Index: src/platform/pam_offline/pam_offline.cc |
diff --git a/src/platform/pam_offline/pam_offline.cc b/src/platform/pam_offline/pam_offline.cc |
index 09691f3ce57ee3e44cd3f4bb7b2588914a02d671..6f0c7ae5b12113463ab2eef28c8119328a392fe7 100644 |
--- a/src/platform/pam_offline/pam_offline.cc |
+++ b/src/platform/pam_offline/pam_offline.cc |
@@ -5,22 +5,25 @@ |
// This is supposed to be defined before the pam includes. |
#define PAM_SM_AUTH |
-#include <sys/types.h> |
-#include <sys/stat.h> |
-#include <fcntl.h> |
+#include "pam_offline/pam_prompt_wrapper.h" |
+#include "pam_offline/username_password_fetcher.h" |
+#include "pam_offline/utils.h" |
-#include <base/command_line.h> |
-#include <base/logging.h> |
+#include <dbus/dbus-glib.h> |
+#include <fcntl.h> |
+#include <glib-object.h> |
#include <security/_pam_macros.h> |
-#include <security/pam_modules.h> |
#include <security/pam_ext.h> |
+#include <security/pam_modules.h> |
#include <stdio.h> |
#include <stdlib.h> |
+#include <sys/stat.h> |
+#include <sys/types.h> |
-#include "pam_offline/credentials.h" |
-#include "pam_offline/authenticator.h" |
-#include "pam_offline/pam_prompt_wrapper.h" |
-#include "pam_offline/username_password_fetcher.h" |
+#include "base/command_line.h" |
+#include "base/logging.h" |
+#include "cros/chromeos_cros_api.h" |
+#include "cros/chromeos_cryptohome.h" |
const char kUserName[] = "chronos"; |
@@ -33,6 +36,17 @@ static void setcred_free(pam_handle_t *pamh /*unused*/, |
} |
} |
+static bool pam_offline_libcros_loaded = false; |
+static bool ensure_libcros() { |
+ if(!pam_offline_libcros_loaded) { |
+ ::g_type_init(); |
+ std::string load_error; |
+ pam_offline_libcros_loaded = |
+ chromeos::LoadLibcros(chromeos::kCrosDefaultPath, load_error); |
+ } |
+ return pam_offline_libcros_loaded; |
+} |
+ |
// PAM framework looks for these entry-points to pass control to the |
// authentication module. |
@@ -60,18 +74,26 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, |
// If fetcher.FetchCredentials times out you get NULL credentials |
if (credentials) { |
- pam_offline::Authenticator auth; |
- if (auth.Init()) { |
- if (auth.TestAllMasterKeys(*credentials)) { |
- retval = PAM_SUCCESS; |
- pam_set_item(pamh, PAM_USER, |
- reinterpret_cast<const void*>(kUserName)); |
+ if (ensure_libcros()) { |
+ char username[pam_offline::kMaxUsernameLength]; |
+ memset(username, 0, sizeof(username)); |
+ credentials->GetFullUsername(username, sizeof(username)); |
+ pam_offline::Blob salt = chromeos::CryptohomeGetSystemSalt(); |
+ if(salt.size() != 0) { |
+ if(chromeos::CryptohomeCheckKey(username, |
+ credentials->GetPasswordWeakHash(salt).c_str())) { |
+ retval = PAM_SUCCESS; |
+ pam_set_item(pamh, PAM_USER, |
+ reinterpret_cast<const void*>(kUserName)); |
+ } else { |
+ LOG(INFO) << "Invalid credentials."; |
+ } |
} else { |
- LOG(INFO) << "Invalid credentials."; |
+ LOG(INFO) << "Unable to get system salt."; |
} |
} else { |
- LOG(ERROR) << "Authenticator failed to Init()."; |
+ LOG(ERROR) << "libcros load failed."; |
} |
delete credentials; |