1 /*
2  * Copyright (C) 2006 Martin Koegler
3  * Copyright (C) 2010 TigerVNC Team
4  *
5  * This is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This software is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this software; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
18  * USA.
19  */
20 
21 #ifdef HAVE_CONFIG_H
22 #include <config.h>
23 #endif
24 
25 #include <stdlib.h>
26 #include <string.h>
27 #include <security/pam_appl.h>
28 
29 #include <rfb/pam.h>
30 
31 typedef struct
32 {
33   const char *username;
34   const char *password;
35 } AuthData;
36 
37 #if defined(__sun)
pam_callback(int count,struct pam_message ** in,struct pam_response ** out,void * ptr)38 static int pam_callback(int count, struct pam_message **in,
39                         struct pam_response **out, void *ptr)
40 #else
41 static int pam_callback(int count, const struct pam_message **in,
42                         struct pam_response **out, void *ptr)
43 #endif
44 {
45   int i;
46   AuthData *auth = (AuthData *) ptr;
47   struct pam_response *resp =
48     (struct pam_response *) malloc (sizeof (struct pam_response) * count);
49 
50   if (!resp && count)
51     return PAM_CONV_ERR;
52 
53   for (i = 0; i < count; i++) {
54     resp[i].resp_retcode = PAM_SUCCESS;
55     switch (in[i]->msg_style) {
56     case PAM_TEXT_INFO:
57     case PAM_ERROR_MSG:
58       resp[i].resp = 0;
59       break;
60     case PAM_PROMPT_ECHO_ON:	/* Send Username */
61       resp[i].resp = strdup(auth->username);
62       break;
63     case PAM_PROMPT_ECHO_OFF:	/* Send Password */
64       resp[i].resp = strdup(auth->password);
65       break;
66     default:
67       free(resp);
68       return PAM_CONV_ERR;
69     }
70   }
71 
72   *out = resp;
73   return PAM_SUCCESS;
74 }
75 
76 
do_pam_auth(const char * service,const char * username,const char * password)77 int do_pam_auth(const char *service, const char *username, const char *password)
78 {
79   int ret;
80   AuthData auth = { username, password };
81   struct pam_conv conv = {
82     pam_callback,
83     &auth
84   };
85   pam_handle_t *h = 0;
86   ret = pam_start(service, username, &conv, &h);
87   if (ret == PAM_SUCCESS)
88     ret = pam_authenticate(h, 0);
89   if (ret == PAM_SUCCESS)
90     ret = pam_acct_mgmt(h, 0);
91   pam_end(h, ret);
92 
93   return ret == PAM_SUCCESS ? 1 : 0;
94 }
95 
96