| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/host/user_authenticator_pam.h" | 5 #include "remoting/host/user_authenticator.h" |
| 6 |
| 7 #include <security/pam_appl.h> |
| 8 #include <stdlib.h> |
| 9 |
| 10 #include <string> |
| 11 |
| 12 #include "base/basictypes.h" |
| 6 | 13 |
| 7 namespace remoting { | 14 namespace remoting { |
| 8 | 15 |
| 16 namespace { |
| 17 |
| 18 // Class to perform a single PAM user authentication. |
| 19 // |
| 20 // TODO(lambroslambrou): As pam_authenticate() can be blocking, this needs to |
| 21 // expose an asynchronous API, with pam_authenticate() called in a background |
| 22 // thread. |
| 23 class UserAuthenticatorPam : public UserAuthenticator { |
| 24 public: |
| 25 UserAuthenticatorPam() {} |
| 26 virtual ~UserAuthenticatorPam() {} |
| 27 virtual bool Authenticate(const std::string& username, |
| 28 const std::string& password); |
| 29 |
| 30 private: |
| 31 // Conversation function passed to PAM as a callback. |
| 32 static int ConvFunction(int num_msg, |
| 33 const pam_message** msg, |
| 34 pam_response** resp, |
| 35 void* appdata_ptr); |
| 36 |
| 37 // Store these for the PAM conversation function. |
| 38 std::string username_; |
| 39 std::string password_; |
| 40 |
| 41 DISALLOW_COPY_AND_ASSIGN(UserAuthenticatorPam); |
| 42 }; |
| 43 |
| 44 const char kPamServiceName[] = "chromoting"; |
| 45 |
| 46 bool UserAuthenticatorPam::Authenticate(const std::string& username, |
| 47 const std::string& password) { |
| 48 username_ = username; |
| 49 password_ = password; |
| 50 pam_conv conversation; |
| 51 conversation.conv = ConvFunction; |
| 52 conversation.appdata_ptr = static_cast<void*>(this); |
| 53 // TODO(lambroslambrou): Allow PAM service name to be configurable. |
| 54 pam_handle_t* pam_handle; |
| 55 if (pam_start(kPamServiceName, username_.c_str(), |
| 56 &conversation, &pam_handle) != PAM_SUCCESS) { |
| 57 return false; |
| 58 } |
| 59 |
| 60 // TODO(lambroslambrou): Move to separate thread. |
| 61 int pam_status = pam_authenticate(pam_handle, 0); |
| 62 pam_end(pam_handle, pam_status); |
| 63 return pam_status == PAM_SUCCESS; |
| 64 } |
| 65 |
| 66 // static |
| 67 int UserAuthenticatorPam::ConvFunction(int num_msg, |
| 68 const pam_message** msg, |
| 69 pam_response** resp, |
| 70 void* appdata_ptr) { |
| 71 if (num_msg <= 0) |
| 72 return PAM_CONV_ERR; |
| 73 UserAuthenticatorPam* user_auth = |
| 74 static_cast<UserAuthenticatorPam*>(appdata_ptr); |
| 75 // Must allocate with malloc(), as the calling PAM module will |
| 76 // release the memory with free(). |
| 77 pam_response* resp_tmp = static_cast<pam_response*>( |
| 78 malloc(num_msg * sizeof(pam_response))); |
| 79 if (resp_tmp == NULL) |
| 80 return PAM_CONV_ERR; |
| 81 |
| 82 bool raise_error = false; |
| 83 // On exit from the loop, 'count' will hold the number of initialised items |
| 84 // that the cleanup code needs to look at, in case of error. |
| 85 int count; |
| 86 for (count = 0; count < num_msg; count++) { |
| 87 // Alias for readability. |
| 88 pam_response* resp_item = &resp_tmp[count]; |
| 89 resp_item->resp_retcode = 0; |
| 90 resp_item->resp = NULL; |
| 91 switch (msg[count]->msg_style) { |
| 92 case PAM_PROMPT_ECHO_ON: |
| 93 resp_item->resp = strdup(user_auth->username_.c_str()); |
| 94 if (resp_item->resp == NULL) |
| 95 raise_error = true; |
| 96 break; |
| 97 case PAM_PROMPT_ECHO_OFF: |
| 98 resp_item->resp = strdup(user_auth->password_.c_str()); |
| 99 if (resp_item->resp == NULL) |
| 100 raise_error = true; |
| 101 break; |
| 102 case PAM_TEXT_INFO: |
| 103 // No response needed, as this instructs the PAM client to display |
| 104 // text to the user. Leave as NULL and continue with next prompt. |
| 105 break; |
| 106 default: |
| 107 // Unexpected style code, so abort. |
| 108 raise_error = true; |
| 109 } |
| 110 if (raise_error) |
| 111 break; |
| 112 } |
| 113 |
| 114 if (raise_error) { |
| 115 // Not passing the response back, so free up any memory used. |
| 116 for (int n = 0; n < count; n++) { |
| 117 if (resp_tmp[n].resp) { |
| 118 free(resp_tmp[n].resp); |
| 119 } |
| 120 } |
| 121 free(resp_tmp); |
| 122 return PAM_CONV_ERR; |
| 123 } else { |
| 124 *resp = resp_tmp; |
| 125 return PAM_SUCCESS; |
| 126 } |
| 127 } |
| 128 |
| 129 } // namespace |
| 130 |
| 9 // static | 131 // static |
| 10 UserAuthenticator* UserAuthenticator::Create() { | 132 UserAuthenticator* UserAuthenticator::Create() { |
| 11 return new UserAuthenticatorPam(); | 133 return new UserAuthenticatorPam(); |
| 12 } | 134 } |
| 13 | 135 |
| 14 } // namespace remoting | 136 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
