diff options
-rw-r--r-- | src/pam-freerdp.c | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index df2f3c5..b6ec769 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -24,6 +24,7 @@ #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> +#include <sys/mman.h> #include <sys/un.h> #include <pwd.h> @@ -33,6 +34,13 @@ #define PAM_TYPE_DOMAIN 1234 +static char * global_domain = NULL; +/* FIXME? This is a work around to the fact that PAM seems to be clearing + the auth token between authorize and open_session. Which then requires + us to save it. Seems like we're the wrong people to do it, but we have + no choice */ +static char * global_password = NULL; + /* Either grab a value or prompt for it */ static char * get_item (pam_handle_t * pamh, int type) @@ -44,6 +52,13 @@ get_item (pam_handle_t * pamh, int type) if (pam_get_item(pamh, type, (const void **)&value) == PAM_SUCCESS && value != NULL) { return strdup(value); } + if (type == PAM_AUTHTOK && global_password != NULL) { + return strdup(global_password); + } + } else { + if (global_domain != NULL) { + return strdup(global_domain); + } } /* Now we need to prompt */ @@ -81,7 +96,7 @@ get_item (pam_handle_t * pamh, int type) } struct pam_response * responses = NULL; - if (conv->conv(1, &pmessage, &responses, conv->appdata_ptr) != PAM_SUCCESS) { + if (conv->conv(1, &pmessage, &responses, conv->appdata_ptr) != PAM_SUCCESS || responses == NULL) { return NULL; } @@ -104,6 +119,26 @@ get_item (pam_handle_t * pamh, int type) } } + if (retval != NULL) { /* Can't believe it really would be at this point, but let's be sure */ + if (type != PAM_TYPE_DOMAIN) { + pam_set_item(pamh, type, (const void *)retval); + } else { + if (global_domain != NULL) { + free(global_domain); + } + global_domain = strdup(retval); + } + if (type == PAM_AUTHTOK) { + if (global_password != NULL) { + memset(global_password, 0, strlen(global_password)); + munlock(global_password, strlen(global_password)); + free(global_password); + } + global_password = strdup(retval); + mlock(global_password, strlen(global_password)); + } + } + return retval; } @@ -113,9 +148,6 @@ get_item (pam_handle_t * pamh, int type) goto done; \ } -/* TODO: Make this a build thing */ -#define XFREERDP "/usr/bin/xfreerdp" - /* Authenticate. We need to make sure we have a user account, that there are remote accounts and then verify them with FreeRDP */ PAM_EXTERN int |