mirror of
https://github.com/ElvishArtisan/rivendell.git
synced 2025-04-07 01:13:50 +02:00
bb577beb76
* Added logging for failed PAM authentication in 'RDPam::authenticate()'. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
112 lines
2.7 KiB
C++
112 lines
2.7 KiB
C++
// rdpam.cpp
|
|
//
|
|
// Authenticate a PAM name.
|
|
//
|
|
// (C) Copyright 2010-2019 Fred Gleason <fredg@paravelsystems.com>
|
|
//
|
|
// This program is free software; you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License version 2 as
|
|
// published by the Free Software Foundation.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public
|
|
// License along with this program; if not, write to the Free Software
|
|
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
//
|
|
|
|
#include <syslog.h>
|
|
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
|
|
#include <security/pam_appl.h>
|
|
|
|
#include <qstringlist.h>
|
|
|
|
#include "rdapplication.h"
|
|
#include "rdpam.h"
|
|
|
|
int RDPamCallback(int num_msg, const struct pam_message **msg,
|
|
struct pam_response **resp, void *appdata_ptr)
|
|
{
|
|
RDPam *pam=(RDPam *)appdata_ptr;
|
|
|
|
pam->CleanupPam();
|
|
*resp=new struct pam_response[num_msg];
|
|
for(int i=0;i<num_msg;i++) {
|
|
resp[i]->resp=new char[256];
|
|
memset(resp[i]->resp,0,256);
|
|
switch(msg[i]->msg_style) {
|
|
case PAM_PROMPT_ECHO_OFF:
|
|
strncpy(resp[i]->resp,pam->system_token,255);
|
|
break;
|
|
|
|
case PAM_PROMPT_ECHO_ON:
|
|
rda->syslog(LOG_WARNING,"unhandled PAM request: %s",msg[i]->msg);
|
|
break;
|
|
|
|
case PAM_ERROR_MSG:
|
|
case PAM_TEXT_INFO:
|
|
rda->syslog(LOG_INFO,"PAM message: %s",msg[i]->msg);
|
|
break;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
|
|
RDPam::RDPam(const QString &pam_service)
|
|
{
|
|
system_pam_response=NULL;
|
|
system_pam_response_count=0;
|
|
system_pam_service=pam_service;
|
|
}
|
|
|
|
|
|
bool RDPam::authenticate(const QString &username,const QString &token)
|
|
{
|
|
pam_handle_t *pamh=NULL;
|
|
struct pam_conv conv;
|
|
int err;
|
|
|
|
system_token=token;
|
|
memset(&conv,0,sizeof(conv));
|
|
conv.conv=RDPamCallback;
|
|
conv.appdata_ptr=(RDPam *)this;
|
|
if((err=pam_start(system_pam_service,username,&conv,&pamh))!=PAM_SUCCESS) {
|
|
rda->syslog(LOG_WARNING,"PAM error [%s]",pam_strerror(pamh,err));
|
|
pam_end(pamh,err);
|
|
CleanupPam();
|
|
return false;
|
|
}
|
|
if((err=pam_authenticate(pamh,0))!=PAM_SUCCESS) {
|
|
rda->syslog(LOG_WARNING,"PAM authentication failed [%s]",
|
|
pam_strerror(pamh,err));
|
|
pam_end(pamh,err);
|
|
CleanupPam();
|
|
return false;
|
|
}
|
|
pam_end(pamh,err);
|
|
CleanupPam();
|
|
return true;
|
|
}
|
|
|
|
|
|
void RDPam::CleanupPam()
|
|
{
|
|
if(system_pam_response==NULL) {
|
|
return;
|
|
}
|
|
for(int i=0;i<system_pam_response_count;i++) {
|
|
delete system_pam_response[i].resp;
|
|
}
|
|
delete system_pam_response;
|
|
system_pam_response=NULL;
|
|
}
|