weston/libweston/auth.c

117 lines
2.9 KiB
C

/*
* Copyright © 2022 Philipp Zabel
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice (including the
* next paragraph) shall be included in all copies or substantial
* portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include "config.h"
#include <shared/xalloc.h>
#include <stdbool.h>
#include "libweston-internal.h"
#ifdef HAVE_PAM
#include <security/pam_appl.h>
#include <security/pam_misc.h>
static int
weston_pam_conv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
{
const char *password = appdata_ptr;
struct pam_response *rsp;
int i;
if (!num_msg)
return PAM_CONV_ERR;
rsp = calloc(num_msg, sizeof(*rsp));
if (!rsp)
return PAM_CONV_ERR;
for (i = 0; i < num_msg; i++) {
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
rsp[i].resp = strdup(password);
break;
case PAM_PROMPT_ECHO_ON:
break;
case PAM_ERROR_MSG:
weston_log("PAM error message: %s\n", msg[i]->msg);
break;
case PAM_TEXT_INFO:
weston_log("PAM info text: %s\n", msg[i]->msg);
break;
default:
free(rsp);
return PAM_CONV_ERR;
}
}
*resp = rsp;
return PAM_SUCCESS;
}
#endif
WL_EXPORT bool
weston_authenticate_user(const char *username, const char *password)
{
bool authenticated = false;
#ifdef HAVE_PAM
struct pam_conv conv = {
.conv = weston_pam_conv,
.appdata_ptr = strdup(password),
};
struct pam_handle *pam;
int ret;
conv.appdata_ptr = strdup(password);
ret = pam_start("weston-remote-access", username, &conv, &pam);
if (ret != PAM_SUCCESS) {
weston_log("PAM: start failed\n");
goto out;
}
ret = pam_authenticate(pam, 0);
if (ret != PAM_SUCCESS) {
weston_log("PAM: authentication failed\n");
goto out;
}
ret = pam_acct_mgmt(pam, 0);
if (ret != PAM_SUCCESS) {
weston_log("PAM: account check failed\n");
goto out;
}
authenticated = true;
out:
ret = pam_end(pam, ret);
assert(ret == PAM_SUCCESS);
free(conv.appdata_ptr);
#endif
return authenticated;
}