From ef1be2c6d3251139a50e1cf5c5e812741471b34a Mon Sep 17 00:00:00 2001 From: jsorg71 Date: Thu, 7 Jul 2005 03:08:03 +0000 Subject: [PATCH] pam changes --- sesman/Makefile | 29 ++++----- sesman/verify_user.c | 55 ++--------------- sesman/verify_user_pam.c | 98 +++++++++++++++++++++++++++++++ sesman/verify_user_pam_userpass.c | 70 ++++++++++++++++++++++ 4 files changed, 182 insertions(+), 70 deletions(-) create mode 100644 sesman/verify_user_pam.c create mode 100644 sesman/verify_user_pam_userpass.c diff --git a/sesman/Makefile b/sesman/Makefile index 7ef8d3f9..79256907 100644 --- a/sesman/Makefile +++ b/sesman/Makefile @@ -1,29 +1,20 @@ -# uncomment the next line to use pam_userpass -# in verify_user.c -#USE_PAM = "" +SESMANOBJ = sesman.o ../common/os_calls.o ../common/d3des.o -SESMANOBJ = sesman.o verify_user.o ../common/os_calls.o ../common/d3des.o - -ifdef USE_PAM -CFLAGS = -Wall -O2 -I../common -DUSE_PAM -else CFLAGS = -Wall -O2 -I../common -endif -C_OS_FLAGS = $(CFLAGS) -c LDFLAGS = -L /usr/gnu/lib -ifdef USE_PAM -LIBS = -lpam -lpam_userpass -else -LIBS = -ldl -lcrypt -endif -PAMLIB = CC = gcc all: sesman -sesman: $(SESMANOBJ) - $(CC) $(LDFLAGS) -o sesman $(PAMLIB) $(SESMANOBJ) $(LIBS) +sesman: $(SESMANOBJ) verify_user.o + $(CC) $(LDFLAGS) -o sesman $(SESMANOBJ) verify_user.o -ldl -lcrypt + +pam: $(SESMANOBJ) verify_user_pam.o + $(CC) $(LDFLAGS) -o sesman $(SESMANOBJ) verify_user_pam.o -ldl -lpam + +pam_userpass: $(SESMANOBJ) verify_user_pam_userpass.o + $(CC) $(LDFLAGS) -o sesman $(SESMANOBJ) verify_user_pam_userpass.o -ldl -lpam -lpam_userpass clean: - rm -f $(SESMANOBJ) sesman + rm -f $(SESMANOBJ) verify_user.o verify_user_pam.o verify_user_pam_userpass.o sesman diff --git a/sesman/verify_user.c b/sesman/verify_user.c index 60ff48c0..7ee660d5 100644 --- a/sesman/verify_user.c +++ b/sesman/verify_user.c @@ -20,54 +20,8 @@ */ -#ifdef USE_PAM - -#include - -#define SERVICE "xrdp" - -/******************************************************************************/ -/* returns boolean */ -int auth_userpass(char* user, char* pass) -{ - pam_handle_t* pamh; - pam_userpass_t userpass; - struct pam_conv conv = {pam_userpass_conv, &userpass}; - const void* template1; - int status; - - userpass.user = user; - userpass.pass = pass; - if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS) - { - return 0; - } - status = pam_authenticate(pamh, 0); - if (status != PAM_SUCCESS) - { - pam_end(pamh, status); - return 0; - } - status = pam_acct_mgmt(pamh, 0); - if (status != PAM_SUCCESS) - { - pam_end(pamh, status); - return 0; - } - status = pam_get_item(pamh, PAM_USER, &template1); - if (status != PAM_SUCCESS) - { - pam_end(pamh, status); - return 0; - } - if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS) - { - return 0; - } - return 1; -} - -#else +#include "arch.h" +#include "os_calls.h" #define _XOPEN_SOURCE #include @@ -77,7 +31,8 @@ int auth_userpass(char* user, char* pass) /******************************************************************************/ /* returns boolean */ -int auth_userpass(char* user, char* pass) +int DEFAULT_CC +auth_userpass(char* user, char* pass) { char salt[13] = "$1$"; char hash[35] = ""; @@ -133,5 +88,3 @@ int auth_userpass(char* user, char* pass) } return 1; } - -#endif diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c