From 42b8b279e62e6e2f5a7455e30bb0a211763ee187 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Fri, 9 Nov 2012 01:17:16 +0100 Subject: fork libpam-x2go from libpam-freerdp --- .gitignore | 7 + configure.ac | 6 +- debian/changelog | 5 + debian/compat | 1 + debian/control | 25 +++ debian/copyright | 30 +++ debian/rules | 9 + debian/source/format | 1 + debian/watch | 2 + src/Makefile.am | 44 ++--- src/auth-check-path.c | 1 - src/freerdp-auth-check.c | 104 ---------- src/pam-freerdp-children.c | 231 ---------------------- src/pam-freerdp-children.h | 30 --- src/pam-freerdp.c | 439 ------------------------------------------ src/pam-x2go-children.c | 231 ++++++++++++++++++++++ src/pam-x2go-children.h | 30 +++ src/pam-x2go.c | 439 ++++++++++++++++++++++++++++++++++++++++++ src/x2go-auth-check.c | 104 ++++++++++ tests/Makefile.am | 24 +-- tests/mock_guest.c | 4 +- tests/test-freerdp-wrapper.cc | 16 +- 22 files changed, 931 insertions(+), 852 deletions(-) create mode 100644 .gitignore create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/watch delete mode 100644 src/freerdp-auth-check.c delete mode 100644 src/pam-freerdp-children.c delete mode 100644 src/pam-freerdp-children.h delete mode 100644 src/pam-freerdp.c create mode 100644 src/pam-x2go-children.c create mode 100644 src/pam-x2go-children.h create mode 100644 src/pam-x2go.c create mode 100644 src/x2go-auth-check.c diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2e03d57 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +libpam-freerdp-[0-9].[0-9].[0-9].tar.gz +libpam-freerdp-[0-9].[0-9].[0-9].tar.gz.asc +src/pam_freerdp.la +src/pam_freerdp_la-pam-freerdp.lo +src/pam_freerdp_la-pam-freerdp.o +src/pam-freerdp.la +freerdp-auth-check diff --git a/configure.ac b/configure.ac index 424c5f9..2f729c2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([libpam-freerdp], [1.0.1]) +AC_INIT([libpam-x2go], [1.0.1]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([1.11 -Wno-portability]) @@ -22,10 +22,10 @@ if test "x$have_pam" = "xno"; then fi ########################### -# FreeRDP +# X2Go ########################### -PKG_CHECK_MODULES(FREERDP, freerdp) +PKG_CHECK_MODULES(X2GO, x2go) ########################### # Local Install diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..b9e0630 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +libpam-x2go (0.0.0.1-0~x2go1) UNRELEASED; urgency=low + + * Initial upstream release. Forked from libpam-freerdp. + + -- Mike Gabriel Fri, 09 Nov 2012 01:10:25 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..d3fe23c --- /dev/null +++ b/debian/control @@ -0,0 +1,25 @@ +Source: libpam-x2go +Section: misc +Priority: extra +Maintainer: X2Go Developers +Uploaders: + Mike Gabriel +Build-Depends: + debhelper (>= 9), + libgtest-dev, + libpam0g-dev, + pkg-config, +Standards-Version: 3.9.3 +Homepage: http://wiki.x2go.org +Vcs-Git: git://code.x2go.org/libpam-x2go.git + +Package: libpam-x2go +Architecture: any +Depends: + ${shlibs:Depends}, + ${misc:Depends}, + pyhoca-cli, +Description: PAM Module to auth against an X2Go server using PyHoca + Auth and session PAM module that uses PyHoca to authenticate against + an X2Go server as the remote host and user. Local account required. + Most useful with the pam-temp-account module. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..874cd91 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libpam-x2go +Source: http://code.x2go.org/gitweb?p=libpam-x2go.git;a=summary + +Files: * +Copyright: + 2012, Mike Gabriel (X2Go Project) + 2012, Canonical Ltd. +License: GPL-3 + +Files: debian/* +Copyright: + 2012, Mike Gabriel (X2Go Project) +License: GPL-3 + +License: GPL-3 + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 3 of the License. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..a438aed --- /dev/null +++ b/debian/rules @@ -0,0 +1,9 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_install: + dh_install + find debian/libpam-x2go -name '*.a' -delete + find debian/libpam-x2go -name '*.la' -delete diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..63615b4 --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://launchpad.net/libpam-freerdp/+download .*/libpam-freerdp-(.+)\.tar\.gz diff --git a/src/Makefile.am b/src/Makefile.am index ed9087c..c99396f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,47 +1,47 @@ pamlibdir = $(PAMMODULEDIR) -pamlib_LTLIBRARIES = pam_freerdp.la +pamlib_LTLIBRARIES = pam_x2go.la -pam_freerdp_la_SOURCES = \ +pam_x2go_la_SOURCES = \ auth-check-path.c auth-check-path.h -pam_freerdp_la_LDFLAGS = \ +pam_x2go_la_LDFLAGS = \ -no-undefined \ -module \ -avoid-version \ $(COVERAGE_LDFLAGS) -pam_freerdp_la_CFLAGS = \ +pam_x2go_la_CFLAGS = \ -Wall -Werror \ - -DAUTH_CHECK="\"$(pkglibexecdir)/freerdp-auth-check\"" \ + -DAUTH_CHECK="\"$(pkglibexecdir)/x2go-auth-check\"" \ $(COVERAGE_CFLAGS) -pam_freerdp_la_LIBADD = \ - $(builddir)/libfreerdpcore.la +pam_x2go_la_LIBADD = \ + $(builddir)/libx2gocore.la noinst_LTLIBRARIES = \ - libfreerdpcore.la + libx2gocore.la -libfreerdpcore_la_SOURCES = \ - pam-freerdp.c \ - pam-freerdp-children.c -libfreerdpcore_la_CFLAGS = \ +libx2gocore_la_SOURCES = \ + pam-x2go.c \ + pam-x2go-children.c +libx2gocore_la_CFLAGS = \ -Wall -Werror \ $(COVERAGE_CFLAGS) -libfreerdpcore_la_LIBADD = \ +libx2gocore_la_LIBADD = \ -lpam -libfreerdpcore_la_LDFLAGS = \ +libx2gocore_la_LDFLAGS = \ $(COVERAGE_LDFLAGS) pkglibexec_PROGRAMS = \ - freerdp-auth-check + x2go-auth-check -freerdp_auth_check_SOURCES = \ - freerdp-auth-check.c -freerdp_auth_check_CFLAGS = \ - $(FREERDP_CFLAGS) \ +x2go_auth_check_SOURCES = \ + x2go-auth-check.c +x2go_auth_check_CFLAGS = \ + $(x2go_CFLAGS) \ $(COVERAGE_CFLAGS) -freerdp_auth_check_LDADD = \ - $(FREERDP_LIBS) -freerdp_auth_check_LDFLAGS = \ +x2go_auth_check_LDADD = \ + $(x2go_LIBS) +x2go_auth_check_LDFLAGS = \ $(COVERAGE_LDFLAGS) diff --git a/src/auth-check-path.c b/src/auth-check-path.c index db311ea..4ba7de6 100644 --- a/src/auth-check-path.c +++ b/src/auth-check-path.c @@ -1,3 +1,2 @@ - const char * auth_check_path = AUTH_CHECK; diff --git a/src/freerdp-auth-check.c b/src/freerdp-auth-check.c deleted file mode 100644 index e5e9d13..0000000 --- a/src/freerdp-auth-check.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright © 2012 Canonical Ltd. - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 3, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranties of - * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see . - * - * Author: Ted Gould - */ - -#include -#include -#include - -void -auth_context_new (freerdp * instance, rdpContext * context) -{ - context->channels = freerdp_channels_new(); - return; -} - -void -auth_context_free (freerdp * instance, rdpContext * context) -{ - return; -} - -boolean -auth_pre_connect (freerdp * instance) -{ - freerdp_channels_pre_connect(instance->context->channels, instance); - return true; -} - -boolean -auth_post_connect (freerdp * instance) -{ - freerdp_channels_post_connect(instance->context->channels, instance); - return true; -} - -int -main (int argc, char * argv[]) -{ - char password[512]; - if (argc != 4) { - printf("Not enough params"); - return -1; - } - - if (scanf("%511s", password) != 1) { - return -1; - } - - if (mlock(password, sizeof(password)) != 0) { - return -1; - } - - freerdp_channels_global_init(); - - freerdp * instance = freerdp_new(); - - instance->PreConnect = auth_pre_connect; - instance->PostConnect = auth_post_connect; - - instance->context_size = sizeof(rdpContext); - instance->ContextNew = auth_context_new; - instance->ContextFree = auth_context_free; - - freerdp_context_new(instance); - - instance->settings->hostname = argv[1]; - instance->settings->username = argv[2]; - instance->settings->domain = argv[3]; - instance->settings->password = password; - - char * colonloc = strstr(argv[1], ":"); - if (colonloc != NULL) { - /* We've got a port to deal with */ - colonloc[0] = '\0'; - colonloc++; - - instance->settings->port = strtoul(colonloc, NULL, 10); - } - - int retval = -1; - if (freerdp_connect(instance)) { - freerdp_disconnect(instance); - retval = 0; - } - - memset(password, 0, sizeof(password)); - munlock(password, sizeof(password)); - - return retval; -} diff --git a/src/pam-freerdp-children.c b/src/pam-freerdp-children.c deleted file mode 100644 index ea29c14..0000000 --- a/src/pam-freerdp-children.c +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright © 2012 Canonical Ltd. - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 3, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranties of - * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see . - * - * Author: Ted Gould - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "pam-freerdp-children.h" -#include "auth-check-path.h" - -void -pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain) -{ - - dup2(stdinpipe[0], 0); - - char * args[5]; - - args[0] = (char *)auth_check_path; - args[1] = (char *)rhost; - args[2] = (char *)ruser; - args[3] = (char *)rdomain; - args[4] = NULL; - - struct passwd * pwdent = getpwnam(username); - if (pwdent == NULL) { - _exit(EXIT_FAILURE); - } - - /* Setting groups, but allowing EPERM as if we're not 100% root - we might not be able to do this */ - if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) { - _exit(EXIT_FAILURE); - } - - if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || - setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { - _exit(EXIT_FAILURE); - } - - if (clearenv() != 0) { - _exit(EXIT_FAILURE); - } - - if (chdir(pwdent->pw_dir) != 0) { - _exit(EXIT_FAILURE); - } - - setenv("HOME", pwdent->pw_dir, 1); - - execvp(args[0], args); - _exit(0); -} - -int -session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password) -{ - /* Socket stuff */ - int socketfd = 0; - struct sockaddr_un socket_addr; - - /* Connected user */ - socklen_t connected_addr_size; - int connectfd = 0; - struct sockaddr_un connected_addr; - - /* Our buffer */ - char * buffer = NULL; - int buffer_len = 0; - int buffer_fill = 0; - - /* Track write out */ - int writedata = 0; - - /* Track ready writing */ - int readywrite = 0; - - /* Setting groups, but allowing EPERM as if we're not 100% root - we might not be able to do this */ - if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) { - _exit(EXIT_FAILURE); - } - - if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || - setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { - /* Don't need to clean up yet */ - return EXIT_FAILURE; - } - - if (clearenv() != 0) { - /* Don't need to clean up yet */ - return EXIT_FAILURE; - } - - if (chdir(pwdent->pw_dir) != 0) { - /* Don't need to clean up yet */ - return EXIT_FAILURE; - } - - if (rdomain[0] == '\0') { - rdomain = "."; - } - - /* Build this up as a buffer so we can just write it and see that - very, very clearly */ - buffer_len += strlen(ruser) + 1; /* Add one for the space */ - buffer_len += strlen(rhost) + 1; /* Add one for the space */ - buffer_len += strlen(rdomain) + 1; /* Add one for the space */ - buffer_len += strlen(password) + 1; /* Add one for the NULL */ - - if (buffer_len < 5) { - /* Don't need to clean up yet */ - return EXIT_FAILURE; - } - - buffer = malloc(buffer_len); - - if (buffer == NULL) { - /* Don't need to clean up yet */ - return EXIT_FAILURE; - } - - /* Lock the buffer before writing */ - if (mlock(buffer, buffer_len) != 0) { - /* We can't lock, we go home */ - goto cleanup; - } - - buffer_fill = snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost); - if (buffer_fill > buffer_len) { - /* This really shouldn't happen, but if for some reason we have an - difference between they way that the lengths are calculated we want - to catch that. */ - goto cleanup; - } - - /* Make our socket and bind it */ - socketfd = socket(AF_UNIX, SOCK_STREAM, 