remoting/host/pam_authorization_factory_posix.cc - Issue 11276040: Implemented local login check for PAM (only enabled on Linux for now).

Side by Side Diff: remoting/host/pam_authorization_factory_posix.cc

Issue 11276040: Implemented local login check for PAM (only enabled on Linux for now). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 8 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« remoting/host/pam_authorization_factory_posix.h ('K') | « remoting/host/pam_authorization_factory_posix.h ('k') | remoting/host/remoting_me2me_host.cc » ('j') | remoting/host/remoting_me2me_host.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "remoting/host/pam_authorization_factory_posix.h"

	6

	7 #include <security/pam_appl.h>

	8

	9 #include "base/environment.h"

	10 #include "base/logging.h"

	11 #include "remoting/protocol/channel_authenticator.h"
	Wez 2012/10/26 03:25:43 nit: Can't you just forward-define ChannelAuthenti nit: Can't you just forward-define ChannelAuthenticator? Jamie 2012/10/26 17:53:30 No, it needs to be a complete type for scoped_ptr. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Can't you just forward-define ChannelAuthenticator? No, it needs to be a complete type for scoped_ptr.
	12 #include "third_party/libjingle/source/talk/xmllite/xmlelement.h"

	13

	14 namespace remoting {

	15

	16 class PamAuthorizer : public protocol::Authenticator {
	Wez 2012/10/26 03:25:43 nit: Wrap this in an anonymous namespace. nit: Wrap this in an anonymous namespace. Wez 2012/10/26 03:25:43 nit: Consider moving this class' method implementa nit: Consider moving this class' method implementations out-of-line; tends to make classes easier to understand at a glance. Jamie 2012/10/26 17:53:30 Done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Wrap this in an anonymous namespace. Done. Jamie 2012/10/26 17:53:30 Done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Consider moving this class' method implementations out-of-line; tends to > make classes easier to understand at a glance. Done.
	17 public:

	18 PamAuthorizer(scoped_ptr<protocol::Authenticator> underlying)

	19 : underlying_(underlying.Pass()),

	20 local_login_status_(NOT_CHECKED) {

	21 }

	22

	23 virtual State state() const OVERRIDE {
	Wez 2012/10/26 03:25:43 nit: Precede this with a comment "protocol::Authen nit: Precede this with a comment "protocol::Authenticator implementation" Jamie 2012/10/26 17:53:30 s/implementation/interface done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Precede this with a comment "protocol::Authenticator implementation" s/implementation/interface done.
	24 return local_login_status_ == DISALLOWED ?

	25 REJECTED : underlying_->state();
	Wez 2012/10/26 03:25:43 nit: This would be more readable as an early-exit nit: This would be more readable as an early-exit if and return. Jamie 2012/10/26 17:53:30 Done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: This would be more readable as an early-exit if and return. Done.
	26 }

	27

	28 virtual RejectionReason rejection_reason() const OVERRIDE {

	29 return local_login_status_ == DISALLOWED ?

	30 INVALID_CREDENTIALS : underlying_->rejection_reason();
	Jamie 2012/10/25 23:16:03 This results in "invalid PIN" at the client, which This results in "invalid PIN" at the client, which is not very helpful. We might need a new error code to support this check. Wez 2012/10/26 03:25:43 Agreed, but this is good enough for starters. Show quoted text On 2012/10/25 23:16:03, Jamie wrote: > This results in "invalid PIN" at the client, which is not very helpful. We might > need a new error code to support this check. Agreed, but this is good enough for starters. Wez 2012/10/26 03:25:43 nit: See comment on state(). nit: See comment on state(). Jamie 2012/10/26 17:53:30 Done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: See comment on state(). Done.
	31 }

	32

	33 virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE {

	34 underlying_->ProcessMessage(message);

	35 MaybeCheckLocalLogin();

	36 }

	37

	38 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() {

	39 scoped_ptr<buzz::XmlElement> result (underlying_->GetNextMessage());

	40 MaybeCheckLocalLogin();

	41 return result.Pass();

	42 }

	43

	44 virtual scoped_ptr<protocol::ChannelAuthenticator>

	45 CreateChannelAuthenticator() const OVERRIDE {

	46 return underlying_->CreateChannelAuthenticator();

	47 }

	48

	49 private:

	50 void MaybeCheckLocalLogin() {

	51 if (local_login_status_ == NOT_CHECKED && state() == ACCEPTED) {

	52 local_login_status_ = IsLocalLoginAllowed() ? ALLOWED : DISALLOWED;

	53 }

	54 }

	55

	56 bool IsLocalLoginAllowed() {

	57 std::string username;

	58 if (!base::Environment::Create()->GetVar("USER", &username)) {

	59 return false;

