aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/pam-freerdp.c52
1 files changed, 52 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 259219a..edf9eca 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -1,5 +1,7 @@
#include <stdlib.h>
#include <string.h>
+#include <unistd.h>
+#include <sys/wait.h>
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
@@ -67,6 +69,9 @@ get_item (pam_handle_t * pamh, int type)
goto done; \
}
+/* TODO: Make this a build thing */
+#define XFREERDP "/usr/bin/xfreerdp"
+
/* Authenticate. We need to make sure we have a user account, that
there are remote accounts and then verify them with FreeRDP */
PAM_EXTERN int
@@ -79,12 +84,59 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
char * rdomain = NULL;
int retval = PAM_IGNORE;
+ /* Get all the values, or prompt for them, or return with
+ an auth error */
GET_ITEM(username, PAM_USER);
GET_ITEM(ruser, PAM_RUSER);
GET_ITEM(rhost, PAM_RHOST);
GET_ITEM(rdomain, PAM_TYPE_DOMAIN);
GET_ITEM(password, PAM_AUTHTOK);
+ /* At this point we should have the values, let's check the auth */
+ pid_t pid;
+ switch (pid = fork()) {
+ case 0: { /* child */
+ char * args[13];
+ args[0] = XFREERDP;
+ args[1] = "--plugin";
+ args[2] = "rdpsnd.so";
+ args[3] = "--no-nla";
+ args[4] = "-f";
+ args[5] = "--ignore-certificate"; /* TODO: Change when we set the home directory properly */
+
+ /* TODO: Use stdin */
+ args[6] = "-u";
+ args[7] = ruser;
+ args[8] = "-p";
+ args[9] = password;
+ args[10] = "-d";
+ args[11] = rdomain;
+
+ args[12] = NULL;
+
+ /* TODO: Drop privs */
+ /* TODO: Home directory environment to user's home */
+ execvp(args[0], args);
+ _exit(EXIT_FAILURE);
+ break;
+ }
+ case -1: { /* fork'n error! */
+ retval = PAM_SYSTEM_ERR;
+ break;
+ }
+ default: {
+ int forkret = 0;
+ if (waitpid(pid, &forkret, 0) < 0) {
+ retval = PAM_SYSTEM_ERR;
+ } else if (forkret == 0) {
+ retval = PAM_SUCCESS;
+ } else {
+ retval = PAM_AUTH_ERR;
+ }
+ }
+ }
+
+ /* Free Memory and return our status */
done:
if (username != NULL) { free(username); }
if (password != NULL) { free(password); }