pam changes

4 files changed, 182 insertions, 70 deletions

diff --git a/sesman/Makefile b/sesman/Makefile
index 7ef8d3f9..79256907 100644
--- a/sesman/Makefile
+++ b/sesman/Makefile
@@ -1,29 +1,20 @@
 
-# uncomment the next line to use pam_userpass
-# in verify_user.c
-#USE_PAM = ""
+SESMANOBJ = sesman.o ../common/os_calls.o ../common/d3des.o
 
-SESMANOBJ = sesman.o verify_user.o ../common/os_calls.o ../common/d3des.o
-
-ifdef USE_PAM
-CFLAGS = -Wall -O2 -I../common -DUSE_PAM
-else
 CFLAGS = -Wall -O2 -I../common
-endif
-C_OS_FLAGS = $(CFLAGS) -c
 LDFLAGS = -L /usr/gnu/lib
-ifdef USE_PAM
-LIBS = -lpam -lpam_userpass
-else
-LIBS = -ldl -lcrypt
-endif
-PAMLIB =
 CC = gcc
 
 all: sesman
 
-sesman: $(SESMANOBJ)
-	$(CC) $(LDFLAGS) -o sesman $(PAMLIB) $(SESMANOBJ) $(LIBS)
+sesman: $(SESMANOBJ) verify_user.o
+	$(CC) $(LDFLAGS) -o sesman $(SESMANOBJ) verify_user.o -ldl -lcrypt
+
+pam: $(SESMANOBJ) verify_user_pam.o
+	$(CC) $(LDFLAGS) -o sesman $(SESMANOBJ) verify_user_pam.o -ldl -lpam
+
+pam_userpass: $(SESMANOBJ) verify_user_pam_userpass.o
+	$(CC) $(LDFLAGS) -o sesman $(SESMANOBJ) verify_user_pam_userpass.o -ldl -lpam -lpam_userpass
 
 clean:
-	rm -f $(SESMANOBJ) sesman
+	rm -f $(SESMANOBJ) verify_user.o verify_user_pam.o verify_user_pam_userpass.o sesman
diff --git a/sesman/verify_user.c b/sesman/verify_user.c
index 60ff48c0..7ee660d5 100644
--- a/sesman/verify_user.c
+++ b/sesman/verify_user.c
@@ -20,54 +20,8 @@
 
 */
 
-#ifdef USE_PAM
-
-#include <security/pam_userpass.h>
-
-#define SERVICE "xrdp"
-
-/******************************************************************************/
-/* returns boolean */
-int auth_userpass(char* user, char* pass)
-{
-  pam_handle_t* pamh;
-  pam_userpass_t userpass;
-  struct pam_conv conv = {pam_userpass_conv, &userpass};
-  const void* template1;
-  int status;
-
-  userpass.user = user;
-  userpass.pass = pass;
-  if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
-  {
-    return 0;
-  }
-  status = pam_authenticate(pamh, 0);
-  if (status != PAM_SUCCESS)
-  {
-    pam_end(pamh, status);
-    return 0;
-  }
-  status = pam_acct_mgmt(pamh, 0);
-  if (status != PAM_SUCCESS)
-  {
-    pam_end(pamh, status);
-    return 0;
-  }
-  status = pam_get_item(pamh, PAM_USER, &template1);
-  if (status != PAM_SUCCESS)
-  {
-    pam_end(pamh, status);
-    return 0;
-  }
-  if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
-  {
-    return 0;
-  }
-  return 1;
-}
-
-#else
+#include "arch.h"
+#include "os_calls.h"
 
 #define _XOPEN_SOURCE
 #include <unistd.h>
@@ -77,7 +31,8 @@ int auth_userpass(char* user, char* pass)
 
