Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(152)

Unified Diff: src/platform/pam_offline/pam_offline.cc

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: src/platform/pam_offline/pam_offline.cc
diff --git a/src/platform/pam_offline/pam_offline.cc b/src/platform/pam_offline/pam_offline.cc
index 09691f3ce57ee3e44cd3f4bb7b2588914a02d671..6f0c7ae5b12113463ab2eef28c8119328a392fe7 100644
--- a/src/platform/pam_offline/pam_offline.cc
+++ b/src/platform/pam_offline/pam_offline.cc
@@ -5,22 +5,25 @@
// This is supposed to be defined before the pam includes.
#define PAM_SM_AUTH
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
+#include "pam_offline/pam_prompt_wrapper.h"
+#include "pam_offline/username_password_fetcher.h"
+#include "pam_offline/utils.h"
-#include <base/command_line.h>
-#include <base/logging.h>
+#include <dbus/dbus-glib.h>
+#include <fcntl.h>
+#include <glib-object.h>
#include <security/_pam_macros.h>
-#include <security/pam_modules.h>
#include <security/pam_ext.h>
+#include <security/pam_modules.h>
#include <stdio.h>
#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
-#include "pam_offline/credentials.h"
-#include "pam_offline/authenticator.h"
-#include "pam_offline/pam_prompt_wrapper.h"
-#include "pam_offline/username_password_fetcher.h"
+#include "base/command_line.h"
+#include "base/logging.h"
+#include "cros/chromeos_cros_api.h"
+#include "cros/chromeos_cryptohome.h"
const char kUserName[] = "chronos";
@@ -33,6 +36,17 @@ static void setcred_free(pam_handle_t *pamh /*unused*/,
}
}
+static bool pam_offline_libcros_loaded = false;
+static bool ensure_libcros() {
+ if(!pam_offline_libcros_loaded) {
+ ::g_type_init();
+ std::string load_error;
+ pam_offline_libcros_loaded =
+ chromeos::LoadLibcros(chromeos::kCrosDefaultPath, load_error);
+ }
+ return pam_offline_libcros_loaded;
+}
+
// PAM framework looks for these entry-points to pass control to the
// authentication module.
@@ -60,18 +74,26 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
// If fetcher.FetchCredentials times out you get NULL credentials
if (credentials) {
- pam_offline::Authenticator auth;
- if (auth.Init()) {
- if (auth.TestAllMasterKeys(*credentials)) {
- retval = PAM_SUCCESS;
- pam_set_item(pamh, PAM_USER,
- reinterpret_cast<const void*>(kUserName));
+ if (ensure_libcros()) {
+ char username[pam_offline::kMaxUsernameLength];
+ memset(username, 0, sizeof(username));
+ credentials->GetFullUsername(username, sizeof(username));
+ pam_offline::Blob salt = chromeos::CryptohomeGetSystemSalt();
+ if(salt.size() != 0) {
+ if(chromeos::CryptohomeCheckKey(username,
+ credentials->GetPasswordWeakHash(salt).c_str())) {
+ retval = PAM_SUCCESS;
+ pam_set_item(pamh, PAM_USER,
+ reinterpret_cast<const void*>(kUserName));
+ } else {
+ LOG(INFO) << "Invalid credentials.";
+ }
} else {
- LOG(INFO) << "Invalid credentials.";
+ LOG(INFO) << "Unable to get system salt.";
}
} else {
- LOG(ERROR) << "Authenticator failed to Init().";
+ LOG(ERROR) << "libcros load failed.";
}
delete credentials;

Powered by Google App Engine
This is Rietveld 408576698