Add support for PAM authentication

cmd/auth/auth.go

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"errors"
+	"github.com/golang/protobuf/proto"
+	ipc "github.com/james-barrow/golang-ipc"
+	"github.com/msteinert/pam"
+	"github.com/thought-machine/go-flags"
+	"log"
+)
+
+var opts struct {
+	serviceName string `short:"s" long:"service" default:"rdpgw" description:"the PAM service name to use"`
+}
+
+func auth(service, user, passwd string) error {
+	t, err := pam.StartFunc(service, user, func(s pam.Style, msg string) (string, error) {
+		switch s {
+		case pam.PromptEchoOff:
+			return passwd, nil
+		case pam.PromptEchoOn, pam.ErrorMsg, pam.TextInfo:
+			return "", nil
+		}
+		return "", errors.New("unrecognized PAM message style")
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if err = t.Authenticate(0); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func main() {
+	_, err := flags.Parse(&opts)
+	if err != nil {
+		panic(err)
+	}
+
+	config := &ipc.ServerConfig{UnmaskPermissions: true}
+	sc, err := ipc.StartServer("rdpgw-auth", config)
+	for {
+		msg, err := sc.Read()
+		if err != nil {
+			log.Printf("server error, %s", err)
+			continue
+		}
+		if msg.MsgType > 0 {
+			req := &UserPass{}
+			if err = proto.Unmarshal(msg.Data, req); err != nil {
+				log.Printf("cannot unmarshal request %s", string(msg.Data))
+				continue
+			}
+			err := auth(opts.serviceName, req.Username, req.Password)
+			if err != nil {
+				res := &Response{Status: "cannot authenticate"}
+				out, err := proto.Marshal(res)
+				if err != nil {
+					log.Fatalf("cannot marshal response due to %s", err)
+				}
+				sc.Write(1, out)
+			}
+		}
+	}
+	if err != nil {
+		log.Printf("cannot authenticate due to %s", err)
+	}
+}