new file mode 100644 index 00000000..2bf19f64 --- /dev/null +++ b/sesman/verify_user_pam.c @@ -0,0 +1,98 @@ +/* + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + xrdp: A Remote Desktop Protocol server. + Copyright (C) Jay Sorg 2005 + + authenticate user + +*/ + +#include "arch.h" +#include "os_calls.h" + +#include + +struct t_user_pass +{ + char* user; + char* pass; +}; + +/******************************************************************************/ +static int DEFAULT_CC +verify_pam_conv(int num_msg, const struct pam_message** msg, + struct pam_response** resp, void* appdata_ptr) +{ + int i; + struct pam_response* reply; + struct t_user_pass* user_pass; + + reply = g_malloc(sizeof(struct pam_response) * num_msg, 1); + for (i = 0; i < num_msg; i++) + { + switch (msg[i]->msg_style) + { + case PAM_PROMPT_ECHO_ON: /* username */ + user_pass = appdata_ptr; + reply[i].resp = g_strdup(user_pass->user); + reply[i].resp_retcode = PAM_SUCCESS; + break; + case PAM_PROMPT_ECHO_OFF: /* password */ + user_pass = appdata_ptr; + reply[i].resp = g_strdup(user_pass->pass); + reply[i].resp_retcode = PAM_SUCCESS; + break; + default: + g_printf("unknown in verify_pam_conv\n\r"); + g_free(reply); + return PAM_CONV_ERR; + } + } + *resp = reply; + return PAM_SUCCESS; +} + +/******************************************************************************/ +/* returns boolean */ +int DEFAULT_CC +auth_userpass(char* user, char* pass) +{ + int error; + int null_tok; + struct t_user_pass user_pass; + struct pam_conv pamc; + pam_handle_t* ph; + + user_pass.user = user; + user_pass.pass = pass; + pamc.conv = &verify_pam_conv; + pamc.appdata_ptr = &user_pass; + error = pam_start("gdm", 0, &pamc, &ph); + if (error != PAM_SUCCESS) + { + g_printf("pam_start failed\n\r"); + return 0; + } + null_tok = 0; + error = pam_authenticate(ph, null_tok); + if (error != PAM_SUCCESS) + { + pam_end(ph, PAM_SUCCESS); + return 0; + } + pam_end(ph, PAM_SUCCESS); + return 1; +} diff --git a/sesman/verify_user_pam_userpass.c b/sesman/verify_user_pam_userpass.c new file mode 100644 index 00000000..df097823 --- /dev/null +++ b/sesman/verify_user_pam_userpass.c @@ -0,0 +1,70 @@ +/* + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + xrdp: A Remote Desktop Protocol server. + Copyright (C) Jay Sorg 2005 + + authenticate user + +*/ + +#include "arch.h" +#include "os_calls.h" + +#include + +#define SERVICE "xrdp" + +/******************************************************************************/ +/* returns boolean */ +int DEFAULT_CC +auth_userpass(char* user, char* pass) +{ + pam_handle_t* pamh; + pam_userpass_t userpass; + struct pam_conv conv = {pam_userpass_conv, &userpass}; + const void* template1; + int status; + + userpass.user = user; + userpass.pass = pass; + if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS) + { + return 0; + } + status = pam_authenticate(pamh, 0); + if (status != PAM_SUCCESS) + { + pam_end(pamh, status); + return 0; + } + status = pam_acct_mgmt(pamh, 0); + if (status != PAM_SUCCESS) + { + pam_end(pamh, status); + return 0; + } + status = pam_get_item(pamh, PAM_USER, &template1); + if (status != PAM_SUCCESS) + { + pam_end(pamh, status); + return 0; + } + if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS) + { + return 0; + } + return 1; +}