0); - if (socketfd < 0) { - goto cleanup; - } - - memset(&socket_addr, 0, sizeof(struct sockaddr_un)); - socket_addr.sun_family = AF_UNIX; - strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1); - strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1); - - /* We bind the socket before forking so that we ensure that - there isn't a race condition to get to it. Things will block - otherwise. */ - if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) { - goto cleanup; - } - - /* Set the socket file permissions to be 600 and the user and group - to be the guest user. NOTE: This won't protect on BSD */ - if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 || - chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) { - goto cleanup; - } - - if (listen(socketfd, 1) < 0) { - goto cleanup; - } - - readywrite = write(readypipe, ALL_GOOD_SIGNAL, strlen(ALL_GOOD_SIGNAL) + 1); - if (readywrite != strlen(ALL_GOOD_SIGNAL) + 1) { - goto cleanup; - } - - connected_addr_size = sizeof(struct sockaddr_un); - connectfd = accept(socketfd, (struct sockaddr *)&connected_addr, &connected_addr_size); - if (connectfd < 0) { - goto cleanup; - } - - writedata = write(connectfd, buffer, buffer_len); - -cleanup: - if (socketfd != 0) { - close(socketfd); - } - if (connectfd != 0) { - close(connectfd); - } - - if (buffer != NULL) { - memset(buffer, 0, buffer_len); - munlock(buffer, buffer_len); - free(buffer); - buffer = NULL; - } - - /* This should be only true on the write, so we can use this to check - out as writedata is init to 0 */ - if (writedata == buffer_len) { - _exit (0); - } - - _exit(EXIT_FAILURE); -} - diff --git a/src/pam-freerdp-children.h b/src/pam-freerdp-children.h deleted file mode 100644 index cb36312..0000000 --- a/src/pam-freerdp-children.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright © 2012 Canonical Ltd. - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 3, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranties of - * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see . - * - * Author: Ted Gould - */ - -#ifndef _PAM_FREERDP_CHILDREN_H_ -#define _PAM_FREERDP_CHILDREN_H_ - -#define PAM_TYPE_DOMAIN 1234 -#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n" - -void -pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain); - -int -session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password); -#endif //_PAM_FREERDP_CHILDREN_H_ diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c deleted file mode 100644 index 8979e6e..0000000 --- a/src/pam-freerdp.c +++ /dev/null @@ -1,439 +0,0 @@ -/* - * Copyright © 2012 Canonical Ltd. - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 3, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranties of - * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR - * PURPOSE. See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see . - * - * Author: Ted Gould - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "pam-freerdp-children.h" -#include "auth-check-path.h" - -static int unpriveleged_kill (struct passwd * pwdent); - -static char * global_domain = NULL; -/* FIXME? This is a work around to the fact that PAM seems to be clearing - the auth token between authorize and open_session. Which then requires - us to save it. Seems like we're the wrong people to do it, but we have - no choice */ -static char * global_password = NULL; - -/* Either grab a value or prompt for it */ -static char * -get_item (pam_handle_t * pamh, int type) -{ - /* Check to see if we just have the value. If we do, great - let's dup it some we're consitently allocating memory */ - if (type != PAM_TYPE_DOMAIN) { - /* If it's not a domain we can use the PAM functions because the PAM - functions don't support the domain */ - char * value = NULL; - if (pam_get_item(pamh, type, (const void **)&value) == PAM_SUCCESS && value != NULL) { - return value; - } - if (type == PAM_AUTHTOK && global_password != NULL) { - /* If we're looking for a password, we didn't get one, before - prompting see if we've got a global one. */ - return global_password; - } - } else { - /* Here we only have domains, so we can see if the global domain is - useful for us, if we have it */ - if (global_domain != NULL) { - return global_domain; - } - } - /* Now we need to prompt */ - - /* Build up the message we're prompting for */ - struct pam_message message; - const struct pam_message * pmessage = &message; - - message.msg = NULL; - message.msg_style = PAM_PROMPT_ECHO_ON; - - switch (type) { - case PAM_USER: - message.msg = "login:"; - break; - case PAM_RUSER: - message.msg = "remote login:"; - break; - case PAM_RHOST: - message.msg = "remote host:"; - break; - case PAM_AUTHTOK: - message.msg = "password:"; - message.msg_style = PAM_PROMPT_ECHO_OFF; - break; - case PAM_TYPE_DOMAIN: - message.msg = "domain:"; - break; - default: - return NULL; - } - - struct pam_conv * conv = NULL; - if (pam_get_item(pamh, PAM_CONV, (const void **)&conv) != PAM_SUCCESS || conv == NULL || conv->conv == NULL) { - return NULL; - } - - struct pam_response * responses = NULL; - if (conv->conv(1, &pmessage, &responses, conv->appdata_ptr) != PAM_SUCCESS || responses == NULL) { - return NULL; - } - - char * promptval = responses->resp; - free(responses); - - /* If we didn't get anything, just move on */ - if (promptval == NULL) { - return NULL; - } - - if (type == PAM_AUTHTOK) { - if (mlock(promptval, strlen(promptval) + 1) != 0) { - free(promptval); - return NULL; - } - } - - /* The way that xfreerdp does parsing means that we can't handle - spaces in the username. Let's block them as early as possible. - Though, if the xfreerdp part gets fixed, we want this to disappear - http://launchpad.net/bugs/1053102 - */ - if (type == PAM_RUSER) { - if (strstr(promptval, " ") != NULL) { - free(promptval); - return NULL; - } - } - - if (type == PAM_RHOST) { - char * subloc = strstr(promptval, "://"); - if (subloc != NULL) { - char * original = promptval; - char * newish = subloc + strlen("://"); - char * endslash = strstr(newish, "/"); - - if (endslash != NULL) { - endslash[0] = '\0'; - } - - promptval = strdup(newish); - free(original); - } - } - - char * retval = NULL; - if (promptval != NULL) { /* Can't believe it really would be at this point, but let's be sure */ - if (type != PAM_TYPE_DOMAIN) { - /* We can only use the PAM functions if it's not the domain */ - pam_set_item(pamh, type, (const void *)promptval); - /* We're returning the value saved by PAM so we can clear promptval */ - pam_get_item(pamh, type, (const void **)&retval); - } - if (type == PAM_TYPE_DOMAIN) { - /* The domain can be saved globally so we can use it for open */ - if (global_domain != NULL) { - free(global_domain); - } - global_domain = strdup(promptval); - retval = global_domain; - } - if (type == PAM_AUTHTOK) { - /* We also save the password globally if we've got one */ - if (global_password != NULL) { - memset(global_password, 0, strlen(global_password)); - munlock(global_password, strlen(global_password) + 1); - free(global_password); - } - global_password = strdup(promptval); - if (mlock(global_password, strlen(global_password) + 1) != 0) { - /* Woah, can't lock it. Can't keep it. */ - free(global_password); - global_password = NULL; - } else { - retval = global_password; - } - } - - if (type == PAM_AUTHTOK) { - memset(promptval, 0, strlen(promptval) + 1); - munlock(promptval, strlen(promptval) + 1); - } - - free(promptval); - } - - return retval; -} - -#define GET_ITEM(val, type) \ - if ((val = get_item(pamh, type)) == NULL) { \ - retval = PAM_AUTH_ERR; \ - goto done; \ - } - -/* Authenticate. We need to make sure we have a user account, that - there are remote accounts and then verify them with FreeRDP */ -PAM_EXTERN int -pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) -{ - char * username = NULL; - char * password = NULL; - char * ruser = NULL; - char * rhost = NULL; - char * rdomain = NULL; - int retval = PAM_IGNORE; - - /* Get all the values, or prompt for them, or return with - an auth error */ - GET_ITEM(username, PAM_USER); - GET_ITEM(ruser, PAM_RUSER); - GET_ITEM(rhost, PAM_RHOST); - GET_ITEM(rdomain, PAM_TYPE_DOMAIN); - GET_ITEM(password, PAM_AUTHTOK); - - int stdinpipe[2]; - if (pipe(stdinpipe) != 0) { - retval = PAM_SYSTEM_ERR; - goto done; - } - - /* At this point we should have the values, let's check the auth */ - pid_t pid; - switch (pid = fork()) { - case 0: { /* child */ - pam_sm_authenticate_helper (stdinpipe, username, rhost, ruser, rdomain); - break; - } - case -1: { /* fork'n error! */ - retval = PAM_SYSTEM_ERR; - break; - } - default: { - int forkret = 0; - int bytesout = 0; - - bytesout += write(stdinpipe[1], password, strlen(password)); - bytesout += write(stdinpipe[1], "\n", 1); - - close(stdinpipe[1]); - - if (waitpid(pid, &forkret, 0) < 0 || bytesout == 0) { - retval = PAM_SYSTEM_ERR; - } else if (forkret == 0) { - retval = PAM_SUCCESS; - } else { - retval = PAM_AUTH_ERR; - } - } - } - - /* Return our status */ -done: - return retval; -} - - - -pid_t session_pid = 0; -/* Open Session. Here we need to fork a little process so that we can - give the credentials to the session itself so that it can startup the - xfreerdp viewer for the login */ -PAM_EXTERN int -pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv) -{ - char * username = NULL; - char * password = NULL; - char * ruser = NULL; - char * rhost = NULL; - char * rdomain = NULL; - int retval = PAM_SUCCESS; - - /* Get all the values, or prompt for them, or return with - an auth error */ - GET_ITEM(username, PAM_USER); - GET_ITEM(ruser, PAM_RUSER); - GET_ITEM(rhost, PAM_RHOST); - GET_ITEM(rdomain, PAM_TYPE_DOMAIN); - GET_ITEM(password, PAM_AUTHTOK); - - struct passwd * pwdent = getpwnam(username); - if (pwdent == NULL) { - retval = PAM_SYSTEM_ERR; - goto done; - } - - if (session_pid != 0) { - unpriveleged_kill(pwdent); - } - - int sessionready[2]; - if (pipe(sessionready) != 0) { - retval = PAM_SYSTEM_ERR; - goto done; - } - - pid_t pid = fork(); - if (pid == 0) { - - int ret = session_socket_handler(pwdent, sessionready[1], ruser, rhost, rdomain, password); - - close(sessionready[1]); - _exit(ret); - } else if (pid < 0) { - close(sessionready[0]); - close(sessionready[1]); - - retval = PAM_SYSTEM_ERR; - } else { - char readbuffer[strlen(ALL_GOOD_SIGNAL) + 1]; - int readlen = 0; - - readlen = read(sessionready[0], readbuffer, strlen(ALL_GOOD_SIGNAL) + 1); - - close(sessionready[0]); - - if (readlen == strlen(ALL_GOOD_SIGNAL) + 1) { - session_pid = pid; - } else { - retval = PAM_SYSTEM_ERR; - } - } - -done: - return retval; -} - -/* Close Session. Make sure our little guy has died so he doesn't become - a zombie and eat things. */ -PAM_EXTERN int -pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) -{ - if (session_pid == 0) { - return PAM_IGNORE; - } - - char * username = NULL; - int retval = PAM_SUCCESS; - - GET_ITEM(username, PAM_USER); - - struct passwd * pwdent = getpwnam(username); - if (pwdent == NULL) { - retval = PAM_SYSTEM_ERR; - goto done; - } - - retval = unpriveleged_kill(pwdent); - -done: - return retval; -} - -/* Drop privs and try to kill the process with the PID of session_pid. - This ensures that we don't kill something important if there is PID wrap - around. */ -static int -unpriveleged_kill (struct passwd * pwdent) -{ - int retval = PAM_SUCCESS; - - pid_t pid = fork(); - if (pid == 0) { - /* Setting groups, but allowing EPERM as if we're not 100% root - we might not be able to do this */ - if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) { - _exit(EXIT_FAILURE); - } - - if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || - setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { - _exit(EXIT_FAILURE); - } - - if (clearenv() != 0) { - _exit(EXIT_FAILURE); - } - - int