[PC-BSD Commits] r18023 - pcbsd-projects/PCDM

svn at pcbsd.org svn at pcbsd.org
Tue Jul 31 12:43:31 PDT 2012 

Author: kenmoore
Date: 2012-07-31 19:43:30 +0000 (Tue, 31 Jul 2012)
New Revision: 18023

Modified:
   pcbsd-projects/PCDM/PCDM.pro
   pcbsd-projects/PCDM/pcdm-backend.cpp
   pcbsd-projects/PCDM/pcdm-backend.h
   pcbsd-projects/PCDM/pcdm-gui.cpp
Log:
Add in the current status for integrating PAM into PCDM. It works (sort-of) but is very erratic and inconsistant. This will require a lot more testing and refining.



Modified: pcbsd-projects/PCDM/PCDM.pro
===================================================================
--- pcbsd-projects/PCDM/PCDM.pro	2012-07-31 18:35:49 UTC (rev 18022)
+++ pcbsd-projects/PCDM/PCDM.pro	2012-07-31 19:43:30 UTC (rev 18023)
@@ -2,7 +2,7 @@
 TARGET = PCDM
 TARGET.path=/usr/local/bin
 TEMPLATE = app
-LIBS += -lpcbsd
+LIBS += -lpcbsd -lpam
 SOURCES += main.cpp \
            pcdm-gui.cpp \
     	   pcdm-backend.cpp \

Modified: pcbsd-projects/PCDM/pcdm-backend.cpp
===================================================================
--- pcbsd-projects/PCDM/pcdm-backend.cpp	2012-07-31 18:35:49 UTC (rev 18022)
+++ pcbsd-projects/PCDM/pcdm-backend.cpp	2012-07-31 19:43:30 UTC (rev 18023)
@@ -1,3 +1,8 @@
+//#include <sys/param.h>
+//#include <sys/wait.h>
+#include <sys/types.h>
+#include <security/pam_appl.h>
+
 #include "pcdm-backend.h"
 #include "pcdm-config.h"
 #include "pcbsd-utils.h"
@@ -59,12 +64,27 @@
   return displaynameList;
 }
 
-//****** PRIVATE FUNCTIONS ******
+bool Backend::startUserLogin(QString username, QString password, QString xBinary){
+  bool allowed = verifyUsernamePassword(username, password);
+  //qDebug() << "PAM Authorization:" << allowed;
+  if(allowed){
+    qDebug() << "Username/Password Authorized";
+    //Setup the system command to run the selected DE
+    //QString cmd = "su - "+username+" -c "+xBinary;
+    //system(cmd.toUtf8());  //run the command to start the DE
+  }else{
+    qDebug() << "Username/Password not authorized";	  
+  }
+  return allowed;
+}
+
 QString Backend::getUsernameFromDisplayname(QString dspname){
   int i = displaynameList.indexOf(dspname);
   return usernameList[i];
 }
 
+//****** PRIVATE FUNCTIONS ******
+
 void Backend::loadXSessionsData(){
   //Clear the current variables
   instXNameList.clear(); instXBinList.clear(); 
@@ -100,7 +120,7 @@
 	  tmp[3] = Theme::objectIconPath("desktop");
 	}
 	instXIconList << tmp[3];
-	qDebug() << "PCDM: Found xsession:" << tmp;
+	//qDebug() << "PCDM: Found xsession:" << tmp;
       }
     }
   }
@@ -158,3 +178,93 @@
   return output;
 
