aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMike Gabriel <mike.gabriel@das-netzwerkteam.de>2012-11-09 12:04:48 +0100
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2012-11-09 12:04:48 +0100
commitedd14a06a92de3b1275f4aeb377d8fa3852f823e (patch)
tree64f22a313e0694b6b5431169e4732c2fd707fb39 /src
parent42b8b279e62e6e2f5a7455e30bb0a211763ee187 (diff)
downloadlibpam-x2go-edd14a06a92de3b1275f4aeb377d8fa3852f823e.tar.gz
libpam-x2go-edd14a06a92de3b1275f4aeb377d8fa3852f823e.tar.bz2
libpam-x2go-edd14a06a92de3b1275f4aeb377d8fa3852f823e.zip
Adaptations of the forked original to work with X2Go: Check the authentication token via libssh (ssh login to the remote server).
Diffstat (limited to 'src')
-rw-r--r--src/pam-x2go-children.c2
-rw-r--r--src/pam-x2go-children.h6
-rw-r--r--src/pam-x2go.c22
-rw-r--r--src/x2go-auth-check.c60
4 files changed, 22 insertions, 68 deletions
diff --git a/src/pam-x2go-children.c b/src/pam-x2go-children.c
index ea29c14..51cf048 100644
--- a/src/pam-x2go-children.c
+++ b/src/pam-x2go-children.c
@@ -172,7 +172,7 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse
memset(&socket_addr, 0, sizeof(struct sockaddr_un));
socket_addr.sun_family = AF_UNIX;
strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
- strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
+ strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.x2go-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
/* We bind the socket before forking so that we ensure that
there isn't a race condition to get to it. Things will block
diff --git a/src/pam-x2go-children.h b/src/pam-x2go-children.h
index cb36312..d300d46 100644
--- a/src/pam-x2go-children.h
+++ b/src/pam-x2go-children.h
@@ -16,8 +16,8 @@
* Author: Ted Gould <ted@canonical.com>
*/
-#ifndef _PAM_FREERDP_CHILDREN_H_
-#define _PAM_FREERDP_CHILDREN_H_
+#ifndef _PAM_X2GO_CHILDREN_H_
+#define _PAM_X2GO_CHILDREN_H_
#define PAM_TYPE_DOMAIN 1234
#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n"
@@ -27,4 +27,4 @@ pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rh
int
session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password);
-#endif //_PAM_FREERDP_CHILDREN_H_
+#endif //_PAM_X2GO_CHILDREN_H_
diff --git a/src/pam-x2go.c b/src/pam-x2go.c
index 8979e6e..8ca5147 100644
--- a/src/pam-x2go.c
+++ b/src/pam-x2go.c
@@ -34,7 +34,7 @@
#include <security/pam_modutil.h>
#include <security/pam_appl.h>
-#include "pam-freerdp-children.h"
+#include "pam-x2go-children.h"
#include "auth-check-path.h"
static int unpriveleged_kill (struct passwd * pwdent);
@@ -126,18 +126,6 @@ get_item (pam_handle_t * pamh, int type)
}
}
- /* The way that xfreerdp does parsing means that we can't handle
- spaces in the username. Let's block them as early as possible.
- Though, if the xfreerdp part gets fixed, we want this to disappear
- http://launchpad.net/bugs/1053102
- */
- if (type == PAM_RUSER) {
- if (strstr(promptval, " ") != NULL) {
- free(promptval);
- return NULL;
- }
- }
-
if (type == PAM_RHOST) {
char * subloc = strstr(promptval, "://");
if (subloc != NULL) {
@@ -205,7 +193,7 @@ get_item (pam_handle_t * pamh, int type)
}
/* Authenticate. We need to make sure we have a user account, that
- there are remote accounts and then verify them with FreeRDP */
+ there are remote accounts and then verify them with X2Go */
PAM_EXTERN int
pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
{
@@ -270,7 +258,7 @@ done:
pid_t session_pid = 0;
/* Open Session. Here we need to fork a little process so that we can
give the credentials to the session itself so that it can startup the
- xfreerdp viewer for the login */
+ PyHoca (X2Go) client for the login */
PAM_EXTERN int
pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv)
{
@@ -426,8 +414,8 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv)
#ifdef PAM_STATIC
-struct pam_module _pam_freerdp_modstruct = {
- "pam_freerdp",
+struct pam_module _pam_x2go_modstruct = {
+ "pam_x2go",
pam_sm_authenticate,
pam_sm_setcred,
NULL,
diff --git a/src/x2go-auth-check.c b/src/x2go-auth-check.c
index e5e9d13..524d424 100644
--- a/src/x2go-auth-check.c
+++ b/src/x2go-auth-check.c
@@ -16,37 +16,9 @@
* Author: Ted Gould <ted@canonical.com>
*/
-#include <freerdp/freerdp.h>
-#include <freerdp/channels/channels.h>
+#include <libssh/libssh.h>
#include <string.h>
-void
-auth_context_new (freerdp * instance, rdpContext * context)
-{
- context->channels = freerdp_channels_new();
- return;
-}
-
-void
-auth_context_free (freerdp * instance, rdpContext * context)
-{
- return;
-}
-
-boolean
-auth_pre_connect (freerdp * instance)
-{
- freerdp_channels_pre_connect(instance->context->channels, instance);
- return true;
-}
-
-boolean
-auth_post_connect (freerdp * instance)
-{
- freerdp_channels_post_connect(instance->context->channels, instance);
- return true;
-}
-
int
main (int argc, char * argv[])
{
@@ -64,23 +36,12 @@ main (int argc, char * argv[])
return -1;
}
- freerdp_channels_global_init();
-
- freerdp * instance = freerdp_new();
+ auth_check_ssh_session = ssh_new();
- instance->PreConnect = auth_pre_connect;
- instance->PostConnect = auth_post_connect;
+ ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_HOST, argv[1]; );
+ ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_USER, argv[2]; );
- instance->context_size = sizeof(rdpContext);
- instance->ContextNew = auth_context_new;
- instance->ContextFree = auth_context_free;
-
- freerdp_context_new(instance);
-
- instance->settings->hostname = argv[1];
- instance->settings->username = argv[2];
- instance->settings->domain = argv[3];
- instance->settings->password = password;
+ rc = ssh_connect (ssh_session);
char * colonloc = strstr(argv[1], ":");
if (colonloc != NULL) {
@@ -88,12 +49,17 @@ main (int argc, char * argv[])
colonloc[0] = '\0';
colonloc++;
- instance->settings->port = strtoul(colonloc, NULL, 10);
+ ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_PORT, strtoul(colonloc, NULL, 10); );
+ }
+
+ if (ssh_connect (ssh_session)) {
+ int rc = ssh_userauth_password ( auth_check_ssh_session, NULL, password );
+ ssh_disconnect(ssh_session);
}
int retval = -1;
- if (freerdp_connect(instance)) {
- freerdp_disconnect(instance);
+ if ( rc == SSH_AUTH_SUCCESS )
+ {
retval = 0;
}