| Index: src/platform/pam_offline/pam_offline.cc
|
| diff --git a/src/platform/pam_offline/pam_offline.cc b/src/platform/pam_offline/pam_offline.cc
|
| index 09691f3ce57ee3e44cd3f4bb7b2588914a02d671..6f0c7ae5b12113463ab2eef28c8119328a392fe7 100644
|
| --- a/src/platform/pam_offline/pam_offline.cc
|
| +++ b/src/platform/pam_offline/pam_offline.cc
|
| @@ -5,22 +5,25 @@
|
| // This is supposed to be defined before the pam includes.
|
| #define PAM_SM_AUTH
|
|
|
| -#include <sys/types.h>
|
| -#include <sys/stat.h>
|
| -#include <fcntl.h>
|
| +#include "pam_offline/pam_prompt_wrapper.h"
|
| +#include "pam_offline/username_password_fetcher.h"
|
| +#include "pam_offline/utils.h"
|
|
|
| -#include <base/command_line.h>
|
| -#include <base/logging.h>
|
| +#include <dbus/dbus-glib.h>
|
| +#include <fcntl.h>
|
| +#include <glib-object.h>
|
| #include <security/_pam_macros.h>
|
| -#include <security/pam_modules.h>
|
| #include <security/pam_ext.h>
|
| +#include <security/pam_modules.h>
|
| #include <stdio.h>
|
| #include <stdlib.h>
|
| +#include <sys/stat.h>
|
| +#include <sys/types.h>
|
|
|
| -#include "pam_offline/credentials.h"
|
| -#include "pam_offline/authenticator.h"
|
| -#include "pam_offline/pam_prompt_wrapper.h"
|
| -#include "pam_offline/username_password_fetcher.h"
|
| +#include "base/command_line.h"
|
| +#include "base/logging.h"
|
| +#include "cros/chromeos_cros_api.h"
|
| +#include "cros/chromeos_cryptohome.h"
|
|
|
| const char kUserName[] = "chronos";
|
|
|
| @@ -33,6 +36,17 @@ static void setcred_free(pam_handle_t *pamh /*unused*/,
|
| }
|
| }
|
|
|
| +static bool pam_offline_libcros_loaded = false;
|
| +static bool ensure_libcros() {
|
| + if(!pam_offline_libcros_loaded) {
|
| + ::g_type_init();
|
| + std::string load_error;
|
| + pam_offline_libcros_loaded =
|
| + chromeos::LoadLibcros(chromeos::kCrosDefaultPath, load_error);
|
| + }
|
| + return pam_offline_libcros_loaded;
|
| +}
|
| +
|
| // PAM framework looks for these entry-points to pass control to the
|
| // authentication module.
|
|
|
| @@ -60,18 +74,26 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
|
|
|
| // If fetcher.FetchCredentials times out you get NULL credentials
|
| if (credentials) {
|
| - pam_offline::Authenticator auth;
|
|
|
| - if (auth.Init()) {
|
| - if (auth.TestAllMasterKeys(*credentials)) {
|
| - retval = PAM_SUCCESS;
|
| - pam_set_item(pamh, PAM_USER,
|
| - reinterpret_cast<const void*>(kUserName));
|
| + if (ensure_libcros()) {
|
| + char username[pam_offline::kMaxUsernameLength];
|
| + memset(username, 0, sizeof(username));
|
| + credentials->GetFullUsername(username, sizeof(username));
|
| + pam_offline::Blob salt = chromeos::CryptohomeGetSystemSalt();
|
| + if(salt.size() != 0) {
|
| + if(chromeos::CryptohomeCheckKey(username,
|
| + credentials->GetPasswordWeakHash(salt).c_str())) {
|
| + retval = PAM_SUCCESS;
|
| + pam_set_item(pamh, PAM_USER,
|
| + reinterpret_cast<const void*>(kUserName));
|
| + } else {
|
| + LOG(INFO) << "Invalid credentials.";
|
| + }
|
| } else {
|
| - LOG(INFO) << "Invalid credentials.";
|
| + LOG(INFO) << "Unable to get system salt.";
|
| }
|
| } else {
|
| - LOG(ERROR) << "Authenticator failed to Init().";
|
| + LOG(ERROR) << "libcros load failed.";
|
| }
|
|
|
| delete credentials;
|
|
|
Chromium Code Reviews
