[Development] Add missing PAM sources (fixes commit r4128).

git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4131 3789f03b-4d11-0410-bbf8-ca57d06f2519

diff --git a/common/rfb/UnixPasswordValidator.cxx b/common/rfb/UnixPasswordValidator.cxx
new file mode 100644 (file)
index 0000000..5a3996d
--- /dev/null
+++ b/common/rfb/UnixPasswordValidator.cxx
@@ -0,0 +1,50 @@
+/* 
+ * Copyright (C) 2006 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <rfb/Configuration.h>
+#include <rfb/Exception.h>
+#include <rfb/UnixPasswordValidator.h>
+#ifdef HAVE_PAM
+#include <rfb/pam.h>
+#endif
+
+using namespace rfb;
+
+static StringParameter pam_service
+  ("pam_service", "service name for pam password validation", "vnc");
+
+int do_pam_auth(const char *service, const char *username,
+               const char *password);
+
+bool UnixPasswordValidator::validateInternal(SConnection * sc,
+                                            const char *username,
+                                            const char *password)
+{
+#ifdef HAVE_PAM
+  CharArray service(strDup(pam_service.getData()));
+  return do_pam_auth(service.buf, username, password);
+#else
+  throw AuthFailureException("PAM not supported");
+#endif
+}

diff --git a/common/rfb/UnixPasswordValidator.h b/common/rfb/UnixPasswordValidator.h
new file mode 100644 (file)
index 0000000..28d083a
--- /dev/null
+++ b/common/rfb/UnixPasswordValidator.h
@@ -0,0 +1,35 @@
+/* 
+ * Copyright (C) 2006 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifndef __PASSWORD_VALIDATOR_H__
+#define __PASSWORD_VALIDATOR_H__
+
+#include <rfb/SSecurityPlain.h>
+
+namespace rfb
+{
+  class UnixPasswordValidator: public PasswordValidator {
+  protected:
+    bool validateInternal(SConnection * sc, const char *username,
+                          const char *password);
+  };
+}
+
+#endif

diff --git a/common/rfb/pam.c b/common/rfb/pam.c
new file mode 100644 (file)
index 0000000..67b243c
--- /dev/null
+++ b/common/rfb/pam.c
@@ -0,0 +1,94 @@
+/* 
+ * Copyright (C) 2006 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_PAM
+#error "This source should not be compiled when PAM is unsupported"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+#include <rfb/pam.h>
+
+typedef struct
+{
+  const char *username;
+  const char *password;
+} AuthData;
+
+static int pam_callback(int count, const struct pam_message **in,
+                       struct pam_response **out, void *ptr)
+{
+  int i;
+  AuthData *auth = (AuthData *) ptr;
+  struct pam_response *resp =
+    (struct pam_response *) malloc (sizeof (struct pam_response) * count);
+
+  if (!resp && count)
+    return PAM_CONV_ERR;
+
+  for (i = 0; i < count; i++) {
+    resp[i].resp_retcode = PAM_SUCCESS;
+    switch (in[i]->msg_style) {
+    case PAM_TEXT_INFO:
+    case PAM_ERROR_MSG:
+      resp[i].resp = 0;
+      break;
+    case PAM_PROMPT_ECHO_ON:   /* Send Username */
+      resp[i].resp = strdup(auth->username);
+      break;
+    case PAM_PROMPT_ECHO_OFF:  /* Send Password */
+      resp[i].resp = strdup(auth->password);
+      break;
+    default:
+      free(resp);
+      return PAM_CONV_ERR;
+    }
+  }
+
+  *out = resp;
+  return PAM_SUCCESS;
+}
+
+
+int do_pam_auth(const char *service, const char *username, const char *password)
+{
+  int ret;
+  AuthData auth = { username, password };
+  struct pam_conv conv = {
+    pam_callback,
+    &auth
+  };
+  pam_handle_t *h = 0;
+  ret = pam_start(service, username, &conv, &h);
+  if (ret == PAM_SUCCESS)
+    ret = pam_authenticate(h, 0);
+  if (ret == PAM_SUCCESS)
+    ret = pam_acct_mgmt(h, 0);
+  pam_end(h, ret);
+
+  return ret == PAM_SUCCESS ? 1 : 0;
+}
+

diff --git a/common/rfb/pam.h b/common/rfb/pam.h
new file mode 100644 (file)
index 0000000..2688f21
--- /dev/null
+++ b/common/rfb/pam.h
@@ -0,0 +1,42 @@
+/* 
+ * Copyright (C) 2006 Martin Koegler
+ * Copyright (C) 2010 TigerVNC Team
+ *    
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,
+ * USA.
+ */
+
+#ifndef __RFB_PAM_H__
+#define __RFB_PAM_H__
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifndef HAVE_PAM
+#error "This header should not be included when PAM is unsupported"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int do_pam_auth(const char *service, const char *username, const char *password);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif