| Adam Tkac | a0d90c9 | 2010-09-07 09:33:51 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2006 Martin Koegler |
| 3 | * Copyright (C) 2010 TigerVNC Team |
| 4 | * |
| 5 | * This is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License as published by |
| 7 | * the Free Software Foundation; either version 2 of the License, or |
| 8 | * (at your option) any later version. |
| 9 | * |
| 10 | * This software is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License |
| 16 | * along with this software; if not, write to the Free Software |
| 17 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
| 18 | * USA. |
| 19 | */ |
| 20 | |
| 21 | #ifdef HAVE_CONFIG_H |
| 22 | #include <config.h> |
| 23 | #endif |
| 24 | |
| 25 | #ifndef HAVE_PAM |
| 26 | #error "This source should not be compiled when PAM is unsupported" |
| 27 | #endif |
| 28 | |
| 29 | #include <stdlib.h> |
| 30 | #include <string.h> |
| 31 | #include <security/pam_appl.h> |
| 32 | |
| 33 | #include <rfb/pam.h> |
| 34 | |
| 35 | typedef struct |
| 36 | { |
| 37 | const char *username; |
| 38 | const char *password; |
| 39 | } AuthData; |
| 40 | |
| Pierre Ossman | 9450b9c | 2015-03-03 16:40:36 +0100 | [diff] [blame] | 41 | #if defined(__sun) |
| 42 | static int pam_callback(int count, struct pam_message **in, |
| 43 | struct pam_response **out, void *ptr) |
| 44 | #else |
| Adam Tkac | a0d90c9 | 2010-09-07 09:33:51 +0000 | [diff] [blame] | 45 | static int pam_callback(int count, const struct pam_message **in, |
| Pierre Ossman | 9450b9c | 2015-03-03 16:40:36 +0100 | [diff] [blame] | 46 | struct pam_response **out, void *ptr) |
| 47 | #endif |
| Adam Tkac | a0d90c9 | 2010-09-07 09:33:51 +0000 | [diff] [blame] | 48 | { |
| 49 | int i; |
| 50 | AuthData *auth = (AuthData *) ptr; |
| 51 | struct pam_response *resp = |
| 52 | (struct pam_response *) malloc (sizeof (struct pam_response) * count); |
| 53 | |
| 54 | if (!resp && count) |
| 55 | return PAM_CONV_ERR; |
| 56 | |
| 57 | for (i = 0; i < count; i++) { |
| 58 | resp[i].resp_retcode = PAM_SUCCESS; |
| 59 | switch (in[i]->msg_style) { |
| 60 | case PAM_TEXT_INFO: |
| 61 | case PAM_ERROR_MSG: |
| 62 | resp[i].resp = 0; |
| 63 | break; |
| 64 | case PAM_PROMPT_ECHO_ON: /* Send Username */ |
| 65 | resp[i].resp = strdup(auth->username); |
| 66 | break; |
| 67 | case PAM_PROMPT_ECHO_OFF: /* Send Password */ |
| 68 | resp[i].resp = strdup(auth->password); |
| 69 | break; |
| 70 | default: |
| 71 | free(resp); |
| 72 | return PAM_CONV_ERR; |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | *out = resp; |
| 77 | return PAM_SUCCESS; |
| 78 | } |
| 79 | |
| 80 | |
| 81 | int do_pam_auth(const char *service, const char *username, const char *password) |
| 82 | { |
| 83 | int ret; |
| 84 | AuthData auth = { username, password }; |
| 85 | struct pam_conv conv = { |
| 86 | pam_callback, |
| 87 | &auth |
| 88 | }; |
| 89 | pam_handle_t *h = 0; |
| 90 | ret = pam_start(service, username, &conv, &h); |
| 91 | if (ret == PAM_SUCCESS) |
| 92 | ret = pam_authenticate(h, 0); |
| 93 | if (ret == PAM_SUCCESS) |
| 94 | ret = pam_acct_mgmt(h, 0); |
| 95 | pam_end(h, ret); |
| 96 | |
| 97 | return ret == PAM_SUCCESS ? 1 : 0; |
| 98 | } |
| 99 | |