| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "remoting/host/user_authenticator_pam.h" | |
| 6 | |
| 7 #include <stdlib.h> | |
| 8 | |
| 9 #include <string> | |
| 10 | |
| 11 #include <security/pam_appl.h> | |
| 12 | |
| 13 namespace remoting { | |
| 14 | |
| 15 static const char kPamServiceName[] = "chromoting"; | |
| 16 | |
| 17 UserAuthenticatorPam::UserAuthenticatorPam() { | |
| 18 } | |
| 19 | |
| 20 UserAuthenticatorPam::~UserAuthenticatorPam() { | |
| 21 } | |
| 22 | |
| 23 bool UserAuthenticatorPam::Authenticate(const std::string& username, | |
| 24 const std::string& password) { | |
| 25 username_ = username; | |
| 26 password_ = password; | |
| 27 pam_conv conversation; | |
| 28 conversation.conv = ConvFunction; | |
| 29 conversation.appdata_ptr = static_cast<void*>(this); | |
| 30 // TODO(lambroslambrou): Allow PAM service name to be configurable. | |
| 31 pam_handle_t* pam_handle; | |
| 32 if (pam_start(kPamServiceName, username_.c_str(), | |
| 33 &conversation, &pam_handle) != PAM_SUCCESS) { | |
| 34 return false; | |
| 35 } | |
| 36 | |
| 37 // TODO(lambroslambrou): Move to separate thread. | |
| 38 int pam_status = pam_authenticate(pam_handle, 0); | |
| 39 pam_end(pam_handle, pam_status); | |
| 40 return pam_status == PAM_SUCCESS; | |
| 41 } | |
| 42 | |
| 43 // static | |
| 44 int UserAuthenticatorPam::ConvFunction(int num_msg, | |
| 45 const pam_message** msg, | |
| 46 pam_response** resp, | |
| 47 void* appdata_ptr) { | |
| 48 if (num_msg <= 0) | |
| 49 return PAM_CONV_ERR; | |
| 50 UserAuthenticatorPam* user_auth = | |
| 51 static_cast<UserAuthenticatorPam*>(appdata_ptr); | |
| 52 // Must allocate with malloc(), as the calling PAM module will | |
| 53 // release the memory with free(). | |
| 54 pam_response* resp_tmp = static_cast<pam_response*>( | |
| 55 malloc(num_msg * sizeof(pam_response))); | |
| 56 if (resp_tmp == NULL) | |
| 57 return PAM_CONV_ERR; | |
| 58 | |
| 59 bool raise_error = false; | |
| 60 // On exit from the loop, 'count' will hold the number of initialised items | |
| 61 // that the cleanup code needs to look at, in case of error. | |
| 62 int count; | |
| 63 for (count = 0; count < num_msg; count++) { | |
| 64 // Alias for readability. | |
| 65 pam_response* resp_item = &resp_tmp[count]; | |
| 66 resp_item->resp_retcode = 0; | |
| 67 resp_item->resp = NULL; | |
| 68 switch (msg[count]->msg_style) { | |
| 69 case PAM_PROMPT_ECHO_ON: | |
| 70 resp_item->resp = strdup(user_auth->username_.c_str()); | |
| 71 if (resp_item->resp == NULL) | |
| 72 raise_error = true; | |
| 73 break; | |
| 74 case PAM_PROMPT_ECHO_OFF: | |
| 75 resp_item->resp = strdup(user_auth->password_.c_str()); | |
| 76 if (resp_item->resp == NULL) | |
| 77 raise_error = true; | |
| 78 break; | |
| 79 case PAM_TEXT_INFO: | |
| 80 // No response needed, as this instructs the PAM client to display | |
| 81 // text to the user. Leave as NULL and continue with next prompt. | |
| 82 break; | |
| 83 default: | |
| 84 // Unexpected style code, so abort. | |
| 85 raise_error = true; | |
| 86 } | |
| 87 if (raise_error) | |
| 88 break; | |
| 89 } | |
| 90 | |
| 91 if (raise_error) { | |
| 92 // Not passing the response back, so free up any memory used. | |
| 93 for (int n = 0; n < count; n++) { | |
| 94 if (resp_tmp[n].resp) { | |
| 95 free(resp_tmp[n].resp); | |
| 96 } | |
| 97 } | |
| 98 free(resp_tmp); | |
| 99 return PAM_CONV_ERR; | |
| 100 } else { | |
| 101 *resp = resp_tmp; | |
| 102 return PAM_SUCCESS; | |
| 103 } | |
| 104 } | |
| 105 | |
| 106 } // namespace remoting | |
| OLD | NEW |
|---|
Chromium Code Reviews
