) {
- /* Don't need to clean up yet */
- return EXIT_FAILURE;
- }
-
- if (rdomain[0] == '\0') {
- rdomain = ".";
- }
-
- /* Build this up as a buffer so we can just write it and see that
- very, very clearly */
- buffer_len += strlen(ruser) + 1; /* Add one for the space */
- buffer_len += strlen(rhost) + 1; /* Add one for the space */
- buffer_len += strlen(rdomain) + 1; /* Add one for the space */
- buffer_len += strlen(password) + 1; /* Add one for the NULL */
-
- if (buffer_len < 5) {
- /* Don't need to clean up yet */
- return EXIT_FAILURE;
- }
-
- buffer = malloc(buffer_len);
-
- if (buffer == NULL) {
- /* Don't need to clean up yet */
- return EXIT_FAILURE;
- }
-
- /* Lock the buffer before writing */
- if (mlock(buffer, buffer_len) != 0) {
- /* We can't lock, we go home */
- goto cleanup;
- }
-
- buffer_fill = snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost);
- if (buffer_fill > buffer_len) {
- /* This really shouldn't happen, but if for some reason we have an
- difference between they way that the lengths are calculated we want
- to catch that. */
- goto cleanup;
- }
-
- /* Make our socket and bind it */
- socketfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (socketfd < 0) {
- goto cleanup;
- }
- memset(&socket_addr, 0, sizeof(struct sockaddr_un));
- socket_addr.sun_family = AF_UNIX;
- strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
- strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
-
- /* We bind the socket before forking so that we ensure that
- there isn't a race condition to get to it. Things will block
- otherwise. */
- if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) {
- goto cleanup;
- }
-
- /* Set the socket file permissions to be 600 and the user and group
- to be the guest user. NOTE: This won't protect on BSD */
- if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 ||
- chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) {
- goto cleanup;
- }
-
- if (listen(socketfd, 1) < 0) {
- goto cleanup;
- }
-
- readywrite = write(readypipe, ALL_GOOD_SIGNAL, strlen(ALL_GOOD_SIGNAL) + 1);
- if (readywrite != strlen(ALL_GOOD_SIGNAL) + 1) {
- goto cleanup;
- }
-
- connected_addr_size = sizeof(struct sockaddr_un);
- connectfd = accept(socketfd, (struct sockaddr *)&connected_addr, &connected_addr_size);
- if (connectfd < 0) {
- goto cleanup;
- }
-
- writedata = write(connectfd, buffer, buffer_len);
-
-cleanup:
- if (socketfd != 0) {
- close(socketfd);
- }
- if (connectfd != 0) {
- close(connectfd);
- }
-
- if (buffer != NULL) {
- memset(buffer, 0, buffer_len);
- munlock(buffer, buffer_len);
- free(buffer);
- buffer = NULL;
- }
-
- /* This should be only true on the write, so we can use this to check
- out as writedata is init to 0 */
- if (writedata == buffer_len) {
- return 0;
- }
-
- return EXIT_FAILURE;
-}
pid_t session_pid = 0;
/* Open Session. Here we need to fork a little process so that we can
@@ -492,12 +307,11 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
pid_t pid = fork();
if (pid == 0) {
- int retval = 0;
-
- retval = session_socket_handler(pwdent, sessionready[1], ruser, rhost, rdomain, password);
+
+ int ret = session_socket_handler(pwdent, sessionready[1], ruser, rhost, rdomain, password);
close(sessionready[1]);
- _exit(retval);
+ _exit(ret);
} else if (pid < 0) {
close(sessionready[0]);
close(sessionready[1]);