From c6a1d0bcbef495512a7cea8ac5759b769145b159 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Sat, 10 Nov 2012 21:41:14 +0100 Subject: renaming rdomain to rsession, put password as last string into the socket buffer --- src/pam-x2go-children.c | 14 +++++++------- src/pam-x2go-children.h | 4 ++-- src/pam-x2go.c | 28 ++++++++++++++-------------- 3 files changed, 23 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/pam-x2go-children.c b/src/pam-x2go-children.c index e86da1f..2b27ba6 100644 --- a/src/pam-x2go-children.c +++ b/src/pam-x2go-children.c @@ -38,7 +38,7 @@ #include "auth-check-path.h" void -pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain) +pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rsession) { dup2(stdinpipe[0], 0); @@ -48,7 +48,7 @@ pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rh args[0] = (char *)auth_check_path; args[1] = (char *)rhost; args[2] = (char *)ruser; - args[3] = (char *)rdomain; + args[3] = (char *)rsession; args[4] = NULL; struct passwd * pwdent = getpwnam(username); @@ -82,7 +82,7 @@ pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rh } int -session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password) +session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rsession, const char * password) { /* Socket stuff */ int socketfd = 0; @@ -126,15 +126,15 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse return EXIT_FAILURE; } - if (rdomain[0] == '\0') { - rdomain = "."; + if (rsession[0] == '\0') { + rsession = "TERMINAL"; } /* Build this up as a buffer so we can just write it and see that very, very clearly */ buffer_len += strlen(ruser) + 1; /* Add one for the space */ buffer_len += strlen(rhost) + 1; /* Add one for the space */ - buffer_len += strlen(rdomain) + 1; /* Add one for the space */ + buffer_len += strlen(rsession) + 1; /* Add one for the space */ buffer_len += strlen(password) + 1; /* Add one for the NULL */ if (buffer_len < 5) { @@ -155,7 +155,7 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse goto cleanup; } - buffer_fill = snprintf(buffer, buffer_len, "%s %s %s %s", ruser, password, rhost, rdomain); + buffer_fill = snprintf(buffer, buffer_len, "%s %s %s %s", ruser, rhost, rsession, password); if (buffer_fill > buffer_len) { /* This really shouldn't happen, but if for some reason we have an difference between they way that the lengths are calculated we want diff --git a/src/pam-x2go-children.h b/src/pam-x2go-children.h index 012120e..4cf8e63 100644 --- a/src/pam-x2go-children.h +++ b/src/pam-x2go-children.h @@ -23,8 +23,8 @@ #define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n" void -pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rdomain); +pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rhost, const char* ruser, const char* rsession); int -session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password); +session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rsession, const char * password); #endif //_PAM_X2GO_CHILDREN_H_ diff --git a/src/pam-x2go.c b/src/pam-x2go.c index dce022f..49350f9 100644 --- a/src/pam-x2go.c +++ b/src/pam-x2go.c @@ -41,7 +41,7 @@ static int unpriveleged_kill (struct passwd * pwdent); -static char * global_domain = NULL; +static char * global_session = NULL; /* FIXME? This is a work around to the fact that PAM seems to be clearing the auth token between authorize and open_session. Which then requires us to save it. Seems like we're the wrong people to do it, but we have @@ -53,7 +53,7 @@ static char * get_item (pam_handle_t * pamh, int type) { /* Check to see if we just have the value. If we do, great - let's dup it some we're consitently allocating memory */ + let's dup it some we're consistently allocating memory */ if (type != PAM_TYPE_DOMAIN) { /* If it's not a domain we can use the PAM functions because the PAM functions don't support the domain */ @@ -69,8 +69,8 @@ get_item (pam_handle_t * pamh, int type) } else { /* Here we only have domains, so we can see if the global domain is useful for us, if we have it */ - if (global_domain != NULL) { - return global_domain; + if (global_session != NULL) { + return global_session; } } /* Now we need to prompt */ @@ -154,11 +154,11 @@ get_item (pam_handle_t * pamh, int type) } if (type == PAM_TYPE_DOMAIN) { /* The domain can be saved globally so we can use it for open */ - if (global_domain != NULL) { - free(global_domain); + if (global_session != NULL) { + free(global_session); } - global_domain = strdup(promptval); - retval = global_domain; + global_session = strdup(promptval); + retval = global_session; } if (type == PAM_AUTHTOK) { /* We also save the password globally if we've got one */ @@ -203,7 +203,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) char * password = NULL; char * ruser = NULL; char * rhost = NULL; - char * rdomain = NULL; + char * rsession = NULL; int retval = PAM_IGNORE; /* Get all the values, or prompt for them, or return with @@ -211,7 +211,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) GET_ITEM(username, PAM_USER); GET_ITEM(ruser, PAM_RUSER); GET_ITEM(rhost, PAM_RHOST); - GET_ITEM(rdomain, PAM_TYPE_DOMAIN); + GET_ITEM(rsession, PAM_TYPE_DOMAIN); GET_ITEM(password, PAM_AUTHTOK); int stdinpipe[2]; @@ -224,7 +224,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) pid_t pid; switch (pid = fork()) { case 0: { /* child */ - pam_sm_authenticate_helper (stdinpipe, username, rhost, ruser, rdomain); + pam_sm_authenticate_helper (stdinpipe, username, rhost, ruser, rsession); break; } case -1: { /* fork'n error! */ @@ -268,7 +268,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv char * password = NULL; char * ruser = NULL; char * rhost = NULL; - char * rdomain = NULL; + char * rsession = NULL; int retval = PAM_SUCCESS; /* Get all the values, or prompt for them, or return with @@ -276,7 +276,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv GET_ITEM(username, PAM_USER); GET_ITEM(ruser, PAM_RUSER); GET_ITEM(rhost, PAM_RHOST); - GET_ITEM(rdomain, PAM_TYPE_DOMAIN); + GET_ITEM(rsession, PAM_TYPE_DOMAIN); GET_ITEM(password, PAM_AUTHTOK); struct passwd * pwdent = getpwnam(username); @@ -298,7 +298,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv pid_t pid = fork(); if (pid == 0) { - int ret = session_socket_handler(pwdent, sessionready[1], ruser, rhost, rdomain, password); + int ret = session_socket_handler(pwdent, sessionready[1], ruser, rhost, rsession, password); close(sessionready[1]); _exit(ret); -- cgit v1.2.3