 }
+
+pam_handle_t *pamh;
+struct pam_response *reply;
+    
+int null_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {
+        *resp = reply;
+        return PAM_SUCCESS;
+}
+ 
+static struct pam_conv pamc = { null_conv, NULL }; //null conversation function
+
+bool Backend::verifyUsernamePassword(QString username, QString password){
+  //Convert the inputs to C character arrays for use in PAM
+  QByteArray tmp;
+  tmp = username.toUtf8(); 
+  const char* cUser = tmp.constData();
+  tmp = password.toUtf8();
+  char* cPassword = tmp.data();
+  //initialize variables
+  bool result = FALSE;
+  int ret;
+  //Initialize PAM
+  qDebug() << "Initilize PAM";
+  ret = pam_start("login", cUser, &pamc, &pamh);
+  if( ret == PAM_SUCCESS ){
+    //Place the user-supplied password into the response structure 
+    qDebug() << "get reply structure";
+    reply = (struct pam_response *)malloc(sizeof(struct pam_response));
+    qDebug() << "fill reply[0] structure";
+    reply[0].resp = cPassword;
+    reply[0].resp_retcode = 0;
+    //Authenticate with PAM
+    qDebug() << "Authenticate with PAM";
+    ret = pam_authenticate(pamh,0);
+    if( ret == PAM_SUCCESS ){
+      //Check for valid, unexpired account and verify access restrictions
+      qDebug() << "Check Acct Mgmt with PAM";
+      ret = pam_acct_mgmt(pamh,PAM_DISALLOW_NULL_AUTHTOK);
+      if( ret == PAM_SUCCESS ){ result = TRUE; }
+    
+    }else{
+      qDebug() << "PAM Authentication Failed with error:" << ret;
+      switch( ret ){
+      case PAM_ABORT:
+      	  qDebug() << " - PAM abort error";
+      	  break;
+      case PAM_AUTHINFO_UNAVAIL:
+      	      qDebug() << " - Authentication info unavailable";
+      	      break;
+      case PAM_AUTH_ERR:
+      	      qDebug() << " - Authentication error";
+      	      break;
+      case PAM_BUF_ERR:
+      	      qDebug() << " - Buffer error";
+      	      break;
+      case PAM_CONV_ERR:
+      	      qDebug() << " - Conversion error";
+      	      break;
+      case PAM_CRED_INSUFFICIENT:
+      	      qDebug() << " - Credentials insufficient";
+      	      break;
+      case PAM_MAXTRIES:
+      	      qDebug() << " - Maximum number of tries exceeded";
+      	      break;
+      case PAM_PERM_DENIED:
+      	      qDebug() << " - Permission denied";
+      	      break;
+      case PAM_SERVICE_ERR:
+      	      qDebug() << " - Service error";
+      	      break;
+      case PAM_SYMBOL_ERR:
+      	      qDebug() << " - Symbol error";
+      	      break;
+      case PAM_SYSTEM_ERR:
+      	      qDebug() << " - System error";
+      	      break;
+      case PAM_USER_UNKNOWN:
+      	      qDebug() << " - Unknown user";
+      	      break;
+      default:
+      	      qDebug() << " - Unrecognized authentication error";
+      }
+    }
+    //Stop PAM   
+    qDebug() << "Stopping PAM";
+    pam_end(pamh,ret);  
+  }
+  //return verification result
+  return result;	
+}

Modified: pcbsd-projects/PCDM/pcdm-backend.h
===================================================================
--- pcbsd-projects/PCDM/pcdm-backend.h	2012-07-31 18:35:49 UTC (rev 18022)
+++ pcbsd-projects/PCDM/pcdm-backend.h	2012-07-31 19:43:30 UTC (rev 18023)
@@ -6,6 +6,9 @@
 #include <QDebug>
 #include <QDir>
 
+#include <sys/types.h>
+#include <security/pam_appl.h>
+
 #include "pcdm-config.h"
 #include "pcbsd-utils.h"
 #include "pcdm-themes.h"
@@ -17,12 +20,13 @@
     static QString getDesktopIcon(QString);
     static QString getDesktopBinary(QString);
     static QStringList getSystemUsers();
-
-private:
+    static bool startUserLogin(QString, QString, QString);
     static QString getUsernameFromDisplayname(QString);
+    
+private:	
     static void loadXSessionsData();
     static QStringList readXSessionsFile(QString, QString);
-
+    static bool verifyUsernamePassword(QString, QString);
 };
 
 

Modified: pcbsd-projects/PCDM/pcdm-gui.cpp
===================================================================
--- pcbsd-projects/PCDM/pcdm-gui.cpp	2012-07-31 18:35:49 UTC (rev 18022)
+++ pcbsd-projects/PCDM/pcdm-gui.cpp	2012-07-31 19:43:30 UTC (rev 18023)
@@ -213,9 +213,25 @@
 }
 
 void PCDMgui::slotStartLogin(){
-  qDebug() << "PCDM: Login procedure is not implemented yet";
+  //Get user inputs
+  QString displayname = unameline->currentText();
+  QString username = Backend::getUsernameFromDisplayname(displayname);
+  QString password = pwline->text();
+  QString binary = Backend::getDesktopBinary(deSwitcher->currentItem());
+  qDebug() << displayname << username << password << binary; 
+  //Disable user input while confirming login
+  
+  //Try to login
+  bool success = Backend::startUserLogin(username, password, binary);
+  qDebug() << displayname << username << password << binary << success;  
+  if(success){
+    slotClosePCDM();
+  }else{
+    pwline->setText("");
+    //Display an info box that the login failed
+    
+  }
 
-  qDebug() << "Selected DE:" << deSwitcher->currentItem();
 }
 
 void PCDMgui::slotShutdownComputer(){

More information about the Commits mailing list