killval = kill(session_pid, SIGKILL); - session_pid = 0; - - if (killval != 0) { - printf("Unable to kill\n"); - } - - /* NOTE: We're ignoring whether we could kill it or not. It'd be nice to - track that but there are a lot of reason that we could fail there and - it's not a bad thing. Really we're attempting a best effort to clean up - we won't be able to gaurantee it. */ - _exit(EXIT_SUCCESS); - } else if (pid < 0) { - retval = PAM_SYSTEM_ERR; - } else { - int forkret = 0; - - if (waitpid(pid, &forkret, 0) < 0) { - retval = PAM_SYSTEM_ERR; - } - } - - /* We reset this no matter. If we error'd trying to do it, we don't - want to try again. We'll just return the error for this time. */ - session_pid = 0; - - return retval; -} - -/* LightDM likes to have this function around, but we don't need it as we - don't have a token hanging around. */ -PAM_EXTERN int -pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv) -{ - return PAM_SUCCESS; -} - -#ifdef PAM_STATIC - -struct pam_module _pam_freerdp_modstruct = { - "pam_freerdp", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; - -#endif diff --git a/src/pam-x2go-children.c b/src/pam-x2go-children.c new file mode 100644 index 0000000..ea29c14 --- /dev/null +++ b/src/pam-x2go-children.c @@ -0,0 +1,231 @@ +/* + * Copyright © 2012 Canonical Ltd. + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 3, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranties of + * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + * + * Author: Ted Gould + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "pam-freerdp-children.h" +#include "auth-check-path.h" + +void +pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain) +{ + + dup2(stdinpipe[0], 0); + + char * args[5]; + + args[0] = (char *)auth_check_path; + args[1] = (char *)rhost; + args[2] = (char *)ruser; + args[3] = (char *)rdomain; + args[4] = NULL; + + struct passwd * pwdent = getpwnam(username); + if (pwdent == NULL) { + _exit(EXIT_FAILURE); + } + + /* Setting groups, but allowing EPERM as if we're not 100% root + we might not be able to do this */ + if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) { + _exit(EXIT_FAILURE); + } + + if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || + setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { + _exit(EXIT_FAILURE); + } + + if (clearenv() != 0) { + _exit(EXIT_FAILURE); + } + + if (chdir(pwdent->pw_dir) != 0) { + _exit(EXIT_FAILURE); + } + + setenv("HOME", pwdent->pw_dir, 1); + + execvp(args[0], args); + _exit(0); +} + +int +session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password) +{ + /* Socket stuff */ + int socketfd = 0; + struct sockaddr_un socket_addr; + + /* Connected user */ + socklen_t connected_addr_size; + int connectfd = 0; + struct sockaddr_un connected_addr; + + /* Our buffer */ + char * buffer = NULL; + int buffer_len = 0; + int buffer_fill = 0; + + /* Track write out */ + int writedata = 0; + + /* Track ready writing */ + int readywrite = 0; + + /* Setting groups, but allowing EPERM as if we're not 100% root + we might not be able to do this */ + if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) { + _exit(EXIT_FAILURE); + } + + if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || + setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + + if (clearenv() != 0) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + + if (chdir(pwdent->pw_dir) != 0) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + + if (rdomain[0] == '\0') { + rdomain = "."; + } + + /* Build this up as a buffer so we can just write it and see that + very, very clearly */ + buffer_len += strlen(ruser) + 1; /* Add one for the space */ + buffer_len += strlen(rhost) + 1; /* Add one for the space */ + buffer_len += strlen(rdomain) + 1; /* Add one for the space */ + buffer_len += strlen(password) + 1; /* Add one for the NULL */ + + if (buffer_len < 5) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + + buffer = malloc(buffer_len); + + if (buffer == NULL) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + + /* Lock the buffer before writing */ + if (mlock(buffer, buffer_len) != 0) { + /* We can't lock, we go home */ + goto cleanup; + } + + buffer_fill = snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rdomain, rhost); + if (buffer_fill > buffer_len) { + /* This really shouldn't happen, but if for some reason we have an + difference between they way that the lengths are calculated we want + to catch that. */ + goto cleanup; + } + + /* Make our socket and bind it */ + socketfd = socket(AF_UNIX, SOCK_STREAM, 0); + if (socketfd < 0) { + goto cleanup; + } + + memset(&socket_addr, 0, sizeof(struct sockaddr_un)); + socket_addr.sun_family = AF_UNIX; + strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1); + strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1); + + /* We bind the socket before forking so that we ensure that + there isn't a race condition to get to it. Things will block + otherwise. */ + if (bind(socketfd, (struct sockaddr *)&socket_addr, sizeof(struct sockaddr_un)) < 0) { + goto cleanup; + } + + /* Set the socket file permissions to be 600 and the user and group + to be the guest user. NOTE: This won't protect on BSD */ + if (chmod(socket_addr.sun_path, S_IRUSR | S_IWUSR) != 0 || + chown(socket_addr.sun_path, pwdent->pw_uid, pwdent->pw_gid) != 0) { + goto cleanup; + } + + if (listen(socketfd, 1) < 0) { + goto cleanup; + } + + readywrite = write(readypipe, ALL_GOOD_SIGNAL, strlen(ALL_GOOD_SIGNAL) + 1); + if (readywrite != strlen(ALL_GOOD_SIGNAL) + 1) { + goto cleanup; + } + + connected_addr_size = sizeof(struct sockaddr_un); + connectfd = accept(socketfd, (struct sockaddr *)&connected_addr, &connected_addr_size); + if (connectfd < 0) { + goto cleanup; + } + + writedata = write(connectfd, buffer, buffer_len); + +cleanup: + if (socketfd != 0) { + close(socketfd); + } + if (connectfd != 0) { + close(connectfd); + } + + if (buffer != NULL) { + memset(buffer, 0, buffer_len); + munlock(buffer, buffer_len); + free(buffer); + buffer = NULL; + } + + /* This should be only true on the write, so we can use this to check + out as writedata is init to 0 */ + if (writedata == buffer_len) { + _exit (0); + } + + _exit(EXIT_FAILURE); +} + diff --git a/src/pam-x2go-children.h b/src/pam-x2go-children.h new file mode 100644 index 0000000..cb36312 --- /dev/null +++ b/src/pam-x2go-children.h @@ -0,0 +1,30 @@ +/* + * Copyright © 2012 Canonical Ltd. + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 3, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranties of + * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + * + * Author: Ted Gould + */ + +#ifndef _PAM_FREERDP_CHILDREN_H_ +#define _PAM_FREERDP_CHILDREN_H_ + +#define PAM_TYPE_DOMAIN 1234 +#define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n" + +void +pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain); + +int +session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password); +#endif //_PAM_FREERDP_CHILDREN_H_ diff --git a/src/pam-x2go.c b/src/pam-x2go.c new file mode 100644 index 0000000..8979e6e --- /dev/null +++ b/src/pam-x2go.c @@ -0,0 +1,439 @@ +/* + * Copyright © 2012 Canonical Ltd. + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 3, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranties of + * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + * + * Author: Ted Gould + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "pam-freerdp-children.h" +#include "auth-check-path.h" + +static int unpriveleged_kill (struct passwd * pwdent); + +static char * global_domain = NULL; +/* FIXME? This is a work around to the fact that PAM seems to be clearing + the auth token between authorize and open_session. Which then requires + us to save it. Seems like we're the wrong people to do it, but we have + no choice */ +static char * global_password = NULL; + +/* Either grab a value or prompt for it */ +static char * +get_item (pam_handle_t * pamh, int type) +{ + /* Check to see if we just have the value. If we do, great + let's dup it some we're consitently allocating memory */ + if (type != PAM_TYPE_DOMAIN) { + /* If it's not a domain we can use the PAM functions because the PAM + functions don't support the domain */ + char * value = NULL; + if (pam_get_item(pamh, type, (const void **)&value) == PAM_SUCCESS && value != NULL) { + return value; + } + if (type == PAM_AUTHTOK && global_password != NULL) { + /* If we're looking for a password, we didn't get one, before + prompting see if we've got a global one. */ + return global_password; + } + } else { + /* Here we only have domains, so we can see if the global domain is + useful for us, if we have it */ + if (global_domain != NULL) { + return global_domain; + } + } + /* Now we need to prompt */ + + /* Build up the message we're prompting for */ + struct pam_message message; + const struct pam_message * pmessage = &message; + + message.msg = NULL; + message.msg_style = PAM_PROMPT_ECHO_ON; + + switch (type) { + case PAM_USER: + message.msg = "login:"; + break; + case PAM_RUSER: + message.msg = "remote login:"; + break; + case PAM_RHOST: + message.msg = "remote host:"; + break; + case PAM_AUTHTOK: + message.msg = "password:"; + message.msg_style = PAM_PROMPT_ECHO_OFF; + break; + case PAM_TYPE_DOMAIN: + message.msg = "domain:"; + break; + default: + return NULL; + } + + struct pam_conv * conv = NULL; + if (pam_get_item(pamh, PAM_CONV, (const void **)&conv) != PAM_SUCCESS || conv == NULL || conv->conv == NULL) { + return NULL; + } + + struct pam_response * responses = NULL; + if (conv->conv(1, &pmessage, &responses, conv->appdata_ptr) != PAM_SUCCESS || responses == NULL) { + return NULL; + } + + char * promptval = responses->resp; + free(responses); + + /* If we didn't get anything, just move on */ + if (promptval == NULL) { + return NULL; + } + + if (type == PAM_AUTHTOK) { + if (mlock(promptval, strlen(promptval) + 1) != 0) { + free(promptval); + return NULL; + } + } + + /* The way that xfreerdp does parsing means that we can't handle + spaces in the username. Let's block them as early as possible. + Though, if the xfreerdp part gets fixed, we want this to disappear + http://launchpad.net/bugs/1053102 + */ + if (type == PAM_RUSER) { + if (strstr(promptval, " ") != NULL) { + free(promptval); + return NULL; + } + } + + if (type == PAM_RHOST) { + char * subloc = strstr(promptval, "://"); + if (subloc != NULL) { + char * original = promptval; + char * newish = subloc + strlen("://"); + char * endslash = strstr(newish, "/"); + + if (endslash != NULL) { + endslash[0] = '\0'; + } + + promptval = strdup(newish); + free(original); + } + } + + char * retval = NULL; + if (promptval != NULL) { /* Can't believe it really would be at this point, but let's be sure */ + if (type != PAM_TYPE_DOMAIN) { + /* We can only use the PAM functions if it's not the domain */ + pam_set_item(pamh, type, (const void *)promptval); + /* We're returning the value saved by PAM so we can clear promptval */ + pam_get_item(pamh, type, (const void **)&retval); + } + if (type == PAM_TYPE_DOMAIN) { + /* The domain can be saved globally so we can use it for open */ + if (global_domain != NULL) { + free(global_domain); + } + global_domain = strdup(promptval); + retval = global_domain; + } + if (type == PAM_AUTHTOK) { + /* We also save the password globally if we've got one */ + if (global_password != NULL) { + memset(global_password, 0, strlen(global_password)); + munlock(global_password, strlen(global_password) + 1); + free(global_password); + } + global_password = strdup(promptval); + if (mlock(global_password, strlen(global_password) + 1) != 0) { + /* Woah, can't lock it. Can't keep it. */ + free(global_password); + global_password = NULL; + } else { + retval = global_password; + } + } + + if (type == PAM_AUTHTOK) { + memset(promptval, 0, strlen(promptval) + 1); + munlock(promptval, strlen(promptval) + 1); + } + + free(promptval); + } + + return retval; +} + +#define GET_ITEM(val, type) \ + if ((val = get_item(pamh, type)) == NULL) { \ + retval = PAM_AUTH_ERR; \ + goto done; \ + } + +/* Authenticate. We need to make sure we have a user account, that + there are remote accounts and then verify them with FreeRDP */ +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + char * username = NULL; + char * password = NULL; + char * ruser = NULL; + char * rhost = NULL; + char * rdomain = NULL; + int retval = PAM_IGNORE; + + /* Get all the values, or prompt for them, or return with + an auth error */ + GET_ITEM(username, PAM_USER); + GET_ITEM(ruser, PAM_RUSER); + GET_ITEM(rhost, PAM_RHOST); + GET_ITEM(rdomain, PAM_TYPE_DOMAIN); + GET_ITEM(password, PAM_AUTHTOK); + + int stdinpipe[2]; + if (pipe(stdinpipe) != 0) { + retval = PAM_SYSTEM_ERR; + goto done; + } + + /* At this point we should have the values, let's check the auth */ + pid_t pid; + switch (pid = fork()) { + case 0: { /* child */ + pam_sm_authenticate_helper (stdinpipe, username, rhost, ruser, rdomain); + break; + } + case -1: { /* fork'n error! */ + retval = PAM_SYSTEM_ERR; + break; + } + default: { + int forkret = 0; + int bytesout = 0; + + bytesout += write(stdinpipe[1], password, strlen(password)); + bytesout += write(stdinpipe[1], "\n", 1); + + close(stdinpipe[1]); + + if (waitpid(pid, &forkret, 0) < 0 || bytesout == 0) { + retval = PAM_SYSTEM_ERR; + } else if (forkret == 0) { + retval = PAM_SUCCESS; + } else { + retval = PAM_AUTH_ERR; + } + } + } + + /* Return our status */ +done: + return retval; +} + + + +pid_t session_pid = 0; +/* Open Session. Here we need to fork a little process so that we can + give the credentials to the session itself so that it can startup the + xfreerdp viewer for the login */ +PAM_EXTERN int +pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv) +{ + char * username = NULL; + char * password = NULL; + char * ruser = NULL; + char * rhost = NULL; + char * rdomain = NULL; + int retval = PAM_SUCCESS; + + /* Get all the values, or prompt for them, or return with + an auth error */ + GET_ITEM(username, PAM_USER); + GET_ITEM(ruser, PAM_RUSER); + GET_ITEM(rhost, PAM_RHOST); + GET_ITEM(rdomain, PAM_TYPE_DOMAIN); + GET_ITEM(password, PAM_AUTHTOK); + + struct passwd * pwdent = getpwnam(username); + if (pwdent == NULL) { + retval = PAM_SYSTEM_ERR; + goto done; + } + + if (session_pid != 0) { + unpriveleged_kill(pwdent); + } + + int sessionready[2]; + if (pipe(sessionready) != 0) { + retval = PAM_SYSTEM_ERR; + goto done; + } + + pid_t pid = fork(); + if (pid == 0) { + + int ret = session_socket_handler(pwdent, sessionready[1], ruser, rhost, rdomain, password); + + close(sessionready[1]); + _exit(ret); + } else if (pid < 0) { + close(sessionready[0]); + close(sessionready[1]); + + retval = PAM_SYSTEM_ERR; + } else { + char readbuffer[strlen(ALL_GOOD_SIGNAL) + 1]; + int readlen = 0; + + readlen = read(sessionready[0], readbuffer, strlen(ALL_GOOD_SIGNAL) + 1); + + close(sessionready[0]); + + if (readlen == strlen(ALL_GOOD_SIGNAL) + 1) { + session_pid = pid; + } else { + retval = PAM_SYSTEM_ERR; + } + } + +done: + return retval; +} + +/* Close Session. Make sure our little guy has died so he doesn't become + a zombie and eat things. */ +PAM_EXTERN int +pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + if (session_pid == 0) { + return PAM_IGNORE; + } + + char * username = NULL; + int retval = PAM_SUCCESS; + + GET_ITEM(username, PAM_USER); + + struct passwd * pwdent = getpwnam(username); + if (pwdent == NULL) { + retval = PAM_SYSTEM_ERR; + goto done; + } + + retval = unpriveleged_kill(pwdent); + +done: + return retval; +} + +/* Drop privs and try to kill the process with the PID of session_pid. + This ensures that we don't kill something important if there is PID wrap + around. */ +static int +unpriveleged_kill (struct passwd * pwdent) +{ + int retval = PAM_SUCCESS; + + pid_t pid = fork(); + if (pid == 0) { + /* Setting groups, but allowing EPERM as if we're not 100% root + we might not be able to do this */ + if (setgroups(1, &pwdent->pw_gid) != 0 && errno != EPERM) { + _exit(EXIT_FAILURE); + } + + if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 || + setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) { + _exit(EXIT_FAILURE); + } + + if (clearenv() != 0) { + _exit(EXIT_FAILURE); + } + + int killval = kill(session_pid, SIGKILL); + session_pid = 0; + + if (killval != 0) { + printf("Unable to kill\n"); + } + + /* NOTE: We're ignoring whether we could kill it or not. It'd be nice to + track that but there are a lot of reason that we could fail there and + it's not a bad thing. Really we're attempting a best effort to clean up + we won't be able to gaurantee it. */ + _exit(EXIT_SUCCESS); + } else if (pid < 0) { + retval = PAM_SYSTEM_ERR; + } else { + int forkret = 0; + + if (waitpid(pid, &forkret, 0) < 0) { + retval = PAM_SYSTEM_ERR; + } + } + + /* We reset this no matter. If we error'd trying to do it, we don't + want to try again. We'll just return the error for this time. */ + session_pid = 0; + + return retval; +} + +/* LightDM likes to have this function around, but we don't need it as we + don't have a token hanging around. */ +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv) +{ + return PAM_SUCCESS; +} + +#ifdef PAM_STATIC + +struct pam_module _pam_freerdp_modstruct = { + "pam_freerdp", + pam_sm_authenticate, + pam_sm_setcred, + NULL, + pam_sm_open_session, + pam_sm_close_session, + NULL, +}; + +#endif diff --git a/src/x2go-auth-check.c b/src/x2go-auth-check.c new file mode 100644 index 0000000..e5e9d13 --- /dev/null +++ b/src/x2go-auth-check.c @@ -0,0 +1,104 @@ +/* + * Copyright © 2012 Canonical Ltd. + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 3, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranties of + * MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR + * PURPOSE. See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + * + * Author: Ted Gould + */ + +#include +#include +#include + +void +auth_context_new (freerdp * instance, rdpContext * context) +{ + context->channels = freerdp_channels_new(); + return; +} + +void +auth_context_free (freerdp * instance, rdpContext * context) +{ + return; +} + +boolean +auth_pre_connect (freerdp * instance) +{ + freerdp_channels_pre_connect(instance->context->channels, instance); + return true; +} + +boolean +auth_post_connect (freerdp * instance) +{ + freerdp_channels_post_connect(instance->context->channels, instance); + return true; +} + +int +main (int argc, char * argv[]) +{ + char password[512]; + if (argc != 4) { + printf("Not enough params"); + return -1; + } + + if (scanf("%511s", password) != 1) { + return -1; + } + + if (mlock(password, sizeof(password)) != 0) { + return -1; + } + + freerdp_channels_global_init(); + + freerdp * instance = freerdp_new(); + + instance->PreConnect = auth_pre_connect; + instance->PostConnect = auth_post_connect; + + instance->context_size = sizeof(rdpContext); + instance->ContextNew = auth_context_new; + instance->ContextFree = auth_context_free; + + freerdp_context_new(instance); + + instance->settings->hostname = argv[1]; + instance->settings->username = argv[2]; + instance->settings->domain = argv[3]; + instance->settings->password = password; + + char * colonloc = strstr(argv[1], ":"); + if (colonloc != NULL) { + /* We've got a port to deal with */ + colonloc[0] = '\0'; + colonloc++; + + instance->settings->port = strtoul(colonloc, NULL, 10); + } + + int retval = -1; + if (freerdp_connect(instance)) { + freerdp_disconnect(instance); + retval = 0; + } + + memset(password, 0, sizeof(password)); + munlock(password, sizeof(password)); + + return retval; +} diff --git a/tests/Makefile.am b/tests/Makefile.am index c257ac9..4ffa963 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -3,10 +3,10 @@ DISTCLEANFILES = EXTRA_DIST = TESTS = \ - test-freerdpclient-wrapper + test-pyhoca-wrapper check_PROGRAMS = \ - test-freerdp-auth \ + test-x2go-auth \ $(TESTS) AM_CPPFLAGS = $(GTEST_CPPFLAGS) \ @@ -39,29 +39,29 @@ libgtest_a_CXXFLAGS = \ # Wrapper ########################## -test_freerdp_wrapper: test-freerdp-auth +test_x2go_wrapper: test-x2go-auth -test_freerdpclient_wrapper_SOURCES = \ +test_pyhoca_wrapper_SOURCES = \ mock_pam.c mock_pam.h \ mock_guest.c mock_guest.h \ - test-freerdp-wrapper.cc + test-x2go-wrapper.cc -test_freerdpclient_wrapper_LDADD = \ - $(top_builddir)/src/libfreerdpcore.la \ +test_pyhoca_wrapper_LDADD = \ + $(top_builddir)/src/libx2gocore.la \ libgtest.a -test_freerdpclient_wrapper_CXXFLAGS = \ +test_pyhoca_wrapper_CXXFLAGS = \ $(AM_CXXFLAGS) \ - -DAUTH_CHECK="\"$(abs_builddir)/test-freerdp-auth\"" \ + -DAUTH_CHECK="\"$(abs_builddir)/test-x2go-auth\"" \ -I${top_srcdir}/src -test_freerdpclient_wrapper_LDFLAGS = \ +test_pyhoca_wrapper_LDFLAGS = \ -pthread ########################## # Auth tool ########################## -test_freerdp_auth_SOURCES = \ - test-freerdp-auth.c +test_x2go_auth_SOURCES = \ + test-x2go-auth.c diff --git a/tests/mock_guest.c b/tests/mock_guest.c index 8bf2c3a..3327da0 100644 --- a/tests/mock_guest.c +++ b/tests/mock_guest.c @@ -68,7 +68,7 @@ void _exit (int exitcode) #define BUFFER_SIZE 512 -/*Borrowed this code form socket-sucker.c in lightdm-remote-session-freerdp*/ +/*Borrowed this code form socket-sucker.c in lightdm-remote-session-x2go*/ int socket_sucker () { @@ -85,7 +85,7 @@ socket_sucker () serv_addr.sun_family = AF_UNIX; - int printsize = snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path) - 1, "%s/%s", home, ".freerdp-socket"); + int printsize = snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path) - 1, "%s/%s", home, ".x2go-socket"); if (printsize > sizeof(serv_addr.sun_path) - 1 || printsize < 0) { return -1; } diff --git a/tests/test-freerdp-wrapper.cc b/tests/test-freerdp-wrapper.cc index 147682d..67aca58 100644 --- a/tests/test-freerdp-wrapper.cc +++ b/tests/test-freerdp-wrapper.cc @@ -12,7 +12,7 @@ extern "C" { #include "mock_pam.h" #include "mock_guest.h" - int freerdpclient_wrapper (int argc, char * argv[]); + int x2goclient_wrapper (int argc, char * argv[]); const char * auth_check_path = AUTH_CHECK; @@ -21,17 +21,17 @@ const char * auth_check_path = AUTH_CHECK; namespace { // The fixture for testing class Foo. - class FreerdpclientWrapperTest : public ::testing::Test { + class PyhocaWrapperTest : public ::testing::Test { protected: // You can remove any or all of the following functions if its body // is empty. - FreerdpclientWrapperTest() { + PyhocaWrapperTest() { // You can do set-up work for each test here. setenv("HOME", "/tmp", 1 /* overwrite */); } - virtual ~FreerdpclientWrapperTest() { + virtual ~PyhocaWrapperTest() { // You can do clean-up work that doesn't throw exceptions here. } @@ -41,24 +41,24 @@ namespace { virtual void SetUp() { // Code here will be called immediately after the constructor (right // before each test). - unlink("/tmp/.freerdp-socket"); + unlink("/tmp/.x2go-socket"); } virtual void TearDown() { // Code here will be called immediately after each test (right // before the destructor). - unlink("/tmp/.freerdp-socket"); + unlink("/tmp/.x2go-socket"); } // Objects declared here can be used by all tests in the test case for Foo. }; - TEST_F(FreerdpclientWrapperTest, canLinkTheWholeGang) { + TEST_F(PyhocaWrapperTest, canLinkTheWholeGang) { EXPECT_EQ (1, 1); // right, that's trivial, but that means // that I got all of the wrapper and pam to link there } - TEST_F(FreerdpclientWrapperTest, canCallPamOpenSession) { + TEST_F(PyhocaWrapperTest, canCallPamOpenSession) { const char *argv[] = { NULL }; pam_handle_t *pamh = pam_handle_new (); -- cgit v1.2.3