Line data Source code
1 : /*
2 : SSSD
3 :
4 : Utilities to for tha pam_data structure
5 :
6 : Authors:
7 : Sumit Bose <sbose@redhat.com>
8 :
9 : Copyright (C) 2009 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include <security/pam_modules.h>
26 :
27 : #include "providers/data_provider.h"
28 : #include "util/sss_cli_cmd.h"
29 :
30 : #define PAM_SAFE_ITEM(item) item ? item : "not set"
31 :
32 54 : int pam_data_destructor(void *ptr)
33 : {
34 54 : struct pam_data *pd = talloc_get_type(ptr, struct pam_data);
35 :
36 : /* make sure to wipe any password from memory before freeing */
37 54 : sss_authtok_wipe_password(pd->authtok);
38 54 : sss_authtok_wipe_password(pd->newauthtok);
39 :
40 54 : return 0;
41 : }
42 :
43 54 : struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx)
44 : {
45 : struct pam_data *pd;
46 :
47 54 : pd = talloc_zero(mem_ctx, struct pam_data);
48 54 : if (pd == NULL) {
49 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
50 0 : goto failed;
51 : }
52 :
53 54 : pd->pam_status = PAM_SYSTEM_ERR;
54 :
55 54 : pd->authtok = sss_authtok_new(pd);
56 54 : if (pd->authtok == NULL) {
57 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
58 0 : goto failed;
59 : }
60 :
61 54 : pd->newauthtok = sss_authtok_new(pd);
62 54 : if (pd->newauthtok == NULL) {
63 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
64 0 : goto failed;
65 : }
66 :
67 54 : talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor);
68 :
69 54 : return pd;
70 :
71 : failed:
72 0 : talloc_free(pd);
73 0 : return NULL;
74 : }
75 :
76 0 : errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src,
77 : struct pam_data **dst)
78 : {
79 0 : struct pam_data *pd = NULL;
80 : errno_t ret;
81 :
82 0 : pd = create_pam_data(mem_ctx);
83 0 : if (pd == NULL) {
84 0 : ret = ENOMEM;
85 0 : goto failed;
86 : }
87 :
88 0 : pd->cmd = src->cmd;
89 0 : pd->priv = src->priv;
90 :
91 0 : pd->domain = talloc_strdup(pd, src->domain);
92 0 : if (pd->domain == NULL && src->domain != NULL) {
93 0 : ret = ENOMEM;
94 0 : goto failed;
95 : }
96 0 : pd->user = talloc_strdup(pd, src->user);
97 0 : if (pd->user == NULL && src->user != NULL) {
98 0 : ret = ENOMEM;
99 0 : goto failed;
100 : }
101 0 : pd->service = talloc_strdup(pd, src->service);
102 0 : if (pd->service == NULL && src->service != NULL) {
103 0 : ret = ENOMEM;
104 0 : goto failed;
105 : }
106 0 : pd->tty = talloc_strdup(pd, src->tty);
107 0 : if (pd->tty == NULL && src->tty != NULL) {
108 0 : ret = ENOMEM;
109 0 : goto failed;
110 : }
111 0 : pd->ruser = talloc_strdup(pd, src->ruser);
112 0 : if (pd->ruser == NULL && src->ruser != NULL) {
113 0 : ret = ENOMEM;
114 0 : goto failed;
115 : }
116 0 : pd->rhost = talloc_strdup(pd, src->rhost);
117 0 : if (pd->rhost == NULL && src->rhost != NULL) {
118 0 : ret = ENOMEM;
119 0 : goto failed;
120 : }
121 :
122 0 : pd->cli_pid = src->cli_pid;
123 :
124 : /* if structure pam_data was allocated on stack and zero initialized,
125 : * than src->authtok and src->newauthtok are NULL, therefore
126 : * instead of copying, new empty authtok will be created.
127 : */
128 0 : if (src->authtok) {
129 0 : ret = sss_authtok_copy(src->authtok, pd->authtok);
130 0 : if (ret) {
131 0 : goto failed;
132 : }
133 : } else {
134 0 : pd->authtok = sss_authtok_new(pd);
135 0 : if (pd->authtok == NULL) {
136 0 : ret = ENOMEM;
137 0 : goto failed;
138 : }
139 : }
140 :
141 0 : if (src->newauthtok) {
142 0 : ret = sss_authtok_copy(src->newauthtok, pd->newauthtok);
143 0 : if (ret) {
144 0 : goto failed;
145 : }
146 : } else {
147 0 : pd->newauthtok = sss_authtok_new(pd);
148 0 : if (pd->newauthtok == NULL) {
149 0 : ret = ENOMEM;
150 0 : goto failed;
151 : }
152 : }
153 :
154 0 : *dst = pd;
155 :
156 0 : return EOK;
157 :
158 : failed:
159 0 : talloc_free(pd);
160 0 : DEBUG(SSSDBG_CRIT_FAILURE,
161 : "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret));
162 0 : return ret;
163 : }
164 :
165 0 : void pam_print_data(int l, struct pam_data *pd)
166 : {
167 0 : DEBUG(l, "command: %s\n", sss_cmd2str(pd->cmd));
168 0 : DEBUG(l, "domain: %s\n", PAM_SAFE_ITEM(pd->domain));
169 0 : DEBUG(l, "user: %s\n", PAM_SAFE_ITEM(pd->user));
170 0 : DEBUG(l, "service: %s\n", PAM_SAFE_ITEM(pd->service));
171 0 : DEBUG(l, "tty: %s\n", PAM_SAFE_ITEM(pd->tty));
172 0 : DEBUG(l, "ruser: %s\n", PAM_SAFE_ITEM(pd->ruser));
173 0 : DEBUG(l, "rhost: %s\n", PAM_SAFE_ITEM(pd->rhost));
174 0 : DEBUG(l, "authtok type: %d\n", sss_authtok_get_type(pd->authtok));
175 0 : DEBUG(l, "newauthtok type: %d\n", sss_authtok_get_type(pd->newauthtok));
176 0 : DEBUG(l, "priv: %d\n", pd->priv);
177 0 : DEBUG(l, "cli_pid: %d\n", pd->cli_pid);
178 0 : DEBUG(l, "logon name: %s\n", PAM_SAFE_ITEM(pd->logon_name));
179 0 : }
180 :
181 50 : int pam_add_response(struct pam_data *pd, enum response_type type,
182 : int len, const uint8_t *data)
183 : {
184 : struct response_data *new;
185 :
186 50 : new = talloc(pd, struct response_data);
187 50 : if (new == NULL) return ENOMEM;
188 :
189 50 : new->type = type;
190 50 : new->len = len;
191 50 : new->data = talloc_memdup(pd, data, len);
192 50 : if (new->data == NULL) return ENOMEM;
193 50 : new->do_not_send_to_client = false;
194 50 : new->next = pd->resp_list;
195 50 : pd->resp_list = new;
196 :
197 50 : return EOK;
198 : }
|
