VBoxAuthPAM.c revision 8b98c71a5a01d215eafbc3605cb7a66cc91ea774
/** @file
*
* VBox Remote Desktop Protocol:
* External Authentication Library:
* Linux PAM Authentication.
*/
/*
* Copyright (C) 2006-2010 Oracle Corporation
*
* This file is part of VirtualBox Open Source Edition (OSE), as
* available from http://www.virtualbox.org. This file is free software;
* General Public License (GPL) as published by the Free Software
* Foundation, in version 2 as it comes in the "COPYING" file of the
* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
*/
/* The PAM service name.
*
* authentication rules. It is possible to use an existing service
* name, like "login" for example. But if different set of rules
* specially for VRDP authentication. Note that the name of the
* service must be lowercase. See PAM documentation for details.
*
* The VRDPAuth module takes the PAM service name from the
* environment variable VRDP_AUTH_PAM_SERVICE. If the variable
* is not specified, then the 'login' PAM service is used.
*/
#define VRDP_AUTH_PAM_SERVICE_NAME_ENV "VRDP_AUTH_PAM_SERVICE"
#define VRDP_AUTH_PAM_DEFAULT_SERVICE_NAME "login"
/* The debug log file name.
*
* If defined, debug messages will be written to the file specified in the
* VRDP_AUTH_DEBUG_FILENAME environment variable:
*
* export VRDP_AUTH_DEBUG_FILENAME=pam.log
*
* The above will cause writing to the pam.log.
*/
#define VRDP_AUTH_DEBUG_FILENAME_ENV "VRDP_AUTH_DEBUG_FILENAME"
/* Dynamic loading of the PAM library.
*
* If defined, the libpam.so is loaded dynamically.
* Enabled by default since it is often required,
* and does not harm.
*/
#define VRDP_PAM_DLLOAD
#ifdef VRDP_PAM_DLLOAD
/* The name of the PAM library */
# ifdef RT_OS_SOLARIS
# define VRDP_PAM_LIB "libpam.so.1"
# else
# define VRDP_PAM_LIB "libpam.so.0"
# endif
#endif /* VRDP_PAM_DLLOAD */
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#ifndef RT_OS_FREEBSD
# include <malloc.h>
#endif
#include <security/pam_appl.h>
#include <VBox/VRDPAuth.h>
#ifdef VRDP_PAM_DLLOAD
#include <dlfcn.h>
static int (*fn_pam_start)(const char *service_name,
const char *user,
const struct pam_conv *pam_conversation,
pam_handle_t **pamh);
#else
#define fn_pam_start pam_start
#define fn_pam_authenticate pam_authenticate
#define fn_pam_acct_mgmt pam_acct_mgmt
#define fn_pam_end pam_end
#define fn_pam_strerror pam_strerror
#endif /* VRDP_PAM_DLLOAD */
static void debug_printf(const char *fmt, ...)
{
#ifdef VRDP_AUTH_DEBUG_FILENAME_ENV
char buffer[1024];
if (filename)
{
FILE *f;
if (f != NULL)
{
fclose (f);
}
}
#endif /* VRDP_AUTH_DEBUG_FILENAME_ENV */
}
#ifdef VRDP_PAM_DLLOAD
typedef struct _SymMap
{
void **ppfn;
const char *pszName;
} SymMap;
{
{ (void **)&fn_pam_start, "pam_start" },
{ (void **)&fn_pam_authenticate, "pam_authenticate" },
{ (void **)&fn_pam_acct_mgmt, "pam_acct_mgmt" },
{ (void **)&fn_pam_end, "pam_end" },
{ (void **)&fn_pam_strerror, "pam_strerror" },
};
static int auth_pam_init(void)
{
if (!gpvLibPam)
{
return PAM_SYSTEM_ERR;
}
{
{
return PAM_SYSTEM_ERR;
}
iter++;
}
return PAM_SUCCESS;
}
static void auth_pam_close(void)
{
if (gpvLibPam)
{
}
return;
}
#else
static int auth_pam_init(void)
{
return PAM_SUCCESS;
}
static void auth_pam_close(void)
{
return;
}
#endif /* VRDP_PAM_DLLOAD */
static const char *auth_get_pam_service (void)
{
{
}
return service;
}
typedef struct _PamContext
{
char *szUser;
char *szPassword;
} PamContext;
{
int i;
struct pam_response *r;
{
debug_printf("conv: ctx is NULL\n");
return PAM_CONV_ERR;
}
debug_printf("conv: num %d u[%s] p[%d]\n", num_msg, ctx->szUser, ctx->szPassword? strlen (ctx->szPassword): 0);
if (r == NULL)
{
return PAM_CONV_ERR;
}
for (i = 0; i < num_msg; i++)
{
r[i].resp_retcode = 0;
{
}
{
}
else
{
debug_printf("conv: %d style %d: [%s]\n", i, msg[i]->msg_style, msg[i]->msg? msg[i]->msg: "(null)");
}
}
*resp = r;
return PAM_SUCCESS;
}
/* The entry point must be visible. */
#else
# ifdef VBOX_HAVE_VISIBILITY_HIDDEN
# else
# endif
#endif
/* prototype to prevent gcc warning */
const char *szUser,
const char *szPassword,
const char *szDomain);
const char *szUser,
const char *szPassword,
const char *szDomain)
{
int rc;
struct pam_conv pam_conversation;
rc = auth_pam_init ();
if (rc == PAM_SUCCESS)
{
debug_printf("init ok\n");
if (rc == PAM_SUCCESS)
{
debug_printf("start ok\n");
if (rc == PAM_SUCCESS)
{
debug_printf("auth ok\n");
if (rc == PAM_AUTHINFO_UNAVAIL
&&
{
debug_printf("PAM_AUTHINFO_UNAVAIL\n");
rc = PAM_SUCCESS;
}
if (rc == PAM_SUCCESS)
{
debug_printf("access granted\n");
}
else
{
}
}
else
{
}
}
else
{
}
auth_pam_close ();
debug_printf("auth_pam_close completed\n");
}
else
{
}
return result;
}
/* Verify the function prototype. */