	60 }

	61 struct pam_conv conv = { PamConversation, NULL };
	Wez 2012/10/26 03:25:43 nit: Blank line above this, to aid readability, pl nit: Blank line above this, to aid readability, plz. Jamie 2012/10/26 17:53:30 Done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Blank line above this, to aid readability, plz. Done.
	62 pam_handle_t* handle = NULL;

	63 int result = pam_start("chrome-remote-desktop", username.c_str(),

	64 &conv, &handle);

	65 if (result == PAM_SUCCESS) {

	66 result = pam_acct_mgmt(handle, 0);

	67 }

	68 pam_end(handle, result);

	69 LOG(INFO) << "Local login check for " << username
	Wez 2012/10/26 03:25:43 nit: Blank lines above & below LOG line, for reada nit: Blank lines above & below LOG line, for readability. Jamie 2012/10/26 17:53:30 Done. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Blank lines above & below LOG line, for readability. Done.
	70 << (result == PAM_SUCCESS ? " succeeded." : " failed.");

	71 return result == PAM_SUCCESS;

	72 }

	73

	74 static int PamConversation(int num_messages,

	75 const struct pam_message** messages,

	76 struct pam_response** responses,

	77 void* context) {

	78 // We don't expect this function to be called. Since we have no easy way
	Wez 2012/10/26 03:25:43 Is it likely that this be called nonetheless, or c Is it likely that this be called nonetheless, or could we just CHECK() here? Jamie 2012/10/26 17:53:30 I've changed it to a LOG(FATAL) in the case that w Show quoted text On 2012/10/26 03:25:43, Wez wrote: > Is it likely that this be called nonetheless, or could we just CHECK() here? I've changed it to a LOG(FATAL) in the case that we're asked for input, since it simplifies the code a bit, but if we're just being asked to log something, I think it's better to do so.
	79 // of returning a response, we consider it to be an error if we're asked

	80 // for one. Informational and error messages are logged.

	81 int result = PAM_SUCCESS;

	82 for (int i = 0; i < num_messages; ++i) {

	83 const struct pam_message* message = messages[i];

	84 switch (message->msg_style) {

	85 case PAM_ERROR_MSG:

	86 LOG(ERROR) << "PAM conversation error message: " << message->msg;

	87 break;

	88 case PAM_TEXT_INFO:

	89 LOG(INFO) << "PAM conversation message: " << message->msg;

	90 break;

	91 default:

	92 LOG(ERROR) << "Unexpected PAM conversation response required: "

	93 << message->msg << "; msg_style = " << message->msg_style;

	94 result = PAM_CONV_ERR;

	95 }

	96 }

	97 // Except in case of error, we need to allocate space for the responses.

	98 responses = static_cast<struct pam_response>(

	99 calloc(num_messages, sizeof(struct pam_response)));

	100 return result;

	101 }

	102

	103 scoped_ptr<protocol::Authenticator> underlying_;

	104 enum { NOT_CHECKED, ALLOWED, DISALLOWED } local_login_status_;

	105 };

	106

	107 PamAuthorizationFactory::PamAuthorizationFactory(

	108 scoped_ptr<protocol::AuthenticatorFactory> underlying)

	109 : underlying_(underlying.Pass()) {

	110 }

	111

	112 scoped_ptr<protocol::Authenticator>

	113 PamAuthorizationFactory::CreateAuthenticator(

	114 const std::string& local_jid,

	115 const std::string& remote_jid,

	116 const buzz::XmlElement* first_message) {

	117 scoped_ptr<protocol::Authenticator> authenticator(

	118 underlying_->CreateAuthenticator(local_jid, remote_jid, first_message));
	Wez 2012/10/26 03:25:43 nit: Can you pass the output of CreateAuthenticato nit: Can you pass the output of CreateAuthenticator() directly to the PamAuthorizer() ctor and save a couple of lines? Jamie 2012/10/26 17:53:30 I think that would be less readable. Show quoted text On 2012/10/26 03:25:43, Wez wrote: > nit: Can you pass the output of CreateAuthenticator() directly to the > PamAuthorizer() ctor and save a couple of lines? I think that would be less readable. Wez 2012/10/26 21:52:23 Even if you fold the new PamAuthorizer on to the r Show quoted text On 2012/10/26 17:53:30, Jamie wrote: > On 2012/10/26 03:25:43, Wez wrote: > > nit: Can you pass the output of CreateAuthenticator() directly to the > > PamAuthorizer() ctor and save a couple of lines? > > I think that would be less readable. Even if you fold the new PamAuthorizer on to the return line itself? Actually, I think that'd be one character too long...
	119 return scoped_ptr<protocol::Authenticator>(

	120 new PamAuthorizer(authenticator.Pass()));

	121 }

	122

	123

	124 } // namespace remoting

OLD	NEW