Line data Source code
1 : /*
2 : SSSD
3 :
4 : Utilities to for tha pam_data structure
5 :
6 : Authors:
7 : Sumit Bose <sbose@redhat.com>
8 :
9 : Copyright (C) 2009 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include "providers/data_provider.h"
26 : #include "util/sss_cli_cmd.h"
27 :
28 : #define PAM_SAFE_ITEM(item) item ? item : "not set"
29 :
30 45 : int pam_data_destructor(void *ptr)
31 : {
32 45 : struct pam_data *pd = talloc_get_type(ptr, struct pam_data);
33 :
34 : /* make sure to wipe any password from memory before freeing */
35 45 : sss_authtok_wipe_password(pd->authtok);
36 45 : sss_authtok_wipe_password(pd->newauthtok);
37 :
38 45 : return 0;
39 : }
40 :
41 45 : struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx)
42 : {
43 : struct pam_data *pd;
44 :
45 45 : pd = talloc_zero(mem_ctx, struct pam_data);
46 45 : if (pd == NULL) {
47 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
48 0 : goto failed;
49 : }
50 :
51 45 : pd->authtok = sss_authtok_new(pd);
52 45 : if (pd->authtok == NULL) {
53 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
54 0 : goto failed;
55 : }
56 :
57 45 : pd->newauthtok = sss_authtok_new(pd);
58 45 : if (pd->newauthtok == NULL) {
59 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
60 0 : goto failed;
61 : }
62 :
63 45 : talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor);
64 :
65 45 : return pd;
66 :
67 : failed:
68 0 : talloc_free(pd);
69 0 : return NULL;
70 : }
71 :
72 0 : errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src,
73 : struct pam_data **dst)
74 : {
75 0 : struct pam_data *pd = NULL;
76 : errno_t ret;
77 :
78 0 : pd = create_pam_data(mem_ctx);
79 0 : if (pd == NULL) {
80 0 : ret = ENOMEM;
81 0 : goto failed;
82 : }
83 :
84 0 : pd->cmd = src->cmd;
85 0 : pd->priv = src->priv;
86 :
87 0 : pd->domain = talloc_strdup(pd, src->domain);
88 0 : if (pd->domain == NULL && src->domain != NULL) {
89 0 : ret = ENOMEM;
90 0 : goto failed;
91 : }
92 0 : pd->user = talloc_strdup(pd, src->user);
93 0 : if (pd->user == NULL && src->user != NULL) {
94 0 : ret = ENOMEM;
95 0 : goto failed;
96 : }
97 0 : pd->service = talloc_strdup(pd, src->service);
98 0 : if (pd->service == NULL && src->service != NULL) {
99 0 : ret = ENOMEM;
100 0 : goto failed;
101 : }
102 0 : pd->tty = talloc_strdup(pd, src->tty);
103 0 : if (pd->tty == NULL && src->tty != NULL) {
104 0 : ret = ENOMEM;
105 0 : goto failed;
106 : }
107 0 : pd->ruser = talloc_strdup(pd, src->ruser);
108 0 : if (pd->ruser == NULL && src->ruser != NULL) {
109 0 : ret = ENOMEM;
110 0 : goto failed;
111 : }
112 0 : pd->rhost = talloc_strdup(pd, src->rhost);
113 0 : if (pd->rhost == NULL && src->rhost != NULL) {
114 0 : ret = ENOMEM;
115 0 : goto failed;
116 : }
117 :
118 0 : pd->cli_pid = src->cli_pid;
119 :
120 : /* if structure pam_data was allocated on stack and zero initialized,
121 : * than src->authtok and src->newauthtok are NULL, therefore
122 : * instead of copying, new empty authtok will be created.
123 : */
124 0 : if (src->authtok) {
125 0 : ret = sss_authtok_copy(src->authtok, pd->authtok);
126 0 : if (ret) {
127 0 : goto failed;
128 : }
129 : } else {
130 0 : pd->authtok = sss_authtok_new(pd);
131 0 : if (pd->authtok == NULL) {
132 0 : ret = ENOMEM;
133 0 : goto failed;
134 : }
135 : }
136 :
137 0 : if (src->newauthtok) {
138 0 : ret = sss_authtok_copy(src->newauthtok, pd->newauthtok);
139 0 : if (ret) {
140 0 : goto failed;
141 : }
142 : } else {
143 0 : pd->newauthtok = sss_authtok_new(pd);
144 0 : if (pd->newauthtok == NULL) {
145 0 : ret = ENOMEM;
146 0 : goto failed;
147 : }
148 : }
149 :
150 0 : *dst = pd;
151 :
152 0 : return EOK;
153 :
154 : failed:
155 0 : talloc_free(pd);
156 0 : DEBUG(SSSDBG_CRIT_FAILURE,
157 : "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret));
158 0 : return ret;
159 : }
160 :
161 0 : void pam_print_data(int l, struct pam_data *pd)
162 : {
163 0 : DEBUG(l, "command: %s\n", sss_cmd2str(pd->cmd));
164 0 : DEBUG(l, "domain: %s\n", PAM_SAFE_ITEM(pd->domain));
165 0 : DEBUG(l, "user: %s\n", PAM_SAFE_ITEM(pd->user));
166 0 : DEBUG(l, "service: %s\n", PAM_SAFE_ITEM(pd->service));
167 0 : DEBUG(l, "tty: %s\n", PAM_SAFE_ITEM(pd->tty));
168 0 : DEBUG(l, "ruser: %s\n", PAM_SAFE_ITEM(pd->ruser));
169 0 : DEBUG(l, "rhost: %s\n", PAM_SAFE_ITEM(pd->rhost));
170 0 : DEBUG(l, "authtok type: %d\n", sss_authtok_get_type(pd->authtok));
171 0 : DEBUG(l, "newauthtok type: %d\n", sss_authtok_get_type(pd->newauthtok));
172 0 : DEBUG(l, "priv: %d\n", pd->priv);
173 0 : DEBUG(l, "cli_pid: %d\n", pd->cli_pid);
174 0 : DEBUG(l, "logon name: %s\n", PAM_SAFE_ITEM(pd->logon_name));
175 0 : }
176 :
177 39 : int pam_add_response(struct pam_data *pd, enum response_type type,
178 : int len, const uint8_t *data)
179 : {
180 : struct response_data *new;
181 :
182 39 : new = talloc(pd, struct response_data);
183 39 : if (new == NULL) return ENOMEM;
184 :
185 39 : new->type = type;
186 39 : new->len = len;
187 39 : new->data = talloc_memdup(pd, data, len);
188 39 : if (new->data == NULL) return ENOMEM;
189 39 : new->do_not_send_to_client = false;
190 39 : new->next = pd->resp_list;
191 39 : pd->resp_list = new;
192 :
193 39 : return EOK;
194 : }
|
