From edd14a06a92de3b1275f4aeb377d8fa3852f823e Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Fri, 9 Nov 2012 12:04:48 +0100 Subject: Adaptations of the forked original to work with X2Go: Check the authentication token via libssh (ssh login to the remote server). --- src/pam-x2go-children.c | 2 +- src/pam-x2go-children.h | 6 ++--- src/pam-x2go.c | 22 +++++------------- src/x2go-auth-check.c | 60 +++++++++++-------------------------------------- 4 files changed, 22 insertions(+), 68 deletions(-) (limited to 'src') diff --git a/src/pam-x2go-children.c b/src/pam-x2go-children.c index ea29c14..51cf048 100644 --- a/src/pam-x2go-children.c +++ b/src/pam-x2go-children.c @@ -172,7 +172,7 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse memset(&socket_addr, 0, sizeof(struct sockaddr_un)); socket_addr.sun_family = AF_UNIX; strncpy(socket_addr.sun_path, pwdent->pw_dir, sizeof(socket_addr.sun_path) - 1); - strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.freerdp-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1); + strncpy(socket_addr.sun_path + strlen(pwdent->pw_dir), "/.x2go-socket", (sizeof(socket_addr.sun_path) - strlen(pwdent->pw_dir)) - 1); /* We bind the socket before forking so that we ensure that there isn't a race condition to get to it. Things will block diff --git a/src/pam-x2go-children.h b/src/pam-x2go-children.h index cb36312..d300d46 100644 --- a/src/pam-x2go-children.h +++ b/src/pam-x2go-children.h @@ -16,8 +16,8 @@ * Author: Ted Gould */ -#ifndef _PAM_FREERDP_CHILDREN_H_ -#define _PAM_FREERDP_CHILDREN_H_ +#ifndef _PAM_X2GO_CHILDREN_H_ +#define _PAM_X2GO_CHILDREN_H_ #define PAM_TYPE_DOMAIN 1234 #define ALL_GOOD_SIGNAL "Ar, ready to authenticate cap'n" @@ -27,4 +27,4 @@ pam_sm_authenticate_helper (int *stdinpipe, const char* username, const char* rh int session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruser, const char * rhost, const char * rdomain, const char * password); -#endif //_PAM_FREERDP_CHILDREN_H_ +#endif //_PAM_X2GO_CHILDREN_H_ diff --git a/src/pam-x2go.c b/src/pam-x2go.c index 8979e6e..8ca5147 100644 --- a/src/pam-x2go.c +++ b/src/pam-x2go.c @@ -34,7 +34,7 @@ #include #include -#include "pam-freerdp-children.h" +#include "pam-x2go-children.h" #include "auth-check-path.h" static int unpriveleged_kill (struct passwd * pwdent); @@ -126,18 +126,6 @@ get_item (pam_handle_t * pamh, int type) } } - /* The way that xfreerdp does parsing means that we can't handle - spaces in the username. Let's block them as early as possible. - Though, if the xfreerdp part gets fixed, we want this to disappear - http://launchpad.net/bugs/1053102 - */ - if (type == PAM_RUSER) { - if (strstr(promptval, " ") != NULL) { - free(promptval); - return NULL; - } - } - if (type == PAM_RHOST) { char * subloc = strstr(promptval, "://"); if (subloc != NULL) { @@ -205,7 +193,7 @@ get_item (pam_handle_t * pamh, int type) } /* Authenticate. We need to make sure we have a user account, that - there are remote accounts and then verify them with FreeRDP */ + there are remote accounts and then verify them with X2Go */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -270,7 +258,7 @@ done: pid_t session_pid = 0; /* Open Session. Here we need to fork a little process so that we can give the credentials to the session itself so that it can startup the - xfreerdp viewer for the login */ + PyHoca (X2Go) client for the login */ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv) { @@ -426,8 +414,8 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, int argc, const char ** argv) #ifdef PAM_STATIC -struct pam_module _pam_freerdp_modstruct = { - "pam_freerdp", +struct pam_module _pam_x2go_modstruct = { + "pam_x2go", pam_sm_authenticate, pam_sm_setcred, NULL, diff --git a/src/x2go-auth-check.c b/src/x2go-auth-check.c index e5e9d13..524d424 100644 --- a/src/x2go-auth-check.c +++ b/src/x2go-auth-check.c @@ -16,37 +16,9 @@ * Author: Ted Gould */ -#include -#include +#include #include -void -auth_context_new (freerdp * instance, rdpContext * context) -{ - context->channels = freerdp_channels_new(); - return; -} - -void -auth_context_free (freerdp * instance, rdpContext * context) -{ - return; -} - -boolean -auth_pre_connect (freerdp * instance) -{ - freerdp_channels_pre_connect(instance->context->channels, instance); - return true; -} - -boolean -auth_post_connect (freerdp * instance) -{ - freerdp_channels_post_connect(instance->context->channels, instance); - return true; -} - int main (int argc, char * argv[]) { @@ -64,23 +36,12 @@ main (int argc, char * argv[]) return -1; } - freerdp_channels_global_init(); - - freerdp * instance = freerdp_new(); + auth_check_ssh_session = ssh_new(); - instance->PreConnect = auth_pre_connect; - instance->PostConnect = auth_post_connect; + ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_HOST, argv[1]; ); + ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_USER, argv[2]; ); - instance->context_size = sizeof(rdpContext); - instance->ContextNew = auth_context_new; - instance->ContextFree = auth_context_free; - - freerdp_context_new(instance); - - instance->settings->hostname = argv[1]; - instance->settings->username = argv[2]; - instance->settings->domain = argv[3]; - instance->settings->password = password; + rc = ssh_connect (ssh_session); char * colonloc = strstr(argv[1], ":"); if (colonloc != NULL) { @@ -88,12 +49,17 @@ main (int argc, char * argv[]) colonloc[0] = '\0'; colonloc++; - instance->settings->port = strtoul(colonloc, NULL, 10); + ssh_options_set ( auth_check_ssh_session, SSH_OPTIONS_PORT, strtoul(colonloc, NULL, 10); ); + } + + if (ssh_connect (ssh_session)) { + int rc = ssh_userauth_password ( auth_check_ssh_session, NULL, password ); + ssh_disconnect(ssh_session); } int retval = -1; - if (freerdp_connect(instance)) { - freerdp_disconnect(instance); + if ( rc == SSH_AUTH_SUCCESS ) + { retval = 0; } -- cgit v1.2.3