Adaptations of the forked original to work with X2Go: Check the authentication token via libssh (ssh login to the remote server).

4 files changed, 22 insertions, 68 deletions

diff --git a/src/pam-x2go-children.c b/src/pam-x2go-children.c
index ea29c14..51cf048 100644
--- a/src/pam-x2go-children.c
+++ b/src/pam-x2go-children.c
@@ -172,7 +172,7 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse
 	memset(&socket_addr, 0, sizeof(struct sockaddr_un));
 	socket_addr.sun_family = AF_UNIX;
 	strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1);
-	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
+	strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.x2go-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1);
 
 	/* We bind the socket before forking so that we ensure that
 	   there isn't a race condition to get to it.  Things will block
diff --git a/src/pam-x2go-children.h b/src/pam-x2go-children.h
index cb36312..d300d46 100644
--- a/src/pam-x2go-children.h
+++ b/src/pam-x2go-children.h
@@ -16,8 +16,8 @@
  * Author: Ted Gould <ted@canonical.com>
  */
 
-#ifndef _PAM_FREERDP_CHILDREN_H_
-#define _PAM_FREERDP_CHILDREN_H_
+#ifndef _PAM_X2GO_CHILDREN_H_
+#define _PAM_X2GO_CHILDREN_H_
 
 #define PAM_TYPE_DOMAIN  1234
 #define ALL_GOOD_SIGNAL  "Ar, ready to authenticate cap'n"
@@ -27,4 +27,4 @@ pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rh
 
 int
 session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password);
-#endif //_PAM_FREERDP_CHILDREN_H_
+#endif //_PAM_X2GO_CHILDREN_H_
diff --git a/src/pam-x2go.c b/src/pam-x2go.c
index 8979e6e..8ca5147 100644
--- a/src/pam-x2go.c
+++ b/src/pam-x2go.c
@@ -34,7 +34,7 @@
 #include <security/pam_modutil.h>
 #include <security/pam_appl.h>
 
-#include "pam-freerdp-children.h"
+#include "pam-x2go-children.h"
 #include "auth-check-path.h"
 
 static int unpriveleged_kill (struct passwd * pwdent);
@@ -126,18 +126,6 @@ get_item (pam_handle_t * pamh, int type)
 		}
 	}
 
-	/* The way that xfreerdp does parsing means that we can't handle
-	   spaces in the username.  Let's block them as early as possible.
-	   Though, if the xfreerdp part gets fixed, we want this to disappear
-	     http://launchpad.net/bugs/1053102
-	*/
-	if (type == PAM_RUSER) {
-		if (strstr(promptval, " ") != NULL) {
-			free(promptval);
-			return NULL;
-		}
-	}
-
 	if (type == PAM_RHOST) {
 		char * subloc = strstr(promptval, "://");
 		if (subloc != NULL) {
@@ -205,7 +193,7 @@ get_item (pam_handle_t * pamh, int type)
 	}
 
 /* Authenticate.  We need to make sure we have a user account, that
-   there are remote accounts and then verify them with FreeRDP */
+   there are remote accounts and then verify them with X2Go */
 PAM_EXTERN int
 pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
@@ -270,7 +258,7 @@ done:
 pid_t session_pid = 0;
 /* Open Session.  Here we need to fork a little process so that we can
    give the credentials to the session itself so that it can startup the
-   xfreerdp viewer for the login */
+   PyHoca (X2Go) client for the login */
 PAM_EXTERN int
 pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv)
 {
@@ -426,8 +414,8 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv)
 
 #ifdef PAM_STATIC
 
-struct pam_module _pam_freerdp_modstruct = {
-     "pam_freerdp",
+struct pam_module _pam_x2go_modstruct = {
+     "pam_x2go",
      pam_sm_authenticate,
      pam_sm_setcred,
      NULL,
diff --git a/src/x2go-auth-check.c b/src/x2go-auth-check.c
index e5e9d13..524d424 100644
--- a/src/x2go-auth-check.c
+++ b/src/x2go-auth-check.c
@@ -16,37 +16,9 @@
  * Author: Ted Gould <ted@canonical.com>
  */
 
-#include <freerdp/freerdp.h>
-#include <freerdp/channels/channels.h>
+#include <libssh/libssh.h>
 #include <string.h>
 
-void
-auth_context_new (freerdp * instance, rdpContext * context)
-{
-	context->channels = freerdp_channels_new();
-	return;
-}
-
-void
-auth_context_free (freerdp * instance, rdpContext * context)
-{
-	return;
-}
-
-boolean
-auth_pre_connect (freerdp * instance)
-{
-	freerdp_channels_pre_connect(instance->context->channels, instance);
-	return true;
-}
-
-boolean
-auth_post_connect (freerdp * instance)
-{
-	freerdp_channels_post_connect(instance->context->channels, instance);
-	return true;
-}
-
 int
 main (int argc, char * argv[])
 {
@@ -64,23 +36,12 @@ main (int argc, char * argv[])
 		return -1;
 	}
 
-	freerdp_channels_global_init();
-
-	freerdp * instance = freerdp_new();
+	auth_check_ssh_session = ssh_new();
 
-	instance->PreConnect = auth_pre_connect;
-	instance->PostConnect = auth_post_connect;
+	ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_HOST, argv[1]; );
+	ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_USER, argv[2]; );
 
-	instance->context_size = sizeof(rdpContext);
-	instance->ContextNew = auth_context_new;
-	instance->ContextFree = auth_context_free;
-
-	freerdp_context_new(instance);
-
-	instance->settings->hostname = argv[1];
-	instance->settings->username = argv[2];
-	instance->settings->domain = argv[3];
-	instance->settings->password = password;
+	rc = ssh_connect (ssh_session);
 
 	char * colonloc = strstr(argv[1], ":");
 	if (colonloc != NULL) {
@@ -88,12 +49,17 @@ main (int argc, char * argv[])
 		colonloc[0] = '\0';
 		colonloc++;
 
-		instance->settings->port = strtoul(colonloc, NULL, 10);
+		ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_PORT, strtoul(colonloc, NULL, 10); );
+	}
+
+	if (ssh_connect (ssh_session)) {
+		int rc = ssh_userauth_password ( auth_check_ssh_session, NULL, password );
+		ssh_disconnect(ssh_session);
 	}
 
 	int retval = -1;
-	if (freerdp_connect(instance)) {
-		freerdp_disconnect(instance);
+	if ( rc == SSH_AUTH_SUCCESS )
+	{
 		retval = 0;
 	}