 /******************************************************************************/
 /* returns boolean */
-int auth_userpass(char* user, char* pass)
+int DEFAULT_CC
+auth_userpass(char* user, char* pass)
 {
   char salt[13] = "$1$";
   char hash[35] = "";
@@ -133,5 +88,3 @@ int auth_userpass(char* user, char* pass)
   }
   return 1;
 }
-
-#endif
diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
new file mode 100644
index 00000000..2bf19f64
--- /dev/null
+++ b/sesman/verify_user_pam.c
@@ -0,0 +1,98 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   xrdp: A Remote Desktop Protocol server.
+   Copyright (C) Jay Sorg 2005
+
+   authenticate user
+
+*/
+
+#include "arch.h"
+#include "os_calls.h"
+
+#include <security/pam_appl.h>
+
+struct t_user_pass
+{
+  char* user;
+  char* pass;
+};
+
+/******************************************************************************/
+static int DEFAULT_CC
+verify_pam_conv(int num_msg, const struct pam_message** msg,
+                struct pam_response** resp, void* appdata_ptr)
+{
+  int i;
+  struct pam_response* reply;
+  struct t_user_pass* user_pass;
+
+  reply = g_malloc(sizeof(struct pam_response) * num_msg, 1);
+  for (i = 0; i < num_msg; i++)
+  {
+    switch (msg[i]->msg_style)
+    {
+      case PAM_PROMPT_ECHO_ON: /* username */
+        user_pass = appdata_ptr;
+        reply[i].resp = g_strdup(user_pass->user);
+        reply[i].resp_retcode = PAM_SUCCESS;
+        break;
+      case PAM_PROMPT_ECHO_OFF: /* password */
+        user_pass = appdata_ptr;
+        reply[i].resp = g_strdup(user_pass->pass);
+        reply[i].resp_retcode = PAM_SUCCESS;
+        break;
+      default:
+        g_printf("unknown in verify_pam_conv\n\r");
+        g_free(reply);
+        return PAM_CONV_ERR;
+    }
+  }
+  *resp = reply;
+  return PAM_SUCCESS;
+}
+
+/******************************************************************************/
+/* returns boolean */
+int DEFAULT_CC
+auth_userpass(char* user, char* pass)
+{
+  int error;
+  int null_tok;
+  struct t_user_pass user_pass;
+  struct pam_conv pamc;
+  pam_handle_t* ph;
+
+  user_pass.user = user;
+  user_pass.pass = pass;
+  pamc.conv = &verify_pam_conv;
+  pamc.appdata_ptr = &user_pass;
+  error = pam_start("gdm", 0, &pamc, &ph);
+  if (error != PAM_SUCCESS)
+  {
+    g_printf("pam_start failed\n\r");
+    return 0;
+  }
+  null_tok = 0;
+  error = pam_authenticate(ph, null_tok);
+  if (error != PAM_SUCCESS)
+  {
+    pam_end(ph, PAM_SUCCESS);
+    return 0;
+  }
+  pam_end(ph, PAM_SUCCESS);
+  return 1;
+}
diff --git a/sesman/verify_user_pam_userpass.c b/sesman/verify_user_pam_userpass.c
new file mode 100644
index 00000000..df097823
--- /dev/null
+++ b/sesman/verify_user_pam_userpass.c
@@ -0,0 +1,70 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   xrdp: A Remote Desktop Protocol server.
+   Copyright (C) Jay Sorg 2005
+
+   authenticate user
+
+*/
+
+#include "arch.h"
+#include "os_calls.h"
+
+#include <security/pam_userpass.h>
+
+#define SERVICE "xrdp"
+
+/******************************************************************************/
+/* returns boolean */
+int DEFAULT_CC
+auth_userpass(char* user, char* pass)
+{
+  pam_handle_t* pamh;
+  pam_userpass_t userpass;
+  struct pam_conv conv = {pam_userpass_conv, &userpass};
+  const void* template1;
+  int status;
+
+  userpass.user = user;
+  userpass.pass = pass;
+  if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
+  {
+    return 0;
+  }
+  status = pam_authenticate(pamh, 0);
+  if (status != PAM_SUCCESS)
+  {
+    pam_end(pamh, status);
+    return 0;
+  }
+  status = pam_acct_mgmt(pamh, 0);
+  if (status != PAM_SUCCESS)
+  {
+    pam_end(pamh, status);
+    return 0;
+  }
+  status = pam_get_item(pamh, PAM_USER, &template1);
+  if (status != PAM_SUCCESS)
+  {
+    pam_end(pamh, status);
+    return 0;
+  }
+  if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
+  {
+    return 0;
+  }
+  return 1;
+}