diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/pam-freerdp.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index 259219a..edf9eca 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -1,5 +1,7 @@ #include <stdlib.h> #include <string.h> +#include <unistd.h> +#include <sys/wait.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> @@ -67,6 +69,9 @@ get_item (pam_handle_t * pamh, int type) goto done; \ } +/* TODO: Make this a build thing */ +#define XFREERDP "/usr/bin/xfreerdp" + /* Authenticate. We need to make sure we have a user account, that there are remote accounts and then verify them with FreeRDP */ PAM_EXTERN int @@ -79,12 +84,59 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) char * rdomain = NULL; int retval = PAM_IGNORE; + /* Get all the values, or prompt for them, or return with + an auth error */ GET_ITEM(username, PAM_USER); GET_ITEM(ruser, PAM_RUSER); GET_ITEM(rhost, PAM_RHOST); GET_ITEM(rdomain, PAM_TYPE_DOMAIN); GET_ITEM(password, PAM_AUTHTOK); + /* At this point we should have the values, let's check the auth */ + pid_t pid; + switch (pid = fork()) { + case 0: { /* child */ + char * args[13]; + args[0] = XFREERDP; + args[1] = "--plugin"; + args[2] = "rdpsnd.so"; + args[3] = "--no-nla"; + args[4] = "-f"; + args[5] = "--ignore-certificate"; /* TODO: Change when we set the home directory properly */ + + /* TODO: Use stdin */ + args[6] = "-u"; + args[7] = ruser; + args[8] = "-p"; + args[9] = password; + args[10] = "-d"; + args[11] = rdomain; + + args[12] = NULL; + + /* TODO: Drop privs */ + /* TODO: Home directory environment to user's home */ + execvp(args[0], args); + _exit(EXIT_FAILURE); + break; + } + case -1: { /* fork'n error! */ + retval = PAM_SYSTEM_ERR; + break; + } + default: { + int forkret = 0; + if (waitpid(pid, &forkret, 0) < 0) { + retval = PAM_SYSTEM_ERR; + } else if (forkret == 0) { + retval = PAM_SUCCESS; + } else { + retval = PAM_AUTH_ERR; + } + } + } + + /* Free Memory and return our status */ done: if (username != NULL) { free(username); } if (password != NULL) { free(password); } |