Fix re_expression matching with subdomains

This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
author: Jan Zeleny <jzeleny@redhat.com> 2012-06-15 14:19:34 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2012-06-21 17:03:02 -0400
commit: 065771c9859df9c4137daa5187be3aa5633b3cd5 (patch)
tree: d6dffe5599b5ef7717c25afdc394319e102d6144 /src/responder/pam
parent: 4b0b0bc3f9c4966b9f1a7433803a37c36fcaf285 (diff)
download: sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.tar.gz
sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.tar.bz2
sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.zip
1 files changed, 55 insertions, 33 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index f6c1e835..2d0324e5 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -851,32 +851,12 @@ static void pam_dom_forwarder(struct pam_auth_req *preq);
  * PAM_ENVIRONMENT, so that we can save performing some calls and cache
  * data. */
 
-static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
+errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *pd)
 {
-    struct sss_domain_info *dom;
-    struct pam_auth_req *preq;
-    struct pam_data *pd;
     uint8_t *body;
     size_t blen;
-    int ret;
-    errno_t ncret;
-    struct pam_ctx *pctx =
-            talloc_get_type(cctx->rctx->pvt_ctx, struct pam_ctx);
+    errno_t ret;
     uint32_t terminator = SSS_END_OF_PAM_REQUEST;
-    struct tevent_req *req;
-
-    preq = talloc_zero(cctx, struct pam_auth_req);
-    if (!preq) {
-        return ENOMEM;
-    }
-    preq->cctx = cctx;
-
-    preq->pd = talloc_zero(preq, struct pam_data);
-    if (!preq->pd) {
-        talloc_free(preq);
-        return ENOMEM;
-    }
-    pd = preq->pd;
 
     sss_packet_get_body(cctx->creq->in, &body, &blen);
     if (blen >= sizeof(uint32_t) &&
@@ -886,9 +866,6 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
         goto done;
     }
 
-    pd->cmd = pam_cmd;
-    pd->priv = cctx->priv;
-
     switch (cctx->cli_protocol_version->version) {
         case 1:
             ret = pam_parse_in_data(cctx->rctx->domains, pd, body, blen);
@@ -904,7 +881,49 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
                       cctx->cli_protocol_version->version));
             ret = EINVAL;
     }
-    if (ret != EOK) {
+
+done:
+    return ret;
+}
+
+static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
+{
+    struct sss_domain_info *dom;
+    struct pam_auth_req *preq;
+    struct pam_data *pd;
+    int ret;
+    errno_t ncret;
+    struct pam_ctx *pctx =
+            talloc_get_type(cctx->rctx->pvt_ctx, struct pam_ctx);
+    struct tevent_req *req;
+
+    preq = talloc_zero(cctx, struct pam_auth_req);
+    if (!preq) {
+        return ENOMEM;
+    }
+    preq->cctx = cctx;
+
+    preq->pd = talloc_zero(preq, struct pam_data);
+    if (!preq->pd) {
+        talloc_free(preq);
+        return ENOMEM;
+    }
+    pd = preq->pd;
+
+    pd->cmd = pam_cmd;
+    pd->priv = cctx->priv;
+
+    ret = pam_forwarder_parse_data(cctx, pd);
+    if (ret == EAGAIN) {
+        req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain);
+        if (req == NULL) {
+            ret = ENOMEM;
+        } else {
+            tevent_req_set_callback(req, pam_forwarder_cb, preq);
+            ret = EAGAIN;
+        }
+        goto done;
+    } else if (ret != EOK) {
         ret = EINVAL;
         goto done;
     }
@@ -913,13 +932,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
     if (pd->domain) {
         preq->domain = responder_get_domain(preq, cctx->rctx, pd->domain);
         if (!preq->domain) {
-            req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain);
-            if (req == NULL) {
-                ret = ENOMEM;
-            } else {
-                tevent_req_set_callback(req, pam_forwarder_cb, preq);
-                ret = EAGAIN;
-            }
+            ret = ENOENT;
             goto done;
         }
     } else {
@@ -969,6 +982,7 @@ static void pam_forwarder_cb(struct tevent_req *req)
     struct pam_auth_req *preq = tevent_req_callback_data(req,
                                                          struct pam_auth_req);
     struct cli_ctx *cctx = preq->cctx;
+    struct pam_data *pd;
     errno_t ret = EOK;
 
     ret = sss_dp_get_domains_recv(req);
@@ -977,6 +991,14 @@ static void pam_forwarder_cb(struct tevent_req *req)
         goto done;
     }
 
+    pd = preq->pd;
+
+    ret = pam_forwarder_parse_data(cctx, pd);
+    if (ret != EOK) {
+        ret = EINVAL;
+        goto done;
+    }
+
     if (preq->pd->domain) {
         preq->domain = responder_get_domain(preq, cctx->rctx, preq->pd->domain);
         if (preq->domain == NULL) {
author	Jan Zeleny <jzeleny@redhat.com>	2012-06-15 14:19:34 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2012-06-21 17:03:02 -0400
commit	065771c9859df9c4137daa5187be3aa5633b3cd5 (patch)
tree	d6dffe5599b5ef7717c25afdc394319e102d6144 /src/responder/pam
parent	4b0b0bc3f9c4966b9f1a7433803a37c36fcaf285 (diff)
download	sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.tar.gz sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.tar.bz2 sssd-065771c9859df9c4137daa5187be3aa5633b3cd5.zip